git » swiftpm » commit f054841

No more need for mbedtls

No more need for mbedtls

Because of https://github.com/HaxeFoundation/hxcpp/pull/1239

diff --git a/Package.swift b/Package.swift
index b78f6bb..478dbe9 100644
--- a/Package.swift
+++ b/Package.swift
@@ -174,12 +174,9 @@ let package = Package(
 				CSetting.define("SUPPORT_UNICODE"),
 			]
 		),
-		.target(
-			name: "mbedtls"
-		),
 		.target(
 			name: "c_snikket",
-			dependencies: ["strophe", "libdatachannel", "libpcre2-8", "libpcre2-16", .product(name: "Copus", package: "swift-opus"), "mbedtls"],
+			dependencies: ["strophe", "libdatachannel", "libpcre2-8", "libpcre2-16", .product(name: "Copus", package: "swift-opus")],
 			cSettings: [
 				CSetting.headerSearchPath("iinclude"),
 				CSetting.define("HX_SMART_STRINGS=1"),
diff --git a/Sources/c_snikket/src/hx/libs/ssl/SSL.cpp b/Sources/c_snikket/src/hx/libs/ssl/SSL.cpp
index 2c4904a..7547c0f 100644
--- a/Sources/c_snikket/src/hx/libs/ssl/SSL.cpp
+++ b/Sources/c_snikket/src/hx/libs/ssl/SSL.cpp
@@ -1,3 +1,223 @@
+#if defined(HX_MACOS) || defined(IPHONE) || defined(APPLETV)
+
+#include <Security/Security.h>
+#include <Security/SecureTransport.h>
+#include <CoreFoundation/CoreFoundation.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <errno.h>
+
+#include <hxcpp.h>
+
+#define val_ssl(o)    ((sslctx*)o.mPtr)
+#define val_conf(o)   ((sslconf*)o.mPtr)
+#define val_socket(o) ((SocketWrapper*)o.mPtr)
+#define val_cert(o)   ((sslcert*)o.mPtr)
+#define val_pkey(o)   ((sslpkey*)o.mPtr)
+
+struct SocketWrapper : public hx::Object {
+	HX_IS_INSTANCE_OF enum { _hx_ClassId = hx::clsIdSocket };
+	int socket;
+};
+
+struct sslcert : public hx::Object {
+	HX_IS_INSTANCE_OF enum { _hx_ClassId = hx::clsIdSslCert };
+	void create() { _hx_set_finalizer(this, finalize); }
+	void destroy() {}
+	static void finalize(Dynamic obj) { ((sslcert*)obj.mPtr)->destroy(); }
+	String toString() { return HX_CSTRING("sslcert"); }
+};
+
+struct sslpkey : public hx::Object {
+	HX_IS_INSTANCE_OF enum { _hx_ClassId = hx::clsIdSslKey };
+	void create() { _hx_set_finalizer(this, finalize); }
+	void destroy() {}
+	static void finalize(Dynamic obj) { ((sslpkey*)obj.mPtr)->destroy(); }
+	String toString() { return HX_CSTRING("sslpkey"); }
+};
+
+struct sslctx : public hx::Object {
+	HX_IS_INSTANCE_OF enum { _hx_ClassId = hx::clsIdSsl };
+	SSLContextRef sslCtx = nullptr;
+	void create(bool isServer = false) {
+		sslCtx = SSLCreateContext(kCFAllocatorDefault, isServer ? kSSLServerSide : kSSLClientSide, kSSLStreamType);
+		if (!sslCtx) hx::Throw(HX_CSTRING("Failed to create SSL context"));
+		_hx_set_finalizer(this, finalize);
+	}
+	void destroy() {
+		if (sslCtx) { CFRelease(sslCtx); sslCtx = nullptr; }
+	}
+	static void finalize(Dynamic obj) {
+		((sslctx*)obj.mPtr)->destroy();
+	}
+	String toString() { return HX_CSTRING("sslctx_native"); }
+};
+
+struct sslconf : public hx::Object {
+	HX_IS_INSTANCE_OF enum { _hx_ClassId = hx::clsIdSslConf };
+	bool isServer;
+	void create(bool server) { isServer = server; _hx_set_finalizer(this, finalize); }
+	void destroy() {}
+	static void finalize(Dynamic obj) { ((sslconf*)obj.mPtr)->destroy(); }
+	String toString() { return HX_CSTRING("sslconf"); }
+};
+
+Dynamic _hx_ssl_conf_new(bool isServer) {
+	sslconf* conf = new sslconf(); conf->create(isServer);
+	return conf;
+}
+
+void _hx_ssl_conf_close(Dynamic hconf) {
+	val_conf(hconf)->destroy();
+}
+
+void _hx_ssl_conf_set_ca(Dynamic hconf, Dynamic hcert) {
+	// Using system trust by default
+}
+
+void _hx_ssl_conf_set_verify(Dynamic hconf, int mode) {
+	// TODO
+}
+
+void _hx_ssl_conf_set_cert(Dynamic hconf, Dynamic hcert, Dynamic hpkey) {
+	// TODO
+}
+
+void _hx_ssl_conf_set_servername_callback(Dynamic hconf, Dynamic cb) {
+	// TODO
+}
+
+Dynamic _hx_ssl_cert_load_file(String file) {
+	hx::Throw(HX_CSTRING("ssl_cert_load_file not supported"));
+	return null();
+}
+
+Dynamic _hx_ssl_cert_load_path(String path) {
+	hx::Throw(HX_CSTRING("ssl_cert_load_path not supported"));
+	return null();
+}
+
+Dynamic _hx_ssl_new(Dynamic hconf) {
+	sslctx* ctx = new sslctx();
+	ctx->create(val_conf(hconf)->isServer);
+	return ctx;
+}
+
+void _hx_ssl_close(Dynamic hssl) {
+	val_ssl(hssl)->destroy();
+}
+
+static OSStatus socket_read(SSLConnectionRef conn, void *data, size_t *len) {
+	int fd = (int)(intptr_t)conn;
+	ssize_t ret = recv(fd, data, *len, 0);
+	if (ret > 0) { *len = ret; return noErr; }
+	if (ret == 0) return errSSLClosedGraceful;
+	if (errno == EAGAIN || errno == EWOULDBLOCK) return errSSLWouldBlock;
+	return errSecIO;
+}
+static OSStatus socket_write(SSLConnectionRef conn, const void *data, size_t *len) {
+	int fd = (int)(intptr_t)conn;
+	ssize_t ret = send(fd, data, *len, 0);
+	if (ret > 0) { *len = ret; return noErr; }
+	if (errno == EAGAIN || errno == EWOULDBLOCK) return errSSLWouldBlock;
+	return errSecIO;
+}
+
+void _hx_ssl_set_socket(Dynamic hssl, Dynamic hsocket) {
+	sslctx* ctx = val_ssl(hssl);
+	SocketWrapper* sock = val_socket(hsocket);
+	SSLSetConnection(ctx->sslCtx, (SSLConnectionRef)(intptr_t)sock->socket);
+	SSLSetIOFuncs(ctx->sslCtx, socket_read, socket_write);
+	SSLSetProtocolVersionMin(ctx->sslCtx, kTLSProtocol1);
+	SSLSetProtocolVersionMax(ctx->sslCtx, kTLSProtocol13);
+}
+
+void _hx_ssl_set_hostname(Dynamic hssl, String hostname) {
+	sslctx* ctx = val_ssl(hssl);
+	hx::strbuf buf;
+	SSLSetPeerDomainName(ctx->sslCtx, hostname.utf8_str(&buf), hostname.length);
+}
+
+void _hx_ssl_handshake(Dynamic hssl) {
+	sslctx* ctx = val_ssl(hssl);
+	OSStatus s = SSLHandshake(ctx->sslCtx);
+	if (s == errSSLWouldBlock) hx::Throw(HX_CSTRING("Blocking"));
+	if (s != noErr) hx::Throw(HX_CSTRING("SSL handshake error"));
+}
+
+int _hx_ssl_send(Dynamic hssl, Array<unsigned char> buf, int p, int l) {
+	sslctx* ctx = val_ssl(hssl);
+	const void* data = &buf[0] + p;
+	size_t len = l;
+	OSStatus s = SSLWrite(ctx->sslCtx, data, len, &len);
+	if (s == errSSLWouldBlock) hx::Throw(HX_CSTRING("Blocking"));
+	if (s != noErr) hx::Throw(HX_CSTRING("SSL write error"));
+	return (int)len;
+}
+
+int _hx_ssl_recv(Dynamic hssl, Array<unsigned char> buf, int p, int l) {
+	sslctx* ctx = val_ssl(hssl);
+	void* data = &buf[0] + p;
+	size_t len = l;
+	OSStatus s = SSLRead(ctx->sslCtx, data, len, &len);
+	if (s == errSSLWouldBlock) hx::Throw(HX_CSTRING("Blocking"));
+	if (s == errSSLClosedGraceful || s == errSSLClosedAbort) return 0;
+	if (s != noErr) hx::Throw(HX_CSTRING("SSL read error"));
+	return (int)len;
+}
+
+void _hx_ssl_send_char(Dynamic hssl, int c) {
+	sslctx* ctx = val_ssl(hssl);
+	UInt8 byte = (UInt8)c;
+	size_t processed = 0;
+	OSStatus s = SSLWrite(ctx->sslCtx, &byte, 1, &processed);
+	if (s == errSSLWouldBlock) hx::Throw(HX_CSTRING("Blocking"));
+	if (s != noErr || processed != 1) hx::Throw(HX_CSTRING("SSL write error"));
+}
+
+int _hx_ssl_recv_char(Dynamic hssl) {
+	sslctx* ctx = val_ssl(hssl);
+	UInt8 byte;
+	size_t processed = 0;
+	OSStatus s = SSLRead(ctx->sslCtx, &byte, 1, &processed);
+	if (s == errSSLWouldBlock) hx::Throw(HX_CSTRING("Blocking"));
+	if (s != noErr || processed == 0) hx::Throw(HX_CSTRING("ssl_recv_char"));
+	return (int)byte;
+}
+
+void _hx_ssl_write(Dynamic hssl, Array<unsigned char> buf) {
+	int total = buf->length;
+	int offset = 0;
+	while (total > 0) {
+		int sent = _hx_ssl_send(hssl, buf, offset, total);
+		offset += sent;
+		total -= sent;
+	}
+}
+
+Array<unsigned char> _hx_ssl_read(Dynamic hssl) {
+	Array<unsigned char> res = Array_obj<unsigned char>::__new();
+	unsigned char buffer[256];
+	while (true) {
+		size_t processed = 0;
+		OSStatus s = SSLRead(val_ssl(hssl)->sslCtx, buffer, sizeof(buffer), &processed);
+		if (s == errSSLWouldBlock) hx::Throw(HX_CSTRING("Blocking"));
+		if (s == errSSLClosedGraceful || s == errSSLClosedAbort) break;
+		if (s != noErr) hx::Throw(HX_CSTRING("SSL read error"));
+		if (processed == 0) break;
+		res->memcpy(res->length, buffer, processed);
+	}
+	return res;
+}
+
+void _hx_ssl_init() {}
+
+Dynamic _hx_ssl_cert_load_defaults() {
+	return null();
+}
+
+#else
+
 #include <string.h>
 
 #ifdef HX_WINDOWS
@@ -896,3 +1116,5 @@ void _hx_ssl_init() {
 	mbedtls_ctr_drbg_init( &ctr_drbg );
 	mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0 );
 }
+
+#endif
diff --git a/Sources/mbedtls/include/.gitignore b/Sources/mbedtls/include/.gitignore
deleted file mode 100644
index bf67d02..0000000
--- a/Sources/mbedtls/include/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-Makefile
-*.sln
-*.vcxproj
-mbedtls/check_config
diff --git a/Sources/mbedtls/include/mbedtls/aes.h b/Sources/mbedtls/include/mbedtls/aes.h
deleted file mode 100644
index 401ac39..0000000
--- a/Sources/mbedtls/include/mbedtls/aes.h
+++ /dev/null
@@ -1,689 +0,0 @@
-/**
- * \file aes.h
- *
- * \brief   This file contains AES definitions and functions.
- *
- *          The Advanced Encryption Standard (AES) specifies a FIPS-approved
- *          cryptographic algorithm that can be used to protect electronic
- *          data.
- *
- *          The AES algorithm is a symmetric block cipher that can
- *          encrypt and decrypt information. For more information, see
- *          <em>FIPS Publication 197: Advanced Encryption Standard</em> and
- *          <em>ISO/IEC 18033-2:2006: Information technology -- Security
- *          techniques -- Encryption algorithms -- Part 2: Asymmetric
- *          ciphers</em>.
- *
- *          The AES-XTS block mode is standardized by NIST SP 800-38E
- *          <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf>
- *          and described in detail by IEEE P1619
- *          <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>.
- */
-
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_AES_H
-#define MBEDTLS_AES_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-#include "mbedtls/platform_util.h"
-
-#include <stddef.h>
-#include <stdint.h>
-
-/* padlock.c and aesni.c rely on these values! */
-#define MBEDTLS_AES_ENCRYPT     1 /**< AES encryption. */
-#define MBEDTLS_AES_DECRYPT     0 /**< AES decryption. */
-
-/* Error codes in range 0x0020-0x0022 */
-/** Invalid key length. */
-#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH                -0x0020
-/** Invalid data input length. */
-#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH              -0x0022
-
-/* Error codes in range 0x0021-0x0025 */
-/** Invalid input data. */
-#define MBEDTLS_ERR_AES_BAD_INPUT_DATA                    -0x0021
-
-/* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */
-/** Feature not available. For example, an unsupported AES key size. */
-#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE               -0x0023
-
-/* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** AES hardware accelerator failed. */
-#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED                   -0x0025
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_AES_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The AES context-type definition.
- */
-typedef struct mbedtls_aes_context
-{
-    int nr;                     /*!< The number of rounds. */
-    uint32_t *rk;               /*!< AES round keys. */
-    uint32_t buf[68];           /*!< Unaligned data buffer. This buffer can
-                                     hold 32 extra Bytes, which can be used for
-                                     one of the following purposes:
-                                     <ul><li>Alignment if VIA padlock is
-                                             used.</li>
-                                     <li>Simplifying key expansion in the 256-bit
-                                         case by generating an extra round key.
-                                         </li></ul> */
-}
-mbedtls_aes_context;
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief The AES XTS context-type definition.
- */
-typedef struct mbedtls_aes_xts_context
-{
-    mbedtls_aes_context crypt; /*!< The AES context to use for AES block
-                                        encryption or decryption. */
-    mbedtls_aes_context tweak; /*!< The AES context used for tweak
-                                        computation. */
-} mbedtls_aes_xts_context;
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-#else  /* MBEDTLS_AES_ALT */
-#include "aes_alt.h"
-#endif /* MBEDTLS_AES_ALT */
-
-/**
- * \brief          This function initializes the specified AES context.
- *
- *                 It must be the first API called before using
- *                 the context.
- *
- * \param ctx      The AES context to initialize. This must not be \c NULL.
- */
-void mbedtls_aes_init( mbedtls_aes_context *ctx );
-
-/**
- * \brief          This function releases and clears the specified AES context.
- *
- * \param ctx      The AES context to clear.
- *                 If this is \c NULL, this function does nothing.
- *                 Otherwise, the context must have been at least initialized.
- */
-void mbedtls_aes_free( mbedtls_aes_context *ctx );
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief          This function initializes the specified AES XTS context.
- *
- *                 It must be the first API called before using
- *                 the context.
- *
- * \param ctx      The AES XTS context to initialize. This must not be \c NULL.
- */
-void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
-
-/**
- * \brief          This function releases and clears the specified AES XTS context.
- *
- * \param ctx      The AES XTS context to clear.
- *                 If this is \c NULL, this function does nothing.
- *                 Otherwise, the context must have been at least initialized.
- */
-void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/**
- * \brief          This function sets the encryption key.
- *
- * \param ctx      The AES context to which the key should be bound.
- *                 It must be initialized.
- * \param key      The encryption key.
- *                 This must be a readable buffer of size \p keybits bits.
- * \param keybits  The size of data passed in bits. Valid options are:
- *                 <ul><li>128 bits</li>
- *                 <li>192 bits</li>
- *                 <li>256 bits</li></ul>
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits );
-
-/**
- * \brief          This function sets the decryption key.
- *
- * \param ctx      The AES context to which the key should be bound.
- *                 It must be initialized.
- * \param key      The decryption key.
- *                 This must be a readable buffer of size \p keybits bits.
- * \param keybits  The size of data passed. Valid options are:
- *                 <ul><li>128 bits</li>
- *                 <li>192 bits</li>
- *                 <li>256 bits</li></ul>
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits );
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief          This function prepares an XTS context for encryption and
- *                 sets the encryption key.
- *
- * \param ctx      The AES XTS context to which the key should be bound.
- *                 It must be initialized.
- * \param key      The encryption key. This is comprised of the XTS key1
- *                 concatenated with the XTS key2.
- *                 This must be a readable buffer of size \p keybits bits.
- * \param keybits  The size of \p key passed in bits. Valid options are:
- *                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
- *                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
-                                const unsigned char *key,
-                                unsigned int keybits );
-
-/**
- * \brief          This function prepares an XTS context for decryption and
- *                 sets the decryption key.
- *
- * \param ctx      The AES XTS context to which the key should be bound.
- *                 It must be initialized.
- * \param key      The decryption key. This is comprised of the XTS key1
- *                 concatenated with the XTS key2.
- *                 This must be a readable buffer of size \p keybits bits.
- * \param keybits  The size of \p key passed in bits. Valid options are:
- *                 <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
- *                 <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
-                                const unsigned char *key,
-                                unsigned int keybits );
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/**
- * \brief          This function performs an AES single-block encryption or
- *                 decryption operation.
- *
- *                 It performs the operation defined in the \p mode parameter
- *                 (encrypt or decrypt), on the input data buffer defined in
- *                 the \p input parameter.
- *
- *                 mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
- *                 mbedtls_aes_setkey_dec() must be called before the first
- *                 call to this API with the same context.
- *
- * \param ctx      The AES context to use for encryption or decryption.
- *                 It must be initialized and bound to a key.
- * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
- *                 #MBEDTLS_AES_DECRYPT.
- * \param input    The buffer holding the input data.
- *                 It must be readable and at least \c 16 Bytes long.
- * \param output   The buffer where the output data will be written.
- *                 It must be writeable and at least \c 16 Bytes long.
-
- * \return         \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
-                    int mode,
-                    const unsigned char input[16],
-                    unsigned char output[16] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief  This function performs an AES-CBC encryption or decryption operation
- *         on full blocks.
- *
- *         It performs the operation defined in the \p mode
- *         parameter (encrypt/decrypt), on the input data buffer defined in
- *         the \p input parameter.
- *
- *         It can be called as many times as needed, until all the input
- *         data is processed. mbedtls_aes_init(), and either
- *         mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
- *         before the first call to this API with the same context.
- *
- * \note   This function operates on full blocks, that is, the input size
- *         must be a multiple of the AES block size of \c 16 Bytes.
- *
- * \note   Upon exit, the content of the IV is updated so that you can
- *         call the same function again on the next
- *         block(s) of data and get the same result as if it was
- *         encrypted in one call. This allows a "streaming" usage.
- *         If you need to retain the contents of the IV, you should
- *         either save it manually or use the cipher module instead.
- *
- *
- * \param ctx      The AES context to use for encryption or decryption.
- *                 It must be initialized and bound to a key.
- * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
- *                 #MBEDTLS_AES_DECRYPT.
- * \param length   The length of the input data in Bytes. This must be a
- *                 multiple of the block size (\c 16 Bytes).
- * \param iv       Initialization vector (updated after use).
- *                 It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input    The buffer holding the input data.
- *                 It must be readable and of size \p length Bytes.
- * \param output   The buffer holding the output data.
- *                 It must be writeable and of size \p length Bytes.
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
- *                 on failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/**
- * \brief      This function performs an AES-XTS encryption or decryption
- *             operation for an entire XTS data unit.
- *
- *             AES-XTS encrypts or decrypts blocks based on their location as
- *             defined by a data unit number. The data unit number must be
- *             provided by \p data_unit.
- *
- *             NIST SP 800-38E limits the maximum size of a data unit to 2^20
- *             AES blocks. If the data unit is larger than this, this function
- *             returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
- *
- * \param ctx          The AES XTS context to use for AES XTS operations.
- *                     It must be initialized and bound to a key.
- * \param mode         The AES operation: #MBEDTLS_AES_ENCRYPT or
- *                     #MBEDTLS_AES_DECRYPT.
- * \param length       The length of a data unit in Bytes. This can be any
- *                     length between 16 bytes and 2^24 bytes inclusive
- *                     (between 1 and 2^20 block cipher blocks).
- * \param data_unit    The address of the data unit encoded as an array of 16
- *                     bytes in little-endian format. For disk encryption, this
- *                     is typically the index of the block device sector that
- *                     contains the data.
- * \param input        The buffer holding the input data (which is an entire
- *                     data unit). This function reads \p length Bytes from \p
- *                     input.
- * \param output       The buffer holding the output data (which is an entire
- *                     data unit). This function writes \p length Bytes to \p
- *                     output.
- *
- * \return             \c 0 on success.
- * \return             #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
- *                     smaller than an AES block in size (16 Bytes) or if \p
- *                     length is larger than 2^20 blocks (16 MiB).
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
-                           int mode,
-                           size_t length,
-                           const unsigned char data_unit[16],
-                           const unsigned char *input,
-                           unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief This function performs an AES-CFB128 encryption or decryption
- *        operation.
- *
- *        It performs the operation defined in the \p mode
- *        parameter (encrypt or decrypt), on the input data buffer
- *        defined in the \p input parameter.
- *
- *        For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
- *        regardless of whether you are performing an encryption or decryption
- *        operation, that is, regardless of the \p mode parameter. This is
- *        because CFB mode uses the same key schedule for encryption and
- *        decryption.
- *
- * \note  Upon exit, the content of the IV is updated so that you can
- *        call the same function again on the next
- *        block(s) of data and get the same result as if it was
- *        encrypted in one call. This allows a "streaming" usage.
- *        If you need to retain the contents of the
- *        IV, you must either save it manually or use the cipher
- *        module instead.
- *
- *
- * \param ctx      The AES context to use for encryption or decryption.
- *                 It must be initialized and bound to a key.
- * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
- *                 #MBEDTLS_AES_DECRYPT.
- * \param length   The length of the input data in Bytes.
- * \param iv_off   The offset in IV (updated after use).
- *                 It must point to a valid \c size_t.
- * \param iv       The initialization vector (updated after use).
- *                 It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input    The buffer holding the input data.
- *                 It must be readable and of size \p length Bytes.
- * \param output   The buffer holding the output data.
- *                 It must be writeable and of size \p length Bytes.
- *
- * \return         \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-
-/**
- * \brief This function performs an AES-CFB8 encryption or decryption
- *        operation.
- *
- *        It performs the operation defined in the \p mode
- *        parameter (encrypt/decrypt), on the input data buffer defined
- *        in the \p input parameter.
- *
- *        Due to the nature of CFB, you must use the same key schedule for
- *        both encryption and decryption operations. Therefore, you must
- *        use the context initialized with mbedtls_aes_setkey_enc() for
- *        both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
- *
- * \note  Upon exit, the content of the IV is updated so that you can
- *        call the same function again on the next
- *        block(s) of data and get the same result as if it was
- *        encrypted in one call. This allows a "streaming" usage.
- *        If you need to retain the contents of the
- *        IV, you should either save it manually or use the cipher
- *        module instead.
- *
- *
- * \param ctx      The AES context to use for encryption or decryption.
- *                 It must be initialized and bound to a key.
- * \param mode     The AES operation: #MBEDTLS_AES_ENCRYPT or
- *                 #MBEDTLS_AES_DECRYPT
- * \param length   The length of the input data.
- * \param iv       The initialization vector (updated after use).
- *                 It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input    The buffer holding the input data.
- *                 It must be readable and of size \p length Bytes.
- * \param output   The buffer holding the output data.
- *                 It must be writeable and of size \p length Bytes.
- *
- * \return         \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output );
-#endif /*MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-/**
- * \brief       This function performs an AES-OFB (Output Feedback Mode)
- *              encryption or decryption operation.
- *
- *              For OFB, you must set up the context with
- *              mbedtls_aes_setkey_enc(), regardless of whether you are
- *              performing an encryption or decryption operation. This is
- *              because OFB mode uses the same key schedule for encryption and
- *              decryption.
- *
- *              The OFB operation is identical for encryption or decryption,
- *              therefore no operation mode needs to be specified.
- *
- * \note        Upon exit, the content of iv, the Initialisation Vector, is
- *              updated so that you can call the same function again on the next
- *              block(s) of data and get the same result as if it was encrypted
- *              in one call. This allows a "streaming" usage, by initialising
- *              iv_off to 0 before the first call, and preserving its value
- *              between calls.
- *
- *              For non-streaming use, the iv should be initialised on each call
- *              to a unique value, and iv_off set to 0 on each call.
- *
- *              If you need to retain the contents of the initialisation vector,
- *              you must either save it manually or use the cipher module
- *              instead.
- *
- * \warning     For the OFB mode, the initialisation vector must be unique
- *              every encryption operation. Reuse of an initialisation vector
- *              will compromise security.
- *
- * \param ctx      The AES context to use for encryption or decryption.
- *                 It must be initialized and bound to a key.
- * \param length   The length of the input data.
- * \param iv_off   The offset in IV (updated after use).
- *                 It must point to a valid \c size_t.
- * \param iv       The initialization vector (updated after use).
- *                 It must be a readable and writeable buffer of \c 16 Bytes.
- * \param input    The buffer holding the input data.
- *                 It must be readable and of size \p length Bytes.
- * \param output   The buffer holding the output data.
- *                 It must be writeable and of size \p length Bytes.
- *
- * \return         \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-
-#endif /* MBEDTLS_CIPHER_MODE_OFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief      This function performs an AES-CTR encryption or decryption
- *             operation.
- *
- *             Due to the nature of CTR, you must use the same key schedule
- *             for both encryption and decryption operations. Therefore, you
- *             must use the context initialized with mbedtls_aes_setkey_enc()
- *             for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
- *
- * \warning    You must never reuse a nonce value with the same key. Doing so
- *             would void the encryption for the two messages encrypted with
- *             the same nonce and key.
- *
- *             There are two common strategies for managing nonces with CTR:
- *
- *             1. You can handle everything as a single message processed over
- *             successive calls to this function. In that case, you want to
- *             set \p nonce_counter and \p nc_off to 0 for the first call, and
- *             then preserve the values of \p nonce_counter, \p nc_off and \p
- *             stream_block across calls to this function as they will be
- *             updated by this function.
- *
- *             With this strategy, you must not encrypt more than 2**128
- *             blocks of data with the same key.
- *
- *             2. You can encrypt separate messages by dividing the \p
- *             nonce_counter buffer in two areas: the first one used for a
- *             per-message nonce, handled by yourself, and the second one
- *             updated by this function internally.
- *
- *             For example, you might reserve the first 12 bytes for the
- *             per-message nonce, and the last 4 bytes for internal use. In that
- *             case, before calling this function on a new message you need to
- *             set the first 12 bytes of \p nonce_counter to your chosen nonce
- *             value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
- *             stream_block to be ignored). That way, you can encrypt at most
- *             2**96 messages of up to 2**32 blocks each with the same key.
- *
- *             The per-message nonce (or information sufficient to reconstruct
- *             it) needs to be communicated with the ciphertext and must be unique.
- *             The recommended way to ensure uniqueness is to use a message
- *             counter. An alternative is to generate random nonces, but this
- *             limits the number of messages that can be securely encrypted:
- *             for example, with 96-bit random nonces, you should not encrypt
- *             more than 2**32 messages with the same key.
- *
- *             Note that for both strategies, sizes are measured in blocks and
- *             that an AES block is 16 bytes.
- *
- * \warning    Upon return, \p stream_block contains sensitive data. Its
- *             content must not be written to insecure storage and should be
- *             securely discarded as soon as it's no longer needed.
- *
- * \param ctx              The AES context to use for encryption or decryption.
- *                         It must be initialized and bound to a key.
- * \param length           The length of the input data.
- * \param nc_off           The offset in the current \p stream_block, for
- *                         resuming within the current cipher stream. The
- *                         offset pointer should be 0 at the start of a stream.
- *                         It must point to a valid \c size_t.
- * \param nonce_counter    The 128-bit nonce and counter.
- *                         It must be a readable-writeable buffer of \c 16 Bytes.
- * \param stream_block     The saved stream block for resuming. This is
- *                         overwritten by the function.
- *                         It must be a readable-writeable buffer of \c 16 Bytes.
- * \param input            The buffer holding the input data.
- *                         It must be readable and of size \p length Bytes.
- * \param output           The buffer holding the output data.
- *                         It must be writeable and of size \p length Bytes.
- *
- * \return                 \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-/**
- * \brief           Internal AES block encryption function. This is only
- *                  exposed to allow overriding it using
- *                  \c MBEDTLS_AES_ENCRYPT_ALT.
- *
- * \param ctx       The AES context to use for encryption.
- * \param input     The plaintext block.
- * \param output    The output (ciphertext) block.
- *
- * \return          \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
-                                  const unsigned char input[16],
-                                  unsigned char output[16] );
-
-/**
- * \brief           Internal AES block decryption function. This is only
- *                  exposed to allow overriding it using see
- *                  \c MBEDTLS_AES_DECRYPT_ALT.
- *
- * \param ctx       The AES context to use for decryption.
- * \param input     The ciphertext block.
- * \param output    The output (plaintext) block.
- *
- * \return          \c 0 on success.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
-                                  const unsigned char input[16],
-                                  unsigned char output[16] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief           Deprecated internal AES block encryption function
- *                  without return value.
- *
- * \deprecated      Superseded by mbedtls_internal_aes_encrypt()
- *
- * \param ctx       The AES context to use for encryption.
- * \param input     Plaintext block.
- * \param output    Output (ciphertext) block.
- */
-MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
-                                             const unsigned char input[16],
-                                             unsigned char output[16] );
-
-/**
- * \brief           Deprecated internal AES block decryption function
- *                  without return value.
- *
- * \deprecated      Superseded by mbedtls_internal_aes_decrypt()
- *
- * \param ctx       The AES context to use for decryption.
- * \param input     Ciphertext block.
- * \param output    Output (plaintext) block.
- */
-MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
-                                             const unsigned char input[16],
-                                             unsigned char output[16] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief          Checkup routine.
- *
- * \return         \c 0 on success.
- * \return         \c 1 on failure.
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_aes_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* aes.h */
diff --git a/Sources/mbedtls/include/mbedtls/aesni.h b/Sources/mbedtls/include/mbedtls/aesni.h
deleted file mode 100644
index c1d22f5..0000000
--- a/Sources/mbedtls/include/mbedtls/aesni.h
+++ /dev/null
@@ -1,136 +0,0 @@
-/**
- * \file aesni.h
- *
- * \brief AES-NI for hardware AES acceleration on some Intel processors
- *
- * \warning These functions are only for internal use by other library
- *          functions; you must not call them directly.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_AESNI_H
-#define MBEDTLS_AESNI_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/aes.h"
-
-#define MBEDTLS_AESNI_AES      0x02000000u
-#define MBEDTLS_AESNI_CLMUL    0x00000002u
-
-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) &&  \
-    ( defined(__amd64__) || defined(__x86_64__) )   &&  \
-    ! defined(MBEDTLS_HAVE_X86_64)
-#define MBEDTLS_HAVE_X86_64
-#endif
-
-#if defined(MBEDTLS_HAVE_X86_64)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Internal function to detect the AES-NI feature in CPUs.
- *
- * \note           This function is only for internal use by other library
- *                 functions; you must not call it directly.
- *
- * \param what     The feature to detect
- *                 (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL)
- *
- * \return         1 if CPU has support for the feature, 0 otherwise
- */
-int mbedtls_aesni_has_support( unsigned int what );
-
-/**
- * \brief          Internal AES-NI AES-ECB block encryption and decryption
- *
- * \note           This function is only for internal use by other library
- *                 functions; you must not call it directly.
- *
- * \param ctx      AES context
- * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
- * \param input    16-byte input block
- * \param output   16-byte output block
- *
- * \return         0 on success (cannot fail)
- */
-int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
-                             int mode,
-                             const unsigned char input[16],
-                             unsigned char output[16] );
-
-/**
- * \brief          Internal GCM multiplication: c = a * b in GF(2^128)
- *
- * \note           This function is only for internal use by other library
- *                 functions; you must not call it directly.
- *
- * \param c        Result
- * \param a        First operand
- * \param b        Second operand
- *
- * \note           Both operands and result are bit strings interpreted as
- *                 elements of GF(2^128) as per the GCM spec.
- */
-void mbedtls_aesni_gcm_mult( unsigned char c[16],
-                             const unsigned char a[16],
-                             const unsigned char b[16] );
-
-/**
- * \brief           Internal round key inversion. This function computes
- *                  decryption round keys from the encryption round keys.
- *
- * \note            This function is only for internal use by other library
- *                  functions; you must not call it directly.
- *
- * \param invkey    Round keys for the equivalent inverse cipher
- * \param fwdkey    Original round keys (for encryption)
- * \param nr        Number of rounds (that is, number of round keys minus one)
- */
-void mbedtls_aesni_inverse_key( unsigned char *invkey,
-                                const unsigned char *fwdkey,
-                                int nr );
-
-/**
- * \brief           Internal key expansion for encryption
- *
- * \note            This function is only for internal use by other library
- *                  functions; you must not call it directly.
- *
- * \param rk        Destination buffer where the round keys are written
- * \param key       Encryption key
- * \param bits      Key size in bits (must be 128, 192 or 256)
- *
- * \return          0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
- */
-int mbedtls_aesni_setkey_enc( unsigned char *rk,
-                              const unsigned char *key,
-                              size_t bits );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_HAVE_X86_64 */
-
-#endif /* MBEDTLS_AESNI_H */
diff --git a/Sources/mbedtls/include/mbedtls/arc4.h b/Sources/mbedtls/include/mbedtls/arc4.h
deleted file mode 100644
index f4b0f9f..0000000
--- a/Sources/mbedtls/include/mbedtls/arc4.h
+++ /dev/null
@@ -1,145 +0,0 @@
-/**
- * \file arc4.h
- *
- * \brief The ARCFOUR stream cipher
- *
- * \warning   ARC4 is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-#ifndef MBEDTLS_ARC4_H
-#define MBEDTLS_ARC4_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-/* MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** ARC4 hardware accelerator failed. */
-#define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED                  -0x0019
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_ARC4_ALT)
-// Regular implementation
-//
-
-/**
- * \brief     ARC4 context structure
- *
- * \warning   ARC4 is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
- *
- */
-typedef struct mbedtls_arc4_context
-{
-    int x;                      /*!< permutation index */
-    int y;                      /*!< permutation index */
-    unsigned char m[256];       /*!< permutation table */
-}
-mbedtls_arc4_context;
-
-#else  /* MBEDTLS_ARC4_ALT */
-#include "arc4_alt.h"
-#endif /* MBEDTLS_ARC4_ALT */
-
-/**
- * \brief          Initialize ARC4 context
- *
- * \param ctx      ARC4 context to be initialized
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
-
-/**
- * \brief          Clear ARC4 context
- *
- * \param ctx      ARC4 context to be cleared
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
-
-/**
- * \brief          ARC4 key schedule
- *
- * \param ctx      ARC4 context to be setup
- * \param key      the secret key
- * \param keylen   length of the key, in bytes
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
-                 unsigned int keylen );
-
-/**
- * \brief          ARC4 cipher function
- *
- * \param ctx      ARC4 context
- * \param length   length of the input data
- * \param input    buffer holding the input data
- * \param output   buffer for the output data
- *
- * \return         0 if successful
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
-                unsigned char *output );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- *
- * \warning        ARC4 is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- *
- */
-int mbedtls_arc4_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* arc4.h */
diff --git a/Sources/mbedtls/include/mbedtls/aria.h b/Sources/mbedtls/include/mbedtls/aria.h
deleted file mode 100644
index d294c47..0000000
--- a/Sources/mbedtls/include/mbedtls/aria.h
+++ /dev/null
@@ -1,373 +0,0 @@
-/**
- * \file aria.h
- *
- * \brief ARIA block cipher
- *
- *        The ARIA algorithm is a symmetric block cipher that can encrypt and
- *        decrypt information. It is defined by the Korean Agency for
- *        Technology and Standards (KATS) in <em>KS X 1213:2004</em> (in
- *        Korean, but see http://210.104.33.10/ARIA/index-e.html in English)
- *        and also described by the IETF in <em>RFC 5794</em>.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_ARIA_H
-#define MBEDTLS_ARIA_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include "mbedtls/platform_util.h"
-
-#define MBEDTLS_ARIA_ENCRYPT     1 /**< ARIA encryption. */
-#define MBEDTLS_ARIA_DECRYPT     0 /**< ARIA decryption. */
-
-#define MBEDTLS_ARIA_BLOCKSIZE   16 /**< ARIA block size in bytes. */
-#define MBEDTLS_ARIA_MAX_ROUNDS  16 /**< Maximum number of rounds in ARIA. */
-#define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH   MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C )
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-/** Bad input data. */
-#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C
-
-/** Invalid data input length. */
-#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E
-
-/* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used.
- */
-/** Feature not available. For example, an unsupported ARIA key size. */
-#define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE  -0x005A
-
-/* MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** ARIA hardware accelerator failed. */
-#define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED      -0x0058
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_ARIA_ALT)
-// Regular implementation
-//
-
-/**
- * \brief The ARIA context-type definition.
- */
-typedef struct mbedtls_aria_context
-{
-    unsigned char nr;           /*!< The number of rounds (12, 14 or 16) */
-    /*! The ARIA round keys. */
-    uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
-}
-mbedtls_aria_context;
-
-#else  /* MBEDTLS_ARIA_ALT */
-#include "aria_alt.h"
-#endif /* MBEDTLS_ARIA_ALT */
-
-/**
- * \brief          This function initializes the specified ARIA context.
- *
- *                 It must be the first API called before using
- *                 the context.
- *
- * \param ctx      The ARIA context to initialize. This must not be \c NULL.
- */
-void mbedtls_aria_init( mbedtls_aria_context *ctx );
-
-/**
- * \brief          This function releases and clears the specified ARIA context.
- *
- * \param ctx      The ARIA context to clear. This may be \c NULL, in which
- *                 case this function returns immediately. If it is not \c NULL,
- *                 it must point to an initialized ARIA context.
- */
-void mbedtls_aria_free( mbedtls_aria_context *ctx );
-
-/**
- * \brief          This function sets the encryption key.
- *
- * \param ctx      The ARIA context to which the key should be bound.
- *                 This must be initialized.
- * \param key      The encryption key. This must be a readable buffer
- *                 of size \p keybits Bits.
- * \param keybits  The size of \p key in Bits. Valid options are:
- *                 <ul><li>128 bits</li>
- *                 <li>192 bits</li>
- *                 <li>256 bits</li></ul>
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
-                             const unsigned char *key,
-                             unsigned int keybits );
-
-/**
- * \brief          This function sets the decryption key.
- *
- * \param ctx      The ARIA context to which the key should be bound.
- *                 This must be initialized.
- * \param key      The decryption key. This must be a readable buffer
- *                 of size \p keybits Bits.
- * \param keybits  The size of data passed. Valid options are:
- *                 <ul><li>128 bits</li>
- *                 <li>192 bits</li>
- *                 <li>256 bits</li></ul>
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
-                             const unsigned char *key,
-                             unsigned int keybits );
-
-/**
- * \brief          This function performs an ARIA single-block encryption or
- *                 decryption operation.
- *
- *                 It performs encryption or decryption (depending on whether
- *                 the key was set for encryption on decryption) on the input
- *                 data buffer defined in the \p input parameter.
- *
- *                 mbedtls_aria_init(), and either mbedtls_aria_setkey_enc() or
- *                 mbedtls_aria_setkey_dec() must be called before the first
- *                 call to this API with the same context.
- *
- * \param ctx      The ARIA context to use for encryption or decryption.
- *                 This must be initialized and bound to a key.
- * \param input    The 16-Byte buffer holding the input data.
- * \param output   The 16-Byte buffer holding the output data.
-
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
-                            const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
-                            unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief  This function performs an ARIA-CBC encryption or decryption operation
- *         on full blocks.
- *
- *         It performs the operation defined in the \p mode
- *         parameter (encrypt/decrypt), on the input data buffer defined in
- *         the \p input parameter.
- *
- *         It can be called as many times as needed, until all the input
- *         data is processed. mbedtls_aria_init(), and either
- *         mbedtls_aria_setkey_enc() or mbedtls_aria_setkey_dec() must be called
- *         before the first call to this API with the same context.
- *
- * \note   This function operates on aligned blocks, that is, the input size
- *         must be a multiple of the ARIA block size of 16 Bytes.
- *
- * \note   Upon exit, the content of the IV is updated so that you can
- *         call the same function again on the next
- *         block(s) of data and get the same result as if it was
- *         encrypted in one call. This allows a "streaming" usage.
- *         If you need to retain the contents of the IV, you should
- *         either save it manually or use the cipher module instead.
- *
- *
- * \param ctx      The ARIA context to use for encryption or decryption.
- *                 This must be initialized and bound to a key.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_ARIA_ENCRYPT for encryption, or
- *                 #MBEDTLS_ARIA_DECRYPT for decryption.
- * \param length   The length of the input data in Bytes. This must be a
- *                 multiple of the block size (16 Bytes).
- * \param iv       Initialization vector (updated after use).
- *                 This must be a readable buffer of size 16 Bytes.
- * \param input    The buffer holding the input data. This must
- *                 be a readable buffer of length \p length Bytes.
- * \param output   The buffer holding the output data. This must
- *                 be a writable buffer of length \p length Bytes.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
-                            int mode,
-                            size_t length,
-                            unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
-                            const unsigned char *input,
-                            unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief This function performs an ARIA-CFB128 encryption or decryption
- *        operation.
- *
- *        It performs the operation defined in the \p mode
- *        parameter (encrypt or decrypt), on the input data buffer
- *        defined in the \p input parameter.
- *
- *        For CFB, you must set up the context with mbedtls_aria_setkey_enc(),
- *        regardless of whether you are performing an encryption or decryption
- *        operation, that is, regardless of the \p mode parameter. This is
- *        because CFB mode uses the same key schedule for encryption and
- *        decryption.
- *
- * \note  Upon exit, the content of the IV is updated so that you can
- *        call the same function again on the next
- *        block(s) of data and get the same result as if it was
- *        encrypted in one call. This allows a "streaming" usage.
- *        If you need to retain the contents of the
- *        IV, you must either save it manually or use the cipher
- *        module instead.
- *
- *
- * \param ctx      The ARIA context to use for encryption or decryption.
- *                 This must be initialized and bound to a key.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_ARIA_ENCRYPT for encryption, or
- *                 #MBEDTLS_ARIA_DECRYPT for decryption.
- * \param length   The length of the input data \p input in Bytes.
- * \param iv_off   The offset in IV (updated after use).
- *                 This must not be larger than 15.
- * \param iv       The initialization vector (updated after use).
- *                 This must be a readable buffer of size 16 Bytes.
- * \param input    The buffer holding the input data. This must
- *                 be a readable buffer of length \p length Bytes.
- * \param output   The buffer holding the output data. This must
- *                 be a writable buffer of length \p length Bytes.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
-                               int mode,
-                               size_t length,
-                               size_t *iv_off,
-                               unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
-                               const unsigned char *input,
-                               unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief      This function performs an ARIA-CTR encryption or decryption
- *             operation.
- *
- *             This function performs the operation defined in the \p mode
- *             parameter (encrypt/decrypt), on the input data buffer
- *             defined in the \p input parameter.
- *
- *             Due to the nature of CTR, you must use the same key schedule
- *             for both encryption and decryption operations. Therefore, you
- *             must use the context initialized with mbedtls_aria_setkey_enc()
- *             for both #MBEDTLS_ARIA_ENCRYPT and #MBEDTLS_ARIA_DECRYPT.
- *
- * \warning    You must never reuse a nonce value with the same key. Doing so
- *             would void the encryption for the two messages encrypted with
- *             the same nonce and key.
- *
- *             There are two common strategies for managing nonces with CTR:
- *
- *             1. You can handle everything as a single message processed over
- *             successive calls to this function. In that case, you want to
- *             set \p nonce_counter and \p nc_off to 0 for the first call, and
- *             then preserve the values of \p nonce_counter, \p nc_off and \p
- *             stream_block across calls to this function as they will be
- *             updated by this function.
- *
- *             With this strategy, you must not encrypt more than 2**128
- *             blocks of data with the same key.
- *
- *             2. You can encrypt separate messages by dividing the \p
- *             nonce_counter buffer in two areas: the first one used for a
- *             per-message nonce, handled by yourself, and the second one
- *             updated by this function internally.
- *
- *             For example, you might reserve the first 12 bytes for the
- *             per-message nonce, and the last 4 bytes for internal use. In that
- *             case, before calling this function on a new message you need to
- *             set the first 12 bytes of \p nonce_counter to your chosen nonce
- *             value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
- *             stream_block to be ignored). That way, you can encrypt at most
- *             2**96 messages of up to 2**32 blocks each with the same key.
- *
- *             The per-message nonce (or information sufficient to reconstruct
- *             it) needs to be communicated with the ciphertext and must be unique.
- *             The recommended way to ensure uniqueness is to use a message
- *             counter. An alternative is to generate random nonces, but this
- *             limits the number of messages that can be securely encrypted:
- *             for example, with 96-bit random nonces, you should not encrypt
- *             more than 2**32 messages with the same key.
- *
- *             Note that for both strategies, sizes are measured in blocks and
- *             that an ARIA block is 16 bytes.
- *
- * \warning    Upon return, \p stream_block contains sensitive data. Its
- *             content must not be written to insecure storage and should be
- *             securely discarded as soon as it's no longer needed.
- *
- * \param ctx              The ARIA context to use for encryption or decryption.
- *                         This must be initialized and bound to a key.
- * \param length           The length of the input data \p input in Bytes.
- * \param nc_off           The offset in Bytes in the current \p stream_block,
- *                         for resuming within the current cipher stream. The
- *                         offset pointer should be \c 0 at the start of a
- *                         stream. This must not be larger than \c 15 Bytes.
- * \param nonce_counter    The 128-bit nonce and counter. This must point to
- *                         a read/write buffer of length \c 16 bytes.
- * \param stream_block     The saved stream block for resuming. This must
- *                         point to a read/write buffer of length \c 16 bytes.
- *                         This is overwritten by the function.
- * \param input            The buffer holding the input data. This must
- *                         be a readable buffer of length \p length Bytes.
- * \param output           The buffer holding the output data. This must
- *                         be a writable buffer of length \p length Bytes.
- *
- * \return                 \c 0 on success.
- * \return                 A negative error code on failure.
- */
-int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
-                            size_t length,
-                            size_t *nc_off,
-                            unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
-                            unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
-                            const unsigned char *input,
-                            unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief          Checkup routine.
- *
- * \return         \c 0 on success, or \c 1 on failure.
- */
-int mbedtls_aria_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* aria.h */
diff --git a/Sources/mbedtls/include/mbedtls/asn1.h b/Sources/mbedtls/include/mbedtls/asn1.h
deleted file mode 100644
index 5117fc7..0000000
--- a/Sources/mbedtls/include/mbedtls/asn1.h
+++ /dev/null
@@ -1,616 +0,0 @@
-/**
- * \file asn1.h
- *
- * \brief Generic ASN.1 parsing
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_ASN1_H
-#define MBEDTLS_ASN1_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#endif
-
-/**
- * \addtogroup asn1_module
- * \{
- */
-
-/**
- * \name ASN1 Error codes
- * These error codes are OR'ed to X509 error codes for
- * higher error granularity.
- * ASN1 is a standard to specify data structures.
- * \{
- */
-/** Out of data when parsing an ASN1 data structure. */
-#define MBEDTLS_ERR_ASN1_OUT_OF_DATA                      -0x0060
-/** ASN1 tag was of an unexpected value. */
-#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG                   -0x0062
-/** Error when trying to determine the length or invalid length. */
-#define MBEDTLS_ERR_ASN1_INVALID_LENGTH                   -0x0064
-/** Actual length differs from expected length. */
-#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH                  -0x0066
-/** Data is invalid. */
-#define MBEDTLS_ERR_ASN1_INVALID_DATA                     -0x0068
-/** Memory allocation failed */
-#define MBEDTLS_ERR_ASN1_ALLOC_FAILED                     -0x006A
-/** Buffer too small when writing ASN.1 data structure. */
-#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C
-
-/** \} name ASN1 Error codes */
-
-/**
- * \name DER constants
- * These constants comply with the DER encoded ASN.1 type tags.
- * DER encoding uses hexadecimal representation.
- * An example DER sequence is:\n
- * - 0x02 -- tag indicating INTEGER
- * - 0x01 -- length in octets
- * - 0x05 -- value
- * Such sequences are typically read into \c ::mbedtls_x509_buf.
- * \{
- */
-#define MBEDTLS_ASN1_BOOLEAN                 0x01
-#define MBEDTLS_ASN1_INTEGER                 0x02
-#define MBEDTLS_ASN1_BIT_STRING              0x03
-#define MBEDTLS_ASN1_OCTET_STRING            0x04
-#define MBEDTLS_ASN1_NULL                    0x05
-#define MBEDTLS_ASN1_OID                     0x06
-#define MBEDTLS_ASN1_ENUMERATED              0x0A
-#define MBEDTLS_ASN1_UTF8_STRING             0x0C
-#define MBEDTLS_ASN1_SEQUENCE                0x10
-#define MBEDTLS_ASN1_SET                     0x11
-#define MBEDTLS_ASN1_PRINTABLE_STRING        0x13
-#define MBEDTLS_ASN1_T61_STRING              0x14
-#define MBEDTLS_ASN1_IA5_STRING              0x16
-#define MBEDTLS_ASN1_UTC_TIME                0x17
-#define MBEDTLS_ASN1_GENERALIZED_TIME        0x18
-#define MBEDTLS_ASN1_UNIVERSAL_STRING        0x1C
-#define MBEDTLS_ASN1_BMP_STRING              0x1E
-#define MBEDTLS_ASN1_PRIMITIVE               0x00
-#define MBEDTLS_ASN1_CONSTRUCTED             0x20
-#define MBEDTLS_ASN1_CONTEXT_SPECIFIC        0x80
-
-/* Slightly smaller way to check if tag is a string tag
- * compared to canonical implementation. */
-#define MBEDTLS_ASN1_IS_STRING_TAG( tag )                                     \
-    ( ( tag ) < 32u && (                                                      \
-        ( ( 1u << ( tag ) ) & ( ( 1u << MBEDTLS_ASN1_BMP_STRING )       |     \
-                                ( 1u << MBEDTLS_ASN1_UTF8_STRING )      |     \
-                                ( 1u << MBEDTLS_ASN1_T61_STRING )       |     \
-                                ( 1u << MBEDTLS_ASN1_IA5_STRING )       |     \
-                                ( 1u << MBEDTLS_ASN1_UNIVERSAL_STRING ) |     \
-                                ( 1u << MBEDTLS_ASN1_PRINTABLE_STRING ) |     \
-                                ( 1u << MBEDTLS_ASN1_BIT_STRING ) ) ) != 0 ) )
-
-/*
- * Bit masks for each of the components of an ASN.1 tag as specified in
- * ITU X.690 (08/2015), section 8.1 "General rules for encoding",
- * paragraph 8.1.2.2:
- *
- * Bit  8     7   6   5          1
- *     +-------+-----+------------+
- *     | Class | P/C | Tag number |
- *     +-------+-----+------------+
- */
-#define MBEDTLS_ASN1_TAG_CLASS_MASK          0xC0
-#define MBEDTLS_ASN1_TAG_PC_MASK             0x20
-#define MBEDTLS_ASN1_TAG_VALUE_MASK          0x1F
-
-/** \} name DER constants */
-
-/** Returns the size of the binary string, without the trailing \\0 */
-#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
-
-/**
- * Compares an mbedtls_asn1_buf structure to a reference OID.
- *
- * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
- * 'unsigned char *oid' here!
- */
-#define MBEDTLS_OID_CMP(oid_str, oid_buf)                                   \
-        ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) ||                \
-          memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
-
-#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len)              \
-        ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len) ) ||             \
-          memcmp( (oid_str), (oid_buf), (oid_buf_len) ) != 0 )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name Functions to parse ASN.1 data structures
- * \{
- */
-
-/**
- * Type-length-value structure that allows for ASN1 using DER.
- */
-typedef struct mbedtls_asn1_buf
-{
-    int tag;                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
-    size_t len;             /**< ASN1 length, in octets. */
-    unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
-}
-mbedtls_asn1_buf;
-
-/**
- * Container for ASN1 bit strings.
- */
-typedef struct mbedtls_asn1_bitstring
-{
-    size_t len;                 /**< ASN1 length, in octets. */
-    unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
-    unsigned char *p;           /**< Raw ASN1 data for the bit string */
-}
-mbedtls_asn1_bitstring;
-
-/**
- * Container for a sequence of ASN.1 items
- */
-typedef struct mbedtls_asn1_sequence
-{
-    mbedtls_asn1_buf buf;                   /**< Buffer containing the given ASN.1 item. */
-    struct mbedtls_asn1_sequence *next;    /**< The next entry in the sequence. */
-}
-mbedtls_asn1_sequence;
-
-/**
- * Container for a sequence or list of 'named' ASN.1 data items
- */
-typedef struct mbedtls_asn1_named_data
-{
-    mbedtls_asn1_buf oid;                   /**< The object identifier. */
-    mbedtls_asn1_buf val;                   /**< The named value. */
-    struct mbedtls_asn1_named_data *next;  /**< The next entry in the sequence. */
-    unsigned char next_merged;      /**< Merge next item into the current one? */
-}
-mbedtls_asn1_named_data;
-
-/**
- * \brief       Get the length of an ASN.1 element.
- *              Updates the pointer to immediately behind the length.
- *
- * \param p     On entry, \c *p points to the first byte of the length,
- *              i.e. immediately after the tag.
- *              On successful completion, \c *p points to the first byte
- *              after the length, i.e. the first byte of the content.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param len   On successful completion, \c *len contains the length
- *              read from the ASN.1 input.
- *
- * \return      0 if successful.
- * \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
- *              would end beyond \p end.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
- */
-int mbedtls_asn1_get_len( unsigned char **p,
-                          const unsigned char *end,
-                          size_t *len );
-
-/**
- * \brief       Get the tag and length of the element.
- *              Check for the requested tag.
- *              Updates the pointer to immediately behind the tag and length.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              after the length, i.e. the first byte of the content.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param len   On successful completion, \c *len contains the length
- *              read from the ASN.1 input.
- * \param tag   The expected tag.
- *
- * \return      0 if successful.
- * \return      #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the data does not start
- *              with the requested tag.
- * \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
- *              would end beyond \p end.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
- */
-int mbedtls_asn1_get_tag( unsigned char **p,
-                          const unsigned char *end,
-                          size_t *len, int tag );
-
-/**
- * \brief       Retrieve a boolean ASN.1 tag and its value.
- *              Updates the pointer to immediately behind the full tag.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              beyond the ASN.1 element.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param val   On success, the parsed value (\c 0 or \c 1).
- *
- * \return      0 if successful.
- * \return      An ASN.1 error code if the input does not start with
- *              a valid ASN.1 BOOLEAN.
- */
-int mbedtls_asn1_get_bool( unsigned char **p,
-                           const unsigned char *end,
-                           int *val );
-
-/**
- * \brief       Retrieve an integer ASN.1 tag and its value.
- *              Updates the pointer to immediately behind the full tag.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              beyond the ASN.1 element.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param val   On success, the parsed value.
- *
- * \return      0 if successful.
- * \return      An ASN.1 error code if the input does not start with
- *              a valid ASN.1 INTEGER.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- *              not fit in an \c int.
- */
-int mbedtls_asn1_get_int( unsigned char **p,
-                          const unsigned char *end,
-                          int *val );
-
-/**
- * \brief       Retrieve an enumerated ASN.1 tag and its value.
- *              Updates the pointer to immediately behind the full tag.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              beyond the ASN.1 element.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param val   On success, the parsed value.
- *
- * \return      0 if successful.
- * \return      An ASN.1 error code if the input does not start with
- *              a valid ASN.1 ENUMERATED.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- *              not fit in an \c int.
- */
-int mbedtls_asn1_get_enum( unsigned char **p,
-                           const unsigned char *end,
-                           int *val );
-
-/**
- * \brief       Retrieve a bitstring ASN.1 tag and its value.
- *              Updates the pointer to immediately behind the full tag.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p is equal to \p end.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param bs    On success, ::mbedtls_asn1_bitstring information about
- *              the parsed value.
- *
- * \return      0 if successful.
- * \return      #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
- *              extra data after a valid BIT STRING.
- * \return      An ASN.1 error code if the input does not start with
- *              a valid ASN.1 BIT STRING.
- */
-int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
-                                mbedtls_asn1_bitstring *bs );
-
-/**
- * \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
- *              value.
- *              Updates the pointer to the beginning of the bit/octet string.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              of the content of the BIT STRING.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param len   On success, \c *len is the length of the content in bytes.
- *
- * \return      0 if successful.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_DATA if the input starts with
- *              a valid BIT STRING with a nonzero number of unused bits.
- * \return      An ASN.1 error code if the input does not start with
- *              a valid ASN.1 BIT STRING.
- */
-int mbedtls_asn1_get_bitstring_null( unsigned char **p,
-                                     const unsigned char *end,
-                                     size_t *len );
-
-/**
- * \brief       Parses and splits an ASN.1 "SEQUENCE OF <tag>".
- *              Updates the pointer to immediately behind the full sequence tag.
- *
- * This function allocates memory for the sequence elements. You can free
- * the allocated memory with mbedtls_asn1_sequence_free().
- *
- * \note        On error, this function may return a partial list in \p cur.
- *              You must set `cur->next = NULL` before calling this function!
- *              Otherwise it is impossible to distinguish a previously non-null
- *              pointer from a pointer to an object allocated by this function.
- *
- * \note        If the sequence is empty, this function does not modify
- *              \c *cur. If the sequence is valid and non-empty, this
- *              function sets `cur->buf.tag` to \p tag. This allows
- *              callers to distinguish between an empty sequence and
- *              a one-element sequence.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p is equal to \p end.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param cur   A ::mbedtls_asn1_sequence which this function fills.
- *              When this function returns, \c *cur is the head of a linked
- *              list. Each node in this list is allocated with
- *              mbedtls_calloc() apart from \p cur itself, and should
- *              therefore be freed with mbedtls_free().
- *              The list describes the content of the sequence.
- *              The head of the list (i.e. \c *cur itself) describes the
- *              first element, `*cur->next` describes the second element, etc.
- *              For each element, `buf.tag == tag`, `buf.len` is the length
- *              of the content of the content of the element, and `buf.p`
- *              points to the first byte of the content (i.e. immediately
- *              past the length of the element).
- *              Note that list elements may be allocated even on error.
- * \param tag   Each element of the sequence must have this tag.
- *
- * \return      0 if successful.
- * \return      #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input contains
- *              extra data after a valid SEQUENCE OF \p tag.
- * \return      #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts with
- *              an ASN.1 SEQUENCE in which an element has a tag that
- *              is different from \p tag.
- * \return      #MBEDTLS_ERR_ASN1_ALLOC_FAILED if a memory allocation failed.
- * \return      An ASN.1 error code if the input does not start with
- *              a valid ASN.1 SEQUENCE.
- */
-int mbedtls_asn1_get_sequence_of( unsigned char **p,
-                                  const unsigned char *end,
-                                  mbedtls_asn1_sequence *cur,
-                                  int tag );
-/**
- * \brief          Free a heap-allocated linked list presentation of
- *                 an ASN.1 sequence, including the first element.
- *
- * There are two common ways to manage the memory used for the representation
- * of a parsed ASN.1 sequence:
- * - Allocate a head node `mbedtls_asn1_sequence *head` with mbedtls_calloc().
- *   Pass this node as the `cur` argument to mbedtls_asn1_get_sequence_of().
- *   When you have finished processing the sequence,
- *   call mbedtls_asn1_sequence_free() on `head`.
- * - Allocate a head node `mbedtls_asn1_sequence *head` in any manner,
- *   for example on the stack. Make sure that `head->next == NULL`.
- *   Pass `head` as the `cur` argument to mbedtls_asn1_get_sequence_of().
- *   When you have finished processing the sequence,
- *   call mbedtls_asn1_sequence_free() on `head->cur`,
- *   then free `head` itself in the appropriate manner.
- *
- * \param seq      The address of the first sequence component. This may
- *                 be \c NULL, in which case this functions returns
- *                 immediately.
- */
-void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq );
-
-/**
- * \brief                Traverse an ASN.1 SEQUENCE container and
- *                       call a callback for each entry.
- *
- * This function checks that the input is a SEQUENCE of elements that
- * each have a "must" tag, and calls a callback function on the elements
- * that have a "may" tag.
- *
- * For example, to validate that the input is a SEQUENCE of `tag1` and call
- * `cb` on each element, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0xff, tag1, 0, 0, cb, ctx);
- * ```
- *
- * To validate that the input is a SEQUENCE of ANY and call `cb` on
- * each element, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0, 0, 0, 0, cb, ctx);
- * ```
- *
- * To validate that the input is a SEQUENCE of CHOICE {NULL, OCTET STRING}
- * and call `cb` on each element that is an OCTET STRING, use
- * ```
- * mbedtls_asn1_traverse_sequence_of(&p, end, 0xfe, 0x04, 0xff, 0x04, cb, ctx);
- * ```
- *
- * The callback is called on the elements with a "may" tag from left to
- * right. If the input is not a valid SEQUENCE of elements with a "must" tag,
- * the callback is called on the elements up to the leftmost point where
- * the input is invalid.
- *
- * \warning              This function is still experimental and may change
- *                       at any time.
- *
- * \param p              The address of the pointer to the beginning of
- *                       the ASN.1 SEQUENCE header. This is updated to
- *                       point to the end of the ASN.1 SEQUENCE container
- *                       on a successful invocation.
- * \param end            The end of the ASN.1 SEQUENCE container.
- * \param tag_must_mask  A mask to be applied to the ASN.1 tags found within
- *                       the SEQUENCE before comparing to \p tag_must_value.
- * \param tag_must_val   The required value of each ASN.1 tag found in the
- *                       SEQUENCE, after masking with \p tag_must_mask.
- *                       Mismatching tags lead to an error.
- *                       For example, a value of \c 0 for both \p tag_must_mask
- *                       and \p tag_must_val means that every tag is allowed,
- *                       while a value of \c 0xFF for \p tag_must_mask means
- *                       that \p tag_must_val is the only allowed tag.
- * \param tag_may_mask   A mask to be applied to the ASN.1 tags found within
- *                       the SEQUENCE before comparing to \p tag_may_value.
- * \param tag_may_val    The desired value of each ASN.1 tag found in the
- *                       SEQUENCE, after masking with \p tag_may_mask.
- *                       Mismatching tags will be silently ignored.
- *                       For example, a value of \c 0 for \p tag_may_mask and
- *                       \p tag_may_val means that any tag will be considered,
- *                       while a value of \c 0xFF for \p tag_may_mask means
- *                       that all tags with value different from \p tag_may_val
- *                       will be ignored.
- * \param cb             The callback to trigger for each component
- *                       in the ASN.1 SEQUENCE that matches \p tag_may_val.
- *                       The callback function is called with the following
- *                       parameters:
- *                       - \p ctx.
- *                       - The tag of the current element.
- *                       - A pointer to the start of the current element's
- *                         content inside the input.
- *                       - The length of the content of the current element.
- *                       If the callback returns a non-zero value,
- *                       the function stops immediately,
- *                       forwarding the callback's return value.
- * \param ctx            The context to be passed to the callback \p cb.
- *
- * \return               \c 0 if successful the entire ASN.1 SEQUENCE
- *                       was traversed without parsing or callback errors.
- * \return               #MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the input
- *                       contains extra data after a valid SEQUENCE
- *                       of elements with an accepted tag.
- * \return               #MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the input starts
- *                       with an ASN.1 SEQUENCE in which an element has a tag
- *                       that is not accepted.
- * \return               An ASN.1 error code if the input does not start with
- *                       a valid ASN.1 SEQUENCE.
- * \return               A non-zero error code forwarded from the callback
- *                       \p cb in case the latter returns a non-zero value.
- */
-int mbedtls_asn1_traverse_sequence_of(
-    unsigned char **p,
-    const unsigned char *end,
-    unsigned char tag_must_mask, unsigned char tag_must_val,
-    unsigned char tag_may_mask, unsigned char tag_may_val,
-    int (*cb)( void *ctx, int tag,
-               unsigned char* start, size_t len ),
-    void *ctx );
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief       Retrieve an integer ASN.1 tag and its value.
- *              Updates the pointer to immediately behind the full tag.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              beyond the ASN.1 element.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param X     On success, the parsed value.
- *
- * \return      0 if successful.
- * \return      An ASN.1 error code if the input does not start with
- *              a valid ASN.1 INTEGER.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
- *              not fit in an \c int.
- * \return      An MPI error code if the parsed value is too large.
- */
-int mbedtls_asn1_get_mpi( unsigned char **p,
-                          const unsigned char *end,
-                          mbedtls_mpi *X );
-#endif /* MBEDTLS_BIGNUM_C */
-
-/**
- * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence.
- *              Updates the pointer to immediately behind the full
- *              AlgorithmIdentifier.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              beyond the AlgorithmIdentifier element.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param alg   The buffer to receive the OID.
- * \param params The buffer to receive the parameters.
- *              This is zeroized if there are no parameters.
- *
- * \return      0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_alg( unsigned char **p,
-                  const unsigned char *end,
-                  mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
-
-/**
- * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
- *              params.
- *              Updates the pointer to immediately behind the full
- *              AlgorithmIdentifier.
- *
- * \param p     On entry, \c *p points to the start of the ASN.1 element.
- *              On successful completion, \c *p points to the first byte
- *              beyond the AlgorithmIdentifier element.
- *              On error, the value of \c *p is undefined.
- * \param end   End of data.
- * \param alg   The buffer to receive the OID.
- *
- * \return      0 if successful or a specific ASN.1 or MPI error code.
- */
-int mbedtls_asn1_get_alg_null( unsigned char **p,
-                       const unsigned char *end,
-                       mbedtls_asn1_buf *alg );
-
-/**
- * \brief       Find a specific named_data entry in a sequence or list based on
- *              the OID.
- *
- * \param list  The list to seek through
- * \param oid   The OID to look for
- * \param len   Size of the OID
- *
- * \return      NULL if not found, or a pointer to the existing entry.
- */
-mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
-                                       const char *oid, size_t len );
-
-/**
- * \brief       Free a mbedtls_asn1_named_data entry
- *
- * \param entry The named data entry to free.
- *              This function calls mbedtls_free() on
- *              `entry->oid.p` and `entry->val.p`.
- */
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
-
-/**
- * \brief       Free all entries in a mbedtls_asn1_named_data list.
- *
- * \param head  Pointer to the head of the list of named data entries to free.
- *              This function calls mbedtls_asn1_free_named_data() and
- *              mbedtls_free() on each list element and
- *              sets \c *head to \c NULL.
- */
-void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
-
-/** \} name Functions to parse ASN.1 data structures */
-/** \} addtogroup asn1_module */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* asn1.h */
diff --git a/Sources/mbedtls/include/mbedtls/asn1write.h b/Sources/mbedtls/include/mbedtls/asn1write.h
deleted file mode 100644
index 5da7654..0000000
--- a/Sources/mbedtls/include/mbedtls/asn1write.h
+++ /dev/null
@@ -1,370 +0,0 @@
-/**
- * \file asn1write.h
- *
- * \brief ASN.1 buffer writing functionality
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_ASN1_WRITE_H
-#define MBEDTLS_ASN1_WRITE_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/asn1.h"
-
-#define MBEDTLS_ASN1_CHK_ADD(g, f)                      \
-    do                                                  \
-    {                                                   \
-        if( ( ret = (f) ) < 0 )                         \
-            return( ret );                              \
-        else                                            \
-            (g) += ret;                                 \
-    } while( 0 )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief           Write a length field in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param len       The length value to write.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start,
-                            size_t len );
-/**
- * \brief           Write an ASN.1 tag in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param tag       The tag to write.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start,
-                            unsigned char tag );
-
-/**
- * \brief           Write raw buffer data.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param buf       The data buffer to write.
- * \param size      The length of the data buffer.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
-                                   const unsigned char *buf, size_t size );
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief           Write an arbitrary-precision number (#MBEDTLS_ASN1_INTEGER)
- *                  in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param X         The MPI to write.
- *                  It must be non-negative.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start,
-                            const mbedtls_mpi *X );
-#endif /* MBEDTLS_BIGNUM_C */
-
-/**
- * \brief           Write a NULL tag (#MBEDTLS_ASN1_NULL) with zero data
- *                  in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start );
-
-/**
- * \brief           Write an OID tag (#MBEDTLS_ASN1_OID) and data
- *                  in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param oid       The OID to write.
- * \param oid_len   The length of the OID.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
-                            const char *oid, size_t oid_len );
-
-/**
- * \brief           Write an AlgorithmIdentifier sequence in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param oid       The OID of the algorithm to write.
- * \param oid_len   The length of the algorithm's OID.
- * \param par_len   The length of the parameters, which must be already written.
- *                  If 0, NULL parameters are added
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_algorithm_identifier( unsigned char **p,
-                                             unsigned char *start,
-                                             const char *oid, size_t oid_len,
-                                             size_t par_len );
-
-/**
- * \brief           Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
- *                  in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param boolean   The boolean value to write, either \c 0 or \c 1.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start,
-                             int boolean );
-
-/**
- * \brief           Write an int tag (#MBEDTLS_ASN1_INTEGER) and value
- *                  in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param val       The integer value to write.
- *                  It must be non-negative.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val );
-
-/**
- * \brief           Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value
- *                  in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param val       The integer value to write.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val );
-
-/**
- * \brief           Write a string in ASN.1 format using a specific
- *                  string encoding tag.
-
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param tag       The string encoding tag to write, e.g.
- *                  #MBEDTLS_ASN1_UTF8_STRING.
- * \param text      The string to write.
- * \param text_len  The length of \p text in bytes (which might
- *                  be strictly larger than the number of characters).
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start,
-                                      int tag, const char *text,
-                                      size_t text_len );
-
-/**
- * \brief           Write a string in ASN.1 format using the PrintableString
- *                  string encoding tag (#MBEDTLS_ASN1_PRINTABLE_STRING).
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param text      The string to write.
- * \param text_len  The length of \p text in bytes (which might
- *                  be strictly larger than the number of characters).
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_asn1_write_printable_string( unsigned char **p,
-                                         unsigned char *start,
-                                         const char *text, size_t text_len );
-
-/**
- * \brief           Write a UTF8 string in ASN.1 format using the UTF8String
- *                  string encoding tag (#MBEDTLS_ASN1_UTF8_STRING).
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param text      The string to write.
- * \param text_len  The length of \p text in bytes (which might
- *                  be strictly larger than the number of characters).
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start,
-                                    const char *text, size_t text_len );
-
-/**
- * \brief           Write a string in ASN.1 format using the IA5String
- *                  string encoding tag (#MBEDTLS_ASN1_IA5_STRING).
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param text      The string to write.
- * \param text_len  The length of \p text in bytes (which might
- *                  be strictly larger than the number of characters).
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
-                                   const char *text, size_t text_len );
-
-/**
- * \brief           Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and
- *                  value in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param buf       The bitstring to write.
- * \param bits      The total number of bits in the bitstring.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
-                                  const unsigned char *buf, size_t bits );
-
-/**
- * \brief           This function writes a named bitstring tag
- *                  (#MBEDTLS_ASN1_BIT_STRING) and value in ASN.1 format.
- *
- *                  As stated in RFC 5280 Appendix B, trailing zeroes are
- *                  omitted when encoding named bitstrings in DER.
- *
- * \note            This function works backwards within the data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer which is used for bounds-checking.
- * \param buf       The bitstring to write.
- * \param bits      The total number of bits in the bitstring.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_asn1_write_named_bitstring( unsigned char **p,
-                                        unsigned char *start,
-                                        const unsigned char *buf,
-                                        size_t bits );
-
-/**
- * \brief           Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
- *                  and value in ASN.1 format.
- *
- * \note            This function works backwards in data buffer.
- *
- * \param p         The reference to the current position pointer.
- * \param start     The start of the buffer, for bounds-checking.
- * \param buf       The buffer holding the data to write.
- * \param size      The length of the data buffer \p buf.
- *
- * \return          The number of bytes written to \p p on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
-                                     const unsigned char *buf, size_t size );
-
-/**
- * \brief           Create or find a specific named_data entry for writing in a
- *                  sequence or list based on the OID. If not already in there,
- *                  a new entry is added to the head of the list.
- *                  Warning: Destructive behaviour for the val data!
- *
- * \param list      The pointer to the location of the head of the list to seek
- *                  through (will be updated in case of a new entry).
- * \param oid       The OID to look for.
- * \param oid_len   The size of the OID.
- * \param val       The associated data to store. If this is \c NULL,
- *                  no data is copied to the new or existing buffer.
- * \param val_len   The minimum length of the data buffer needed.
- *                  If this is 0, do not allocate a buffer for the associated
- *                  data.
- *                  If the OID was already present, enlarge, shrink or free
- *                  the existing buffer to fit \p val_len.
- *
- * \return          A pointer to the new / existing entry on success.
- * \return          \c NULL if if there was a memory allocation error.
- */
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
-                                        const char *oid, size_t oid_len,
-                                        const unsigned char *val,
-                                        size_t val_len );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_ASN1_WRITE_H */
diff --git a/Sources/mbedtls/include/mbedtls/base64.h b/Sources/mbedtls/include/mbedtls/base64.h
deleted file mode 100644
index cf4149e..0000000
--- a/Sources/mbedtls/include/mbedtls/base64.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/**
- * \file base64.h
- *
- * \brief RFC 1521 base64 encoding/decoding
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_BASE64_H
-#define MBEDTLS_BASE64_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-/** Output buffer too small. */
-#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL               -0x002A
-/** Invalid character in input. */
-#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER              -0x002C
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Encode a buffer into base64 format
- *
- * \param dst      destination buffer
- * \param dlen     size of the destination buffer
- * \param olen     number of bytes written
- * \param src      source buffer
- * \param slen     amount of data to be encoded
- *
- * \return         0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL.
- *                 *olen is always updated to reflect the amount
- *                 of data that has (or would have) been written.
- *                 If that length cannot be represented, then no data is
- *                 written to the buffer and *olen is set to the maximum
- *                 length representable as a size_t.
- *
- * \note           Call this function with dlen = 0 to obtain the
- *                 required buffer size in *olen
- */
-int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
-                   const unsigned char *src, size_t slen );
-
-/**
- * \brief          Decode a base64-formatted buffer
- *
- * \param dst      destination buffer (can be NULL for checking size)
- * \param dlen     size of the destination buffer
- * \param olen     number of bytes written
- * \param src      source buffer
- * \param slen     amount of data to be decoded
- *
- * \return         0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or
- *                 MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is
- *                 not correct. *olen is always updated to reflect the amount
- *                 of data that has (or would have) been written.
- *
- * \note           Call this function with *dst = NULL or dlen = 0 to obtain
- *                 the required buffer size in *olen
- */
-int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
-                   const unsigned char *src, size_t slen );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_base64_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* base64.h */
diff --git a/Sources/mbedtls/include/mbedtls/bignum.h b/Sources/mbedtls/include/mbedtls/bignum.h
deleted file mode 100644
index c61db82..0000000
--- a/Sources/mbedtls/include/mbedtls/bignum.h
+++ /dev/null
@@ -1,1104 +0,0 @@
-/**
- * \file bignum.h
- *
- * \brief Multi-precision integer library
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_BIGNUM_H
-#define MBEDTLS_BIGNUM_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#endif
-
-/** An error occurred while reading from or writing to a file. */
-#define MBEDTLS_ERR_MPI_FILE_IO_ERROR                     -0x0002
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA                    -0x0004
-/** There is an invalid character in the digit string. */
-#define MBEDTLS_ERR_MPI_INVALID_CHARACTER                 -0x0006
-/** The buffer is too small to write to. */
-#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL                  -0x0008
-/** The input arguments are negative or result in illegal output. */
-#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE                    -0x000A
-/** The input argument for division is zero, which is not allowed. */
-#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO                  -0x000C
-/** The input arguments are not acceptable. */
-#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE                    -0x000E
-/** Memory allocation failed. */
-#define MBEDTLS_ERR_MPI_ALLOC_FAILED                      -0x0010
-
-#define MBEDTLS_MPI_CHK(f)       \
-    do                           \
-    {                            \
-        if( ( ret = (f) ) != 0 ) \
-            goto cleanup;        \
-    } while( 0 )
-
-/*
- * Maximum size MPIs are allowed to grow to in number of limbs.
- */
-#define MBEDTLS_MPI_MAX_LIMBS                             10000
-
-#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
-/*
- * Maximum window size used for modular exponentiation. Default: 6
- * Minimum value: 1. Maximum value: 6.
- *
- * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
- * for the sliding window calculation. (So 64 by default)
- *
- * Reduction in size, reduces speed.
- */
-#define MBEDTLS_MPI_WINDOW_SIZE                           6        /**< Maximum window size used. */
-#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
-
-#if !defined(MBEDTLS_MPI_MAX_SIZE)
-/*
- * Maximum size of MPIs allowed in bits and bytes for user-MPIs.
- * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
- *
- * Note: Calculations can temporarily result in larger MPIs. So the number
- * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
- */
-#define MBEDTLS_MPI_MAX_SIZE                              1024     /**< Maximum number of bytes for usable MPIs. */
-#endif /* !MBEDTLS_MPI_MAX_SIZE */
-
-#define MBEDTLS_MPI_MAX_BITS                              ( 8 * MBEDTLS_MPI_MAX_SIZE )    /**< Maximum number of bits for usable MPIs. */
-
-/*
- * When reading from files with mbedtls_mpi_read_file() and writing to files with
- * mbedtls_mpi_write_file() the buffer should have space
- * for a (short) label, the MPI (in the provided radix), the newline
- * characters and the '\0'.
- *
- * By default we assume at least a 10 char label, a minimum radix of 10
- * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
- * Autosized at compile time for at least a 10 char label, a minimum radix
- * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size.
- *
- * This used to be statically sized to 1250 for a maximum of 4096 bit
- * numbers (1234 decimal chars).
- *
- * Calculate using the formula:
- *  MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
- *                                LabelSize + 6
- */
-#define MBEDTLS_MPI_MAX_BITS_SCALE100          ( 100 * MBEDTLS_MPI_MAX_BITS )
-#define MBEDTLS_LN_2_DIV_LN_10_SCALE100                 332
-#define MBEDTLS_MPI_RW_BUFFER_SIZE             ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
-
-/*
- * Define the base integer type, architecture-wise.
- *
- * 32 or 64-bit integer types can be forced regardless of the underlying
- * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64
- * respectively and undefining MBEDTLS_HAVE_ASM.
- *
- * Double-width integers (e.g. 128-bit in 64-bit architectures) can be
- * disabled by defining MBEDTLS_NO_UDBL_DIVISION.
- */
-#if !defined(MBEDTLS_HAVE_INT32)
-    #if defined(_MSC_VER) && defined(_M_AMD64)
-        /* Always choose 64-bit when using MSC */
-        #if !defined(MBEDTLS_HAVE_INT64)
-            #define MBEDTLS_HAVE_INT64
-        #endif /* !MBEDTLS_HAVE_INT64 */
-        typedef  int64_t mbedtls_mpi_sint;
-        typedef uint64_t mbedtls_mpi_uint;
-    #elif defined(__GNUC__) && (                         \
-        defined(__amd64__) || defined(__x86_64__)     || \
-        defined(__ppc64__) || defined(__powerpc64__)  || \
-        defined(__ia64__)  || defined(__alpha__)      || \
-        ( defined(__sparc__) && defined(__arch64__) ) || \
-        defined(__s390x__) || defined(__mips64)       || \
-        defined(__aarch64__) )
-        #if !defined(MBEDTLS_HAVE_INT64)
-            #define MBEDTLS_HAVE_INT64
-        #endif /* MBEDTLS_HAVE_INT64 */
-        typedef  int64_t mbedtls_mpi_sint;
-        typedef uint64_t mbedtls_mpi_uint;
-        #if !defined(MBEDTLS_NO_UDBL_DIVISION)
-            /* mbedtls_t_udbl defined as 128-bit unsigned int */
-            typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
-            #define MBEDTLS_HAVE_UDBL
-        #endif /* !MBEDTLS_NO_UDBL_DIVISION */
-    #elif defined(__ARMCC_VERSION) && defined(__aarch64__)
-        /*
-         * __ARMCC_VERSION is defined for both armcc and armclang and
-         * __aarch64__ is only defined by armclang when compiling 64-bit code
-         */
-        #if !defined(MBEDTLS_HAVE_INT64)
-            #define MBEDTLS_HAVE_INT64
-        #endif /* !MBEDTLS_HAVE_INT64 */
-        typedef  int64_t mbedtls_mpi_sint;
-        typedef uint64_t mbedtls_mpi_uint;
-        #if !defined(MBEDTLS_NO_UDBL_DIVISION)
-            /* mbedtls_t_udbl defined as 128-bit unsigned int */
-            typedef __uint128_t mbedtls_t_udbl;
-            #define MBEDTLS_HAVE_UDBL
-        #endif /* !MBEDTLS_NO_UDBL_DIVISION */
-    #elif defined(MBEDTLS_HAVE_INT64)
-        /* Force 64-bit integers with unknown compiler */
-        typedef  int64_t mbedtls_mpi_sint;
-        typedef uint64_t mbedtls_mpi_uint;
-    #endif
-#endif /* !MBEDTLS_HAVE_INT32 */
-
-#if !defined(MBEDTLS_HAVE_INT64)
-    /* Default to 32-bit compilation */
-    #if !defined(MBEDTLS_HAVE_INT32)
-        #define MBEDTLS_HAVE_INT32
-    #endif /* !MBEDTLS_HAVE_INT32 */
-    typedef  int32_t mbedtls_mpi_sint;
-    typedef uint32_t mbedtls_mpi_uint;
-    #if !defined(MBEDTLS_NO_UDBL_DIVISION)
-        typedef uint64_t mbedtls_t_udbl;
-        #define MBEDTLS_HAVE_UDBL
-    #endif /* !MBEDTLS_NO_UDBL_DIVISION */
-#endif /* !MBEDTLS_HAVE_INT64 */
-
-/** \typedef mbedtls_mpi_uint
- * \brief The type of machine digits in a bignum, called _limbs_.
- *
- * This is always an unsigned integer type with no padding bits. The size
- * is platform-dependent.
- */
-
-/** \typedef mbedtls_mpi_sint
- * \brief The signed type corresponding to #mbedtls_mpi_uint.
- *
- * This is always a signed integer type with no padding bits. The size
- * is platform-dependent.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          MPI structure
- */
-typedef struct mbedtls_mpi
-{
-    /** Sign: -1 if the mpi is negative, 1 otherwise.
-     *
-     * The number 0 must be represented with `s = +1`. Although many library
-     * functions treat all-limbs-zero as equivalent to a valid representation
-     * of 0 regardless of the sign bit, there are exceptions, so bignum
-     * functions and external callers must always set \c s to +1 for the
-     * number zero.
-     *
-     * Note that this implies that calloc() or `... = {0}` does not create
-     * a valid MPI representation. You must call mbedtls_mpi_init().
-     */
-    int s;
-
-    /** Total number of limbs in \c p.  */
-    size_t n;
-
-    /** Pointer to limbs.
-     *
-     * This may be \c NULL if \c n is 0.
-     */
-    mbedtls_mpi_uint *p;
-}
-mbedtls_mpi;
-
-/**
- * \brief           Initialize an MPI context.
- *
- *                  This makes the MPI ready to be set or freed,
- *                  but does not define a value for the MPI.
- *
- * \param X         The MPI context to initialize. This must not be \c NULL.
- */
-void mbedtls_mpi_init( mbedtls_mpi *X );
-
-/**
- * \brief          This function frees the components of an MPI context.
- *
- * \param X        The MPI context to be cleared. This may be \c NULL,
- *                 in which case this function is a no-op. If it is
- *                 not \c NULL, it must point to an initialized MPI.
- */
-void mbedtls_mpi_free( mbedtls_mpi *X );
-
-/**
- * \brief          Enlarge an MPI to the specified number of limbs.
- *
- * \note           This function does nothing if the MPI is
- *                 already large enough.
- *
- * \param X        The MPI to grow. It must be initialized.
- * \param nblimbs  The target number of limbs.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return         Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
-
-/**
- * \brief          This function resizes an MPI downwards, keeping at least the
- *                 specified number of limbs.
- *
- *                 If \c X is smaller than \c nblimbs, it is resized up
- *                 instead.
- *
- * \param X        The MPI to shrink. This must point to an initialized MPI.
- * \param nblimbs  The minimum number of limbs to keep.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed
- *                 (this can only happen when resizing up).
- * \return         Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
-
-/**
- * \brief          Make a copy of an MPI.
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param Y        The source MPI. This must point to an initialized MPI.
- *
- * \note           The limb-buffer in the destination MPI is enlarged
- *                 if necessary to hold the value in the source MPI.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return         Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief          Swap the contents of two MPIs.
- *
- * \param X        The first MPI. It must be initialized.
- * \param Y        The second MPI. It must be initialized.
- */
-void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
-
-/**
- * \brief          Perform a safe conditional copy of MPI which doesn't
- *                 reveal whether the condition was true or not.
- *
- * \param X        The MPI to conditionally assign to. This must point
- *                 to an initialized MPI.
- * \param Y        The MPI to be assigned from. This must point to an
- *                 initialized MPI.
- * \param assign   The condition deciding whether to perform the
- *                 assignment or not. Must be either 0 or 1:
- *                 * \c 1: Perform the assignment `X = Y`.
- *                 * \c 0: Keep the original value of \p X.
- *
- * \note           This function is equivalent to
- *                      `if( assign ) mbedtls_mpi_copy( X, Y );`
- *                 except that it avoids leaking any information about whether
- *                 the assignment was done or not (the above code may leak
- *                 information through branch prediction and/or memory access
- *                 patterns analysis).
- *
- * \warning        If \p assign is neither 0 nor 1, the result of this function
- *                 is indeterminate, and the resulting value in \p X might be
- *                 neither its original value nor the value in \p Y.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return         Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
-
-/**
- * \brief          Perform a safe conditional swap which doesn't
- *                 reveal whether the condition was true or not.
- *
- * \param X        The first MPI. This must be initialized.
- * \param Y        The second MPI. This must be initialized.
- * \param swap     The condition deciding whether to perform
- *                 the swap or not. Must be either 0 or 1:
- *                 * \c 1: Swap the values of \p X and \p Y.
- *                 * \c 0: Keep the original values of \p X and \p Y.
- *
- * \note           This function is equivalent to
- *                      if( swap ) mbedtls_mpi_swap( X, Y );
- *                 except that it avoids leaking any information about whether
- *                 the swap was done or not (the above code may leak
- *                 information through branch prediction and/or memory access
- *                 patterns analysis).
- *
- * \warning        If \p swap is neither 0 nor 1, the result of this function
- *                 is indeterminate, and both \p X and \p Y might end up with
- *                 values different to either of the original ones.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return         Another negative error code on other kinds of failure.
- *
- */
-int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap );
-
-/**
- * \brief          Store integer value in MPI.
- *
- * \param X        The MPI to set. This must be initialized.
- * \param z        The value to use.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return         Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
-
-/**
- * \brief          Get a specific bit from an MPI.
- *
- * \param X        The MPI to query. This must be initialized.
- * \param pos      Zero-based index of the bit to query.
- *
- * \return         \c 0 or \c 1 on success, depending on whether bit \c pos
- *                 of \c X is unset or set.
- * \return         A negative error code on failure.
- */
-int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
-
-/**
- * \brief          Modify a specific bit in an MPI.
- *
- * \note           This function will grow the target MPI if necessary to set a
- *                 bit to \c 1 in a not yet existing limb. It will not grow if
- *                 the bit should be set to \c 0.
- *
- * \param X        The MPI to modify. This must be initialized.
- * \param pos      Zero-based index of the bit to modify.
- * \param val      The desired value of bit \c pos: \c 0 or \c 1.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return         Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
-
-/**
- * \brief          Return the number of bits of value \c 0 before the
- *                 least significant bit of value \c 1.
- *
- * \note           This is the same as the zero-based index of
- *                 the least significant bit of value \c 1.
- *
- * \param X        The MPI to query.
- *
- * \return         The number of bits of value \c 0 before the least significant
- *                 bit of value \c 1 in \p X.
- */
-size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
-
-/**
- * \brief          Return the number of bits up to and including the most
- *                 significant bit of value \c 1.
- *
- * * \note         This is same as the one-based index of the most
- *                 significant bit of value \c 1.
- *
- * \param X        The MPI to query. This must point to an initialized MPI.
- *
- * \return         The number of bits up to and including the most
- *                 significant bit of value \c 1.
- */
-size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
-
-/**
- * \brief          Return the total size of an MPI value in bytes.
- *
- * \param X        The MPI to use. This must point to an initialized MPI.
- *
- * \note           The value returned by this function may be less than
- *                 the number of bytes used to store \p X internally.
- *                 This happens if and only if there are trailing bytes
- *                 of value zero.
- *
- * \return         The least number of bytes capable of storing
- *                 the absolute value of \p X.
- */
-size_t mbedtls_mpi_size( const mbedtls_mpi *X );
-
-/**
- * \brief          Import an MPI from an ASCII string.
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param radix    The numeric base of the input string.
- * \param s        Null-terminated string buffer.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
-
-/**
- * \brief          Export an MPI to an ASCII string.
- *
- * \param X        The source MPI. This must point to an initialized MPI.
- * \param radix    The numeric base of the output string.
- * \param buf      The buffer to write the string to. This must be writable
- *                 buffer of length \p buflen Bytes.
- * \param buflen   The available size in Bytes of \p buf.
- * \param olen     The address at which to store the length of the string
- *                 written, including the  final \c NULL byte. This must
- *                 not be \c NULL.
- *
- * \note           You can call this function with `buflen == 0` to obtain the
- *                 minimum required buffer size in `*olen`.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the target buffer \p buf
- *                 is too small to hold the value of \p X in the desired base.
- *                 In this case, `*olen` is nonetheless updated to contain the
- *                 size of \p buf required for a successful call.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
-                              char *buf, size_t buflen, size_t *olen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief          Read an MPI from a line in an opened file.
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param radix    The numeric base of the string representation used
- *                 in the source line.
- * \param fin      The input file handle to use. This must not be \c NULL.
- *
- * \note           On success, this function advances the file stream
- *                 to the end of the current line or to EOF.
- *
- *                 The function returns \c 0 on an empty line.
- *
- *                 Leading whitespaces are ignored, as is a
- *                 '0x' prefix for radix \c 16.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the file read buffer
- *                 is too small.
- * \return         Another negative error code on failure.
- */
-int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
-
-/**
- * \brief          Export an MPI into an opened file.
- *
- * \param p        A string prefix to emit prior to the MPI data.
- *                 For example, this might be a label, or "0x" when
- *                 printing in base \c 16. This may be \c NULL if no prefix
- *                 is needed.
- * \param X        The source MPI. This must point to an initialized MPI.
- * \param radix    The numeric base to be used in the emitted string.
- * \param fout     The output file handle. This may be \c NULL, in which case
- *                 the output is written to \c stdout.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X,
-                            int radix, FILE *fout );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief          Import an MPI from unsigned big endian binary data.
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param buf      The input buffer. This must be a readable buffer of length
- *                 \p buflen Bytes.
- * \param buflen   The length of the input buffer \p p in Bytes.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf,
-                             size_t buflen );
-
-/**
- * \brief          Import X from unsigned binary data, little endian
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param buf      The input buffer. This must be a readable buffer of length
- *                 \p buflen Bytes.
- * \param buflen   The length of the input buffer \p p in Bytes.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
-                                const unsigned char *buf, size_t buflen );
-
-/**
- * \brief          Export X into unsigned binary data, big endian.
- *                 Always fills the whole buffer, which will start with zeros
- *                 if the number is smaller.
- *
- * \param X        The source MPI. This must point to an initialized MPI.
- * \param buf      The output buffer. This must be a writable buffer of length
- *                 \p buflen Bytes.
- * \param buflen   The size of the output buffer \p buf in Bytes.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
- *                 large enough to hold the value of \p X.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf,
-                              size_t buflen );
-
-/**
- * \brief          Export X into unsigned binary data, little endian.
- *                 Always fills the whole buffer, which will end with zeros
- *                 if the number is smaller.
- *
- * \param X        The source MPI. This must point to an initialized MPI.
- * \param buf      The output buffer. This must be a writable buffer of length
- *                 \p buflen Bytes.
- * \param buflen   The size of the output buffer \p buf in Bytes.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
- *                 large enough to hold the value of \p X.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
-                                 unsigned char *buf, size_t buflen );
-
-/**
- * \brief          Perform a left-shift on an MPI: X <<= count
- *
- * \param X        The MPI to shift. This must point to an initialized MPI.
- * \param count    The number of bits to shift by.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
-
-/**
- * \brief          Perform a right-shift on an MPI: X >>= count
- *
- * \param X        The MPI to shift. This must point to an initialized MPI.
- * \param count    The number of bits to shift by.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
-
-/**
- * \brief          Compare the absolute values of two MPIs.
- *
- * \param X        The left-hand MPI. This must point to an initialized MPI.
- * \param Y        The right-hand MPI. This must point to an initialized MPI.
- *
- * \return         \c 1 if `|X|` is greater than `|Y|`.
- * \return         \c -1 if `|X|` is lesser than `|Y|`.
- * \return         \c 0 if `|X|` is equal to `|Y|`.
- */
-int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief          Compare two MPIs.
- *
- * \param X        The left-hand MPI. This must point to an initialized MPI.
- * \param Y        The right-hand MPI. This must point to an initialized MPI.
- *
- * \return         \c 1 if \p X is greater than \p Y.
- * \return         \c -1 if \p X is lesser than \p Y.
- * \return         \c 0 if \p X is equal to \p Y.
- */
-int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
-
-/**
- * \brief          Check if an MPI is less than the other in constant time.
- *
- * \param X        The left-hand MPI. This must point to an initialized MPI
- *                 with the same allocated length as Y.
- * \param Y        The right-hand MPI. This must point to an initialized MPI
- *                 with the same allocated length as X.
- * \param ret      The result of the comparison:
- *                 \c 1 if \p X is less than \p Y.
- *                 \c 0 if \p X is greater than or equal to \p Y.
- *
- * \return         0 on success.
- * \return         MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
- *                 the two input MPIs is not the same.
- */
-int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y,
-        unsigned *ret );
-
-/**
- * \brief          Compare an MPI with an integer.
- *
- * \param X        The left-hand MPI. This must point to an initialized MPI.
- * \param z        The integer value to compare \p X to.
- *
- * \return         \c 1 if \p X is greater than \p z.
- * \return         \c -1 if \p X is lesser than \p z.
- * \return         \c 0 if \p X is equal to \p z.
- */
-int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
-
-/**
- * \brief          Perform an unsigned addition of MPIs: X = |A| + |B|
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param A        The first summand. This must point to an initialized MPI.
- * \param B        The second summand. This must point to an initialized MPI.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B );
-
-/**
- * \brief          Perform an unsigned subtraction of MPIs: X = |A| - |B|
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param A        The minuend. This must point to an initialized MPI.
- * \param B        The subtrahend. This must point to an initialized MPI.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A.
- * \return         Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B );
-
-/**
- * \brief          Perform a signed addition of MPIs: X = A + B
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param A        The first summand. This must point to an initialized MPI.
- * \param B        The second summand. This must point to an initialized MPI.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B );
-
-/**
- * \brief          Perform a signed subtraction of MPIs: X = A - B
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param A        The minuend. This must point to an initialized MPI.
- * \param B        The subtrahend. This must point to an initialized MPI.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B );
-
-/**
- * \brief          Perform a signed addition of an MPI and an integer: X = A + b
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param A        The first summand. This must point to an initialized MPI.
- * \param b        The second summand.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         mbedtls_mpi_sint b );
-
-/**
- * \brief          Perform a signed subtraction of an MPI and an integer:
- *                 X = A - b
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param A        The minuend. This must point to an initialized MPI.
- * \param b        The subtrahend.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         mbedtls_mpi_sint b );
-
-/**
- * \brief          Perform a multiplication of two MPIs: X = A * B
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param A        The first factor. This must point to an initialized MPI.
- * \param B        The second factor. This must point to an initialized MPI.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B );
-
-/**
- * \brief          Perform a multiplication of an MPI with an unsigned integer:
- *                 X = A * b
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param A        The first factor. This must point to an initialized MPI.
- * \param b        The second factor.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         mbedtls_mpi_uint b );
-
-/**
- * \brief          Perform a division with remainder of two MPIs:
- *                 A = Q * B + R
- *
- * \param Q        The destination MPI for the quotient.
- *                 This may be \c NULL if the value of the
- *                 quotient is not needed. This must not alias A or B.
- * \param R        The destination MPI for the remainder value.
- *                 This may be \c NULL if the value of the
- *                 remainder is not needed. This must not alias A or B.
- * \param A        The dividend. This must point to an initialized MPI.
- * \param B        The divisor. This must point to an initialized MPI.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B );
-
-/**
- * \brief          Perform a division with remainder of an MPI by an integer:
- *                 A = Q * b + R
- *
- * \param Q        The destination MPI for the quotient.
- *                 This may be \c NULL if the value of the
- *                 quotient is not needed.  This must not alias A.
- * \param R        The destination MPI for the remainder value.
- *                 This may be \c NULL if the value of the
- *                 remainder is not needed.  This must not alias A.
- * \param A        The dividend. This must point to an initialized MPi.
- * \param b        The divisor.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
-                         mbedtls_mpi_sint b );
-
-/**
- * \brief          Perform a modular reduction. R = A mod B
- *
- * \param R        The destination MPI for the residue value.
- *                 This must point to an initialized MPI.
- * \param A        The MPI to compute the residue of.
- *                 This must point to an initialized MPI.
- * \param B        The base of the modular reduction.
- *                 This must point to an initialized MPI.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
- * \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative.
- * \return         Another negative error code on different kinds of failure.
- *
- */
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B );
-
-/**
- * \brief          Perform a modular reduction with respect to an integer.
- *                 r = A mod b
- *
- * \param r        The address at which to store the residue.
- *                 This must not be \c NULL.
- * \param A        The MPI to compute the residue of.
- *                 This must point to an initialized MPi.
- * \param b        The integer base of the modular reduction.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
- * \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
-                         mbedtls_mpi_sint b );
-
-/**
- * \brief          Perform a sliding-window exponentiation: X = A^E mod N
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- *                 This must not alias E or N.
- * \param A        The base of the exponentiation.
- *                 This must point to an initialized MPI.
- * \param E        The exponent MPI. This must point to an initialized MPI.
- * \param N        The base for the modular reduction. This must point to an
- *                 initialized MPI.
- * \param prec_RR  A helper MPI depending solely on \p N which can be used to
- *                 speed-up multiple modular exponentiations for the same value
- *                 of \p N. This may be \c NULL. If it is not \c NULL, it must
- *                 point to an initialized MPI. If it hasn't been used after
- *                 the call to mbedtls_mpi_init(), this function will compute
- *                 the helper value and store it in \p prec_RR for reuse on
- *                 subsequent calls to this function. Otherwise, the function
- *                 will assume that \p prec_RR holds the helper value set by a
- *                 previous call to mbedtls_mpi_exp_mod(), and reuse it.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \c N is negative or
- *                 even, or if \c E is negative.
- * \return         Another negative error code on different kinds of failures.
- *
- */
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *E, const mbedtls_mpi *N,
-                         mbedtls_mpi *prec_RR );
-
-/**
- * \brief          Fill an MPI with a number of random bytes.
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param size     The number of random bytes to generate.
- * \param f_rng    The RNG function to use. This must not be \c NULL.
- * \param p_rng    The RNG parameter to be passed to \p f_rng. This may be
- *                 \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         Another negative error code on failure.
- *
- * \note           The bytes obtained from the RNG are interpreted
- *                 as a big-endian representation of an MPI; this can
- *                 be relevant in applications like deterministic ECDSA.
- */
-int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
-
-/** Generate a random number uniformly in a range.
- *
- * This function generates a random number between \p min inclusive and
- * \p N exclusive.
- *
- * The procedure complies with RFC 6979 §3.3 (deterministic ECDSA)
- * when the RNG is a suitably parametrized instance of HMAC_DRBG
- * and \p min is \c 1.
- *
- * \note           There are `N - min` possible outputs. The lower bound
- *                 \p min can be reached, but the upper bound \p N cannot.
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param min      The minimum value to return.
- *                 It must be nonnegative.
- * \param N        The upper bound of the range, exclusive.
- *                 In other words, this is one plus the maximum value to return.
- *                 \p N must be strictly larger than \p min.
- * \param f_rng    The RNG function to use. This must not be \c NULL.
- * \param p_rng    The RNG parameter to be passed to \p f_rng.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p min or \p N is invalid
- *                 or if they are incompatible.
- * \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was
- *                 unable to find a suitable value within a limited number
- *                 of attempts. This has a negligible probability if \p N
- *                 is significantly larger than \p min, which is the case
- *                 for all usual cryptographic applications.
- * \return         Another negative error code on failure.
- */
-int mbedtls_mpi_random( mbedtls_mpi *X,
-                        mbedtls_mpi_sint min,
-                        const mbedtls_mpi *N,
-                        int (*f_rng)(void *, unsigned char *, size_t),
-                        void *p_rng );
-
-/**
- * \brief          Compute the greatest common divisor: G = gcd(A, B)
- *
- * \param G        The destination MPI. This must point to an initialized MPI.
- * \param A        The first operand. This must point to an initialized MPI.
- * \param B        The second operand. This must point to an initialized MPI.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         Another negative error code on different kinds of failure.
- */
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A,
-                     const mbedtls_mpi *B );
-
-/**
- * \brief          Compute the modular inverse: X = A^-1 mod N
- *
- * \param X        The destination MPI. This must point to an initialized MPI.
- * \param A        The MPI to calculate the modular inverse of. This must point
- *                 to an initialized MPI.
- * \param N        The base of the modular inversion. This must point to an
- *                 initialized MPI.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than
- *                 or equal to one.
- * \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
- *                 with respect to \p N.
- */
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *N );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          Perform a Miller-Rabin primality test with error
- *                 probability of 2<sup>-80</sup>.
- *
- * \deprecated     Superseded by mbedtls_mpi_is_prime_ext() which allows
- *                 specifying the number of Miller-Rabin rounds.
- *
- * \param X        The MPI to check for primality.
- *                 This must point to an initialized MPI.
- * \param f_rng    The RNG function to use. This must not be \c NULL.
- * \param p_rng    The RNG parameter to be passed to \p f_rng.
- *                 This may be \c NULL if \p f_rng doesn't use a
- *                 context parameter.
- *
- * \return         \c 0 if successful, i.e. \p X is probably prime.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
- * \return         Another negative error code on other kinds of failure.
- */
-MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
-                          int (*f_rng)(void *, unsigned char *, size_t),
-                          void *p_rng );
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          Miller-Rabin primality test.
- *
- * \warning        If \p X is potentially generated by an adversary, for example
- *                 when validating cryptographic parameters that you didn't
- *                 generate yourself and that are supposed to be prime, then
- *                 \p rounds should be at least the half of the security
- *                 strength of the cryptographic algorithm. On the other hand,
- *                 if \p X is chosen uniformly or non-adversarially (as is the
- *                 case when mbedtls_mpi_gen_prime calls this function), then
- *                 \p rounds can be much lower.
- *
- * \param X        The MPI to check for primality.
- *                 This must point to an initialized MPI.
- * \param rounds   The number of bases to perform the Miller-Rabin primality
- *                 test for. The probability of returning 0 on a composite is
- *                 at most 2<sup>-2*\p rounds</sup>.
- * \param f_rng    The RNG function to use. This must not be \c NULL.
- * \param p_rng    The RNG parameter to be passed to \p f_rng.
- *                 This may be \c NULL if \p f_rng doesn't use
- *                 a context parameter.
- *
- * \return         \c 0 if successful, i.e. \p X is probably prime.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
- * \return         Another negative error code on other kinds of failure.
- */
-int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng );
-/**
- * \brief Flags for mbedtls_mpi_gen_prime()
- *
- * Each of these flags is a constraint on the result X returned by
- * mbedtls_mpi_gen_prime().
- */
-typedef enum {
-    MBEDTLS_MPI_GEN_PRIME_FLAG_DH =      0x0001, /**< (X-1)/2 is prime too */
-    MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from 2<sup>-80</sup> to 2<sup>-128</sup> */
-} mbedtls_mpi_gen_prime_flag_t;
-
-/**
- * \brief          Generate a prime number.
- *
- * \param X        The destination MPI to store the generated prime in.
- *                 This must point to an initialized MPi.
- * \param nbits    The required size of the destination MPI in bits.
- *                 This must be between \c 3 and #MBEDTLS_MPI_MAX_BITS.
- * \param flags    A mask of flags of type #mbedtls_mpi_gen_prime_flag_t.
- * \param f_rng    The RNG function to use. This must not be \c NULL.
- * \param p_rng    The RNG parameter to be passed to \p f_rng.
- *                 This may be \c NULL if \p f_rng doesn't use
- *                 a context parameter.
- *
- * \return         \c 0 if successful, in which case \p X holds a
- *                 probably prime number.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
- * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between
- *                 \c 3 and #MBEDTLS_MPI_MAX_BITS.
- */
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
-                   int (*f_rng)(void *, unsigned char *, size_t),
-                   void *p_rng );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_mpi_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* bignum.h */
diff --git a/Sources/mbedtls/include/mbedtls/blowfish.h b/Sources/mbedtls/include/mbedtls/blowfish.h
deleted file mode 100644
index d5f8099..0000000
--- a/Sources/mbedtls/include/mbedtls/blowfish.h
+++ /dev/null
@@ -1,288 +0,0 @@
-/**
- * \file blowfish.h
- *
- * \brief Blowfish block cipher
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_BLOWFISH_H
-#define MBEDTLS_BLOWFISH_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include "mbedtls/platform_util.h"
-
-#define MBEDTLS_BLOWFISH_ENCRYPT     1
-#define MBEDTLS_BLOWFISH_DECRYPT     0
-#define MBEDTLS_BLOWFISH_MAX_KEY_BITS     448
-#define MBEDTLS_BLOWFISH_MIN_KEY_BITS     32
-#define MBEDTLS_BLOWFISH_ROUNDS      16         /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
-#define MBEDTLS_BLOWFISH_BLOCKSIZE   8          /* Blowfish uses 64 bit blocks */
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH   MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 )
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-/** Bad input data. */
-#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016
-
-/** Invalid data input length. */
-#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018
-
-/* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used.
- */
-/** Blowfish hardware accelerator failed. */
-#define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED                   -0x0017
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_BLOWFISH_ALT)
-// Regular implementation
-//
-
-/**
- * \brief          Blowfish context structure
- */
-typedef struct mbedtls_blowfish_context
-{
-    uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2];    /*!<  Blowfish round keys    */
-    uint32_t S[4][256];                 /*!<  key dependent S-boxes  */
-}
-mbedtls_blowfish_context;
-
-#else  /* MBEDTLS_BLOWFISH_ALT */
-#include "blowfish_alt.h"
-#endif /* MBEDTLS_BLOWFISH_ALT */
-
-/**
- * \brief          Initialize a Blowfish context.
- *
- * \param ctx      The Blowfish context to be initialized.
- *                 This must not be \c NULL.
- */
-void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
-
-/**
- * \brief          Clear a Blowfish context.
- *
- * \param ctx      The Blowfish context to be cleared.
- *                 This may be \c NULL, in which case this function
- *                 returns immediately. If it is not \c NULL, it must
- *                 point to an initialized Blowfish context.
- */
-void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
-
-/**
- * \brief          Perform a Blowfish key schedule operation.
- *
- * \param ctx      The Blowfish context to perform the key schedule on.
- * \param key      The encryption key. This must be a readable buffer of
- *                 length \p keybits Bits.
- * \param keybits  The length of \p key in Bits. This must be between
- *                 \c 32 and \c 448 and a multiple of \c 8.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
-                     unsigned int keybits );
-
-/**
- * \brief          Perform a Blowfish-ECB block encryption/decryption operation.
- *
- * \param ctx      The Blowfish context to use. This must be initialized
- *                 and bound to a key.
- * \param mode     The mode of operation. Possible values are
- *                 #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
- *                 #MBEDTLS_BLOWFISH_DECRYPT for decryption.
- * \param input    The input block. This must be a readable buffer
- *                 of size \c 8 Bytes.
- * \param output   The output block. This must be a writable buffer
- *                 of size \c 8 Bytes.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
-                        int mode,
-                        const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                        unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief          Perform a Blowfish-CBC buffer encryption/decryption operation.
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      The Blowfish context to use. This must be initialized
- *                 and bound to a key.
- * \param mode     The mode of operation. Possible values are
- *                 #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
- *                 #MBEDTLS_BLOWFISH_DECRYPT for decryption.
- * \param length   The length of the input data in Bytes. This must be
- *                 multiple of \c 8.
- * \param iv       The initialization vector. This must be a read/write buffer
- *                 of length \c 8 Bytes. It is updated by this function.
- * \param input    The input data. This must be a readable buffer of length
- *                 \p length Bytes.
- * \param output   The output data. This must be a writable buffer of length
- *                 \p length Bytes.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
-                        int mode,
-                        size_t length,
-                        unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                        const unsigned char *input,
-                        unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief          Perform a Blowfish CFB buffer encryption/decryption operation.
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      The Blowfish context to use. This must be initialized
- *                 and bound to a key.
- * \param mode     The mode of operation. Possible values are
- *                 #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or
- *                 #MBEDTLS_BLOWFISH_DECRYPT for decryption.
- * \param length   The length of the input data in Bytes.
- * \param iv_off   The offset in the initialization vector.
- *                 The value pointed to must be smaller than \c 8 Bytes.
- *                 It is updated by this function to support the aforementioned
- *                 streaming usage.
- * \param iv       The initialization vector. This must be a read/write buffer
- *                 of size \c 8 Bytes. It is updated after use.
- * \param input    The input data. This must be a readable buffer of length
- *                 \p length Bytes.
- * \param output   The output data. This must be a writable buffer of length
- *                 \p length Bytes.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
-                          int mode,
-                          size_t length,
-                          size_t *iv_off,
-                          unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                          const unsigned char *input,
-                          unsigned char *output );
-#endif /*MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief      Perform a Blowfish-CTR buffer encryption/decryption operation.
- *
- * \warning    You must never reuse a nonce value with the same key. Doing so
- *             would void the encryption for the two messages encrypted with
- *             the same nonce and key.
- *
- *             There are two common strategies for managing nonces with CTR:
- *
- *             1. You can handle everything as a single message processed over
- *             successive calls to this function. In that case, you want to
- *             set \p nonce_counter and \p nc_off to 0 for the first call, and
- *             then preserve the values of \p nonce_counter, \p nc_off and \p
- *             stream_block across calls to this function as they will be
- *             updated by this function.
- *
- *             With this strategy, you must not encrypt more than 2**64
- *             blocks of data with the same key.
- *
- *             2. You can encrypt separate messages by dividing the \p
- *             nonce_counter buffer in two areas: the first one used for a
- *             per-message nonce, handled by yourself, and the second one
- *             updated by this function internally.
- *
- *             For example, you might reserve the first 4 bytes for the
- *             per-message nonce, and the last 4 bytes for internal use. In that
- *             case, before calling this function on a new message you need to
- *             set the first 4 bytes of \p nonce_counter to your chosen nonce
- *             value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
- *             stream_block to be ignored). That way, you can encrypt at most
- *             2**32 messages of up to 2**32 blocks each with the same key.
- *
- *             The per-message nonce (or information sufficient to reconstruct
- *             it) needs to be communicated with the ciphertext and must be unique.
- *             The recommended way to ensure uniqueness is to use a message
- *             counter.
- *
- *             Note that for both strategies, sizes are measured in blocks and
- *             that a Blowfish block is 8 bytes.
- *
- * \warning    Upon return, \p stream_block contains sensitive data. Its
- *             content must not be written to insecure storage and should be
- *             securely discarded as soon as it's no longer needed.
- *
- * \param ctx           The Blowfish context to use. This must be initialized
- *                      and bound to a key.
- * \param length        The length of the input data in Bytes.
- * \param nc_off        The offset in the current stream_block (for resuming
- *                      within current cipher stream). The offset pointer
- *                      should be \c 0 at the start of a stream and must be
- *                      smaller than \c 8. It is updated by this function.
- * \param nonce_counter The 64-bit nonce and counter. This must point to a
- *                      read/write buffer of length \c 8 Bytes.
- * \param stream_block  The saved stream-block for resuming. This must point to
- *                      a read/write buffer of length \c 8 Bytes.
- * \param input         The input data. This must be a readable buffer of
- *                      length \p length Bytes.
- * \param output        The output data. This must be a writable buffer of
- *                      length \p length Bytes.
- *
- * \return              \c 0 if successful.
- * \return              A negative error code on failure.
- */
-int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
-                        size_t length,
-                        size_t *nc_off,
-                        unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                        unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                        const unsigned char *input,
-                        unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* blowfish.h */
diff --git a/Sources/mbedtls/include/mbedtls/bn_mul.h b/Sources/mbedtls/include/mbedtls/bn_mul.h
deleted file mode 100644
index a3fc363..0000000
--- a/Sources/mbedtls/include/mbedtls/bn_mul.h
+++ /dev/null
@@ -1,1004 +0,0 @@
-/**
- * \file bn_mul.h
- *
- * \brief Multi-precision integer library
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *      Multiply source vector [s] with b, add result
- *       to destination vector [d] and set carry c.
- *
- *      Currently supports:
- *
- *         . IA-32 (386+)         . AMD64 / EM64T
- *         . IA-32 (SSE2)         . Motorola 68000
- *         . PowerPC, 32-bit      . MicroBlaze
- *         . PowerPC, 64-bit      . TriCore
- *         . SPARC v8             . ARM v3+
- *         . Alpha                . MIPS32
- *         . C, longlong          . C, generic
- */
-#ifndef MBEDTLS_BN_MUL_H
-#define MBEDTLS_BN_MUL_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/bignum.h"
-
-
-/*
- * Conversion macros for embedded constants:
- * build lists of mbedtls_mpi_uint's from lists of unsigned char's grouped by 8, 4 or 2
- */
-#if defined(MBEDTLS_HAVE_INT32)
-
-#define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d )               \
-    ( (mbedtls_mpi_uint) (a) <<  0 ) |                        \
-    ( (mbedtls_mpi_uint) (b) <<  8 ) |                        \
-    ( (mbedtls_mpi_uint) (c) << 16 ) |                        \
-    ( (mbedtls_mpi_uint) (d) << 24 )
-
-#define MBEDTLS_BYTES_TO_T_UINT_2( a, b )                   \
-    MBEDTLS_BYTES_TO_T_UINT_4( a, b, 0, 0 )
-
-#define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
-    MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ),                \
-    MBEDTLS_BYTES_TO_T_UINT_4( e, f, g, h )
-
-#else /* 64-bits */
-
-#define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h )   \
-    ( (mbedtls_mpi_uint) (a) <<  0 ) |                        \
-    ( (mbedtls_mpi_uint) (b) <<  8 ) |                        \
-    ( (mbedtls_mpi_uint) (c) << 16 ) |                        \
-    ( (mbedtls_mpi_uint) (d) << 24 ) |                        \
-    ( (mbedtls_mpi_uint) (e) << 32 ) |                        \
-    ( (mbedtls_mpi_uint) (f) << 40 ) |                        \
-    ( (mbedtls_mpi_uint) (g) << 48 ) |                        \
-    ( (mbedtls_mpi_uint) (h) << 56 )
-
-#define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d )             \
-    MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 )
-
-#define MBEDTLS_BYTES_TO_T_UINT_2( a, b )                   \
-    MBEDTLS_BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 )
-
-#endif /* bits in mbedtls_mpi_uint */
-
-#if defined(MBEDTLS_HAVE_ASM)
-
-#ifndef asm
-#define asm __asm
-#endif
-
-/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
-#if defined(__GNUC__) && \
-    ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
-
-/*
- * GCC < 5.0 treated the x86 ebx (which is used for the GOT) as a
- * fixed reserved register when building as PIC, leading to errors
- * like: bn_mul.h:46:13: error: PIC register clobbered by 'ebx' in 'asm'
- *
- * This is fixed by an improved register allocator in GCC 5+. From the
- * release notes:
- * Register allocation improvements: Reuse of the PIC hard register,
- * instead of using a fixed register, was implemented on x86/x86-64
- * targets. This improves generated PIC code performance as more hard
- * registers can be used.
- */
-#if defined(__GNUC__) && __GNUC__ < 5 && defined(__PIC__)
-#define MULADDC_CANNOT_USE_EBX
-#endif
-
-/*
- * Disable use of the i386 assembly code below if option -O0, to disable all
- * compiler optimisations, is passed, detected with __OPTIMIZE__
- * This is done as the number of registers used in the assembly code doesn't
- * work with the -O0 option.
- */
-#if defined(__i386__) && defined(__OPTIMIZE__) && !defined(MULADDC_CANNOT_USE_EBX)
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "movl   %%ebx, %0           \n\t"   \
-        "movl   %5, %%esi           \n\t"   \
-        "movl   %6, %%edi           \n\t"   \
-        "movl   %7, %%ecx           \n\t"   \
-        "movl   %8, %%ebx           \n\t"
-
-#define MULADDC_CORE                        \
-        "lodsl                      \n\t"   \
-        "mull   %%ebx               \n\t"   \
-        "addl   %%ecx,   %%eax      \n\t"   \
-        "adcl   $0,      %%edx      \n\t"   \
-        "addl   (%%edi), %%eax      \n\t"   \
-        "adcl   $0,      %%edx      \n\t"   \
-        "movl   %%edx,   %%ecx      \n\t"   \
-        "stosl                      \n\t"
-
-#if defined(MBEDTLS_HAVE_SSE2)
-
-#define MULADDC_HUIT                            \
-        "movd     %%ecx,     %%mm1      \n\t"   \
-        "movd     %%ebx,     %%mm0      \n\t"   \
-        "movd     (%%edi),   %%mm3      \n\t"   \
-        "paddq    %%mm3,     %%mm1      \n\t"   \
-        "movd     (%%esi),   %%mm2      \n\t"   \
-        "pmuludq  %%mm0,     %%mm2      \n\t"   \
-        "movd     4(%%esi),  %%mm4      \n\t"   \
-        "pmuludq  %%mm0,     %%mm4      \n\t"   \
-        "movd     8(%%esi),  %%mm6      \n\t"   \
-        "pmuludq  %%mm0,     %%mm6      \n\t"   \
-        "movd     12(%%esi), %%mm7      \n\t"   \
-        "pmuludq  %%mm0,     %%mm7      \n\t"   \
-        "paddq    %%mm2,     %%mm1      \n\t"   \
-        "movd     4(%%edi),  %%mm3      \n\t"   \
-        "paddq    %%mm4,     %%mm3      \n\t"   \
-        "movd     8(%%edi),  %%mm5      \n\t"   \
-        "paddq    %%mm6,     %%mm5      \n\t"   \
-        "movd     12(%%edi), %%mm4      \n\t"   \
-        "paddq    %%mm4,     %%mm7      \n\t"   \
-        "movd     %%mm1,     (%%edi)    \n\t"   \
-        "movd     16(%%esi), %%mm2      \n\t"   \
-        "pmuludq  %%mm0,     %%mm2      \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "movd     20(%%esi), %%mm4      \n\t"   \
-        "pmuludq  %%mm0,     %%mm4      \n\t"   \
-        "paddq    %%mm3,     %%mm1      \n\t"   \
-        "movd     24(%%esi), %%mm6      \n\t"   \
-        "pmuludq  %%mm0,     %%mm6      \n\t"   \
-        "movd     %%mm1,     4(%%edi)   \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "movd     28(%%esi), %%mm3      \n\t"   \
-        "pmuludq  %%mm0,     %%mm3      \n\t"   \
-        "paddq    %%mm5,     %%mm1      \n\t"   \
-        "movd     16(%%edi), %%mm5      \n\t"   \
-        "paddq    %%mm5,     %%mm2      \n\t"   \
-        "movd     %%mm1,     8(%%edi)   \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm7,     %%mm1      \n\t"   \
-        "movd     20(%%edi), %%mm5      \n\t"   \
-        "paddq    %%mm5,     %%mm4      \n\t"   \
-        "movd     %%mm1,     12(%%edi)  \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm2,     %%mm1      \n\t"   \
-        "movd     24(%%edi), %%mm5      \n\t"   \
-        "paddq    %%mm5,     %%mm6      \n\t"   \
-        "movd     %%mm1,     16(%%edi)  \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm4,     %%mm1      \n\t"   \
-        "movd     28(%%edi), %%mm5      \n\t"   \
-        "paddq    %%mm5,     %%mm3      \n\t"   \
-        "movd     %%mm1,     20(%%edi)  \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm6,     %%mm1      \n\t"   \
-        "movd     %%mm1,     24(%%edi)  \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "paddq    %%mm3,     %%mm1      \n\t"   \
-        "movd     %%mm1,     28(%%edi)  \n\t"   \
-        "addl     $32,       %%edi      \n\t"   \
-        "addl     $32,       %%esi      \n\t"   \
-        "psrlq    $32,       %%mm1      \n\t"   \
-        "movd     %%mm1,     %%ecx      \n\t"
-
-#define MULADDC_STOP                    \
-        "emms                   \n\t"   \
-        "movl   %4, %%ebx       \n\t"   \
-        "movl   %%ecx, %1       \n\t"   \
-        "movl   %%edi, %2       \n\t"   \
-        "movl   %%esi, %3       \n\t"   \
-        : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
-        : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
-        : "eax", "ebx", "ecx", "edx", "esi", "edi"      \
-    );
-
-#else
-
-#define MULADDC_STOP                    \
-        "movl   %4, %%ebx       \n\t"   \
-        "movl   %%ecx, %1       \n\t"   \
-        "movl   %%edi, %2       \n\t"   \
-        "movl   %%esi, %3       \n\t"   \
-        : "=m" (t), "=m" (c), "=m" (d), "=m" (s)        \
-        : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b)   \
-        : "eax", "ebx", "ecx", "edx", "esi", "edi"      \
-    );
-#endif /* SSE2 */
-#endif /* i386 */
-
-#if defined(__amd64__) || defined (__x86_64__)
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "xorq   %%r8, %%r8\n"
-
-#define MULADDC_CORE                        \
-        "movq   (%%rsi), %%rax\n"           \
-        "mulq   %%rbx\n"                    \
-        "addq   $8, %%rsi\n"                \
-        "addq   %%rcx, %%rax\n"             \
-        "movq   %%r8, %%rcx\n"              \
-        "adcq   $0, %%rdx\n"                \
-        "nop    \n"                         \
-        "addq   %%rax, (%%rdi)\n"           \
-        "adcq   %%rdx, %%rcx\n"             \
-        "addq   $8, %%rdi\n"
-
-#define MULADDC_STOP                        \
-        : "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \
-        : "b" (b), "m" (*(const uint64_t (*)[16]) s)                 \
-        : "rax", "rdx", "r8"                                         \
-    );
-
-#endif /* AMD64 */
-
-#if defined(__aarch64__)
-
-#define MULADDC_INIT                \
-    asm(
-
-#define MULADDC_CORE                \
-        "ldr x4, [%2], #8   \n\t"   \
-        "ldr x5, [%1]       \n\t"   \
-        "mul x6, x4, %4     \n\t"   \
-        "umulh x7, x4, %4   \n\t"   \
-        "adds x5, x5, x6    \n\t"   \
-        "adc x7, x7, xzr    \n\t"   \
-        "adds x5, x5, %0    \n\t"   \
-        "adc %0, x7, xzr    \n\t"   \
-        "str x5, [%1], #8   \n\t"
-
-#define MULADDC_STOP                                                    \
-         : "+r" (c),  "+r" (d), "+r" (s), "+m" (*(uint64_t (*)[16]) d)  \
-         : "r" (b), "m" (*(const uint64_t (*)[16]) s)                   \
-         : "x4", "x5", "x6", "x7", "cc"                                 \
-    );
-
-#endif /* Aarch64 */
-
-#if defined(__mc68020__) || defined(__mcpu32__)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "movl   %3, %%a2        \n\t"   \
-        "movl   %4, %%a3        \n\t"   \
-        "movl   %5, %%d3        \n\t"   \
-        "movl   %6, %%d2        \n\t"   \
-        "moveq  #0, %%d0        \n\t"
-
-#define MULADDC_CORE                    \
-        "movel  %%a2@+, %%d1    \n\t"   \
-        "mulul  %%d2, %%d4:%%d1 \n\t"   \
-        "addl   %%d3, %%d1      \n\t"   \
-        "addxl  %%d0, %%d4      \n\t"   \
-        "moveq  #0,   %%d3      \n\t"   \
-        "addl   %%d1, %%a3@+    \n\t"   \
-        "addxl  %%d4, %%d3      \n\t"
-
-#define MULADDC_STOP                    \
-        "movl   %%d3, %0        \n\t"   \
-        "movl   %%a3, %1        \n\t"   \
-        "movl   %%a2, %2        \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "d0", "d1", "d2", "d3", "d4", "a2", "a3"  \
-    );
-
-#define MULADDC_HUIT                        \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
-        "addxl  %%d3,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d4       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
-        "addxl  %%d4,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
-        "addxl  %%d3,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d4       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
-        "addxl  %%d4,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
-        "addxl  %%d3,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d4       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
-        "addxl  %%d4,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d4:%%d1  \n\t"   \
-        "addxl  %%d3,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d4       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "movel  %%a2@+,  %%d1       \n\t"   \
-        "mulul  %%d2,    %%d3:%%d1  \n\t"   \
-        "addxl  %%d4,    %%d1       \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"   \
-        "addl   %%d1,    %%a3@+     \n\t"   \
-        "addxl  %%d0,    %%d3       \n\t"
-
-#endif /* MC68000 */
-
-#if defined(__powerpc64__) || defined(__ppc64__)
-
-#if defined(__MACH__) && defined(__APPLE__)
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "ld     r3, %3              \n\t"   \
-        "ld     r4, %4              \n\t"   \
-        "ld     r5, %5              \n\t"   \
-        "ld     r6, %6              \n\t"   \
-        "addi   r3, r3, -8          \n\t"   \
-        "addi   r4, r4, -8          \n\t"   \
-        "addic  r5, r5,  0          \n\t"
-
-#define MULADDC_CORE                        \
-        "ldu    r7, 8(r3)           \n\t"   \
-        "mulld  r8, r7, r6          \n\t"   \
-        "mulhdu r9, r7, r6          \n\t"   \
-        "adde   r8, r8, r5          \n\t"   \
-        "ld     r7, 8(r4)           \n\t"   \
-        "addze  r5, r9              \n\t"   \
-        "addc   r8, r8, r7          \n\t"   \
-        "stdu   r8, 8(r4)           \n\t"
-
-#define MULADDC_STOP                        \
-        "addze  r5, r5              \n\t"   \
-        "addi   r4, r4, 8           \n\t"   \
-        "addi   r3, r3, 8           \n\t"   \
-        "std    r5, %0              \n\t"   \
-        "std    r4, %1              \n\t"   \
-        "std    r3, %2              \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
-    );
-
-
-#else /* __MACH__ && __APPLE__ */
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "ld     %%r3, %3            \n\t"   \
-        "ld     %%r4, %4            \n\t"   \
-        "ld     %%r5, %5            \n\t"   \
-        "ld     %%r6, %6            \n\t"   \
-        "addi   %%r3, %%r3, -8      \n\t"   \
-        "addi   %%r4, %%r4, -8      \n\t"   \
-        "addic  %%r5, %%r5,  0      \n\t"
-
-#define MULADDC_CORE                        \
-        "ldu    %%r7, 8(%%r3)       \n\t"   \
-        "mulld  %%r8, %%r7, %%r6    \n\t"   \
-        "mulhdu %%r9, %%r7, %%r6    \n\t"   \
-        "adde   %%r8, %%r8, %%r5    \n\t"   \
-        "ld     %%r7, 8(%%r4)       \n\t"   \
-        "addze  %%r5, %%r9          \n\t"   \
-        "addc   %%r8, %%r8, %%r7    \n\t"   \
-        "stdu   %%r8, 8(%%r4)       \n\t"
-
-#define MULADDC_STOP                        \
-        "addze  %%r5, %%r5          \n\t"   \
-        "addi   %%r4, %%r4, 8       \n\t"   \
-        "addi   %%r3, %%r3, 8       \n\t"   \
-        "std    %%r5, %0            \n\t"   \
-        "std    %%r4, %1            \n\t"   \
-        "std    %%r3, %2            \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
-    );
-
-#endif /* __MACH__ && __APPLE__ */
-
-#elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32  */
-
-#if defined(__MACH__) && defined(__APPLE__)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "lwz    r3, %3          \n\t"   \
-        "lwz    r4, %4          \n\t"   \
-        "lwz    r5, %5          \n\t"   \
-        "lwz    r6, %6          \n\t"   \
-        "addi   r3, r3, -4      \n\t"   \
-        "addi   r4, r4, -4      \n\t"   \
-        "addic  r5, r5,  0      \n\t"
-
-#define MULADDC_CORE                    \
-        "lwzu   r7, 4(r3)       \n\t"   \
-        "mullw  r8, r7, r6      \n\t"   \
-        "mulhwu r9, r7, r6      \n\t"   \
-        "adde   r8, r8, r5      \n\t"   \
-        "lwz    r7, 4(r4)       \n\t"   \
-        "addze  r5, r9          \n\t"   \
-        "addc   r8, r8, r7      \n\t"   \
-        "stwu   r8, 4(r4)       \n\t"
-
-#define MULADDC_STOP                    \
-        "addze  r5, r5          \n\t"   \
-        "addi   r4, r4, 4       \n\t"   \
-        "addi   r3, r3, 4       \n\t"   \
-        "stw    r5, %0          \n\t"   \
-        "stw    r4, %1          \n\t"   \
-        "stw    r3, %2          \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
-    );
-
-#else /* __MACH__ && __APPLE__ */
-
-#define MULADDC_INIT                        \
-    asm(                                    \
-        "lwz    %%r3, %3            \n\t"   \
-        "lwz    %%r4, %4            \n\t"   \
-        "lwz    %%r5, %5            \n\t"   \
-        "lwz    %%r6, %6            \n\t"   \
-        "addi   %%r3, %%r3, -4      \n\t"   \
-        "addi   %%r4, %%r4, -4      \n\t"   \
-        "addic  %%r5, %%r5,  0      \n\t"
-
-#define MULADDC_CORE                        \
-        "lwzu   %%r7, 4(%%r3)       \n\t"   \
-        "mullw  %%r8, %%r7, %%r6    \n\t"   \
-        "mulhwu %%r9, %%r7, %%r6    \n\t"   \
-        "adde   %%r8, %%r8, %%r5    \n\t"   \
-        "lwz    %%r7, 4(%%r4)       \n\t"   \
-        "addze  %%r5, %%r9          \n\t"   \
-        "addc   %%r8, %%r8, %%r7    \n\t"   \
-        "stwu   %%r8, 4(%%r4)       \n\t"
-
-#define MULADDC_STOP                        \
-        "addze  %%r5, %%r5          \n\t"   \
-        "addi   %%r4, %%r4, 4       \n\t"   \
-        "addi   %%r3, %%r3, 4       \n\t"   \
-        "stw    %%r5, %0            \n\t"   \
-        "stw    %%r4, %1            \n\t"   \
-        "stw    %%r3, %2            \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4", "r5", "r6", "r7", "r8", "r9"  \
-    );
-
-#endif /* __MACH__ && __APPLE__ */
-
-#endif /* PPC32 */
-
-/*
- * The Sparc(64) assembly is reported to be broken.
- * Disable it for now, until we're able to fix it.
- */
-#if 0 && defined(__sparc__)
-#if defined(__sparc64__)
-
-#define MULADDC_INIT                                    \
-    asm(                                                \
-                "ldx     %3, %%o0               \n\t"   \
-                "ldx     %4, %%o1               \n\t"   \
-                "ld      %5, %%o2               \n\t"   \
-                "ld      %6, %%o3               \n\t"
-
-#define MULADDC_CORE                                    \
-                "ld      [%%o0], %%o4           \n\t"   \
-                "inc     4, %%o0                \n\t"   \
-                "ld      [%%o1], %%o5           \n\t"   \
-                "umul    %%o3, %%o4, %%o4       \n\t"   \
-                "addcc   %%o4, %%o2, %%o4       \n\t"   \
-                "rd      %%y, %%g1              \n\t"   \
-                "addx    %%g1, 0, %%g1          \n\t"   \
-                "addcc   %%o4, %%o5, %%o4       \n\t"   \
-                "st      %%o4, [%%o1]           \n\t"   \
-                "addx    %%g1, 0, %%o2          \n\t"   \
-                "inc     4, %%o1                \n\t"
-
-        #define MULADDC_STOP                            \
-                "st      %%o2, %0               \n\t"   \
-                "stx     %%o1, %1               \n\t"   \
-                "stx     %%o0, %2               \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)          \
-        : "m" (s), "m" (d), "m" (c), "m" (b)    \
-        : "g1", "o0", "o1", "o2", "o3", "o4",   \
-          "o5"                                  \
-        );
-
-#else /* __sparc64__ */
-
-#define MULADDC_INIT                                    \
-    asm(                                                \
-                "ld      %3, %%o0               \n\t"   \
-                "ld      %4, %%o1               \n\t"   \
-                "ld      %5, %%o2               \n\t"   \
-                "ld      %6, %%o3               \n\t"
-
-#define MULADDC_CORE                                    \
-                "ld      [%%o0], %%o4           \n\t"   \
-                "inc     4, %%o0                \n\t"   \
-                "ld      [%%o1], %%o5           \n\t"   \
-                "umul    %%o3, %%o4, %%o4       \n\t"   \
-                "addcc   %%o4, %%o2, %%o4       \n\t"   \
-                "rd      %%y, %%g1              \n\t"   \
-                "addx    %%g1, 0, %%g1          \n\t"   \
-                "addcc   %%o4, %%o5, %%o4       \n\t"   \
-                "st      %%o4, [%%o1]           \n\t"   \
-                "addx    %%g1, 0, %%o2          \n\t"   \
-                "inc     4, %%o1                \n\t"
-
-#define MULADDC_STOP                                    \
-                "st      %%o2, %0               \n\t"   \
-                "st      %%o1, %1               \n\t"   \
-                "st      %%o0, %2               \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)          \
-        : "m" (s), "m" (d), "m" (c), "m" (b)    \
-        : "g1", "o0", "o1", "o2", "o3", "o4",   \
-          "o5"                                  \
-        );
-
-#endif /* __sparc64__ */
-#endif /* __sparc__ */
-
-#if defined(__microblaze__) || defined(microblaze)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "lwi   r3,   %3         \n\t"   \
-        "lwi   r4,   %4         \n\t"   \
-        "lwi   r5,   %5         \n\t"   \
-        "lwi   r6,   %6         \n\t"   \
-        "andi  r7,   r6, 0xffff \n\t"   \
-        "bsrli r6,   r6, 16     \n\t"
-
-#if(__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)
-#define MULADDC_LHUI                    \
-        "lhui  r9,   r3,   0    \n\t"   \
-        "addi  r3,   r3,   2    \n\t"   \
-        "lhui  r8,   r3,   0    \n\t"
-#else
-#define MULADDC_LHUI                    \
-        "lhui  r8,   r3,   0    \n\t"   \
-        "addi  r3,   r3,   2    \n\t"   \
-        "lhui  r9,   r3,   0    \n\t"
-#endif
-
-#define MULADDC_CORE                    \
-        MULADDC_LHUI                    \
-        "addi  r3,   r3,   2    \n\t"   \
-        "mul   r10,  r9,  r6    \n\t"   \
-        "mul   r11,  r8,  r7    \n\t"   \
-        "mul   r12,  r9,  r7    \n\t"   \
-        "mul   r13,  r8,  r6    \n\t"   \
-        "bsrli  r8, r10,  16    \n\t"   \
-        "bsrli  r9, r11,  16    \n\t"   \
-        "add   r13, r13,  r8    \n\t"   \
-        "add   r13, r13,  r9    \n\t"   \
-        "bslli r10, r10,  16    \n\t"   \
-        "bslli r11, r11,  16    \n\t"   \
-        "add   r12, r12, r10    \n\t"   \
-        "addc  r13, r13,  r0    \n\t"   \
-        "add   r12, r12, r11    \n\t"   \
-        "addc  r13, r13,  r0    \n\t"   \
-        "lwi   r10,  r4,   0    \n\t"   \
-        "add   r12, r12, r10    \n\t"   \
-        "addc  r13, r13,  r0    \n\t"   \
-        "add   r12, r12,  r5    \n\t"   \
-        "addc   r5, r13,  r0    \n\t"   \
-        "swi   r12,  r4,   0    \n\t"   \
-        "addi   r4,  r4,   4    \n\t"
-
-#define MULADDC_STOP                    \
-        "swi   r5,   %0         \n\t"   \
-        "swi   r4,   %1         \n\t"   \
-        "swi   r3,   %2         \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "r3", "r4", "r5", "r6", "r7", "r8",       \
-          "r9", "r10", "r11", "r12", "r13"          \
-    );
-
-#endif /* MicroBlaze */
-
-#if defined(__tricore__)
-
-#define MULADDC_INIT                            \
-    asm(                                        \
-        "ld.a   %%a2, %3                \n\t"   \
-        "ld.a   %%a3, %4                \n\t"   \
-        "ld.w   %%d4, %5                \n\t"   \
-        "ld.w   %%d1, %6                \n\t"   \
-        "xor    %%d5, %%d5              \n\t"
-
-#define MULADDC_CORE                            \
-        "ld.w   %%d0,   [%%a2+]         \n\t"   \
-        "madd.u %%e2, %%e4, %%d0, %%d1  \n\t"   \
-        "ld.w   %%d0,   [%%a3]          \n\t"   \
-        "addx   %%d2,    %%d2,  %%d0    \n\t"   \
-        "addc   %%d3,    %%d3,    0     \n\t"   \
-        "mov    %%d4,    %%d3           \n\t"   \
-        "st.w  [%%a3+],  %%d2           \n\t"
-
-#define MULADDC_STOP                            \
-        "st.w   %0, %%d4                \n\t"   \
-        "st.a   %1, %%a3                \n\t"   \
-        "st.a   %2, %%a2                \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)          \
-        : "m" (s), "m" (d), "m" (c), "m" (b)    \
-        : "d0", "d1", "e2", "d4", "a2", "a3"    \
-    );
-
-#endif /* TriCore */
-
-/*
- * Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about
- * our use of r7 below, unless -fomit-frame-pointer is passed.
- *
- * On the other hand, -fomit-frame-pointer is implied by any -Ox options with
- * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by
- * clang and armcc5 under the same conditions).
- *
- * So, only use the optimized assembly below for optimized build, which avoids
- * the build error and is pretty reasonable anyway.
- */
-#if defined(__GNUC__) && !defined(__OPTIMIZE__)
-#define MULADDC_CANNOT_USE_R7
-#endif
-
-#if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7)
-
-#if defined(__thumb__) && !defined(__thumb2__)
-
-#define MULADDC_INIT                                    \
-    asm(                                                \
-            "ldr    r0, %3                      \n\t"   \
-            "ldr    r1, %4                      \n\t"   \
-            "ldr    r2, %5                      \n\t"   \
-            "ldr    r3, %6                      \n\t"   \
-            "lsr    r7, r3, #16                 \n\t"   \
-            "mov    r9, r7                      \n\t"   \
-            "lsl    r7, r3, #16                 \n\t"   \
-            "lsr    r7, r7, #16                 \n\t"   \
-            "mov    r8, r7                      \n\t"
-
-#define MULADDC_CORE                                    \
-            "ldmia  r0!, {r6}                   \n\t"   \
-            "lsr    r7, r6, #16                 \n\t"   \
-            "lsl    r6, r6, #16                 \n\t"   \
-            "lsr    r6, r6, #16                 \n\t"   \
-            "mov    r4, r8                      \n\t"   \
-            "mul    r4, r6                      \n\t"   \
-            "mov    r3, r9                      \n\t"   \
-            "mul    r6, r3                      \n\t"   \
-            "mov    r5, r9                      \n\t"   \
-            "mul    r5, r7                      \n\t"   \
-            "mov    r3, r8                      \n\t"   \
-            "mul    r7, r3                      \n\t"   \
-            "lsr    r3, r6, #16                 \n\t"   \
-            "add    r5, r5, r3                  \n\t"   \
-            "lsr    r3, r7, #16                 \n\t"   \
-            "add    r5, r5, r3                  \n\t"   \
-            "add    r4, r4, r2                  \n\t"   \
-            "mov    r2, #0                      \n\t"   \
-            "adc    r5, r2                      \n\t"   \
-            "lsl    r3, r6, #16                 \n\t"   \
-            "add    r4, r4, r3                  \n\t"   \
-            "adc    r5, r2                      \n\t"   \
-            "lsl    r3, r7, #16                 \n\t"   \
-            "add    r4, r4, r3                  \n\t"   \
-            "adc    r5, r2                      \n\t"   \
-            "ldr    r3, [r1]                    \n\t"   \
-            "add    r4, r4, r3                  \n\t"   \
-            "adc    r2, r5                      \n\t"   \
-            "stmia  r1!, {r4}                   \n\t"
-
-#define MULADDC_STOP                                    \
-            "str    r2, %0                      \n\t"   \
-            "str    r1, %1                      \n\t"   \
-            "str    r0, %2                      \n\t"   \
-         : "=m" (c),  "=m" (d), "=m" (s)        \
-         : "m" (s), "m" (d), "m" (c), "m" (b)   \
-         : "r0", "r1", "r2", "r3", "r4", "r5",  \
-           "r6", "r7", "r8", "r9", "cc"         \
-         );
-
-#elif (__ARM_ARCH >= 6) && \
-    defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
-
-#define MULADDC_INIT                            \
-    asm(
-
-#define MULADDC_CORE                            \
-            "ldr    r0, [%0], #4        \n\t"   \
-            "ldr    r1, [%1]            \n\t"   \
-            "umaal  r1, %2, %3, r0      \n\t"   \
-            "str    r1, [%1], #4        \n\t"
-
-#define MULADDC_STOP                            \
-         : "=r" (s),  "=r" (d), "=r" (c)        \
-         : "r" (b), "0" (s), "1" (d), "2" (c)   \
-         : "r0", "r1", "memory"                 \
-         );
-
-#else
-
-#define MULADDC_INIT                                    \
-    asm(                                                \
-            "ldr    r0, %3                      \n\t"   \
-            "ldr    r1, %4                      \n\t"   \
-            "ldr    r2, %5                      \n\t"   \
-            "ldr    r3, %6                      \n\t"
-
-#define MULADDC_CORE                                    \
-            "ldr    r4, [r0], #4                \n\t"   \
-            "mov    r5, #0                      \n\t"   \
-            "ldr    r6, [r1]                    \n\t"   \
-            "umlal  r2, r5, r3, r4              \n\t"   \
-            "adds   r7, r6, r2                  \n\t"   \
-            "adc    r2, r5, #0                  \n\t"   \
-            "str    r7, [r1], #4                \n\t"
-
-#define MULADDC_STOP                                    \
-            "str    r2, %0                      \n\t"   \
-            "str    r1, %1                      \n\t"   \
-            "str    r0, %2                      \n\t"   \
-         : "=m" (c),  "=m" (d), "=m" (s)        \
-         : "m" (s), "m" (d), "m" (c), "m" (b)   \
-         : "r0", "r1", "r2", "r3", "r4", "r5",  \
-           "r6", "r7", "cc"                     \
-         );
-
-#endif /* Thumb */
-
-#endif /* ARMv3 */
-
-#if defined(__alpha__)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "ldq    $1, %3          \n\t"   \
-        "ldq    $2, %4          \n\t"   \
-        "ldq    $3, %5          \n\t"   \
-        "ldq    $4, %6          \n\t"
-
-#define MULADDC_CORE                    \
-        "ldq    $6,  0($1)      \n\t"   \
-        "addq   $1,  8, $1      \n\t"   \
-        "mulq   $6, $4, $7      \n\t"   \
-        "umulh  $6, $4, $6      \n\t"   \
-        "addq   $7, $3, $7      \n\t"   \
-        "cmpult $7, $3, $3      \n\t"   \
-        "ldq    $5,  0($2)      \n\t"   \
-        "addq   $7, $5, $7      \n\t"   \
-        "cmpult $7, $5, $5      \n\t"   \
-        "stq    $7,  0($2)      \n\t"   \
-        "addq   $2,  8, $2      \n\t"   \
-        "addq   $6, $3, $3      \n\t"   \
-        "addq   $5, $3, $3      \n\t"
-
-#define MULADDC_STOP                                    \
-        "stq    $3, %0          \n\t"   \
-        "stq    $2, %1          \n\t"   \
-        "stq    $1, %2          \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)              \
-        : "m" (s), "m" (d), "m" (c), "m" (b)        \
-        : "$1", "$2", "$3", "$4", "$5", "$6", "$7"  \
-    );
-#endif /* Alpha */
-
-#if defined(__mips__) && !defined(__mips64)
-
-#define MULADDC_INIT                    \
-    asm(                                \
-        "lw     $10, %3         \n\t"   \
-        "lw     $11, %4         \n\t"   \
-        "lw     $12, %5         \n\t"   \
-        "lw     $13, %6         \n\t"
-
-#define MULADDC_CORE                    \
-        "lw     $14, 0($10)     \n\t"   \
-        "multu  $13, $14        \n\t"   \
-        "addi   $10, $10, 4     \n\t"   \
-        "mflo   $14             \n\t"   \
-        "mfhi   $9              \n\t"   \
-        "addu   $14, $12, $14   \n\t"   \
-        "lw     $15, 0($11)     \n\t"   \
-        "sltu   $12, $14, $12   \n\t"   \
-        "addu   $15, $14, $15   \n\t"   \
-        "sltu   $14, $15, $14   \n\t"   \
-        "addu   $12, $12, $9    \n\t"   \
-        "sw     $15, 0($11)     \n\t"   \
-        "addu   $12, $12, $14   \n\t"   \
-        "addi   $11, $11, 4     \n\t"
-
-#define MULADDC_STOP                    \
-        "sw     $12, %0         \n\t"   \
-        "sw     $11, %1         \n\t"   \
-        "sw     $10, %2         \n\t"   \
-        : "=m" (c), "=m" (d), "=m" (s)                      \
-        : "m" (s), "m" (d), "m" (c), "m" (b)                \
-        : "$9", "$10", "$11", "$12", "$13", "$14", "$15", "lo", "hi" \
-    );
-
-#endif /* MIPS */
-#endif /* GNUC */
-
-#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
-
-#define MULADDC_INIT                            \
-    __asm   mov     esi, s                      \
-    __asm   mov     edi, d                      \
-    __asm   mov     ecx, c                      \
-    __asm   mov     ebx, b
-
-#define MULADDC_CORE                            \
-    __asm   lodsd                               \
-    __asm   mul     ebx                         \
-    __asm   add     eax, ecx                    \
-    __asm   adc     edx, 0                      \
-    __asm   add     eax, [edi]                  \
-    __asm   adc     edx, 0                      \
-    __asm   mov     ecx, edx                    \
-    __asm   stosd
-
-#if defined(MBEDTLS_HAVE_SSE2)
-
-#define EMIT __asm _emit
-
-#define MULADDC_HUIT                            \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0xC9             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0xC3             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x1F             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x16             \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x04  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x08  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x7E  EMIT 0x0C  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xF8             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x5F  EMIT 0x04  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xDC             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x08  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xEE             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x67  EMIT 0x0C  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xFC             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x0F             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x56  EMIT 0x10  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xD0             \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x66  EMIT 0x14  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xE0             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x76  EMIT 0x18  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xF0             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x04  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x5E  EMIT 0x1C  \
-    EMIT 0x0F  EMIT 0xF4  EMIT 0xD8             \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCD             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x10  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xD5             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x08  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCF             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x14  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xE5             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x0C  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCA             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x18  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xF5             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x10  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCC             \
-    EMIT 0x0F  EMIT 0x6E  EMIT 0x6F  EMIT 0x1C  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xDD             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x14  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCE             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x18  \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0xD4  EMIT 0xCB             \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0x4F  EMIT 0x1C  \
-    EMIT 0x83  EMIT 0xC7  EMIT 0x20             \
-    EMIT 0x83  EMIT 0xC6  EMIT 0x20             \
-    EMIT 0x0F  EMIT 0x73  EMIT 0xD1  EMIT 0x20  \
-    EMIT 0x0F  EMIT 0x7E  EMIT 0xC9
-
-#define MULADDC_STOP                            \
-    EMIT 0x0F  EMIT 0x77                        \
-    __asm   mov     c, ecx                      \
-    __asm   mov     d, edi                      \
-    __asm   mov     s, esi                      \
-
-#else
-
-#define MULADDC_STOP                            \
-    __asm   mov     c, ecx                      \
-    __asm   mov     d, edi                      \
-    __asm   mov     s, esi                      \
-
-#endif /* SSE2 */
-#endif /* MSVC */
-
-#endif /* MBEDTLS_HAVE_ASM */
-
-#if !defined(MULADDC_CORE)
-#if defined(MBEDTLS_HAVE_UDBL)
-
-#define MULADDC_INIT                    \
-{                                       \
-    mbedtls_t_udbl r;                           \
-    mbedtls_mpi_uint r0, r1;
-
-#define MULADDC_CORE                    \
-    r   = *(s++) * (mbedtls_t_udbl) b;          \
-    r0  = (mbedtls_mpi_uint) r;                   \
-    r1  = (mbedtls_mpi_uint)( r >> biL );         \
-    r0 += c;  r1 += (r0 <  c);          \
-    r0 += *d; r1 += (r0 < *d);          \
-    c = r1; *(d++) = r0;
-
-#define MULADDC_STOP                    \
-}
-
-#else
-#define MULADDC_INIT                    \
-{                                       \
-    mbedtls_mpi_uint s0, s1, b0, b1;              \
-    mbedtls_mpi_uint r0, r1, rx, ry;              \
-    b0 = ( b << biH ) >> biH;           \
-    b1 = ( b >> biH );
-
-#define MULADDC_CORE                    \
-    s0 = ( *s << biH ) >> biH;          \
-    s1 = ( *s >> biH ); s++;            \
-    rx = s0 * b1; r0 = s0 * b0;         \
-    ry = s1 * b0; r1 = s1 * b1;         \
-    r1 += ( rx >> biH );                \
-    r1 += ( ry >> biH );                \
-    rx <<= biH; ry <<= biH;             \
-    r0 += rx; r1 += (r0 < rx);          \
-    r0 += ry; r1 += (r0 < ry);          \
-    r0 +=  c; r1 += (r0 <  c);          \
-    r0 += *d; r1 += (r0 < *d);          \
-    c = r1; *(d++) = r0;
-
-#define MULADDC_STOP                    \
-}
-
-#endif /* C (generic)  */
-#endif /* C (longlong) */
-
-#endif /* bn_mul.h */
diff --git a/Sources/mbedtls/include/mbedtls/camellia.h b/Sources/mbedtls/include/mbedtls/camellia.h
deleted file mode 100644
index d39d932..0000000
--- a/Sources/mbedtls/include/mbedtls/camellia.h
+++ /dev/null
@@ -1,327 +0,0 @@
-/**
- * \file camellia.h
- *
- * \brief Camellia block cipher
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_CAMELLIA_H
-#define MBEDTLS_CAMELLIA_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include "mbedtls/platform_util.h"
-
-#define MBEDTLS_CAMELLIA_ENCRYPT     1
-#define MBEDTLS_CAMELLIA_DECRYPT     0
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH   MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 )
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-/** Bad input data. */
-#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024
-
-/** Invalid data input length. */
-#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026
-
-/* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used.
- */
-/** Camellia hardware accelerator failed. */
-#define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED              -0x0027
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_CAMELLIA_ALT)
-// Regular implementation
-//
-
-/**
- * \brief          CAMELLIA context structure
- */
-typedef struct mbedtls_camellia_context
-{
-    int nr;                     /*!<  number of rounds  */
-    uint32_t rk[68];            /*!<  CAMELLIA round keys    */
-}
-mbedtls_camellia_context;
-
-#else  /* MBEDTLS_CAMELLIA_ALT */
-#include "camellia_alt.h"
-#endif /* MBEDTLS_CAMELLIA_ALT */
-
-/**
- * \brief          Initialize a CAMELLIA context.
- *
- * \param ctx      The CAMELLIA context to be initialized.
- *                 This must not be \c NULL.
- */
-void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
-
-/**
- * \brief          Clear a CAMELLIA context.
- *
- * \param ctx      The CAMELLIA context to be cleared. This may be \c NULL,
- *                 in which case this function returns immediately. If it is not
- *                 \c NULL, it must be initialized.
- */
-void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
-
-/**
- * \brief          Perform a CAMELLIA key schedule operation for encryption.
- *
- * \param ctx      The CAMELLIA context to use. This must be initialized.
- * \param key      The encryption key to use. This must be a readable buffer
- *                 of size \p keybits Bits.
- * \param keybits  The length of \p key in Bits. This must be either \c 128,
- *                 \c 192 or \c 256.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
-                                 const unsigned char *key,
-                                 unsigned int keybits );
-
-/**
- * \brief          Perform a CAMELLIA key schedule operation for decryption.
- *
- * \param ctx      The CAMELLIA context to use. This must be initialized.
- * \param key      The decryption key. This must be a readable buffer
- *                 of size \p keybits Bits.
- * \param keybits  The length of \p key in Bits. This must be either \c 128,
- *                 \c 192 or \c 256.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
-                                 const unsigned char *key,
-                                 unsigned int keybits );
-
-/**
- * \brief          Perform a CAMELLIA-ECB block encryption/decryption operation.
- *
- * \param ctx      The CAMELLIA context to use. This must be initialized
- *                 and bound to a key.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- * \param input    The input block. This must be a readable buffer
- *                 of size \c 16 Bytes.
- * \param output   The output block. This must be a writable buffer
- *                 of size \c 16 Bytes.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
-                    int mode,
-                    const unsigned char input[16],
-                    unsigned char output[16] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief          Perform a CAMELLIA-CBC buffer encryption/decryption operation.
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      The CAMELLIA context to use. This must be initialized
- *                 and bound to a key.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- * \param length   The length in Bytes of the input data \p input.
- *                 This must be a multiple of \c 16 Bytes.
- * \param iv       The initialization vector. This must be a read/write buffer
- *                 of length \c 16 Bytes. It is updated to allow streaming
- *                 use as explained above.
- * \param input    The buffer holding the input data. This must point to a
- *                 readable buffer of length \p length Bytes.
- * \param output   The buffer holding the output data. This must point to a
- *                 writable buffer of length \p length Bytes.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/**
- * \brief          Perform a CAMELLIA-CFB128 buffer encryption/decryption
- *                 operation.
- *
- * \note           Due to the nature of CFB mode, you should use the same
- *                 key for both encryption and decryption. In particular, calls
- *                 to this function should be preceded by a key-schedule via
- *                 mbedtls_camellia_setkey_enc() regardless of whether \p mode
- *                 is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      The CAMELLIA context to use. This must be initialized
- *                 and bound to a key.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- * \param length   The length of the input data \p input. Any value is allowed.
- * \param iv_off   The current offset in the IV. This must be smaller
- *                 than \c 16 Bytes. It is updated after this call to allow
- *                 the aforementioned streaming usage.
- * \param iv       The initialization vector. This must be a read/write buffer
- *                 of length \c 16 Bytes. It is updated after this call to
- *                 allow the aforementioned streaming usage.
- * \param input    The buffer holding the input data. This must be a readable
- *                 buffer of size \p length Bytes.
- * \param output   The buffer to hold the output data. This must be a writable
- *                 buffer of length \p length Bytes.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/**
- * \brief      Perform a CAMELLIA-CTR buffer encryption/decryption operation.
- *
- * *note       Due to the nature of CTR mode, you should use the same
- *             key for both encryption and decryption. In particular, calls
- *             to this function should be preceded by a key-schedule via
- *             mbedtls_camellia_setkey_enc() regardless of whether \p mode
- *             is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
- *
- * \warning    You must never reuse a nonce value with the same key. Doing so
- *             would void the encryption for the two messages encrypted with
- *             the same nonce and key.
- *
- *             There are two common strategies for managing nonces with CTR:
- *
- *             1. You can handle everything as a single message processed over
- *             successive calls to this function. In that case, you want to
- *             set \p nonce_counter and \p nc_off to 0 for the first call, and
- *             then preserve the values of \p nonce_counter, \p nc_off and \p
- *             stream_block across calls to this function as they will be
- *             updated by this function.
- *
- *             With this strategy, you must not encrypt more than 2**128
- *             blocks of data with the same key.
- *
- *             2. You can encrypt separate messages by dividing the \p
- *             nonce_counter buffer in two areas: the first one used for a
- *             per-message nonce, handled by yourself, and the second one
- *             updated by this function internally.
- *
- *             For example, you might reserve the first \c 12 Bytes for the
- *             per-message nonce, and the last \c 4 Bytes for internal use.
- *             In that case, before calling this function on a new message you
- *             need to set the first \c 12 Bytes of \p nonce_counter to your
- *             chosen nonce value, the last four to \c 0, and \p nc_off to \c 0
- *             (which will cause \p stream_block to be ignored). That way, you
- *             can encrypt at most \c 2**96 messages of up to \c 2**32 blocks
- *             each  with the same key.
- *
- *             The per-message nonce (or information sufficient to reconstruct
- *             it) needs to be communicated with the ciphertext and must be
- *             unique. The recommended way to ensure uniqueness is to use a
- *             message counter. An alternative is to generate random nonces,
- *             but this limits the number of messages that can be securely
- *             encrypted: for example, with 96-bit random nonces, you should
- *             not encrypt more than 2**32 messages with the same key.
- *
- *             Note that for both strategies, sizes are measured in blocks and
- *             that a CAMELLIA block is \c 16 Bytes.
- *
- * \warning    Upon return, \p stream_block contains sensitive data. Its
- *             content must not be written to insecure storage and should be
- *             securely discarded as soon as it's no longer needed.
- *
- * \param ctx           The CAMELLIA context to use. This must be initialized
- *                      and bound to a key.
- * \param length        The length of the input data \p input in Bytes.
- *                      Any value is allowed.
- * \param nc_off        The offset in the current \p stream_block (for resuming
- *                      within current cipher stream). The offset pointer to
- *                      should be \c 0 at the start of a stream. It is updated
- *                      at the end of this call.
- * \param nonce_counter The 128-bit nonce and counter. This must be a read/write
- *                      buffer of length \c 16 Bytes.
- * \param stream_block  The saved stream-block for resuming. This must be a
- *                      read/write buffer of length \c 16 Bytes.
- * \param input         The input data stream. This must be a readable buffer of
- *                      size \p length Bytes.
- * \param output        The output data stream. This must be a writable buffer
- *                      of size \p length Bytes.
- *
- * \return              \c 0 if successful.
- * \return              A negative error code on failure.
- */
-int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_camellia_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* camellia.h */
diff --git a/Sources/mbedtls/include/mbedtls/ccm.h b/Sources/mbedtls/include/mbedtls/ccm.h
deleted file mode 100644
index ece5a90..0000000
--- a/Sources/mbedtls/include/mbedtls/ccm.h
+++ /dev/null
@@ -1,311 +0,0 @@
-/**
- * \file ccm.h
- *
- * \brief This file provides an API for the CCM authenticated encryption
- *        mode for block ciphers.
- *
- * CCM combines Counter mode encryption with CBC-MAC authentication
- * for 128-bit block ciphers.
- *
- * Input to CCM includes the following elements:
- * <ul><li>Payload - data that is both authenticated and encrypted.</li>
- * <li>Associated data (Adata) - data that is authenticated but not
- * encrypted, For example, a header.</li>
- * <li>Nonce - A unique value that is assigned to the payload and the
- * associated data.</li></ul>
- *
- * Definition of CCM:
- * http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
- * RFC 3610 "Counter with CBC-MAC (CCM)"
- *
- * Related:
- * RFC 5116 "An Interface and Algorithms for Authenticated Encryption"
- *
- * Definition of CCM*:
- * IEEE 802.15.4 - IEEE Standard for Local and metropolitan area networks
- * Integer representation is fixed most-significant-octet-first order and
- * the representation of octets is most-significant-bit-first order. This is
- * consistent with RFC 3610.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_CCM_H
-#define MBEDTLS_CCM_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/cipher.h"
-
-/** Bad input parameters to the function. */
-#define MBEDTLS_ERR_CCM_BAD_INPUT       -0x000D
-/** Authenticated decryption failed. */
-#define MBEDTLS_ERR_CCM_AUTH_FAILED     -0x000F
-
-/* MBEDTLS_ERR_CCM_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** CCM hardware accelerator failed. */
-#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_CCM_ALT)
-// Regular implementation
-//
-
-/**
- * \brief    The CCM context-type definition. The CCM context is passed
- *           to the APIs called.
- */
-typedef struct mbedtls_ccm_context
-{
-    mbedtls_cipher_context_t cipher_ctx;    /*!< The cipher context used. */
-}
-mbedtls_ccm_context;
-
-#else  /* MBEDTLS_CCM_ALT */
-#include "ccm_alt.h"
-#endif /* MBEDTLS_CCM_ALT */
-
-/**
- * \brief           This function initializes the specified CCM context,
- *                  to make references valid, and prepare the context
- *                  for mbedtls_ccm_setkey() or mbedtls_ccm_free().
- *
- * \param ctx       The CCM context to initialize. This must not be \c NULL.
- */
-void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
-
-/**
- * \brief           This function initializes the CCM context set in the
- *                  \p ctx parameter and sets the encryption key.
- *
- * \param ctx       The CCM context to initialize. This must be an initialized
- *                  context.
- * \param cipher    The 128-bit block cipher to use.
- * \param key       The encryption key. This must not be \c NULL.
- * \param keybits   The key size in bits. This must be acceptable by the cipher.
- *
- * \return          \c 0 on success.
- * \return          A CCM or cipher-specific error code on failure.
- */
-int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
-                        mbedtls_cipher_id_t cipher,
-                        const unsigned char *key,
-                        unsigned int keybits );
-
-/**
- * \brief   This function releases and clears the specified CCM context
- *          and underlying cipher sub-context.
- *
- * \param ctx       The CCM context to clear. If this is \c NULL, the function
- *                  has no effect. Otherwise, this must be initialized.
- */
-void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
-
-/**
- * \brief           This function encrypts a buffer using CCM.
- *
- * \note            The tag is written to a separate buffer. To concatenate
- *                  the \p tag with the \p output, as done in <em>RFC-3610:
- *                  Counter with CBC-MAC (CCM)</em>, use
- *                  \p tag = \p output + \p length, and make sure that the
- *                  output buffer is at least \p length + \p tag_len wide.
- *
- * \param ctx       The CCM context to use for encryption. This must be
- *                  initialized and bound to a key.
- * \param length    The length of the input data in Bytes.
- * \param iv        The initialization vector (nonce). This must be a readable
- *                  buffer of at least \p iv_len Bytes.
- * \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
- *                  or 13. The length L of the message length field is
- *                  15 - \p iv_len.
- * \param add       The additional data field. If \p add_len is greater than
- *                  zero, \p add must be a readable buffer of at least that
- *                  length.
- * \param add_len   The length of additional data in Bytes.
- *                  This must be less than `2^16 - 2^8`.
- * \param input     The buffer holding the input data. If \p length is greater
- *                  than zero, \p input must be a readable buffer of at least
- *                  that length.
- * \param output    The buffer holding the output data. If \p length is greater
- *                  than zero, \p output must be a writable buffer of at least
- *                  that length.
- * \param tag       The buffer holding the authentication field. This must be a
- *                  writable buffer of at least \p tag_len Bytes.
- * \param tag_len   The length of the authentication field to generate in Bytes:
- *                  4, 6, 8, 10, 12, 14 or 16.
- *
- * \return          \c 0 on success.
- * \return          A CCM or cipher-specific error code on failure.
- */
-int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *add, size_t add_len,
-                         const unsigned char *input, unsigned char *output,
-                         unsigned char *tag, size_t tag_len );
-
-/**
- * \brief           This function encrypts a buffer using CCM*.
- *
- * \note            The tag is written to a separate buffer. To concatenate
- *                  the \p tag with the \p output, as done in <em>RFC-3610:
- *                  Counter with CBC-MAC (CCM)</em>, use
- *                  \p tag = \p output + \p length, and make sure that the
- *                  output buffer is at least \p length + \p tag_len wide.
- *
- * \note            When using this function in a variable tag length context,
- *                  the tag length has to be encoded into the \p iv passed to
- *                  this function.
- *
- * \param ctx       The CCM context to use for encryption. This must be
- *                  initialized and bound to a key.
- * \param length    The length of the input data in Bytes.
- * \param iv        The initialization vector (nonce). This must be a readable
- *                  buffer of at least \p iv_len Bytes.
- * \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
- *                  or 13. The length L of the message length field is
- *                  15 - \p iv_len.
- * \param add       The additional data field. This must be a readable buffer of
- *                  at least \p add_len Bytes.
- * \param add_len   The length of additional data in Bytes.
- *                  This must be less than 2^16 - 2^8.
- * \param input     The buffer holding the input data. If \p length is greater
- *                  than zero, \p input must be a readable buffer of at least
- *                  that length.
- * \param output    The buffer holding the output data. If \p length is greater
- *                  than zero, \p output must be a writable buffer of at least
- *                  that length.
- * \param tag       The buffer holding the authentication field. This must be a
- *                  writable buffer of at least \p tag_len Bytes.
- * \param tag_len   The length of the authentication field to generate in Bytes:
- *                  0, 4, 6, 8, 10, 12, 14 or 16.
- *
- * \warning         Passing \c 0 as \p tag_len means that the message is no
- *                  longer authenticated.
- *
- * \return          \c 0 on success.
- * \return          A CCM or cipher-specific error code on failure.
- */
-int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *add, size_t add_len,
-                         const unsigned char *input, unsigned char *output,
-                         unsigned char *tag, size_t tag_len );
-
-/**
- * \brief           This function performs a CCM authenticated decryption of a
- *                  buffer.
- *
- * \param ctx       The CCM context to use for decryption. This must be
- *                  initialized and bound to a key.
- * \param length    The length of the input data in Bytes.
- * \param iv        The initialization vector (nonce). This must be a readable
- *                  buffer of at least \p iv_len Bytes.
- * \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
- *                  or 13. The length L of the message length field is
- *                  15 - \p iv_len.
- * \param add       The additional data field. This must be a readable buffer
- *                  of at least that \p add_len Bytes..
- * \param add_len   The length of additional data in Bytes.
- *                  This must be less than 2^16 - 2^8.
- * \param input     The buffer holding the input data. If \p length is greater
- *                  than zero, \p input must be a readable buffer of at least
- *                  that length.
- * \param output    The buffer holding the output data. If \p length is greater
- *                  than zero, \p output must be a writable buffer of at least
- *                  that length.
- * \param tag       The buffer holding the authentication field. This must be a
- *                  readable buffer of at least \p tag_len Bytes.
- * \param tag_len   The length of the authentication field to generate in Bytes:
- *                  4, 6, 8, 10, 12, 14 or 16.
- *
- * \return          \c 0 on success. This indicates that the message is authentic.
- * \return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
- * \return          A cipher-specific error code on calculation failure.
- */
-int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
-                      const unsigned char *iv, size_t iv_len,
-                      const unsigned char *add, size_t add_len,
-                      const unsigned char *input, unsigned char *output,
-                      const unsigned char *tag, size_t tag_len );
-
-/**
- * \brief           This function performs a CCM* authenticated decryption of a
- *                  buffer.
- *
- * \note            When using this function in a variable tag length context,
- *                  the tag length has to be decoded from \p iv and passed to
- *                  this function as \p tag_len. (\p tag needs to be adjusted
- *                  accordingly.)
- *
- * \param ctx       The CCM context to use for decryption. This must be
- *                  initialized and bound to a key.
- * \param length    The length of the input data in Bytes.
- * \param iv        The initialization vector (nonce). This must be a readable
- *                  buffer of at least \p iv_len Bytes.
- * \param iv_len    The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
- *                  or 13. The length L of the message length field is
- *                  15 - \p iv_len.
- * \param add       The additional data field. This must be a readable buffer of
- *                  at least that \p add_len Bytes.
- * \param add_len   The length of additional data in Bytes.
- *                  This must be less than 2^16 - 2^8.
- * \param input     The buffer holding the input data. If \p length is greater
- *                  than zero, \p input must be a readable buffer of at least
- *                  that length.
- * \param output    The buffer holding the output data. If \p length is greater
- *                  than zero, \p output must be a writable buffer of at least
- *                  that length.
- * \param tag       The buffer holding the authentication field. This must be a
- *                  readable buffer of at least \p tag_len Bytes.
- * \param tag_len   The length of the authentication field in Bytes.
- *                  0, 4, 6, 8, 10, 12, 14 or 16.
- *
- * \warning         Passing \c 0 as \p tag_len means that the message is nos
- *                  longer authenticated.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
- * \return          A cipher-specific error code on calculation failure.
- */
-int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
-                      const unsigned char *iv, size_t iv_len,
-                      const unsigned char *add, size_t add_len,
-                      const unsigned char *input, unsigned char *output,
-                      const unsigned char *tag, size_t tag_len );
-
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
-/**
- * \brief          The CCM checkup routine.
- *
- * \return         \c 0 on success.
- * \return         \c 1 on failure.
- */
-int mbedtls_ccm_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CCM_H */
diff --git a/Sources/mbedtls/include/mbedtls/certs.h b/Sources/mbedtls/include/mbedtls/certs.h
deleted file mode 100644
index c93c741..0000000
--- a/Sources/mbedtls/include/mbedtls/certs.h
+++ /dev/null
@@ -1,250 +0,0 @@
-/**
- * \file certs.h
- *
- * \brief Sample certificates and DHM parameters for testing
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_CERTS_H
-#define MBEDTLS_CERTS_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* List of all PEM-encoded CA certificates, terminated by NULL;
- * PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded
- * otherwise. */
-extern const char * mbedtls_test_cas[];
-extern const size_t mbedtls_test_cas_len[];
-
-/* List of all DER-encoded CA certificates, terminated by NULL */
-extern const unsigned char * mbedtls_test_cas_der[];
-extern const size_t mbedtls_test_cas_der_len[];
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-/* Concatenation of all CA certificates in PEM format if available */
-extern const char   mbedtls_test_cas_pem[];
-extern const size_t mbedtls_test_cas_pem_len;
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-/*
- * CA test certificates
- */
-
-extern const char mbedtls_test_ca_crt_ec_pem[];
-extern const char mbedtls_test_ca_key_ec_pem[];
-extern const char mbedtls_test_ca_pwd_ec_pem[];
-extern const char mbedtls_test_ca_key_rsa_pem[];
-extern const char mbedtls_test_ca_pwd_rsa_pem[];
-extern const char mbedtls_test_ca_crt_rsa_sha1_pem[];
-extern const char mbedtls_test_ca_crt_rsa_sha256_pem[];
-
-extern const unsigned char mbedtls_test_ca_crt_ec_der[];
-extern const unsigned char mbedtls_test_ca_key_ec_der[];
-extern const unsigned char mbedtls_test_ca_key_rsa_der[];
-extern const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[];
-extern const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[];
-
-extern const size_t mbedtls_test_ca_crt_ec_pem_len;
-extern const size_t mbedtls_test_ca_key_ec_pem_len;
-extern const size_t mbedtls_test_ca_pwd_ec_pem_len;
-extern const size_t mbedtls_test_ca_key_rsa_pem_len;
-extern const size_t mbedtls_test_ca_pwd_rsa_pem_len;
-extern const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len;
-extern const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len;
-
-extern const size_t mbedtls_test_ca_crt_ec_der_len;
-extern const size_t mbedtls_test_ca_key_ec_der_len;
-extern const size_t mbedtls_test_ca_pwd_ec_der_len;
-extern const size_t mbedtls_test_ca_key_rsa_der_len;
-extern const size_t mbedtls_test_ca_pwd_rsa_der_len;
-extern const size_t mbedtls_test_ca_crt_rsa_sha1_der_len;
-extern const size_t mbedtls_test_ca_crt_rsa_sha256_der_len;
-
-/* Config-dependent dispatch between PEM and DER encoding
- * (PEM if enabled, otherwise DER) */
-
-extern const char mbedtls_test_ca_crt_ec[];
-extern const char mbedtls_test_ca_key_ec[];
-extern const char mbedtls_test_ca_pwd_ec[];
-extern const char mbedtls_test_ca_key_rsa[];
-extern const char mbedtls_test_ca_pwd_rsa[];
-extern const char mbedtls_test_ca_crt_rsa_sha1[];
-extern const char mbedtls_test_ca_crt_rsa_sha256[];
-
-extern const size_t mbedtls_test_ca_crt_ec_len;
-extern const size_t mbedtls_test_ca_key_ec_len;
-extern const size_t mbedtls_test_ca_pwd_ec_len;
-extern const size_t mbedtls_test_ca_key_rsa_len;
-extern const size_t mbedtls_test_ca_pwd_rsa_len;
-extern const size_t mbedtls_test_ca_crt_rsa_sha1_len;
-extern const size_t mbedtls_test_ca_crt_rsa_sha256_len;
-
-/* Config-dependent dispatch between SHA-1 and SHA-256
- * (SHA-256 if enabled, otherwise SHA-1) */
-
-extern const char mbedtls_test_ca_crt_rsa[];
-extern const size_t mbedtls_test_ca_crt_rsa_len;
-
-/* Config-dependent dispatch between EC and RSA
- * (RSA if enabled, otherwise EC) */
-
-extern const char * mbedtls_test_ca_crt;
-extern const char * mbedtls_test_ca_key;
-extern const char * mbedtls_test_ca_pwd;
-extern const size_t mbedtls_test_ca_crt_len;
-extern const size_t mbedtls_test_ca_key_len;
-extern const size_t mbedtls_test_ca_pwd_len;
-
-/*
- * Server test certificates
- */
-
-extern const char mbedtls_test_srv_crt_ec_pem[];
-extern const char mbedtls_test_srv_key_ec_pem[];
-extern const char mbedtls_test_srv_pwd_ec_pem[];
-extern const char mbedtls_test_srv_key_rsa_pem[];
-extern const char mbedtls_test_srv_pwd_rsa_pem[];
-extern const char mbedtls_test_srv_crt_rsa_sha1_pem[];
-extern const char mbedtls_test_srv_crt_rsa_sha256_pem[];
-
-extern const unsigned char mbedtls_test_srv_crt_ec_der[];
-extern const unsigned char mbedtls_test_srv_key_ec_der[];
-extern const unsigned char mbedtls_test_srv_key_rsa_der[];
-extern const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[];
-extern const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[];
-
-extern const size_t mbedtls_test_srv_crt_ec_pem_len;
-extern const size_t mbedtls_test_srv_key_ec_pem_len;
-extern const size_t mbedtls_test_srv_pwd_ec_pem_len;
-extern const size_t mbedtls_test_srv_key_rsa_pem_len;
-extern const size_t mbedtls_test_srv_pwd_rsa_pem_len;
-extern const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len;
-extern const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len;
-
-extern const size_t mbedtls_test_srv_crt_ec_der_len;
-extern const size_t mbedtls_test_srv_key_ec_der_len;
-extern const size_t mbedtls_test_srv_pwd_ec_der_len;
-extern const size_t mbedtls_test_srv_key_rsa_der_len;
-extern const size_t mbedtls_test_srv_pwd_rsa_der_len;
-extern const size_t mbedtls_test_srv_crt_rsa_sha1_der_len;
-extern const size_t mbedtls_test_srv_crt_rsa_sha256_der_len;
-
-/* Config-dependent dispatch between PEM and DER encoding
- * (PEM if enabled, otherwise DER) */
-
-extern const char mbedtls_test_srv_crt_ec[];
-extern const char mbedtls_test_srv_key_ec[];
-extern const char mbedtls_test_srv_pwd_ec[];
-extern const char mbedtls_test_srv_key_rsa[];
-extern const char mbedtls_test_srv_pwd_rsa[];
-extern const char mbedtls_test_srv_crt_rsa_sha1[];
-extern const char mbedtls_test_srv_crt_rsa_sha256[];
-
-extern const size_t mbedtls_test_srv_crt_ec_len;
-extern const size_t mbedtls_test_srv_key_ec_len;
-extern const size_t mbedtls_test_srv_pwd_ec_len;
-extern const size_t mbedtls_test_srv_key_rsa_len;
-extern const size_t mbedtls_test_srv_pwd_rsa_len;
-extern const size_t mbedtls_test_srv_crt_rsa_sha1_len;
-extern const size_t mbedtls_test_srv_crt_rsa_sha256_len;
-
-/* Config-dependent dispatch between SHA-1 and SHA-256
- * (SHA-256 if enabled, otherwise SHA-1) */
-
-extern const char mbedtls_test_srv_crt_rsa[];
-extern const size_t mbedtls_test_srv_crt_rsa_len;
-
-/* Config-dependent dispatch between EC and RSA
- * (RSA if enabled, otherwise EC) */
-
-extern const char * mbedtls_test_srv_crt;
-extern const char * mbedtls_test_srv_key;
-extern const char * mbedtls_test_srv_pwd;
-extern const size_t mbedtls_test_srv_crt_len;
-extern const size_t mbedtls_test_srv_key_len;
-extern const size_t mbedtls_test_srv_pwd_len;
-
-/*
- * Client test certificates
- */
-
-extern const char mbedtls_test_cli_crt_ec_pem[];
-extern const char mbedtls_test_cli_key_ec_pem[];
-extern const char mbedtls_test_cli_pwd_ec_pem[];
-extern const char mbedtls_test_cli_key_rsa_pem[];
-extern const char mbedtls_test_cli_pwd_rsa_pem[];
-extern const char mbedtls_test_cli_crt_rsa_pem[];
-
-extern const unsigned char mbedtls_test_cli_crt_ec_der[];
-extern const unsigned char mbedtls_test_cli_key_ec_der[];
-extern const unsigned char mbedtls_test_cli_key_rsa_der[];
-extern const unsigned char mbedtls_test_cli_crt_rsa_der[];
-
-extern const size_t mbedtls_test_cli_crt_ec_pem_len;
-extern const size_t mbedtls_test_cli_key_ec_pem_len;
-extern const size_t mbedtls_test_cli_pwd_ec_pem_len;
-extern const size_t mbedtls_test_cli_key_rsa_pem_len;
-extern const size_t mbedtls_test_cli_pwd_rsa_pem_len;
-extern const size_t mbedtls_test_cli_crt_rsa_pem_len;
-
-extern const size_t mbedtls_test_cli_crt_ec_der_len;
-extern const size_t mbedtls_test_cli_key_ec_der_len;
-extern const size_t mbedtls_test_cli_key_rsa_der_len;
-extern const size_t mbedtls_test_cli_crt_rsa_der_len;
-
-/* Config-dependent dispatch between PEM and DER encoding
- * (PEM if enabled, otherwise DER) */
-
-extern const char mbedtls_test_cli_crt_ec[];
-extern const char mbedtls_test_cli_key_ec[];
-extern const char mbedtls_test_cli_pwd_ec[];
-extern const char mbedtls_test_cli_key_rsa[];
-extern const char mbedtls_test_cli_pwd_rsa[];
-extern const char mbedtls_test_cli_crt_rsa[];
-
-extern const size_t mbedtls_test_cli_crt_ec_len;
-extern const size_t mbedtls_test_cli_key_ec_len;
-extern const size_t mbedtls_test_cli_pwd_ec_len;
-extern const size_t mbedtls_test_cli_key_rsa_len;
-extern const size_t mbedtls_test_cli_pwd_rsa_len;
-extern const size_t mbedtls_test_cli_crt_rsa_len;
-
-/* Config-dependent dispatch between EC and RSA
- * (RSA if enabled, otherwise EC) */
-
-extern const char * mbedtls_test_cli_crt;
-extern const char * mbedtls_test_cli_key;
-extern const char * mbedtls_test_cli_pwd;
-extern const size_t mbedtls_test_cli_crt_len;
-extern const size_t mbedtls_test_cli_key_len;
-extern const size_t mbedtls_test_cli_pwd_len;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* certs.h */
diff --git a/Sources/mbedtls/include/mbedtls/chacha20.h b/Sources/mbedtls/include/mbedtls/chacha20.h
deleted file mode 100644
index 03b4871..0000000
--- a/Sources/mbedtls/include/mbedtls/chacha20.h
+++ /dev/null
@@ -1,228 +0,0 @@
-/**
- * \file chacha20.h
- *
- * \brief   This file contains ChaCha20 definitions and functions.
- *
- *          ChaCha20 is a stream cipher that can encrypt and decrypt
- *          information. ChaCha was created by Daniel Bernstein as a variant of
- *          its Salsa cipher https://cr.yp.to/chacha/chacha-20080128.pdf
- *          ChaCha20 is the variant with 20 rounds, that was also standardized
- *          in RFC 7539.
- *
- * \author Daniel King <damaki.gh@gmail.com>
- */
-
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_CHACHA20_H
-#define MBEDTLS_CHACHA20_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stdint.h>
-#include <stddef.h>
-
-/** Invalid input parameter(s). */
-#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA         -0x0051
-
-/* MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE is deprecated and should not be
- * used. */
-/** Feature not available. For example, s part of the API is not implemented. */
-#define MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE    -0x0053
-
-/* MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED is deprecated and should not be used.
- */
-/** Chacha20 hardware accelerator failed. */
-#define MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED        -0x0055
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_CHACHA20_ALT)
-
-typedef struct mbedtls_chacha20_context
-{
-    uint32_t state[16];          /*! The state (before round operations). */
-    uint8_t  keystream8[64];     /*! Leftover keystream bytes. */
-    size_t keystream_bytes_used; /*! Number of keystream bytes already used. */
-}
-mbedtls_chacha20_context;
-
-#else  /* MBEDTLS_CHACHA20_ALT */
-#include "chacha20_alt.h"
-#endif /* MBEDTLS_CHACHA20_ALT */
-
-/**
- * \brief           This function initializes the specified ChaCha20 context.
- *
- *                  It must be the first API called before using
- *                  the context.
- *
- *                  It is usually followed by calls to
- *                  \c mbedtls_chacha20_setkey() and
- *                  \c mbedtls_chacha20_starts(), then one or more calls to
- *                  to \c mbedtls_chacha20_update(), and finally to
- *                  \c mbedtls_chacha20_free().
- *
- * \param ctx       The ChaCha20 context to initialize.
- *                  This must not be \c NULL.
- */
-void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
-
-/**
- * \brief           This function releases and clears the specified
- *                  ChaCha20 context.
- *
- * \param ctx       The ChaCha20 context to clear. This may be \c NULL,
- *                  in which case this function is a no-op. If it is not
- *                  \c NULL, it must point to an initialized context.
- *
- */
-void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
-
-/**
- * \brief           This function sets the encryption/decryption key.
- *
- * \note            After using this function, you must also call
- *                  \c mbedtls_chacha20_starts() to set a nonce before you
- *                  start encrypting/decrypting data with
- *                  \c mbedtls_chacha_update().
- *
- * \param ctx       The ChaCha20 context to which the key should be bound.
- *                  It must be initialized.
- * \param key       The encryption/decryption key. This must be \c 32 Bytes
- *                  in length.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
- */
-int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
-                             const unsigned char key[32] );
-
-/**
- * \brief           This function sets the nonce and initial counter value.
- *
- * \note            A ChaCha20 context can be re-used with the same key by
- *                  calling this function to change the nonce.
- *
- * \warning         You must never use the same nonce twice with the same key.
- *                  This would void any confidentiality guarantees for the
- *                  messages encrypted with the same nonce and key.
- *
- * \param ctx       The ChaCha20 context to which the nonce should be bound.
- *                  It must be initialized and bound to a key.
- * \param nonce     The nonce. This must be \c 12 Bytes in size.
- * \param counter   The initial counter value. This is usually \c 0.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
- *                  NULL.
- */
-int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
-                             const unsigned char nonce[12],
-                             uint32_t counter );
-
-/**
- * \brief           This function encrypts or decrypts data.
- *
- *                  Since ChaCha20 is a stream cipher, the same operation is
- *                  used for encrypting and decrypting data.
- *
- * \note            The \p input and \p output pointers must either be equal or
- *                  point to non-overlapping buffers.
- *
- * \note            \c mbedtls_chacha20_setkey() and
- *                  \c mbedtls_chacha20_starts() must be called at least once
- *                  to setup the context before this function can be called.
- *
- * \note            This function can be called multiple times in a row in
- *                  order to encrypt of decrypt data piecewise with the same
- *                  key and nonce.
- *
- * \param ctx       The ChaCha20 context to use for encryption or decryption.
- *                  It must be initialized and bound to a key and nonce.
- * \param size      The length of the input data in Bytes.
- * \param input     The buffer holding the input data.
- *                  This pointer can be \c NULL if `size == 0`.
- * \param output    The buffer holding the output data.
- *                  This must be able to hold \p size Bytes.
- *                  This pointer can be \c NULL if `size == 0`.
- *
- * \return          \c 0 on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
-                             size_t size,
-                             const unsigned char *input,
-                             unsigned char *output );
-
-/**
- * \brief           This function encrypts or decrypts data with ChaCha20 and
- *                  the given key and nonce.
- *
- *                  Since ChaCha20 is a stream cipher, the same operation is
- *                  used for encrypting and decrypting data.
- *
- * \warning         You must never use the same (key, nonce) pair more than
- *                  once. This would void any confidentiality guarantees for
- *                  the messages encrypted with the same nonce and key.
- *
- * \note            The \p input and \p output pointers must either be equal or
- *                  point to non-overlapping buffers.
- *
- * \param key       The encryption/decryption key.
- *                  This must be \c 32 Bytes in length.
- * \param nonce     The nonce. This must be \c 12 Bytes in size.
- * \param counter   The initial counter value. This is usually \c 0.
- * \param size      The length of the input data in Bytes.
- * \param input     The buffer holding the input data.
- *                  This pointer can be \c NULL if `size == 0`.
- * \param output    The buffer holding the output data.
- *                  This must be able to hold \p size Bytes.
- *                  This pointer can be \c NULL if `size == 0`.
- *
- * \return          \c 0 on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_chacha20_crypt( const unsigned char key[32],
-                            const unsigned char nonce[12],
-                            uint32_t counter,
-                            size_t size,
-                            const unsigned char* input,
-                            unsigned char* output );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief           The ChaCha20 checkup routine.
- *
- * \return          \c 0 on success.
- * \return          \c 1 on failure.
- */
-int mbedtls_chacha20_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CHACHA20_H */
diff --git a/Sources/mbedtls/include/mbedtls/chachapoly.h b/Sources/mbedtls/include/mbedtls/chachapoly.h
deleted file mode 100644
index ed568bc..0000000
--- a/Sources/mbedtls/include/mbedtls/chachapoly.h
+++ /dev/null
@@ -1,359 +0,0 @@
-/**
- * \file chachapoly.h
- *
- * \brief   This file contains the AEAD-ChaCha20-Poly1305 definitions and
- *          functions.
- *
- *          ChaCha20-Poly1305 is an algorithm for Authenticated Encryption
- *          with Associated Data (AEAD) that can be used to encrypt and
- *          authenticate data. It is based on ChaCha20 and Poly1305 by Daniel
- *          Bernstein and was standardized in RFC 7539.
- *
- * \author Daniel King <damaki.gh@gmail.com>
- */
-
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_CHACHAPOLY_H
-#define MBEDTLS_CHACHAPOLY_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-/* for shared error codes */
-#include "mbedtls/poly1305.h"
-
-/** The requested operation is not permitted in the current state. */
-#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE            -0x0054
-/** Authenticated decryption failed: data was not authentic. */
-#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED          -0x0056
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef enum
-{
-    MBEDTLS_CHACHAPOLY_ENCRYPT,     /**< The mode value for performing encryption. */
-    MBEDTLS_CHACHAPOLY_DECRYPT      /**< The mode value for performing decryption. */
-}
-mbedtls_chachapoly_mode_t;
-
-#if !defined(MBEDTLS_CHACHAPOLY_ALT)
-
-#include "mbedtls/chacha20.h"
-
-typedef struct mbedtls_chachapoly_context
-{
-    mbedtls_chacha20_context chacha20_ctx;  /**< The ChaCha20 context. */
-    mbedtls_poly1305_context poly1305_ctx;  /**< The Poly1305 context. */
-    uint64_t aad_len;                       /**< The length (bytes) of the Additional Authenticated Data. */
-    uint64_t ciphertext_len;                /**< The length (bytes) of the ciphertext. */
-    int state;                              /**< The current state of the context. */
-    mbedtls_chachapoly_mode_t mode;         /**< Cipher mode (encrypt or decrypt). */
-}
-mbedtls_chachapoly_context;
-
-#else /* !MBEDTLS_CHACHAPOLY_ALT */
-#include "chachapoly_alt.h"
-#endif /* !MBEDTLS_CHACHAPOLY_ALT */
-
-/**
- * \brief           This function initializes the specified ChaCha20-Poly1305 context.
- *
- *                  It must be the first API called before using
- *                  the context. It must be followed by a call to
- *                  \c mbedtls_chachapoly_setkey() before any operation can be
- *                  done, and to \c mbedtls_chachapoly_free() once all
- *                  operations with that context have been finished.
- *
- *                  In order to encrypt or decrypt full messages at once, for
- *                  each message you should make a single call to
- *                  \c mbedtls_chachapoly_crypt_and_tag() or
- *                  \c mbedtls_chachapoly_auth_decrypt().
- *
- *                  In order to encrypt messages piecewise, for each
- *                  message you should make a call to
- *                  \c mbedtls_chachapoly_starts(), then 0 or more calls to
- *                  \c mbedtls_chachapoly_update_aad(), then 0 or more calls to
- *                  \c mbedtls_chachapoly_update(), then one call to
- *                  \c mbedtls_chachapoly_finish().
- *
- * \warning         Decryption with the piecewise API is discouraged! Always
- *                  use \c mbedtls_chachapoly_auth_decrypt() when possible!
- *
- *                  If however this is not possible because the data is too
- *                  large to fit in memory, you need to:
- *
- *                  - call \c mbedtls_chachapoly_starts() and (if needed)
- *                  \c mbedtls_chachapoly_update_aad() as above,
- *                  - call \c mbedtls_chachapoly_update() multiple times and
- *                  ensure its output (the plaintext) is NOT used in any other
- *                  way than placing it in temporary storage at this point,
- *                  - call \c mbedtls_chachapoly_finish() to compute the
- *                  authentication tag and compared it in constant time to the
- *                  tag received with the ciphertext.
- *
- *                  If the tags are not equal, you must immediately discard
- *                  all previous outputs of \c mbedtls_chachapoly_update(),
- *                  otherwise you can now safely use the plaintext.
- *
- * \param ctx       The ChachaPoly context to initialize. Must not be \c NULL.
- */
-void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
-
-/**
- * \brief           This function releases and clears the specified
- *                  ChaCha20-Poly1305 context.
- *
- * \param ctx       The ChachaPoly context to clear. This may be \c NULL, in which
- *                  case this function is a no-op.
- */
-void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
-
-/**
- * \brief           This function sets the ChaCha20-Poly1305
- *                  symmetric encryption key.
- *
- * \param ctx       The ChaCha20-Poly1305 context to which the key should be
- *                  bound. This must be initialized.
- * \param key       The \c 256 Bit (\c 32 Bytes) key.
- *
- * \return          \c 0 on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
-                               const unsigned char key[32] );
-
-/**
- * \brief           This function starts a ChaCha20-Poly1305 encryption or
- *                  decryption operation.
- *
- * \warning         You must never use the same nonce twice with the same key.
- *                  This would void any confidentiality and authenticity
- *                  guarantees for the messages encrypted with the same nonce
- *                  and key.
- *
- * \note            If the context is being used for AAD only (no data to
- *                  encrypt or decrypt) then \p mode can be set to any value.
- *
- * \warning         Decryption with the piecewise API is discouraged, see the
- *                  warning on \c mbedtls_chachapoly_init().
- *
- * \param ctx       The ChaCha20-Poly1305 context. This must be initialized
- *                  and bound to a key.
- * \param nonce     The nonce/IV to use for the message.
- *                  This must be a readable buffer of length \c 12 Bytes.
- * \param mode      The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
- *                  #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
- *
- * \return          \c 0 on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
-                               const unsigned char nonce[12],
-                               mbedtls_chachapoly_mode_t mode );
-
-/**
- * \brief           This function feeds additional data to be authenticated
- *                  into an ongoing ChaCha20-Poly1305 operation.
- *
- *                  The Additional Authenticated Data (AAD), also called
- *                  Associated Data (AD) is only authenticated but not
- *                  encrypted nor included in the encrypted output. It is
- *                  usually transmitted separately from the ciphertext or
- *                  computed locally by each party.
- *
- * \note            This function is called before data is encrypted/decrypted.
- *                  I.e. call this function to process the AAD before calling
- *                  \c mbedtls_chachapoly_update().
- *
- *                  You may call this function multiple times to process
- *                  an arbitrary amount of AAD. It is permitted to call
- *                  this function 0 times, if no AAD is used.
- *
- *                  This function cannot be called any more if data has
- *                  been processed by \c mbedtls_chachapoly_update(),
- *                  or if the context has been finished.
- *
- * \warning         Decryption with the piecewise API is discouraged, see the
- *                  warning on \c mbedtls_chachapoly_init().
- *
- * \param ctx       The ChaCha20-Poly1305 context. This must be initialized
- *                  and bound to a key.
- * \param aad_len   The length in Bytes of the AAD. The length has no
- *                  restrictions.
- * \param aad       Buffer containing the AAD.
- *                  This pointer can be \c NULL if `aad_len == 0`.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
- *                  if \p ctx or \p aad are NULL.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
- *                  if the operations has not been started or has been
- *                  finished, or if the AAD has been finished.
- */
-int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
-                                   const unsigned char *aad,
-                                   size_t aad_len );
-
-/**
- * \brief           Thus function feeds data to be encrypted or decrypted
- *                  into an on-going ChaCha20-Poly1305
- *                  operation.
- *
- *                  The direction (encryption or decryption) depends on the
- *                  mode that was given when calling
- *                  \c mbedtls_chachapoly_starts().
- *
- *                  You may call this function multiple times to process
- *                  an arbitrary amount of data. It is permitted to call
- *                  this function 0 times, if no data is to be encrypted
- *                  or decrypted.
- *
- * \warning         Decryption with the piecewise API is discouraged, see the
- *                  warning on \c mbedtls_chachapoly_init().
- *
- * \param ctx       The ChaCha20-Poly1305 context to use. This must be initialized.
- * \param len       The length (in bytes) of the data to encrypt or decrypt.
- * \param input     The buffer containing the data to encrypt or decrypt.
- *                  This pointer can be \c NULL if `len == 0`.
- * \param output    The buffer to where the encrypted or decrypted data is
- *                  written. This must be able to hold \p len bytes.
- *                  This pointer can be \c NULL if `len == 0`.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
- *                  if the operation has not been started or has been
- *                  finished.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
-                               size_t len,
-                               const unsigned char *input,
-                               unsigned char *output );
-
-/**
- * \brief           This function finished the ChaCha20-Poly1305 operation and
- *                  generates the MAC (authentication tag).
- *
- * \param ctx       The ChaCha20-Poly1305 context to use. This must be initialized.
- * \param mac       The buffer to where the 128-bit (16 bytes) MAC is written.
- *
- * \warning         Decryption with the piecewise API is discouraged, see the
- *                  warning on \c mbedtls_chachapoly_init().
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
- *                  if the operation has not been started or has been
- *                  finished.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
-                               unsigned char mac[16] );
-
-/**
- * \brief           This function performs a complete ChaCha20-Poly1305
- *                  authenticated encryption with the previously-set key.
- *
- * \note            Before using this function, you must set the key with
- *                  \c mbedtls_chachapoly_setkey().
- *
- * \warning         You must never use the same nonce twice with the same key.
- *                  This would void any confidentiality and authenticity
- *                  guarantees for the messages encrypted with the same nonce
- *                  and key.
- *
- * \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
- *                  This must be initialized.
- * \param length    The length (in bytes) of the data to encrypt or decrypt.
- * \param nonce     The 96-bit (12 bytes) nonce/IV to use.
- * \param aad       The buffer containing the additional authenticated
- *                  data (AAD). This pointer can be \c NULL if `aad_len == 0`.
- * \param aad_len   The length (in bytes) of the AAD data to process.
- * \param input     The buffer containing the data to encrypt or decrypt.
- *                  This pointer can be \c NULL if `ilen == 0`.
- * \param output    The buffer to where the encrypted or decrypted data
- *                  is written. This pointer can be \c NULL if `ilen == 0`.
- * \param tag       The buffer to where the computed 128-bit (16 bytes) MAC
- *                  is written. This must not be \c NULL.
- *
- * \return          \c 0 on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
-                                        size_t length,
-                                        const unsigned char nonce[12],
-                                        const unsigned char *aad,
-                                        size_t aad_len,
-                                        const unsigned char *input,
-                                        unsigned char *output,
-                                        unsigned char tag[16] );
-
-/**
- * \brief           This function performs a complete ChaCha20-Poly1305
- *                  authenticated decryption with the previously-set key.
- *
- * \note            Before using this function, you must set the key with
- *                  \c mbedtls_chachapoly_setkey().
- *
- * \param ctx       The ChaCha20-Poly1305 context to use (holds the key).
- * \param length    The length (in Bytes) of the data to decrypt.
- * \param nonce     The \c 96 Bit (\c 12 bytes) nonce/IV to use.
- * \param aad       The buffer containing the additional authenticated data (AAD).
- *                  This pointer can be \c NULL if `aad_len == 0`.
- * \param aad_len   The length (in bytes) of the AAD data to process.
- * \param tag       The buffer holding the authentication tag.
- *                  This must be a readable buffer of length \c 16 Bytes.
- * \param input     The buffer containing the data to decrypt.
- *                  This pointer can be \c NULL if `ilen == 0`.
- * \param output    The buffer to where the decrypted data is written.
- *                  This pointer can be \c NULL if `ilen == 0`.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
- *                  if the data was not authentic.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
-                                     size_t length,
-                                     const unsigned char nonce[12],
-                                     const unsigned char *aad,
-                                     size_t aad_len,
-                                     const unsigned char tag[16],
-                                     const unsigned char *input,
-                                     unsigned char *output );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief           The ChaCha20-Poly1305 checkup routine.
- *
- * \return          \c 0 on success.
- * \return          \c 1 on failure.
- */
-int mbedtls_chachapoly_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CHACHAPOLY_H */
diff --git a/Sources/mbedtls/include/mbedtls/check_config.h b/Sources/mbedtls/include/mbedtls/check_config.h
deleted file mode 100644
index 7ae1ff9..0000000
--- a/Sources/mbedtls/include/mbedtls/check_config.h
+++ /dev/null
@@ -1,958 +0,0 @@
-/**
- * \file check_config.h
- *
- * \brief Consistency checks for configuration options
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- * It is recommended to include this file from your config.h
- * in order to catch dependency issues early.
- */
-
-#ifndef MBEDTLS_CHECK_CONFIG_H
-#define MBEDTLS_CHECK_CONFIG_H
-
-/*
- * We assume CHAR_BIT is 8 in many places. In practice, this is true on our
- * target platforms, so not an issue, but let's just be extra sure.
- */
-#include <limits.h>
-#if CHAR_BIT != 8
-#error "mbed TLS requires a platform with 8-bit chars"
-#endif
-
-#if defined(_WIN32)
-#if !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_C is required on Windows"
-#endif
-
-/* Fix the config here. Not convenient to put an #ifdef _WIN32 in config.h as
- * it would confuse config.py. */
-#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
-    !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
-#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-#endif
-
-#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
-    !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
-#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
-#endif
-#endif /* _WIN32 */
-
-#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
-#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS"
-#endif
-
-#if defined(MBEDTLS_DEPRECATED_WARNING) && \
-    !defined(__GNUC__) && !defined(__clang__)
-#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
-#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
-#endif
-
-#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
-#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
-#error "MBEDTLS_DHM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) && !defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CMAC_C) && \
-    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
-#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_NIST_KW_C) && \
-    ( !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CIPHER_C) )
-#error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
-#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECDSA_C) &&            \
-    ( !defined(MBEDTLS_ECP_C) ||           \
-      !( defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) ||   \
-         defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) ||   \
-         defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) ) || \
-      !defined(MBEDTLS_ASN1_PARSE_C) ||    \
-      !defined(MBEDTLS_ASN1_WRITE_C) )
-#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECJPAKE_C) &&           \
-    ( !defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C) )
-#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)           && \
-    ( defined(MBEDTLS_USE_PSA_CRYPTO)          || \
-      defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
-      defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)     || \
-      defined(MBEDTLS_ECDSA_SIGN_ALT)          || \
-      defined(MBEDTLS_ECDSA_VERIFY_ALT)        || \
-      defined(MBEDTLS_ECDSA_GENKEY_ALT)        || \
-      defined(MBEDTLS_ECP_INTERNAL_ALT)        || \
-      defined(MBEDTLS_ECP_ALT) )
-#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation"
-#endif
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)           && \
-    ! defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-#error "MBEDTLS_ECP_RESTARTABLE defined, but not MBEDTLS_ECDH_LEGACY_CONTEXT"
-#endif
-
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)           && \
-    defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-#error "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED defined, but MBEDTLS_ECDH_LEGACY_CONTEXT not disabled"
-#endif
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
-#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || (    \
-    !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)   &&                  \
-    !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)   &&                  \
-    !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)   &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) &&                 \
-    !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
-#error "MBEDTLS_ECP_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_C) && !(            \
-    defined(MBEDTLS_ECP_ALT) ||             \
-    defined(MBEDTLS_CTR_DRBG_C) ||          \
-    defined(MBEDTLS_HMAC_DRBG_C) ||         \
-    defined(MBEDTLS_ECP_NO_INTERNAL_RNG))
-#error "MBEDTLS_ECP_C requires a DRBG module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used"
-#endif
-
-#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
-                                    !defined(MBEDTLS_SHA256_C))
-#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) &&         \
-    defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
-#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) &&                                            \
-    ( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \
-    && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
-#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
-#endif
-#if defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C)
-#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
-#endif
-
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer)
-#define MBEDTLS_HAS_MEMSAN
-#endif
-#endif
-#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) &&  !defined(MBEDTLS_HAS_MEMSAN)
-#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
-#endif
-#undef MBEDTLS_HAS_MEMSAN
-
-#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
-    ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
-#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
-#endif
-#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
-     ( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
-    defined(MBEDTLS_HAVEGE_C) )
-#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
-#endif
-
-#if defined(MBEDTLS_CCM_C) && (                                        \
-    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
-#error "MBEDTLS_CCM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CCM_C) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_CCM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_GCM_C) && (                                        \
-    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
-#error "MBEDTLS_GCM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_GCM_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_CHACHA20_C)
-#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CHACHAPOLY_C) && !defined(MBEDTLS_POLY1305_C)
-#error "MBEDTLS_CHACHAPOLY_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ECP_NO_FALLBACK) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NO_FALLBACK defined, but no alternative implementation enabled"
-#endif
-
-#if defined(MBEDTLS_HAVEGE_C) && !defined(MBEDTLS_TIMING_C)
-#error "MBEDTLS_HAVEGE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_HKDF_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) ||          \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) ||          \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
-#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) &&                     \
-    !defined(MBEDTLS_ECDH_C)
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) &&                   \
-    ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) ||           \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) ||          \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) ||          \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) &&                   \
-    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
-      !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) &&                       \
-    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
-      !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) &&                    \
-    ( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) ||      \
-      !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
-#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) &&        \
-    !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) &&              \
-    ( !defined(MBEDTLS_SHA256_C) &&                             \
-      !defined(MBEDTLS_SHA512_C) &&                             \
-      !defined(MBEDTLS_SHA1_C) )
-#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
-#endif
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) &&                          \
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
-#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
-#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_C) && \
-    ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
-#error "MBEDTLS_PK_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PKCS11_C)
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "MBEDTLS_PKCS11_C is deprecated and will be removed in a future version of Mbed TLS"
-#elif defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "MBEDTLS_PKCS11_C is deprecated and will be removed in a future version of Mbed TLS"
-#endif
-#endif /* MBEDTLS_PKCS11_C */
-
-#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
-        defined(MBEDTLS_PLATFORM_EXIT_ALT) )
-#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
-        defined(MBEDTLS_PLATFORM_TIME_ALT) )
-#error "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
-        defined(MBEDTLS_PLATFORM_TIME_ALT) )
-#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
-        defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
-    defined(MBEDTLS_PLATFORM_STD_FREE)
-#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
-    defined(MBEDTLS_PLATFORM_STD_CALLOC)
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
-#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
-        defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
-        defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_VSNPRINTF_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_VSNPRINTF_MACRO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_VSNPRINTF) ||\
-        defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_VSNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_VSNPRINTF/MBEDTLS_PLATFORM_VSNPRINTF_ALT cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
-    !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
-    !defined(MBEDTLS_PLATFORM_EXIT_ALT)
-#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_TIME) &&\
-    ( !defined(MBEDTLS_PLATFORM_TIME_ALT) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
-    !defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
-    !defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
-    !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) )
-#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\
-    !defined(MBEDTLS_ENTROPY_NV_SEED)
-#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\
-    !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\
-    !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\
-      defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
-#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\
-      defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
-#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_C) &&                                    \
-    !( ( ( defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C) ) && \
-         defined(MBEDTLS_ENTROPY_C) ) ||                                \
-       defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) )
-#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C) &&    \
-    ! ( defined(MBEDTLS_PSA_CRYPTO_C) && \
-        defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) )
-#error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) &&            \
-    ! defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) &&      \
-    !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
-       defined(MBEDTLS_ENTROPY_NV_SEED) )
-#error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) &&              \
-    !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
-#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources"
-#endif
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) &&              \
-    defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG"
-#endif
-
-#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
-    !defined(MBEDTLS_FS_IO)
-#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) && \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
-#error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO."
-#endif
-
-#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) && \
-    !defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_ECDSA_C)
-#error "MBEDTLS_PK_C in configuration with MBEDTLS_USE_PSA_CRYPTO and \
-        MBEDTLS_ECDSA_C requires MBEDTLS_PK_WRITE_C to be defined."
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) && \
-    !( defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) )
-#error "MBEDTLS_PSA_CRYPTO_C with MBEDTLS_RSA_C requires MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C"
-#endif
-
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
-    !defined(MBEDTLS_OID_C) )
-#error "MBEDTLS_RSA_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) &&         \
-    !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
-#endif
-
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) &&                        \
-    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
-#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SHA512_NO_SHA384) && !defined(MBEDTLS_SHA512_C)
-#error "MBEDTLS_SHA512_NO_SHA384 defined without MBEDTLS_SHA512_C"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) && ( !defined(MBEDTLS_MD5_C) ||     \
-    !defined(MBEDTLS_SHA1_C) )
-#error "MBEDTLS_SSL_PROTO_SSL3 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) ||     \
-    !defined(MBEDTLS_SHA1_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) && ( !defined(MBEDTLS_MD5_C) ||     \
-    !defined(MBEDTLS_SHA1_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) &&     \
-    !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && ( !defined(MBEDTLS_HKDF_C) && \
-    !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites"
-#endif
-
-#if (defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) ||  \
-     defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
-    !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||                          \
-      defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                      \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                    \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                  \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                     \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ||                   \
-      defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||                          \
-      defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) ||                      \
-      defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ||                      \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                    \
-      defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
-#error "One or more versions of the TLS protocol are enabled " \
-        "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)     && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_1)  && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
-#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) ||     \
-    !defined(MBEDTLS_MD_C) )
-#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
-#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_2))
-#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1))
-#error "Illegal protocol selection"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
-#error "Illegal protocol selection"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2) && (!defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_1)))
-#error "Illegal protocol selection"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
-#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
-    !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) &&                              \
-    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) &&                              \
-    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_CONNECTION_ID  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)            &&                 \
-    defined(MBEDTLS_SSL_CID_IN_LEN_MAX) &&                 \
-    MBEDTLS_SSL_CID_IN_LEN_MAX > 255
-#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)            &&                  \
-    defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) &&                 \
-    MBEDTLS_SSL_CID_OUT_LEN_MAX > 255
-#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) &&                              \
-    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT  defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) &&   \
-    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&      \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&      \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&          \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&          \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_TICKET_C) && \
-    !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) )
-#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
-    !defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1)
-#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
-        !defined(MBEDTLS_X509_CRT_PARSE_C)
-#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
-#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
-#endif
-#define MBEDTLS_THREADING_IMPL
-#endif
-
-#if defined(MBEDTLS_THREADING_ALT)
-#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
-#endif
-#define MBEDTLS_THREADING_IMPL
-#endif
-
-#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_C defined, single threading implementation required"
-#endif
-#undef MBEDTLS_THREADING_IMPL
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
-#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
-    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) ||      \
-    !defined(MBEDTLS_PK_PARSE_C) )
-#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
-    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) ||       \
-    !defined(MBEDTLS_PK_WRITE_C) )
-#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_CERTS_C) && !defined(MBEDTLS_X509_USE_C)
-#error "MBEDTLS_CERTS_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
-#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
-#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64)
-#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously"
-#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */
-
-#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \
-    defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
-#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "MBEDTLS_SSL_PROTO_SSL3 is deprecated and will be removed in a future version of Mbed TLS"
-#elif defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "MBEDTLS_SSL_PROTO_SSL3 is deprecated and will be removed in a future version of Mbed TLS"
-#endif
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-
-#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is deprecated and will be removed in a future version of Mbed TLS"
-#elif defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is deprecated and will be removed in a future version of Mbed TLS"
-#endif
-#endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "MBEDTLS_SSL_HW_RECORD_ACCEL is deprecated and will be removed in a future version of Mbed TLS"
-#elif defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "MBEDTLS_SSL_HW_RECORD_ACCEL is deprecated and will be removed in a future version of Mbed TLS"
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP) && ( !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && ( !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) )
-#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) )
-#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
-#endif
-
-/*
- * Avoid warning from -pedantic. This is a convenient place for this
- * workaround since this is included by every single file before the
- * #if defined(MBEDTLS_xxx_C) that results in empty translation units.
- */
-typedef int mbedtls_iso_c_forbids_empty_translation_units;
-
-#endif /* MBEDTLS_CHECK_CONFIG_H */
diff --git a/Sources/mbedtls/include/mbedtls/cipher.h b/Sources/mbedtls/include/mbedtls/cipher.h
deleted file mode 100644
index 6d83da8..0000000
--- a/Sources/mbedtls/include/mbedtls/cipher.h
+++ /dev/null
@@ -1,1102 +0,0 @@
-/**
- * \file cipher.h
- *
- * \brief This file contains an abstraction interface for use with the cipher
- * primitives provided by the library. It provides a common interface to all of
- * the available cipher operations.
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_CIPHER_H
-#define MBEDTLS_CIPHER_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include "mbedtls/platform_util.h"
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-#define MBEDTLS_CIPHER_MODE_AEAD
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_CIPHER_MODE_WITH_PADDING
-#endif
-
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
-    defined(MBEDTLS_CHACHA20_C)
-#define MBEDTLS_CIPHER_MODE_STREAM
-#endif
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-/** The selected feature is not available. */
-#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE  -0x6080
-/** Bad input parameters. */
-#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA       -0x6100
-/** Failed to allocate memory. */
-#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED         -0x6180
-/** Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_CIPHER_INVALID_PADDING      -0x6200
-/** Decryption of block requires a full block. */
-#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED  -0x6280
-/** Authentication failed (for AEAD modes). */
-#define MBEDTLS_ERR_CIPHER_AUTH_FAILED          -0x6300
-/** The context is invalid. For example, because it was freed. */
-#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT      -0x6380
-
-/* MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** Cipher hardware accelerator failed. */
-#define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED      -0x6400
-
-#define MBEDTLS_CIPHER_VARIABLE_IV_LEN     0x01    /**< Cipher accepts IVs of variable length. */
-#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN    0x02    /**< Cipher accepts keys of variable length. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief     Supported cipher types.
- *
- * \warning   RC4 and DES are considered weak ciphers and their use
- *            constitutes a security risk. Arm recommends considering stronger
- *            ciphers instead.
- */
-typedef enum {
-    MBEDTLS_CIPHER_ID_NONE = 0,  /**< Placeholder to mark the end of cipher ID lists. */
-    MBEDTLS_CIPHER_ID_NULL,      /**< The identity cipher, treated as a stream cipher. */
-    MBEDTLS_CIPHER_ID_AES,       /**< The AES cipher. */
-    MBEDTLS_CIPHER_ID_DES,       /**< The DES cipher. */
-    MBEDTLS_CIPHER_ID_3DES,      /**< The Triple DES cipher. */
-    MBEDTLS_CIPHER_ID_CAMELLIA,  /**< The Camellia cipher. */
-    MBEDTLS_CIPHER_ID_BLOWFISH,  /**< The Blowfish cipher. */
-    MBEDTLS_CIPHER_ID_ARC4,      /**< The RC4 cipher. */
-    MBEDTLS_CIPHER_ID_ARIA,      /**< The Aria cipher. */
-    MBEDTLS_CIPHER_ID_CHACHA20,  /**< The ChaCha20 cipher. */
-} mbedtls_cipher_id_t;
-
-/**
- * \brief     Supported {cipher type, cipher mode} pairs.
- *
- * \warning   RC4 and DES are considered weak ciphers and their use
- *            constitutes a security risk. Arm recommends considering stronger
- *            ciphers instead.
- */
-typedef enum {
-    MBEDTLS_CIPHER_NONE = 0,             /**< Placeholder to mark the end of cipher-pair lists. */
-    MBEDTLS_CIPHER_NULL,                 /**< The identity stream cipher. */
-    MBEDTLS_CIPHER_AES_128_ECB,          /**< AES cipher with 128-bit ECB mode. */
-    MBEDTLS_CIPHER_AES_192_ECB,          /**< AES cipher with 192-bit ECB mode. */
-    MBEDTLS_CIPHER_AES_256_ECB,          /**< AES cipher with 256-bit ECB mode. */
-    MBEDTLS_CIPHER_AES_128_CBC,          /**< AES cipher with 128-bit CBC mode. */
-    MBEDTLS_CIPHER_AES_192_CBC,          /**< AES cipher with 192-bit CBC mode. */
-    MBEDTLS_CIPHER_AES_256_CBC,          /**< AES cipher with 256-bit CBC mode. */
-    MBEDTLS_CIPHER_AES_128_CFB128,       /**< AES cipher with 128-bit CFB128 mode. */
-    MBEDTLS_CIPHER_AES_192_CFB128,       /**< AES cipher with 192-bit CFB128 mode. */
-    MBEDTLS_CIPHER_AES_256_CFB128,       /**< AES cipher with 256-bit CFB128 mode. */
-    MBEDTLS_CIPHER_AES_128_CTR,          /**< AES cipher with 128-bit CTR mode. */
-    MBEDTLS_CIPHER_AES_192_CTR,          /**< AES cipher with 192-bit CTR mode. */
-    MBEDTLS_CIPHER_AES_256_CTR,          /**< AES cipher with 256-bit CTR mode. */
-    MBEDTLS_CIPHER_AES_128_GCM,          /**< AES cipher with 128-bit GCM mode. */
-    MBEDTLS_CIPHER_AES_192_GCM,          /**< AES cipher with 192-bit GCM mode. */
-    MBEDTLS_CIPHER_AES_256_GCM,          /**< AES cipher with 256-bit GCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_ECB,     /**< Camellia cipher with 128-bit ECB mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_ECB,     /**< Camellia cipher with 192-bit ECB mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_ECB,     /**< Camellia cipher with 256-bit ECB mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_CBC,     /**< Camellia cipher with 128-bit CBC mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_CBC,     /**< Camellia cipher with 192-bit CBC mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_CBC,     /**< Camellia cipher with 256-bit CBC mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_CFB128,  /**< Camellia cipher with 128-bit CFB128 mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_CFB128,  /**< Camellia cipher with 192-bit CFB128 mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_CFB128,  /**< Camellia cipher with 256-bit CFB128 mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_CTR,     /**< Camellia cipher with 128-bit CTR mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_CTR,     /**< Camellia cipher with 192-bit CTR mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_CTR,     /**< Camellia cipher with 256-bit CTR mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_GCM,     /**< Camellia cipher with 128-bit GCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_GCM,     /**< Camellia cipher with 192-bit GCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_GCM,     /**< Camellia cipher with 256-bit GCM mode. */
-    MBEDTLS_CIPHER_DES_ECB,              /**< DES cipher with ECB mode. */
-    MBEDTLS_CIPHER_DES_CBC,              /**< DES cipher with CBC mode. */
-    MBEDTLS_CIPHER_DES_EDE_ECB,          /**< DES cipher with EDE ECB mode. */
-    MBEDTLS_CIPHER_DES_EDE_CBC,          /**< DES cipher with EDE CBC mode. */
-    MBEDTLS_CIPHER_DES_EDE3_ECB,         /**< DES cipher with EDE3 ECB mode. */
-    MBEDTLS_CIPHER_DES_EDE3_CBC,         /**< DES cipher with EDE3 CBC mode. */
-    MBEDTLS_CIPHER_BLOWFISH_ECB,         /**< Blowfish cipher with ECB mode. */
-    MBEDTLS_CIPHER_BLOWFISH_CBC,         /**< Blowfish cipher with CBC mode. */
-    MBEDTLS_CIPHER_BLOWFISH_CFB64,       /**< Blowfish cipher with CFB64 mode. */
-    MBEDTLS_CIPHER_BLOWFISH_CTR,         /**< Blowfish cipher with CTR mode. */
-    MBEDTLS_CIPHER_ARC4_128,             /**< RC4 cipher with 128-bit mode. */
-    MBEDTLS_CIPHER_AES_128_CCM,          /**< AES cipher with 128-bit CCM mode. */
-    MBEDTLS_CIPHER_AES_192_CCM,          /**< AES cipher with 192-bit CCM mode. */
-    MBEDTLS_CIPHER_AES_256_CCM,          /**< AES cipher with 256-bit CCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_CCM,     /**< Camellia cipher with 128-bit CCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_CCM,     /**< Camellia cipher with 192-bit CCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_CCM,     /**< Camellia cipher with 256-bit CCM mode. */
-    MBEDTLS_CIPHER_ARIA_128_ECB,         /**< Aria cipher with 128-bit key and ECB mode. */
-    MBEDTLS_CIPHER_ARIA_192_ECB,         /**< Aria cipher with 192-bit key and ECB mode. */
-    MBEDTLS_CIPHER_ARIA_256_ECB,         /**< Aria cipher with 256-bit key and ECB mode. */
-    MBEDTLS_CIPHER_ARIA_128_CBC,         /**< Aria cipher with 128-bit key and CBC mode. */
-    MBEDTLS_CIPHER_ARIA_192_CBC,         /**< Aria cipher with 192-bit key and CBC mode. */
-    MBEDTLS_CIPHER_ARIA_256_CBC,         /**< Aria cipher with 256-bit key and CBC mode. */
-    MBEDTLS_CIPHER_ARIA_128_CFB128,      /**< Aria cipher with 128-bit key and CFB-128 mode. */
-    MBEDTLS_CIPHER_ARIA_192_CFB128,      /**< Aria cipher with 192-bit key and CFB-128 mode. */
-    MBEDTLS_CIPHER_ARIA_256_CFB128,      /**< Aria cipher with 256-bit key and CFB-128 mode. */
-    MBEDTLS_CIPHER_ARIA_128_CTR,         /**< Aria cipher with 128-bit key and CTR mode. */
-    MBEDTLS_CIPHER_ARIA_192_CTR,         /**< Aria cipher with 192-bit key and CTR mode. */
-    MBEDTLS_CIPHER_ARIA_256_CTR,         /**< Aria cipher with 256-bit key and CTR mode. */
-    MBEDTLS_CIPHER_ARIA_128_GCM,         /**< Aria cipher with 128-bit key and GCM mode. */
-    MBEDTLS_CIPHER_ARIA_192_GCM,         /**< Aria cipher with 192-bit key and GCM mode. */
-    MBEDTLS_CIPHER_ARIA_256_GCM,         /**< Aria cipher with 256-bit key and GCM mode. */
-    MBEDTLS_CIPHER_ARIA_128_CCM,         /**< Aria cipher with 128-bit key and CCM mode. */
-    MBEDTLS_CIPHER_ARIA_192_CCM,         /**< Aria cipher with 192-bit key and CCM mode. */
-    MBEDTLS_CIPHER_ARIA_256_CCM,         /**< Aria cipher with 256-bit key and CCM mode. */
-    MBEDTLS_CIPHER_AES_128_OFB,          /**< AES 128-bit cipher in OFB mode. */
-    MBEDTLS_CIPHER_AES_192_OFB,          /**< AES 192-bit cipher in OFB mode. */
-    MBEDTLS_CIPHER_AES_256_OFB,          /**< AES 256-bit cipher in OFB mode. */
-    MBEDTLS_CIPHER_AES_128_XTS,          /**< AES 128-bit cipher in XTS block mode. */
-    MBEDTLS_CIPHER_AES_256_XTS,          /**< AES 256-bit cipher in XTS block mode. */
-    MBEDTLS_CIPHER_CHACHA20,             /**< ChaCha20 stream cipher. */
-    MBEDTLS_CIPHER_CHACHA20_POLY1305,    /**< ChaCha20-Poly1305 AEAD cipher. */
-    MBEDTLS_CIPHER_AES_128_KW,           /**< AES cipher with 128-bit NIST KW mode. */
-    MBEDTLS_CIPHER_AES_192_KW,           /**< AES cipher with 192-bit NIST KW mode. */
-    MBEDTLS_CIPHER_AES_256_KW,           /**< AES cipher with 256-bit NIST KW mode. */
-    MBEDTLS_CIPHER_AES_128_KWP,          /**< AES cipher with 128-bit NIST KWP mode. */
-    MBEDTLS_CIPHER_AES_192_KWP,          /**< AES cipher with 192-bit NIST KWP mode. */
-    MBEDTLS_CIPHER_AES_256_KWP,          /**< AES cipher with 256-bit NIST KWP mode. */
-} mbedtls_cipher_type_t;
-
-/** Supported cipher modes. */
-typedef enum {
-    MBEDTLS_MODE_NONE = 0,               /**< None.                        */
-    MBEDTLS_MODE_ECB,                    /**< The ECB cipher mode.         */
-    MBEDTLS_MODE_CBC,                    /**< The CBC cipher mode.         */
-    MBEDTLS_MODE_CFB,                    /**< The CFB cipher mode.         */
-    MBEDTLS_MODE_OFB,                    /**< The OFB cipher mode.         */
-    MBEDTLS_MODE_CTR,                    /**< The CTR cipher mode.         */
-    MBEDTLS_MODE_GCM,                    /**< The GCM cipher mode.         */
-    MBEDTLS_MODE_STREAM,                 /**< The stream cipher mode.      */
-    MBEDTLS_MODE_CCM,                    /**< The CCM cipher mode.         */
-    MBEDTLS_MODE_XTS,                    /**< The XTS cipher mode.         */
-    MBEDTLS_MODE_CHACHAPOLY,             /**< The ChaCha-Poly cipher mode. */
-    MBEDTLS_MODE_KW,                     /**< The SP800-38F KW mode */
-    MBEDTLS_MODE_KWP,                    /**< The SP800-38F KWP mode */
-} mbedtls_cipher_mode_t;
-
-/** Supported cipher padding types. */
-typedef enum {
-    MBEDTLS_PADDING_PKCS7 = 0,     /**< PKCS7 padding (default).        */
-    MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding.         */
-    MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding.             */
-    MBEDTLS_PADDING_ZEROS,         /**< Zero padding (not reversible). */
-    MBEDTLS_PADDING_NONE,          /**< Never pad (full blocks only).   */
-} mbedtls_cipher_padding_t;
-
-/** Type of operation. */
-typedef enum {
-    MBEDTLS_OPERATION_NONE = -1,
-    MBEDTLS_DECRYPT = 0,
-    MBEDTLS_ENCRYPT,
-} mbedtls_operation_t;
-
-enum {
-    /** Undefined key length. */
-    MBEDTLS_KEY_LENGTH_NONE = 0,
-    /** Key length, in bits (including parity), for DES keys. */
-    MBEDTLS_KEY_LENGTH_DES  = 64,
-    /** Key length in bits, including parity, for DES in two-key EDE. */
-    MBEDTLS_KEY_LENGTH_DES_EDE = 128,
-    /** Key length in bits, including parity, for DES in three-key EDE. */
-    MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
-};
-
-/** Maximum length of any IV, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers.
- * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined
- * in ssl_internal.h. */
-#define MBEDTLS_MAX_IV_LENGTH      16
-
-/** Maximum block size of any cipher, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers.
- * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
- * in ssl_internal.h. */
-#define MBEDTLS_MAX_BLOCK_LENGTH   16
-
-/** Maximum key length, in Bytes. */
-/* This should ideally be derived automatically from list of ciphers.
- * For now, only check whether XTS is enabled which uses 64 Byte keys,
- * and use 32 Bytes as an upper bound for the maximum key length otherwise.
- * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
- * in ssl_internal.h, which however deliberately ignores the case of XTS
- * since the latter isn't used in SSL/TLS. */
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-#define MBEDTLS_MAX_KEY_LENGTH     64
-#else
-#define MBEDTLS_MAX_KEY_LENGTH     32
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/**
- * Base cipher information (opaque struct).
- */
-typedef struct mbedtls_cipher_base_t mbedtls_cipher_base_t;
-
-/**
- * CMAC context (opaque struct).
- */
-typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
-
-/**
- * Cipher information. Allows calling cipher functions
- * in a generic way.
- */
-typedef struct mbedtls_cipher_info_t
-{
-    /** Full cipher identifier. For example,
-     * MBEDTLS_CIPHER_AES_256_CBC.
-     */
-    mbedtls_cipher_type_t type;
-
-    /** The cipher mode. For example, MBEDTLS_MODE_CBC. */
-    mbedtls_cipher_mode_t mode;
-
-    /** The cipher key length, in bits. This is the
-     * default length for variable sized ciphers.
-     * Includes parity bits for ciphers like DES.
-     */
-    unsigned int key_bitlen;
-
-    /** Name of the cipher. */
-    const char * name;
-
-    /** IV or nonce size, in Bytes.
-     * For ciphers that accept variable IV sizes,
-     * this is the recommended size.
-     */
-    unsigned int iv_size;
-
-    /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and
-     *  MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the
-     *  cipher supports variable IV or variable key sizes, respectively.
-     */
-    int flags;
-
-    /** The block size, in Bytes. */
-    unsigned int block_size;
-
-    /** Struct for base cipher information and functions. */
-    const mbedtls_cipher_base_t *base;
-
-} mbedtls_cipher_info_t;
-
-/**
- * Generic cipher context.
- */
-typedef struct mbedtls_cipher_context_t
-{
-    /** Information about the associated cipher. */
-    const mbedtls_cipher_info_t *cipher_info;
-
-    /** Key length to use. */
-    int key_bitlen;
-
-    /** Operation that the key of the context has been
-     * initialized for.
-     */
-    mbedtls_operation_t operation;
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-    /** Padding functions to use, if relevant for
-     * the specific cipher mode.
-     */
-    void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
-    int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
-#endif
-
-    /** Buffer for input that has not been processed yet. */
-    unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
-
-    /** Number of Bytes that have not been processed yet. */
-    size_t unprocessed_len;
-
-    /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number
-     * for XTS-mode. */
-    unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
-
-    /** IV size in Bytes, for ciphers with variable-length IVs. */
-    size_t iv_size;
-
-    /** The cipher-specific context. */
-    void *cipher_ctx;
-
-#if defined(MBEDTLS_CMAC_C)
-    /** CMAC-specific context. */
-    mbedtls_cmac_context_t *cmac_ctx;
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    /** Indicates whether the cipher operations should be performed
-     *  by Mbed TLS' own crypto library or an external implementation
-     *  of the PSA Crypto API.
-     *  This is unset if the cipher context was established through
-     *  mbedtls_cipher_setup(), and set if it was established through
-     *  mbedtls_cipher_setup_psa().
-     */
-    unsigned char psa_enabled;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-} mbedtls_cipher_context_t;
-
-/**
- * \brief This function retrieves the list of ciphers supported
- *        by the generic cipher module.
- *
- *        For any cipher identifier in the returned list, you can
- *        obtain the corresponding generic cipher information structure
- *        via mbedtls_cipher_info_from_type(), which can then be used
- *        to prepare a cipher context via mbedtls_cipher_setup().
- *
- *
- * \return      A statically-allocated array of cipher identifiers
- *              of type cipher_type_t. The last entry is zero.
- */
-const int *mbedtls_cipher_list( void );
-
-/**
- * \brief               This function retrieves the cipher-information
- *                      structure associated with the given cipher name.
- *
- * \param cipher_name   Name of the cipher to search for. This must not be
- *                      \c NULL.
- *
- * \return              The cipher information structure associated with the
- *                      given \p cipher_name.
- * \return              \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
-
-/**
- * \brief               This function retrieves the cipher-information
- *                      structure associated with the given cipher type.
- *
- * \param cipher_type   Type of the cipher to search for.
- *
- * \return              The cipher information structure associated with the
- *                      given \p cipher_type.
- * \return              \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
-
-/**
- * \brief               This function retrieves the cipher-information
- *                      structure associated with the given cipher ID,
- *                      key size and mode.
- *
- * \param cipher_id     The ID of the cipher to search for. For example,
- *                      #MBEDTLS_CIPHER_ID_AES.
- * \param key_bitlen    The length of the key in bits.
- * \param mode          The cipher mode. For example, #MBEDTLS_MODE_CBC.
- *
- * \return              The cipher information structure associated with the
- *                      given \p cipher_id.
- * \return              \c NULL if the associated cipher information is not found.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
-                                              int key_bitlen,
-                                              const mbedtls_cipher_mode_t mode );
-
-/**
- * \brief               This function initializes a \p cipher_context as NONE.
- *
- * \param ctx           The context to be initialized. This must not be \c NULL.
- */
-void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
-
-/**
- * \brief               This function frees and clears the cipher-specific
- *                      context of \p ctx. Freeing \p ctx itself remains the
- *                      responsibility of the caller.
- *
- * \param ctx           The context to be freed. If this is \c NULL, the
- *                      function has no effect, otherwise this must point to an
- *                      initialized context.
- */
-void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
-
-
-/**
- * \brief               This function initializes a cipher context for
- *                      use with the given cipher primitive.
- *
- * \param ctx           The context to initialize. This must be initialized.
- * \param cipher_info   The cipher to use.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
- *                      cipher-specific context fails.
- *
- * \internal Currently, the function also clears the structure.
- * In future versions, the caller will be required to call
- * mbedtls_cipher_init() on the structure first.
- */
-int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
-                          const mbedtls_cipher_info_t *cipher_info );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief               This function initializes a cipher context for
- *                      PSA-based use with the given cipher primitive.
- *
- * \note                See #MBEDTLS_USE_PSA_CRYPTO for information on PSA.
- *
- * \param ctx           The context to initialize. May not be \c NULL.
- * \param cipher_info   The cipher to use.
- * \param taglen        For AEAD ciphers, the length in bytes of the
- *                      authentication tag to use. Subsequent uses of
- *                      mbedtls_cipher_auth_encrypt() or
- *                      mbedtls_cipher_auth_decrypt() must provide
- *                      the same tag length.
- *                      For non-AEAD ciphers, the value must be \c 0.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
- *                      cipher-specific context fails.
- */
-int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
-                              const mbedtls_cipher_info_t *cipher_info,
-                              size_t taglen );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/**
- * \brief        This function returns the block size of the given cipher.
- *
- * \param ctx    The context of the cipher. This must be initialized.
- *
- * \return       The block size of the underlying cipher.
- * \return       \c 0 if \p ctx has not been initialized.
- */
-static inline unsigned int mbedtls_cipher_get_block_size(
-    const mbedtls_cipher_context_t *ctx )
-{
-    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
-    if( ctx->cipher_info == NULL )
-        return 0;
-
-    return ctx->cipher_info->block_size;
-}
-
-/**
- * \brief        This function returns the mode of operation for
- *               the cipher. For example, MBEDTLS_MODE_CBC.
- *
- * \param ctx    The context of the cipher. This must be initialized.
- *
- * \return       The mode of operation.
- * \return       #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
-    const mbedtls_cipher_context_t *ctx )
-{
-    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
-    if( ctx->cipher_info == NULL )
-        return MBEDTLS_MODE_NONE;
-
-    return ctx->cipher_info->mode;
-}
-
-/**
- * \brief       This function returns the size of the IV or nonce
- *              of the cipher, in Bytes.
- *
- * \param ctx   The context of the cipher. This must be initialized.
- *
- * \return      The recommended IV size if no IV has been set.
- * \return      \c 0 for ciphers not using an IV or a nonce.
- * \return      The actual size if an IV has been set.
- */
-static inline int mbedtls_cipher_get_iv_size(
-    const mbedtls_cipher_context_t *ctx )
-{
-    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
-    if( ctx->cipher_info == NULL )
-        return 0;
-
-    if( ctx->iv_size != 0 )
-        return (int) ctx->iv_size;
-
-    return (int) ctx->cipher_info->iv_size;
-}
-
-/**
- * \brief               This function returns the type of the given cipher.
- *
- * \param ctx           The context of the cipher. This must be initialized.
- *
- * \return              The type of the cipher.
- * \return              #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
-    const mbedtls_cipher_context_t *ctx )
-{
-    MBEDTLS_INTERNAL_VALIDATE_RET(
-        ctx != NULL, MBEDTLS_CIPHER_NONE );
-    if( ctx->cipher_info == NULL )
-        return MBEDTLS_CIPHER_NONE;
-
-    return ctx->cipher_info->type;
-}
-
-/**
- * \brief               This function returns the name of the given cipher
- *                      as a string.
- *
- * \param ctx           The context of the cipher. This must be initialized.
- *
- * \return              The name of the cipher.
- * \return              NULL if \p ctx has not been not initialized.
- */
-static inline const char *mbedtls_cipher_get_name(
-    const mbedtls_cipher_context_t *ctx )
-{
-    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
-    if( ctx->cipher_info == NULL )
-        return 0;
-
-    return ctx->cipher_info->name;
-}
-
-/**
- * \brief               This function returns the key length of the cipher.
- *
- * \param ctx           The context of the cipher. This must be initialized.
- *
- * \return              The key length of the cipher in bits.
- * \return              #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
- *                      initialized.
- */
-static inline int mbedtls_cipher_get_key_bitlen(
-    const mbedtls_cipher_context_t *ctx )
-{
-    MBEDTLS_INTERNAL_VALIDATE_RET(
-        ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
-    if( ctx->cipher_info == NULL )
-        return MBEDTLS_KEY_LENGTH_NONE;
-
-    return (int) ctx->cipher_info->key_bitlen;
-}
-
-/**
- * \brief          This function returns the operation of the given cipher.
- *
- * \param ctx      The context of the cipher. This must be initialized.
- *
- * \return         The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
- * \return         #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
- */
-static inline mbedtls_operation_t mbedtls_cipher_get_operation(
-    const mbedtls_cipher_context_t *ctx )
-{
-    MBEDTLS_INTERNAL_VALIDATE_RET(
-        ctx != NULL, MBEDTLS_OPERATION_NONE );
-    if( ctx->cipher_info == NULL )
-        return MBEDTLS_OPERATION_NONE;
-
-    return ctx->operation;
-}
-
-/**
- * \brief               This function sets the key to use with the given context.
- *
- * \param ctx           The generic cipher context. This must be initialized and
- *                      bound to a cipher information structure.
- * \param key           The key to use. This must be a readable buffer of at
- *                      least \p key_bitlen Bits.
- * \param key_bitlen    The key length to use, in Bits.
- * \param operation     The operation that the key will be used for:
- *                      #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
-                           const unsigned char *key,
-                           int key_bitlen,
-                           const mbedtls_operation_t operation );
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-/**
- * \brief               This function sets the padding mode, for cipher modes
- *                      that use padding.
- *
- *                      The default passing mode is PKCS7 padding.
- *
- * \param ctx           The generic cipher context. This must be initialized and
- *                      bound to a cipher information structure.
- * \param mode          The padding mode.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
- *                      if the selected padding mode is not supported.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
- *                      does not support padding.
- */
-int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
-                                     mbedtls_cipher_padding_t mode );
-#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-
-/**
- * \brief           This function sets the initialization vector (IV)
- *                  or nonce.
- *
- * \note            Some ciphers do not use IVs nor nonce. For these
- *                  ciphers, this function has no effect.
- *
- * \param ctx       The generic cipher context. This must be initialized and
- *                  bound to a cipher information structure.
- * \param iv        The IV to use, or NONCE_COUNTER for CTR-mode ciphers. This
- *                  must be a readable buffer of at least \p iv_len Bytes.
- * \param iv_len    The IV length for ciphers with variable-size IV.
- *                  This parameter is discarded by ciphers with fixed-size IV.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                  parameter-verification failure.
- */
-int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
-                           const unsigned char *iv,
-                           size_t iv_len );
-
-/**
- * \brief         This function resets the cipher state.
- *
- * \param ctx     The generic cipher context. This must be initialized.
- *
- * \return        \c 0 on success.
- * \return        #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                parameter-verification failure.
- */
-int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-/**
- * \brief               This function adds additional data for AEAD ciphers.
- *                      Currently supported with GCM and ChaCha20+Poly1305.
- *                      This must be called exactly once, after
- *                      mbedtls_cipher_reset().
- *
- * \param ctx           The generic cipher context. This must be initialized.
- * \param ad            The additional data to use. This must be a readable
- *                      buffer of at least \p ad_len Bytes.
- * \param ad_len        The length of \p ad in Bytes.
- *
- * \return              \c 0 on success.
- * \return              A specific error code on failure.
- */
-int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
-                      const unsigned char *ad, size_t ad_len );
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
-
-/**
- * \brief               The generic cipher update function. It encrypts or
- *                      decrypts using the given cipher context. Writes as
- *                      many block-sized blocks of data as possible to output.
- *                      Any data that cannot be written immediately is either
- *                      added to the next block, or flushed when
- *                      mbedtls_cipher_finish() is called.
- *                      Exception: For MBEDTLS_MODE_ECB, expects a single block
- *                      in size. For example, 16 Bytes for AES.
- *
- * \note                If the underlying cipher is used in GCM mode, all calls
- *                      to this function, except for the last one before
- *                      mbedtls_cipher_finish(), must have \p ilen as a
- *                      multiple of the block size of the cipher.
- *
- * \param ctx           The generic cipher context. This must be initialized and
- *                      bound to a key.
- * \param input         The buffer holding the input data. This must be a
- *                      readable buffer of at least \p ilen Bytes.
- * \param ilen          The length of the input data.
- * \param output        The buffer for the output data. This must be able to
- *                      hold at least `ilen + block_size`. This must not be the
- *                      same buffer as \p input.
- * \param olen          The length of the output data, to be updated with the
- *                      actual number of Bytes written. This must not be
- *                      \c NULL.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              #MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
- *                      unsupported mode for a cipher.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx,
-                           const unsigned char *input,
-                           size_t ilen, unsigned char *output,
-                           size_t *olen );
-
-/**
- * \brief               The generic cipher finalization function. If data still
- *                      needs to be flushed from an incomplete block, the data
- *                      contained in it is padded to the size of
- *                      the last block, and written to the \p output buffer.
- *
- * \param ctx           The generic cipher context. This must be initialized and
- *                      bound to a key.
- * \param output        The buffer to write data to. This needs to be a writable
- *                      buffer of at least \p block_size Bytes.
- * \param olen          The length of the data written to the \p output buffer.
- *                      This may not be \c NULL.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
- *                      expecting a full block but not receiving one.
- * \return              #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
- *                      while decrypting.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
-                   unsigned char *output, size_t *olen );
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-/**
- * \brief               This function writes a tag for AEAD ciphers.
- *                      Currently supported with GCM and ChaCha20+Poly1305.
- *                      This must be called after mbedtls_cipher_finish().
- *
- * \param ctx           The generic cipher context. This must be initialized,
- *                      bound to a key, and have just completed a cipher
- *                      operation through mbedtls_cipher_finish() the tag for
- *                      which should be written.
- * \param tag           The buffer to write the tag to. This must be a writable
- *                      buffer of at least \p tag_len Bytes.
- * \param tag_len       The length of the tag to write.
- *
- * \return              \c 0 on success.
- * \return              A specific error code on failure.
- */
-int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
-                      unsigned char *tag, size_t tag_len );
-
-/**
- * \brief               This function checks the tag for AEAD ciphers.
- *                      Currently supported with GCM and ChaCha20+Poly1305.
- *                      This must be called after mbedtls_cipher_finish().
- *
- * \param ctx           The generic cipher context. This must be initialized.
- * \param tag           The buffer holding the tag. This must be a readable
- *                      buffer of at least \p tag_len Bytes.
- * \param tag_len       The length of the tag to check.
- *
- * \return              \c 0 on success.
- * \return              A specific error code on failure.
- */
-int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
-                      const unsigned char *tag, size_t tag_len );
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
-
-/**
- * \brief               The generic all-in-one encryption/decryption function,
- *                      for all ciphers except AEAD constructs.
- *
- * \param ctx           The generic cipher context. This must be initialized.
- * \param iv            The IV to use, or NONCE_COUNTER for CTR-mode ciphers.
- *                      This must be a readable buffer of at least \p iv_len
- *                      Bytes.
- * \param iv_len        The IV length for ciphers with variable-size IV.
- *                      This parameter is discarded by ciphers with fixed-size
- *                      IV.
- * \param input         The buffer holding the input data. This must be a
- *                      readable buffer of at least \p ilen Bytes.
- * \param ilen          The length of the input data in Bytes.
- * \param output        The buffer for the output data. This must be able to
- *                      hold at least `ilen + block_size`. This must not be the
- *                      same buffer as \p input.
- * \param olen          The length of the output data, to be updated with the
- *                      actual number of Bytes written. This must not be
- *                      \c NULL.
- *
- * \note                Some ciphers do not use IVs nor nonce. For these
- *                      ciphers, use \p iv = NULL and \p iv_len = 0.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              #MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED on decryption
- *                      expecting a full block but not receiving one.
- * \return              #MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
- *                      while decrypting.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
-                  const unsigned char *iv, size_t iv_len,
-                  const unsigned char *input, size_t ilen,
-                  unsigned char *output, size_t *olen );
-
-#if defined(MBEDTLS_CIPHER_MODE_AEAD)
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif /* MBEDTLS_DEPRECATED_WARNING */
-/**
- * \brief               The generic authenticated encryption (AEAD) function.
- *
- * \deprecated          Superseded by mbedtls_cipher_auth_encrypt_ext().
- *
- * \note                This function only supports AEAD algorithms, not key
- *                      wrapping algorithms such as NIST_KW; for this, see
- *                      mbedtls_cipher_auth_encrypt_ext().
- *
- * \param ctx           The generic cipher context. This must be initialized and
- *                      bound to a key associated with an AEAD algorithm.
- * \param iv            The nonce to use. This must be a readable buffer of
- *                      at least \p iv_len Bytes and must not be \c NULL.
- * \param iv_len        The length of the nonce. This must satisfy the
- *                      constraints imposed by the AEAD cipher used.
- * \param ad            The additional data to authenticate. This must be a
- *                      readable buffer of at least \p ad_len Bytes, and may
- *                      be \c NULL is \p ad_len is \c 0.
- * \param ad_len        The length of \p ad.
- * \param input         The buffer holding the input data. This must be a
- *                      readable buffer of at least \p ilen Bytes, and may be
- *                      \c NULL if \p ilen is \c 0.
- * \param ilen          The length of the input data.
- * \param output        The buffer for the output data. This must be a
- *                      writable buffer of at least \p ilen Bytes, and must
- *                      not be \c NULL.
- * \param olen          This will be filled with the actual number of Bytes
- *                      written to the \p output buffer. This must point to a
- *                      writable object of type \c size_t.
- * \param tag           The buffer for the authentication tag. This must be a
- *                      writable buffer of at least \p tag_len Bytes. See note
- *                      below regarding restrictions with PSA-based contexts.
- * \param tag_len       The desired length of the authentication tag. This
- *                      must match the constraints imposed by the AEAD cipher
- *                      used, and in particular must not be \c 0.
- *
- * \note                If the context is based on PSA (that is, it was set up
- *                      with mbedtls_cipher_setup_psa()), then it is required
- *                      that \c tag == output + ilen. That is, the tag must be
- *                      appended to the ciphertext as recommended by RFC 5116.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen,
-                         unsigned char *tag, size_t tag_len )
-                         MBEDTLS_DEPRECATED;
-
-/**
- * \brief               The generic authenticated decryption (AEAD) function.
- *
- * \deprecated          Superseded by mbedtls_cipher_auth_decrypt_ext().
- *
- * \note                This function only supports AEAD algorithms, not key
- *                      wrapping algorithms such as NIST_KW; for this, see
- *                      mbedtls_cipher_auth_decrypt_ext().
- *
- * \note                If the data is not authentic, then the output buffer
- *                      is zeroed out to prevent the unauthentic plaintext being
- *                      used, making this interface safer.
- *
- * \param ctx           The generic cipher context. This must be initialized and
- *                      bound to a key associated with an AEAD algorithm.
- * \param iv            The nonce to use. This must be a readable buffer of
- *                      at least \p iv_len Bytes and must not be \c NULL.
- * \param iv_len        The length of the nonce. This must satisfy the
- *                      constraints imposed by the AEAD cipher used.
- * \param ad            The additional data to authenticate. This must be a
- *                      readable buffer of at least \p ad_len Bytes, and may
- *                      be \c NULL is \p ad_len is \c 0.
- * \param ad_len        The length of \p ad.
- * \param input         The buffer holding the input data. This must be a
- *                      readable buffer of at least \p ilen Bytes, and may be
- *                      \c NULL if \p ilen is \c 0.
- * \param ilen          The length of the input data.
- * \param output        The buffer for the output data. This must be a
- *                      writable buffer of at least \p ilen Bytes, and must
- *                      not be \c NULL.
- * \param olen          This will be filled with the actual number of Bytes
- *                      written to the \p output buffer. This must point to a
- *                      writable object of type \c size_t.
- * \param tag           The buffer for the authentication tag. This must be a
- *                      readable buffer of at least \p tag_len Bytes. See note
- *                      below regarding restrictions with PSA-based contexts.
- * \param tag_len       The length of the authentication tag. This must match
- *                      the constraints imposed by the AEAD cipher used, and in
- *                      particular must not be \c 0.
- *
- * \note                If the context is based on PSA (that is, it was set up
- *                      with mbedtls_cipher_setup_psa()), then it is required
- *                      that \c tag == input + len. That is, the tag must be
- *                      appended to the ciphertext as recommended by RFC 5116.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen,
-                         const unsigned char *tag, size_t tag_len )
-                         MBEDTLS_DEPRECATED;
-#undef MBEDTLS_DEPRECATED
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_CIPHER_MODE_AEAD */
-
-#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
-/**
- * \brief               The authenticated encryption (AEAD/NIST_KW) function.
- *
- * \note                For AEAD modes, the tag will be appended to the
- *                      ciphertext, as recommended by RFC 5116.
- *                      (NIST_KW doesn't have a separate tag.)
- *
- * \param ctx           The generic cipher context. This must be initialized and
- *                      bound to a key, with an AEAD algorithm or NIST_KW.
- * \param iv            The nonce to use. This must be a readable buffer of
- *                      at least \p iv_len Bytes and may be \c NULL if \p
- *                      iv_len is \c 0.
- * \param iv_len        The length of the nonce. For AEAD ciphers, this must
- *                      satisfy the constraints imposed by the cipher used.
- *                      For NIST_KW, this must be \c 0.
- * \param ad            The additional data to authenticate. This must be a
- *                      readable buffer of at least \p ad_len Bytes, and may
- *                      be \c NULL is \p ad_len is \c 0.
- * \param ad_len        The length of \p ad. For NIST_KW, this must be \c 0.
- * \param input         The buffer holding the input data. This must be a
- *                      readable buffer of at least \p ilen Bytes, and may be
- *                      \c NULL if \p ilen is \c 0.
- * \param ilen          The length of the input data.
- * \param output        The buffer for the output data. This must be a
- *                      writable buffer of at least \p output_len Bytes, and
- *                      must not be \c NULL.
- * \param output_len    The length of the \p output buffer in Bytes. For AEAD
- *                      ciphers, this must be at least \p ilen + \p tag_len.
- *                      For NIST_KW, this must be at least \p ilen + 8
- *                      (rounded up to a multiple of 8 if KWP is used);
- *                      \p ilen + 15 is always a safe value.
- * \param olen          This will be filled with the actual number of Bytes
- *                      written to the \p output buffer. This must point to a
- *                      writable object of type \c size_t.
- * \param tag_len       The desired length of the authentication tag. For AEAD
- *                      ciphers, this must match the constraints imposed by
- *                      the cipher used, and in particular must not be \c 0.
- *                      For NIST_KW, this must be \c 0.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t output_len,
-                         size_t *olen, size_t tag_len );
-
-/**
- * \brief               The authenticated encryption (AEAD/NIST_KW) function.
- *
- * \note                If the data is not authentic, then the output buffer
- *                      is zeroed out to prevent the unauthentic plaintext being
- *                      used, making this interface safer.
- *
- * \note                For AEAD modes, the tag must be appended to the
- *                      ciphertext, as recommended by RFC 5116.
- *                      (NIST_KW doesn't have a separate tag.)
- *
- * \param ctx           The generic cipher context. This must be initialized and
- *                      bound to a key, with an AEAD algorithm or NIST_KW.
- * \param iv            The nonce to use. This must be a readable buffer of
- *                      at least \p iv_len Bytes and may be \c NULL if \p
- *                      iv_len is \c 0.
- * \param iv_len        The length of the nonce. For AEAD ciphers, this must
- *                      satisfy the constraints imposed by the cipher used.
- *                      For NIST_KW, this must be \c 0.
- * \param ad            The additional data to authenticate. This must be a
- *                      readable buffer of at least \p ad_len Bytes, and may
- *                      be \c NULL is \p ad_len is \c 0.
- * \param ad_len        The length of \p ad. For NIST_KW, this must be \c 0.
- * \param input         The buffer holding the input data. This must be a
- *                      readable buffer of at least \p ilen Bytes, and may be
- *                      \c NULL if \p ilen is \c 0.
- * \param ilen          The length of the input data. For AEAD ciphers this
- *                      must be at least \p tag_len. For NIST_KW this must be
- *                      at least \c 8.
- * \param output        The buffer for the output data. This must be a
- *                      writable buffer of at least \p output_len Bytes, and
- *                      may be \c NULL if \p output_len is \c 0.
- * \param output_len    The length of the \p output buffer in Bytes. For AEAD
- *                      ciphers, this must be at least \p ilen - \p tag_len.
- *                      For NIST_KW, this must be at least \p ilen - 8.
- * \param olen          This will be filled with the actual number of Bytes
- *                      written to the \p output buffer. This must point to a
- *                      writable object of type \c size_t.
- * \param tag_len       The actual length of the authentication tag. For AEAD
- *                      ciphers, this must match the constraints imposed by
- *                      the cipher used, and in particular must not be \c 0.
- *                      For NIST_KW, this must be \c 0.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
- *                      parameter-verification failure.
- * \return              #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t output_len,
-                         size_t *olen, size_t tag_len );
-#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CIPHER_H */
diff --git a/Sources/mbedtls/include/mbedtls/cipher_internal.h b/Sources/mbedtls/include/mbedtls/cipher_internal.h
deleted file mode 100644
index 2484c01..0000000
--- a/Sources/mbedtls/include/mbedtls/cipher_internal.h
+++ /dev/null
@@ -1,150 +0,0 @@
-/**
- * \file cipher_internal.h
- *
- * \brief Cipher wrappers.
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_CIPHER_WRAP_H
-#define MBEDTLS_CIPHER_WRAP_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/cipher.h"
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Base cipher information. The non-mode specific functions and values.
- */
-struct mbedtls_cipher_base_t
-{
-    /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
-    mbedtls_cipher_id_t cipher;
-
-    /** Encrypt using ECB */
-    int (*ecb_func)( void *ctx, mbedtls_operation_t mode,
-                     const unsigned char *input, unsigned char *output );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    /** Encrypt using CBC */
-    int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length,
-                     unsigned char *iv, const unsigned char *input,
-                     unsigned char *output );
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    /** Encrypt using CFB (Full length) */
-    int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
-                     unsigned char *iv, const unsigned char *input,
-                     unsigned char *output );
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    /** Encrypt using OFB (Full length) */
-    int (*ofb_func)( void *ctx, size_t length, size_t *iv_off,
-                     unsigned char *iv,
-                     const unsigned char *input,
-                     unsigned char *output );
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    /** Encrypt using CTR */
-    int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
-                     unsigned char *nonce_counter, unsigned char *stream_block,
-                     const unsigned char *input, unsigned char *output );
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    /** Encrypt or decrypt using XTS. */
-    int (*xts_func)( void *ctx, mbedtls_operation_t mode, size_t length,
-                     const unsigned char data_unit[16],
-                     const unsigned char *input, unsigned char *output );
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    /** Encrypt using STREAM */
-    int (*stream_func)( void *ctx, size_t length,
-                        const unsigned char *input, unsigned char *output );
-#endif
-
-    /** Set key for encryption purposes */
-    int (*setkey_enc_func)( void *ctx, const unsigned char *key,
-                            unsigned int key_bitlen );
-
-    /** Set key for decryption purposes */
-    int (*setkey_dec_func)( void *ctx, const unsigned char *key,
-                            unsigned int key_bitlen);
-
-    /** Allocate a new context */
-    void * (*ctx_alloc_func)( void );
-
-    /** Free the given context */
-    void (*ctx_free_func)( void *ctx );
-
-};
-
-typedef struct
-{
-    mbedtls_cipher_type_t type;
-    const mbedtls_cipher_info_t *info;
-} mbedtls_cipher_definition_t;
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-typedef enum
-{
-    MBEDTLS_CIPHER_PSA_KEY_UNSET = 0,
-    MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */
-                                  /* use raw key material internally imported */
-                                  /* as a volatile key, and which hence need  */
-                                  /* to destroy that key when the context is  */
-                                  /* freed.                                   */
-    MBEDTLS_CIPHER_PSA_KEY_NOT_OWNED, /* Used for PSA-based cipher contexts   */
-                                      /* which use a key provided by the      */
-                                      /* user, and which hence will not be    */
-                                      /* destroyed when the context is freed. */
-} mbedtls_cipher_psa_key_ownership;
-
-typedef struct
-{
-    psa_algorithm_t alg;
-    psa_key_id_t slot;
-    mbedtls_cipher_psa_key_ownership slot_state;
-} mbedtls_cipher_context_psa;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
-
-extern int mbedtls_cipher_supported[];
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CIPHER_WRAP_H */
diff --git a/Sources/mbedtls/include/mbedtls/cmac.h b/Sources/mbedtls/include/mbedtls/cmac.h
deleted file mode 100644
index 8934886..0000000
--- a/Sources/mbedtls/include/mbedtls/cmac.h
+++ /dev/null
@@ -1,247 +0,0 @@
-/**
- * \file cmac.h
- *
- * \brief This file contains CMAC definitions and functions.
- *
- * The Cipher-based Message Authentication Code (CMAC) Mode for
- * Authentication is defined in <em>RFC-4493: The AES-CMAC Algorithm</em>.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_CMAC_H
-#define MBEDTLS_CMAC_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/cipher.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** CMAC hardware accelerator failed. */
-#define MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED -0x007A
-
-#define MBEDTLS_AES_BLOCK_SIZE          16
-#define MBEDTLS_DES3_BLOCK_SIZE         8
-
-#if defined(MBEDTLS_AES_C)
-#define MBEDTLS_CIPHER_BLKSIZE_MAX      16  /**< The longest block used by CMAC is that of AES. */
-#else
-#define MBEDTLS_CIPHER_BLKSIZE_MAX      8   /**< The longest block used by CMAC is that of 3DES. */
-#endif
-
-#if !defined(MBEDTLS_CMAC_ALT)
-
-/**
- * The CMAC context structure.
- */
-struct mbedtls_cmac_context_t
-{
-    /** The internal state of the CMAC algorithm.  */
-    unsigned char       state[MBEDTLS_CIPHER_BLKSIZE_MAX];
-
-    /** Unprocessed data - either data that was not block aligned and is still
-     *  pending processing, or the final block. */
-    unsigned char       unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
-
-    /** The length of data pending processing. */
-    size_t              unprocessed_len;
-};
-
-#else  /* !MBEDTLS_CMAC_ALT */
-#include "cmac_alt.h"
-#endif /* !MBEDTLS_CMAC_ALT */
-
-/**
- * \brief               This function starts a new CMAC computation
- *                      by setting the CMAC key, and preparing to authenticate
- *                      the input data.
- *                      It must be called with an initialized cipher context.
- *
- *                      Once this function has completed, data can be supplied
- *                      to the CMAC computation by calling
- *                      mbedtls_cipher_cmac_update().
- *
- *                      To start a CMAC computation using the same key as a previous
- *                      CMAC computation, use mbedtls_cipher_cmac_finish().
- *
- * \note                When the CMAC implementation is supplied by an alternate
- *                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers
- *                      may not be supported by that implementation, and thus
- *                      return an error. Alternate implementations must support
- *                      AES-128 and AES-256, and may support AES-192 and 3DES.
- *
- * \param ctx           The cipher context used for the CMAC operation, initialized
- *                      as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
- *                      MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
- *                      or MBEDTLS_CIPHER_DES_EDE3_ECB.
- * \param key           The CMAC key.
- * \param keybits       The length of the CMAC key in bits.
- *                      Must be supported by the cipher.
- *
- * \return              \c 0 on success.
- * \return              A cipher-specific error code on failure.
- */
-int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
-                                const unsigned char *key, size_t keybits );
-
-/**
- * \brief               This function feeds an input buffer into an ongoing CMAC
- *                      computation.
- *
- *                      The CMAC computation must have previously been started
- *                      by calling mbedtls_cipher_cmac_starts() or
- *                      mbedtls_cipher_cmac_reset().
- *
- *                      Call this function as many times as needed to input the
- *                      data to be authenticated.
- *                      Once all of the required data has been input,
- *                      call mbedtls_cipher_cmac_finish() to obtain the result
- *                      of the CMAC operation.
- *
- * \param ctx           The cipher context used for the CMAC operation.
- * \param input         The buffer holding the input data.
- * \param ilen          The length of the input data.
- *
- * \return             \c 0 on success.
- * \return             #MBEDTLS_ERR_MD_BAD_INPUT_DATA
- *                     if parameter verification fails.
- */
-int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
-                                const unsigned char *input, size_t ilen );
-
-/**
- * \brief               This function finishes an ongoing CMAC operation, and
- *                      writes the result to the output buffer.
- *
- *                      It should be followed either by
- *                      mbedtls_cipher_cmac_reset(), which starts another CMAC
- *                      operation with the same key, or mbedtls_cipher_free(),
- *                      which clears the cipher context.
- *
- * \param ctx           The cipher context used for the CMAC operation.
- * \param output        The output buffer for the CMAC checksum result.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
- *                      if parameter verification fails.
- */
-int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
-                                unsigned char *output );
-
-/**
- * \brief               This function starts a new CMAC operation with the same
- *                      key as the previous one.
- *
- *                      It should be called after finishing the previous CMAC
- *                      operation with mbedtls_cipher_cmac_finish().
- *                      After calling this function,
- *                      call mbedtls_cipher_cmac_update() to supply the new
- *                      CMAC operation with data.
- *
- * \param ctx           The cipher context used for the CMAC operation.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
- *                      if parameter verification fails.
- */
-int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
-
-/**
- * \brief               This function calculates the full generic CMAC
- *                      on the input buffer with the provided key.
- *
- *                      The function allocates the context, performs the
- *                      calculation, and frees the context.
- *
- *                      The CMAC result is calculated as
- *                      output = generic CMAC(cmac key, input buffer).
- *
- * \note                When the CMAC implementation is supplied by an alternate
- *                      implementation (through #MBEDTLS_CMAC_ALT), some ciphers
- *                      may not be supported by that implementation, and thus
- *                      return an error. Alternate implementations must support
- *                      AES-128 and AES-256, and may support AES-192 and 3DES.
- *
- * \param cipher_info   The cipher information.
- * \param key           The CMAC key.
- * \param keylen        The length of the CMAC key in bits.
- * \param input         The buffer holding the input data.
- * \param ilen          The length of the input data.
- * \param output        The buffer for the generic CMAC result.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
- *                      if parameter verification fails.
- */
-int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
-                         const unsigned char *key, size_t keylen,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output );
-
-#if defined(MBEDTLS_AES_C)
-/**
- * \brief           This function implements the AES-CMAC-PRF-128 pseudorandom
- *                  function, as defined in
- *                  <em>RFC-4615: The Advanced Encryption Standard-Cipher-based
- *                  Message Authentication Code-Pseudo-Random Function-128
- *                  (AES-CMAC-PRF-128) Algorithm for the Internet Key
- *                  Exchange Protocol (IKE).</em>
- *
- * \param key       The key to use.
- * \param key_len   The key length in Bytes.
- * \param input     The buffer holding the input data.
- * \param in_len    The length of the input data in Bytes.
- * \param output    The buffer holding the generated 16 Bytes of
- *                  pseudorandom output.
- *
- * \return          \c 0 on success.
- */
-int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
-                              const unsigned char *input, size_t in_len,
-                              unsigned char output[16] );
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
-/**
- * \brief          The CMAC checkup routine.
- *
- * \note           In case the CMAC routines are provided by an alternative
- *                 implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the
- *                 checkup routine will succeed even if the implementation does
- *                 not support the less widely used AES-192 or 3DES primitives.
- *                 The self-test requires at least AES-128 and AES-256 to be
- *                 supported by the underlying implementation.
- *
- * \return         \c 0 on success.
- * \return         \c 1 on failure.
- */
-int mbedtls_cmac_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CMAC_H */
diff --git a/Sources/mbedtls/include/mbedtls/compat-1.3.h b/Sources/mbedtls/include/mbedtls/compat-1.3.h
deleted file mode 100644
index 4017751..0000000
--- a/Sources/mbedtls/include/mbedtls/compat-1.3.h
+++ /dev/null
@@ -1,2529 +0,0 @@
-/**
- * \file compat-1.3.h
- *
- * \brief Compatibility definitions for using mbed TLS with client code written
- *  for the PolarSSL naming conventions.
- *
- * \deprecated Use the new names directly instead
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "Including compat-1.3.h is deprecated"
-#endif
-
-#ifndef MBEDTLS_COMPAT13_H
-#define MBEDTLS_COMPAT13_H
-
-/*
- * config.h options
- */
-#if defined MBEDTLS_AESNI_C
-#define POLARSSL_AESNI_C MBEDTLS_AESNI_C
-#endif
-#if defined MBEDTLS_AES_ALT
-#define POLARSSL_AES_ALT MBEDTLS_AES_ALT
-#endif
-#if defined MBEDTLS_AES_C
-#define POLARSSL_AES_C MBEDTLS_AES_C
-#endif
-#if defined MBEDTLS_AES_ROM_TABLES
-#define POLARSSL_AES_ROM_TABLES MBEDTLS_AES_ROM_TABLES
-#endif
-#if defined MBEDTLS_ARC4_ALT
-#define POLARSSL_ARC4_ALT MBEDTLS_ARC4_ALT
-#endif
-#if defined MBEDTLS_ARC4_C
-#define POLARSSL_ARC4_C MBEDTLS_ARC4_C
-#endif
-#if defined MBEDTLS_ASN1_PARSE_C
-#define POLARSSL_ASN1_PARSE_C MBEDTLS_ASN1_PARSE_C
-#endif
-#if defined MBEDTLS_ASN1_WRITE_C
-#define POLARSSL_ASN1_WRITE_C MBEDTLS_ASN1_WRITE_C
-#endif
-#if defined MBEDTLS_BASE64_C
-#define POLARSSL_BASE64_C MBEDTLS_BASE64_C
-#endif
-#if defined MBEDTLS_BIGNUM_C
-#define POLARSSL_BIGNUM_C MBEDTLS_BIGNUM_C
-#endif
-#if defined MBEDTLS_BLOWFISH_ALT
-#define POLARSSL_BLOWFISH_ALT MBEDTLS_BLOWFISH_ALT
-#endif
-#if defined MBEDTLS_BLOWFISH_C
-#define POLARSSL_BLOWFISH_C MBEDTLS_BLOWFISH_C
-#endif
-#if defined MBEDTLS_CAMELLIA_ALT
-#define POLARSSL_CAMELLIA_ALT MBEDTLS_CAMELLIA_ALT
-#endif
-#if defined MBEDTLS_CAMELLIA_C
-#define POLARSSL_CAMELLIA_C MBEDTLS_CAMELLIA_C
-#endif
-#if defined MBEDTLS_CAMELLIA_SMALL_MEMORY
-#define POLARSSL_CAMELLIA_SMALL_MEMORY MBEDTLS_CAMELLIA_SMALL_MEMORY
-#endif
-#if defined MBEDTLS_CCM_C
-#define POLARSSL_CCM_C MBEDTLS_CCM_C
-#endif
-#if defined MBEDTLS_CERTS_C
-#define POLARSSL_CERTS_C MBEDTLS_CERTS_C
-#endif
-#if defined MBEDTLS_CIPHER_C
-#define POLARSSL_CIPHER_C MBEDTLS_CIPHER_C
-#endif
-#if defined MBEDTLS_CIPHER_MODE_CBC
-#define POLARSSL_CIPHER_MODE_CBC MBEDTLS_CIPHER_MODE_CBC
-#endif
-#if defined MBEDTLS_CIPHER_MODE_CFB
-#define POLARSSL_CIPHER_MODE_CFB MBEDTLS_CIPHER_MODE_CFB
-#endif
-#if defined MBEDTLS_CIPHER_MODE_CTR
-#define POLARSSL_CIPHER_MODE_CTR MBEDTLS_CIPHER_MODE_CTR
-#endif
-#if defined MBEDTLS_CIPHER_NULL_CIPHER
-#define POLARSSL_CIPHER_NULL_CIPHER MBEDTLS_CIPHER_NULL_CIPHER
-#endif
-#if defined MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-#define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-#endif
-#if defined MBEDTLS_CIPHER_PADDING_PKCS7
-#define POLARSSL_CIPHER_PADDING_PKCS7 MBEDTLS_CIPHER_PADDING_PKCS7
-#endif
-#if defined MBEDTLS_CIPHER_PADDING_ZEROS
-#define POLARSSL_CIPHER_PADDING_ZEROS MBEDTLS_CIPHER_PADDING_ZEROS
-#endif
-#if defined MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-#define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-#endif
-#if defined MBEDTLS_CTR_DRBG_C
-#define POLARSSL_CTR_DRBG_C MBEDTLS_CTR_DRBG_C
-#endif
-#if defined MBEDTLS_DEBUG_C
-#define POLARSSL_DEBUG_C MBEDTLS_DEBUG_C
-#endif
-#if defined MBEDTLS_DEPRECATED_REMOVED
-#define POLARSSL_DEPRECATED_REMOVED MBEDTLS_DEPRECATED_REMOVED
-#endif
-#if defined MBEDTLS_DEPRECATED_WARNING
-#define POLARSSL_DEPRECATED_WARNING MBEDTLS_DEPRECATED_WARNING
-#endif
-#if defined MBEDTLS_DES_ALT
-#define POLARSSL_DES_ALT MBEDTLS_DES_ALT
-#endif
-#if defined MBEDTLS_DES_C
-#define POLARSSL_DES_C MBEDTLS_DES_C
-#endif
-#if defined MBEDTLS_DHM_C
-#define POLARSSL_DHM_C MBEDTLS_DHM_C
-#endif
-#if defined MBEDTLS_ECDH_C
-#define POLARSSL_ECDH_C MBEDTLS_ECDH_C
-#endif
-#if defined MBEDTLS_ECDSA_C
-#define POLARSSL_ECDSA_C MBEDTLS_ECDSA_C
-#endif
-#if defined MBEDTLS_ECDSA_DETERMINISTIC
-#define POLARSSL_ECDSA_DETERMINISTIC MBEDTLS_ECDSA_DETERMINISTIC
-#endif
-#if defined MBEDTLS_ECP_C
-#define POLARSSL_ECP_C MBEDTLS_ECP_C
-#endif
-#if defined MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define POLARSSL_ECP_DP_BP256R1_ENABLED MBEDTLS_ECP_DP_BP256R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define POLARSSL_ECP_DP_BP384R1_ENABLED MBEDTLS_ECP_DP_BP384R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_BP512R1_ENABLED
-#define POLARSSL_ECP_DP_BP512R1_ENABLED MBEDTLS_ECP_DP_BP512R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define POLARSSL_ECP_DP_M255_ENABLED MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define POLARSSL_ECP_DP_SECP192K1_ENABLED MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define POLARSSL_ECP_DP_SECP192R1_ENABLED MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define POLARSSL_ECP_DP_SECP224K1_ENABLED MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define POLARSSL_ECP_DP_SECP224R1_ENABLED MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define POLARSSL_ECP_DP_SECP256K1_ENABLED MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define POLARSSL_ECP_DP_SECP256R1_ENABLED MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define POLARSSL_ECP_DP_SECP384R1_ENABLED MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define POLARSSL_ECP_DP_SECP521R1_ENABLED MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#endif
-#if defined MBEDTLS_ECP_FIXED_POINT_OPTIM
-#define POLARSSL_ECP_FIXED_POINT_OPTIM MBEDTLS_ECP_FIXED_POINT_OPTIM
-#endif
-#if defined MBEDTLS_ECP_MAX_BITS
-#define POLARSSL_ECP_MAX_BITS MBEDTLS_ECP_MAX_BITS
-#endif
-#if defined MBEDTLS_ECP_NIST_OPTIM
-#define POLARSSL_ECP_NIST_OPTIM MBEDTLS_ECP_NIST_OPTIM
-#endif
-#if defined MBEDTLS_ECP_WINDOW_SIZE
-#define POLARSSL_ECP_WINDOW_SIZE MBEDTLS_ECP_WINDOW_SIZE
-#endif
-#if defined MBEDTLS_ENABLE_WEAK_CIPHERSUITES
-#define POLARSSL_ENABLE_WEAK_CIPHERSUITES MBEDTLS_ENABLE_WEAK_CIPHERSUITES
-#endif
-#if defined MBEDTLS_ENTROPY_C
-#define POLARSSL_ENTROPY_C MBEDTLS_ENTROPY_C
-#endif
-#if defined MBEDTLS_ENTROPY_FORCE_SHA256
-#define POLARSSL_ENTROPY_FORCE_SHA256 MBEDTLS_ENTROPY_FORCE_SHA256
-#endif
-#if defined MBEDTLS_ERROR_C
-#define POLARSSL_ERROR_C MBEDTLS_ERROR_C
-#endif
-#if defined MBEDTLS_ERROR_STRERROR_DUMMY
-#define POLARSSL_ERROR_STRERROR_DUMMY MBEDTLS_ERROR_STRERROR_DUMMY
-#endif
-#if defined MBEDTLS_FS_IO
-#define POLARSSL_FS_IO MBEDTLS_FS_IO
-#endif
-#if defined MBEDTLS_GCM_C
-#define POLARSSL_GCM_C MBEDTLS_GCM_C
-#endif
-#if defined MBEDTLS_GENPRIME
-#define POLARSSL_GENPRIME MBEDTLS_GENPRIME
-#endif
-#if defined MBEDTLS_HAVEGE_C
-#define POLARSSL_HAVEGE_C MBEDTLS_HAVEGE_C
-#endif
-#if defined MBEDTLS_HAVE_ASM
-#define POLARSSL_HAVE_ASM MBEDTLS_HAVE_ASM
-#endif
-#if defined MBEDTLS_HAVE_SSE2
-#define POLARSSL_HAVE_SSE2 MBEDTLS_HAVE_SSE2
-#endif
-#if defined MBEDTLS_HAVE_TIME
-#define POLARSSL_HAVE_TIME MBEDTLS_HAVE_TIME
-#endif
-#if defined MBEDTLS_HMAC_DRBG_C
-#define POLARSSL_HMAC_DRBG_C MBEDTLS_HMAC_DRBG_C
-#endif
-#if defined MBEDTLS_HMAC_DRBG_MAX_INPUT
-#define POLARSSL_HMAC_DRBG_MAX_INPUT MBEDTLS_HMAC_DRBG_MAX_INPUT
-#endif
-#if defined MBEDTLS_HMAC_DRBG_MAX_REQUEST
-#define POLARSSL_HMAC_DRBG_MAX_REQUEST MBEDTLS_HMAC_DRBG_MAX_REQUEST
-#endif
-#if defined MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT
-#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT
-#endif
-#if defined MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
-#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
-#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-#define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-#endif
-#if defined MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-#endif
-#if defined MBEDTLS_MD2_ALT
-#define POLARSSL_MD2_ALT MBEDTLS_MD2_ALT
-#endif
-#if defined MBEDTLS_MD2_C
-#define POLARSSL_MD2_C MBEDTLS_MD2_C
-#endif
-#if defined MBEDTLS_MD2_PROCESS_ALT
-#define POLARSSL_MD2_PROCESS_ALT MBEDTLS_MD2_PROCESS_ALT
-#endif
-#if defined MBEDTLS_MD4_ALT
-#define POLARSSL_MD4_ALT MBEDTLS_MD4_ALT
-#endif
-#if defined MBEDTLS_MD4_C
-#define POLARSSL_MD4_C MBEDTLS_MD4_C
-#endif
-#if defined MBEDTLS_MD4_PROCESS_ALT
-#define POLARSSL_MD4_PROCESS_ALT MBEDTLS_MD4_PROCESS_ALT
-#endif
-#if defined MBEDTLS_MD5_ALT
-#define POLARSSL_MD5_ALT MBEDTLS_MD5_ALT
-#endif
-#if defined MBEDTLS_MD5_C
-#define POLARSSL_MD5_C MBEDTLS_MD5_C
-#endif
-#if defined MBEDTLS_MD5_PROCESS_ALT
-#define POLARSSL_MD5_PROCESS_ALT MBEDTLS_MD5_PROCESS_ALT
-#endif
-#if defined MBEDTLS_MD_C
-#define POLARSSL_MD_C MBEDTLS_MD_C
-#endif
-#if defined MBEDTLS_MEMORY_ALIGN_MULTIPLE
-#define POLARSSL_MEMORY_ALIGN_MULTIPLE MBEDTLS_MEMORY_ALIGN_MULTIPLE
-#endif
-#if defined MBEDTLS_MEMORY_BACKTRACE
-#define POLARSSL_MEMORY_BACKTRACE MBEDTLS_MEMORY_BACKTRACE
-#endif
-#if defined MBEDTLS_MEMORY_BUFFER_ALLOC_C
-#define POLARSSL_MEMORY_BUFFER_ALLOC_C MBEDTLS_MEMORY_BUFFER_ALLOC_C
-#endif
-#if defined MBEDTLS_MEMORY_DEBUG
-#define POLARSSL_MEMORY_DEBUG MBEDTLS_MEMORY_DEBUG
-#endif
-#if defined MBEDTLS_MPI_MAX_SIZE
-#define POLARSSL_MPI_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
-#endif
-#if defined MBEDTLS_MPI_WINDOW_SIZE
-#define POLARSSL_MPI_WINDOW_SIZE MBEDTLS_MPI_WINDOW_SIZE
-#endif
-#if defined MBEDTLS_NET_C
-#define POLARSSL_NET_C MBEDTLS_NET_C
-#endif
-#if defined MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-#endif
-#if defined MBEDTLS_NO_PLATFORM_ENTROPY
-#define POLARSSL_NO_PLATFORM_ENTROPY MBEDTLS_NO_PLATFORM_ENTROPY
-#endif
-#if defined MBEDTLS_OID_C
-#define POLARSSL_OID_C MBEDTLS_OID_C
-#endif
-#if defined MBEDTLS_PADLOCK_C
-#define POLARSSL_PADLOCK_C MBEDTLS_PADLOCK_C
-#endif
-#if defined MBEDTLS_PEM_PARSE_C
-#define POLARSSL_PEM_PARSE_C MBEDTLS_PEM_PARSE_C
-#endif
-#if defined MBEDTLS_PEM_WRITE_C
-#define POLARSSL_PEM_WRITE_C MBEDTLS_PEM_WRITE_C
-#endif
-#if defined MBEDTLS_PKCS11_C
-#define POLARSSL_PKCS11_C MBEDTLS_PKCS11_C
-#endif
-#if defined MBEDTLS_PKCS12_C
-#define POLARSSL_PKCS12_C MBEDTLS_PKCS12_C
-#endif
-#if defined MBEDTLS_PKCS1_V15
-#define POLARSSL_PKCS1_V15 MBEDTLS_PKCS1_V15
-#endif
-#if defined MBEDTLS_PKCS1_V21
-#define POLARSSL_PKCS1_V21 MBEDTLS_PKCS1_V21
-#endif
-#if defined MBEDTLS_PKCS5_C
-#define POLARSSL_PKCS5_C MBEDTLS_PKCS5_C
-#endif
-#if defined MBEDTLS_PK_C
-#define POLARSSL_PK_C MBEDTLS_PK_C
-#endif
-#if defined MBEDTLS_PK_PARSE_C
-#define POLARSSL_PK_PARSE_C MBEDTLS_PK_PARSE_C
-#endif
-#if defined MBEDTLS_PK_PARSE_EC_EXTENDED
-#define POLARSSL_PK_PARSE_EC_EXTENDED MBEDTLS_PK_PARSE_EC_EXTENDED
-#endif
-#if defined MBEDTLS_PK_RSA_ALT_SUPPORT
-#define POLARSSL_PK_RSA_ALT_SUPPORT MBEDTLS_PK_RSA_ALT_SUPPORT
-#endif
-#if defined MBEDTLS_PK_WRITE_C
-#define POLARSSL_PK_WRITE_C MBEDTLS_PK_WRITE_C
-#endif
-#if defined MBEDTLS_PLATFORM_C
-#define POLARSSL_PLATFORM_C MBEDTLS_PLATFORM_C
-#endif
-#if defined MBEDTLS_PLATFORM_EXIT_ALT
-#define POLARSSL_PLATFORM_EXIT_ALT MBEDTLS_PLATFORM_EXIT_ALT
-#endif
-#if defined MBEDTLS_PLATFORM_EXIT_MACRO
-#define POLARSSL_PLATFORM_EXIT_MACRO MBEDTLS_PLATFORM_EXIT_MACRO
-#endif
-#if defined MBEDTLS_PLATFORM_FPRINTF_ALT
-#define POLARSSL_PLATFORM_FPRINTF_ALT MBEDTLS_PLATFORM_FPRINTF_ALT
-#endif
-#if defined MBEDTLS_PLATFORM_FPRINTF_MACRO
-#define POLARSSL_PLATFORM_FPRINTF_MACRO MBEDTLS_PLATFORM_FPRINTF_MACRO
-#endif
-#if defined MBEDTLS_PLATFORM_FREE_MACRO
-#define POLARSSL_PLATFORM_FREE_MACRO MBEDTLS_PLATFORM_FREE_MACRO
-#endif
-#if defined MBEDTLS_PLATFORM_MEMORY
-#define POLARSSL_PLATFORM_MEMORY MBEDTLS_PLATFORM_MEMORY
-#endif
-#if defined MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-#endif
-#if defined MBEDTLS_PLATFORM_PRINTF_ALT
-#define POLARSSL_PLATFORM_PRINTF_ALT MBEDTLS_PLATFORM_PRINTF_ALT
-#endif
-#if defined MBEDTLS_PLATFORM_PRINTF_MACRO
-#define POLARSSL_PLATFORM_PRINTF_MACRO MBEDTLS_PLATFORM_PRINTF_MACRO
-#endif
-#if defined MBEDTLS_PLATFORM_SNPRINTF_ALT
-#define POLARSSL_PLATFORM_SNPRINTF_ALT MBEDTLS_PLATFORM_SNPRINTF_ALT
-#endif
-#if defined MBEDTLS_PLATFORM_SNPRINTF_MACRO
-#define POLARSSL_PLATFORM_SNPRINTF_MACRO MBEDTLS_PLATFORM_SNPRINTF_MACRO
-#endif
-#if defined MBEDTLS_PLATFORM_STD_EXIT
-#define POLARSSL_PLATFORM_STD_EXIT MBEDTLS_PLATFORM_STD_EXIT
-#endif
-#if defined MBEDTLS_PLATFORM_STD_FPRINTF
-#define POLARSSL_PLATFORM_STD_FPRINTF MBEDTLS_PLATFORM_STD_FPRINTF
-#endif
-#if defined MBEDTLS_PLATFORM_STD_FREE
-#define POLARSSL_PLATFORM_STD_FREE MBEDTLS_PLATFORM_STD_FREE
-#endif
-#if defined MBEDTLS_PLATFORM_STD_MEM_HDR
-#define POLARSSL_PLATFORM_STD_MEM_HDR MBEDTLS_PLATFORM_STD_MEM_HDR
-#endif
-#if defined MBEDTLS_PLATFORM_STD_PRINTF
-#define POLARSSL_PLATFORM_STD_PRINTF MBEDTLS_PLATFORM_STD_PRINTF
-#endif
-#if defined MBEDTLS_PLATFORM_STD_SNPRINTF
-#define POLARSSL_PLATFORM_STD_SNPRINTF MBEDTLS_PLATFORM_STD_SNPRINTF
-#endif
-#if defined MBEDTLS_PSK_MAX_LEN
-#define POLARSSL_PSK_MAX_LEN MBEDTLS_PSK_MAX_LEN
-#endif
-#if defined MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-#define POLARSSL_REMOVE_ARC4_CIPHERSUITES MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-#endif
-#if defined MBEDTLS_RIPEMD160_ALT
-#define POLARSSL_RIPEMD160_ALT MBEDTLS_RIPEMD160_ALT
-#endif
-#if defined MBEDTLS_RIPEMD160_C
-#define POLARSSL_RIPEMD160_C MBEDTLS_RIPEMD160_C
-#endif
-#if defined MBEDTLS_RIPEMD160_PROCESS_ALT
-#define POLARSSL_RIPEMD160_PROCESS_ALT MBEDTLS_RIPEMD160_PROCESS_ALT
-#endif
-#if defined MBEDTLS_RSA_C
-#define POLARSSL_RSA_C MBEDTLS_RSA_C
-#endif
-#if defined MBEDTLS_RSA_NO_CRT
-#define POLARSSL_RSA_NO_CRT MBEDTLS_RSA_NO_CRT
-#endif
-#if defined MBEDTLS_SELF_TEST
-#define POLARSSL_SELF_TEST MBEDTLS_SELF_TEST
-#endif
-#if defined MBEDTLS_SHA1_ALT
-#define POLARSSL_SHA1_ALT MBEDTLS_SHA1_ALT
-#endif
-#if defined MBEDTLS_SHA1_C
-#define POLARSSL_SHA1_C MBEDTLS_SHA1_C
-#endif
-#if defined MBEDTLS_SHA1_PROCESS_ALT
-#define POLARSSL_SHA1_PROCESS_ALT MBEDTLS_SHA1_PROCESS_ALT
-#endif
-#if defined MBEDTLS_SHA256_ALT
-#define POLARSSL_SHA256_ALT MBEDTLS_SHA256_ALT
-#endif
-#if defined MBEDTLS_SHA256_C
-#define POLARSSL_SHA256_C MBEDTLS_SHA256_C
-#endif
-#if defined MBEDTLS_SHA256_PROCESS_ALT
-#define POLARSSL_SHA256_PROCESS_ALT MBEDTLS_SHA256_PROCESS_ALT
-#endif
-#if defined MBEDTLS_SHA512_ALT
-#define POLARSSL_SHA512_ALT MBEDTLS_SHA512_ALT
-#endif
-#if defined MBEDTLS_SHA512_C
-#define POLARSSL_SHA512_C MBEDTLS_SHA512_C
-#endif
-#if defined MBEDTLS_SHA512_PROCESS_ALT
-#define POLARSSL_SHA512_PROCESS_ALT MBEDTLS_SHA512_PROCESS_ALT
-#endif
-#if defined MBEDTLS_SSL_ALL_ALERT_MESSAGES
-#define POLARSSL_SSL_ALL_ALERT_MESSAGES MBEDTLS_SSL_ALL_ALERT_MESSAGES
-#endif
-#if defined MBEDTLS_SSL_ALPN
-#define POLARSSL_SSL_ALPN MBEDTLS_SSL_ALPN
-#endif
-#if defined MBEDTLS_SSL_CACHE_C
-#define POLARSSL_SSL_CACHE_C MBEDTLS_SSL_CACHE_C
-#endif
-#if defined MBEDTLS_SSL_CBC_RECORD_SPLITTING
-#define POLARSSL_SSL_CBC_RECORD_SPLITTING MBEDTLS_SSL_CBC_RECORD_SPLITTING
-#endif
-#if defined MBEDTLS_SSL_CLI_C
-#define POLARSSL_SSL_CLI_C MBEDTLS_SSL_CLI_C
-#endif
-#if defined MBEDTLS_SSL_COOKIE_C
-#define POLARSSL_SSL_COOKIE_C MBEDTLS_SSL_COOKIE_C
-#endif
-#if defined MBEDTLS_SSL_COOKIE_TIMEOUT
-#define POLARSSL_SSL_COOKIE_TIMEOUT MBEDTLS_SSL_COOKIE_TIMEOUT
-#endif
-#if defined MBEDTLS_SSL_DEBUG_ALL
-#define POLARSSL_SSL_DEBUG_ALL MBEDTLS_SSL_DEBUG_ALL
-#endif
-#if defined MBEDTLS_SSL_DTLS_ANTI_REPLAY
-#define POLARSSL_SSL_DTLS_ANTI_REPLAY MBEDTLS_SSL_DTLS_ANTI_REPLAY
-#endif
-#if defined MBEDTLS_SSL_DTLS_BADMAC_LIMIT
-#define POLARSSL_SSL_DTLS_BADMAC_LIMIT MBEDTLS_SSL_DTLS_BADMAC_LIMIT
-#endif
-#if defined MBEDTLS_SSL_DTLS_HELLO_VERIFY
-#define POLARSSL_SSL_DTLS_HELLO_VERIFY MBEDTLS_SSL_DTLS_HELLO_VERIFY
-#endif
-#if defined MBEDTLS_SSL_ENCRYPT_THEN_MAC
-#define POLARSSL_SSL_ENCRYPT_THEN_MAC MBEDTLS_SSL_ENCRYPT_THEN_MAC
-#endif
-#if defined MBEDTLS_SSL_EXTENDED_MASTER_SECRET
-#define POLARSSL_SSL_EXTENDED_MASTER_SECRET MBEDTLS_SSL_EXTENDED_MASTER_SECRET
-#endif
-#if defined MBEDTLS_SSL_FALLBACK_SCSV
-#define POLARSSL_SSL_FALLBACK_SCSV MBEDTLS_SSL_FALLBACK_SCSV
-#endif
-#if defined MBEDTLS_SSL_HW_RECORD_ACCEL
-#define POLARSSL_SSL_HW_RECORD_ACCEL MBEDTLS_SSL_HW_RECORD_ACCEL
-#endif
-#if defined MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-#define POLARSSL_SSL_MAX_FRAGMENT_LENGTH MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-#endif
-#if defined MBEDTLS_SSL_PROTO_DTLS
-#define POLARSSL_SSL_PROTO_DTLS MBEDTLS_SSL_PROTO_DTLS
-#endif
-#if defined MBEDTLS_SSL_PROTO_SSL3
-#define POLARSSL_SSL_PROTO_SSL3 MBEDTLS_SSL_PROTO_SSL3
-#endif
-#if defined MBEDTLS_SSL_PROTO_TLS1
-#define POLARSSL_SSL_PROTO_TLS1 MBEDTLS_SSL_PROTO_TLS1
-#endif
-#if defined MBEDTLS_SSL_PROTO_TLS1_1
-#define POLARSSL_SSL_PROTO_TLS1_1 MBEDTLS_SSL_PROTO_TLS1_1
-#endif
-#if defined MBEDTLS_SSL_PROTO_TLS1_2
-#define POLARSSL_SSL_PROTO_TLS1_2 MBEDTLS_SSL_PROTO_TLS1_2
-#endif
-#if defined MBEDTLS_SSL_RENEGOTIATION
-#define POLARSSL_SSL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION
-#endif
-#if defined MBEDTLS_SSL_SERVER_NAME_INDICATION
-#define POLARSSL_SSL_SERVER_NAME_INDICATION MBEDTLS_SSL_SERVER_NAME_INDICATION
-#endif
-#if defined MBEDTLS_SSL_SESSION_TICKETS
-#define POLARSSL_SSL_SESSION_TICKETS MBEDTLS_SSL_SESSION_TICKETS
-#endif
-#if defined MBEDTLS_SSL_SRV_C
-#define POLARSSL_SSL_SRV_C MBEDTLS_SSL_SRV_C
-#endif
-#if defined MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
-#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
-#endif
-#if defined MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
-#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
-#endif
-#if defined MBEDTLS_SSL_TLS_C
-#define POLARSSL_SSL_TLS_C MBEDTLS_SSL_TLS_C
-#endif
-#if defined MBEDTLS_SSL_TRUNCATED_HMAC
-#define POLARSSL_SSL_TRUNCATED_HMAC MBEDTLS_SSL_TRUNCATED_HMAC
-#endif
-#if defined MBEDTLS_THREADING_ALT
-#define POLARSSL_THREADING_ALT MBEDTLS_THREADING_ALT
-#endif
-#if defined MBEDTLS_THREADING_C
-#define POLARSSL_THREADING_C MBEDTLS_THREADING_C
-#endif
-#if defined MBEDTLS_THREADING_PTHREAD
-#define POLARSSL_THREADING_PTHREAD MBEDTLS_THREADING_PTHREAD
-#endif
-#if defined MBEDTLS_TIMING_ALT
-#define POLARSSL_TIMING_ALT MBEDTLS_TIMING_ALT
-#endif
-#if defined MBEDTLS_TIMING_C
-#define POLARSSL_TIMING_C MBEDTLS_TIMING_C
-#endif
-#if defined MBEDTLS_VERSION_C
-#define POLARSSL_VERSION_C MBEDTLS_VERSION_C
-#endif
-#if defined MBEDTLS_VERSION_FEATURES
-#define POLARSSL_VERSION_FEATURES MBEDTLS_VERSION_FEATURES
-#endif
-#if defined MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-#endif
-#if defined MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-#endif
-#if defined MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
-#define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
-#endif
-#if defined MBEDTLS_X509_CHECK_KEY_USAGE
-#define POLARSSL_X509_CHECK_KEY_USAGE MBEDTLS_X509_CHECK_KEY_USAGE
-#endif
-#if defined MBEDTLS_X509_CREATE_C
-#define POLARSSL_X509_CREATE_C MBEDTLS_X509_CREATE_C
-#endif
-#if defined MBEDTLS_X509_CRL_PARSE_C
-#define POLARSSL_X509_CRL_PARSE_C MBEDTLS_X509_CRL_PARSE_C
-#endif
-#if defined MBEDTLS_X509_CRT_PARSE_C
-#define POLARSSL_X509_CRT_PARSE_C MBEDTLS_X509_CRT_PARSE_C
-#endif
-#if defined MBEDTLS_X509_CRT_WRITE_C
-#define POLARSSL_X509_CRT_WRITE_C MBEDTLS_X509_CRT_WRITE_C
-#endif
-#if defined MBEDTLS_X509_CSR_PARSE_C
-#define POLARSSL_X509_CSR_PARSE_C MBEDTLS_X509_CSR_PARSE_C
-#endif
-#if defined MBEDTLS_X509_CSR_WRITE_C
-#define POLARSSL_X509_CSR_WRITE_C MBEDTLS_X509_CSR_WRITE_C
-#endif
-#if defined MBEDTLS_X509_MAX_INTERMEDIATE_CA
-#define POLARSSL_X509_MAX_INTERMEDIATE_CA MBEDTLS_X509_MAX_INTERMEDIATE_CA
-#endif
-#if defined MBEDTLS_X509_RSASSA_PSS_SUPPORT
-#define POLARSSL_X509_RSASSA_PSS_SUPPORT MBEDTLS_X509_RSASSA_PSS_SUPPORT
-#endif
-#if defined MBEDTLS_X509_USE_C
-#define POLARSSL_X509_USE_C MBEDTLS_X509_USE_C
-#endif
-#if defined MBEDTLS_XTEA_ALT
-#define POLARSSL_XTEA_ALT MBEDTLS_XTEA_ALT
-#endif
-#if defined MBEDTLS_XTEA_C
-#define POLARSSL_XTEA_C MBEDTLS_XTEA_C
-#endif
-#if defined MBEDTLS_ZLIB_SUPPORT
-#define POLARSSL_ZLIB_SUPPORT MBEDTLS_ZLIB_SUPPORT
-#endif
-
-/*
- * Misc names (macros, types, functions, enum constants...)
- */
-#define AES_DECRYPT MBEDTLS_AES_DECRYPT
-#define AES_ENCRYPT MBEDTLS_AES_ENCRYPT
-#define ASN1_BIT_STRING MBEDTLS_ASN1_BIT_STRING
-#define ASN1_BMP_STRING MBEDTLS_ASN1_BMP_STRING
-#define ASN1_BOOLEAN MBEDTLS_ASN1_BOOLEAN
-#define ASN1_CHK_ADD MBEDTLS_ASN1_CHK_ADD
-#define ASN1_CONSTRUCTED MBEDTLS_ASN1_CONSTRUCTED
-#define ASN1_CONTEXT_SPECIFIC MBEDTLS_ASN1_CONTEXT_SPECIFIC
-#define ASN1_GENERALIZED_TIME MBEDTLS_ASN1_GENERALIZED_TIME
-#define ASN1_IA5_STRING MBEDTLS_ASN1_IA5_STRING
-#define ASN1_INTEGER MBEDTLS_ASN1_INTEGER
-#define ASN1_NULL MBEDTLS_ASN1_NULL
-#define ASN1_OCTET_STRING MBEDTLS_ASN1_OCTET_STRING
-#define ASN1_OID MBEDTLS_ASN1_OID
-#define ASN1_PRIMITIVE MBEDTLS_ASN1_PRIMITIVE
-#define ASN1_PRINTABLE_STRING MBEDTLS_ASN1_PRINTABLE_STRING
-#define ASN1_SEQUENCE MBEDTLS_ASN1_SEQUENCE
-#define ASN1_SET MBEDTLS_ASN1_SET
-#define ASN1_T61_STRING MBEDTLS_ASN1_T61_STRING
-#define ASN1_UNIVERSAL_STRING MBEDTLS_ASN1_UNIVERSAL_STRING
-#define ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME
-#define ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING
-#define BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH
-#define BADCERT_EXPIRED MBEDTLS_X509_BADCERT_EXPIRED
-#define BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE
-#define BADCERT_MISSING MBEDTLS_X509_BADCERT_MISSING
-#define BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED
-#define BADCERT_OTHER MBEDTLS_X509_BADCERT_OTHER
-#define BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED
-#define BADCERT_SKIP_VERIFY MBEDTLS_X509_BADCERT_SKIP_VERIFY
-#define BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED
-#define BADCRL_FUTURE MBEDTLS_X509_BADCRL_FUTURE
-#define BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED
-#define BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE
-#define BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT
-#define BLOWFISH_ENCRYPT MBEDTLS_BLOWFISH_ENCRYPT
-#define BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
-#define BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
-#define BLOWFISH_ROUNDS MBEDTLS_BLOWFISH_ROUNDS
-#define CAMELLIA_DECRYPT MBEDTLS_CAMELLIA_DECRYPT
-#define CAMELLIA_ENCRYPT MBEDTLS_CAMELLIA_ENCRYPT
-#define COLLECT_SIZE MBEDTLS_HAVEGE_COLLECT_SIZE
-#define CTR_DRBG_BLOCKSIZE MBEDTLS_CTR_DRBG_BLOCKSIZE
-#define CTR_DRBG_ENTROPY_LEN MBEDTLS_CTR_DRBG_ENTROPY_LEN
-#define CTR_DRBG_KEYBITS MBEDTLS_CTR_DRBG_KEYBITS
-#define CTR_DRBG_KEYSIZE MBEDTLS_CTR_DRBG_KEYSIZE
-#define CTR_DRBG_MAX_INPUT MBEDTLS_CTR_DRBG_MAX_INPUT
-#define CTR_DRBG_MAX_REQUEST MBEDTLS_CTR_DRBG_MAX_REQUEST
-#define CTR_DRBG_MAX_SEED_INPUT MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
-#define CTR_DRBG_PR_OFF MBEDTLS_CTR_DRBG_PR_OFF
-#define CTR_DRBG_PR_ON MBEDTLS_CTR_DRBG_PR_ON
-#define CTR_DRBG_RESEED_INTERVAL MBEDTLS_CTR_DRBG_RESEED_INTERVAL
-#define CTR_DRBG_SEEDLEN MBEDTLS_CTR_DRBG_SEEDLEN
-#define DEPRECATED MBEDTLS_DEPRECATED
-#define DES_DECRYPT MBEDTLS_DES_DECRYPT
-#define DES_ENCRYPT MBEDTLS_DES_ENCRYPT
-#define DES_KEY_SIZE MBEDTLS_DES_KEY_SIZE
-#define ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_BLOCK_SIZE
-#define ENTROPY_MAX_GATHER MBEDTLS_ENTROPY_MAX_GATHER
-#define ENTROPY_MAX_SEED_SIZE MBEDTLS_ENTROPY_MAX_SEED_SIZE
-#define ENTROPY_MAX_SOURCES MBEDTLS_ENTROPY_MAX_SOURCES
-#define ENTROPY_MIN_HARDCLOCK MBEDTLS_ENTROPY_MIN_HARDCLOCK
-#define ENTROPY_MIN_HAVEGE MBEDTLS_ENTROPY_MIN_HAVEGE
-#define ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM
-#define ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL
-#define EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER
-#define EXT_BASIC_CONSTRAINTS MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
-#define EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES
-#define EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS
-#define EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
-#define EXT_FRESHEST_CRL MBEDTLS_X509_EXT_FRESHEST_CRL
-#define EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY
-#define EXT_ISSUER_ALT_NAME MBEDTLS_X509_EXT_ISSUER_ALT_NAME
-#define EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE
-#define EXT_NAME_CONSTRAINTS MBEDTLS_X509_EXT_NAME_CONSTRAINTS
-#define EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE
-#define EXT_POLICY_CONSTRAINTS MBEDTLS_X509_EXT_POLICY_CONSTRAINTS
-#define EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS
-#define EXT_SUBJECT_ALT_NAME MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
-#define EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS
-#define EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER
-#define GCM_DECRYPT MBEDTLS_GCM_DECRYPT
-#define GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT
-#define KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN
-#define KU_DATA_ENCIPHERMENT MBEDTLS_X509_KU_DATA_ENCIPHERMENT
-#define KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE
-#define KU_KEY_AGREEMENT MBEDTLS_X509_KU_KEY_AGREEMENT
-#define KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN
-#define KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT
-#define KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION
-#define LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100
-#define MEMORY_VERIFY_ALLOC MBEDTLS_MEMORY_VERIFY_ALLOC
-#define MEMORY_VERIFY_ALWAYS MBEDTLS_MEMORY_VERIFY_ALWAYS
-#define MEMORY_VERIFY_FREE MBEDTLS_MEMORY_VERIFY_FREE
-#define MEMORY_VERIFY_NONE MBEDTLS_MEMORY_VERIFY_NONE
-#define MPI_CHK MBEDTLS_MPI_CHK
-#define NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP
-#define NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP
-#define NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL
-#define NS_CERT_TYPE_EMAIL_CA MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
-#define NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
-#define NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
-#define NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED
-#define NS_CERT_TYPE_SSL_CA MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
-#define NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
-#define NS_CERT_TYPE_SSL_SERVER MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
-#define OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62
-#define OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE
-#define OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD
-#define OID_ANSI_X9_62_SIG MBEDTLS_OID_ANSI_X9_62_SIG
-#define OID_ANSI_X9_62_SIG_SHA2 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2
-#define OID_ANY_EXTENDED_KEY_USAGE MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE
-#define OID_AT MBEDTLS_OID_AT
-#define OID_AT_CN MBEDTLS_OID_AT_CN
-#define OID_AT_COUNTRY MBEDTLS_OID_AT_COUNTRY
-#define OID_AT_DN_QUALIFIER MBEDTLS_OID_AT_DN_QUALIFIER
-#define OID_AT_GENERATION_QUALIFIER MBEDTLS_OID_AT_GENERATION_QUALIFIER
-#define OID_AT_GIVEN_NAME MBEDTLS_OID_AT_GIVEN_NAME
-#define OID_AT_INITIALS MBEDTLS_OID_AT_INITIALS
-#define OID_AT_LOCALITY MBEDTLS_OID_AT_LOCALITY
-#define OID_AT_ORGANIZATION MBEDTLS_OID_AT_ORGANIZATION
-#define OID_AT_ORG_UNIT MBEDTLS_OID_AT_ORG_UNIT
-#define OID_AT_POSTAL_ADDRESS MBEDTLS_OID_AT_POSTAL_ADDRESS
-#define OID_AT_POSTAL_CODE MBEDTLS_OID_AT_POSTAL_CODE
-#define OID_AT_PSEUDONYM MBEDTLS_OID_AT_PSEUDONYM
-#define OID_AT_SERIAL_NUMBER MBEDTLS_OID_AT_SERIAL_NUMBER
-#define OID_AT_STATE MBEDTLS_OID_AT_STATE
-#define OID_AT_SUR_NAME MBEDTLS_OID_AT_SUR_NAME
-#define OID_AT_TITLE MBEDTLS_OID_AT_TITLE
-#define OID_AT_UNIQUE_IDENTIFIER MBEDTLS_OID_AT_UNIQUE_IDENTIFIER
-#define OID_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER
-#define OID_BASIC_CONSTRAINTS MBEDTLS_OID_BASIC_CONSTRAINTS
-#define OID_CERTICOM MBEDTLS_OID_CERTICOM
-#define OID_CERTIFICATE_POLICIES MBEDTLS_OID_CERTIFICATE_POLICIES
-#define OID_CLIENT_AUTH MBEDTLS_OID_CLIENT_AUTH
-#define OID_CMP MBEDTLS_OID_CMP
-#define OID_CODE_SIGNING MBEDTLS_OID_CODE_SIGNING
-#define OID_COUNTRY_US MBEDTLS_OID_COUNTRY_US
-#define OID_CRL_DISTRIBUTION_POINTS MBEDTLS_OID_CRL_DISTRIBUTION_POINTS
-#define OID_CRL_NUMBER MBEDTLS_OID_CRL_NUMBER
-#define OID_DES_CBC MBEDTLS_OID_DES_CBC
-#define OID_DES_EDE3_CBC MBEDTLS_OID_DES_EDE3_CBC
-#define OID_DIGEST_ALG_MD2 MBEDTLS_OID_DIGEST_ALG_MD2
-#define OID_DIGEST_ALG_MD4 MBEDTLS_OID_DIGEST_ALG_MD4
-#define OID_DIGEST_ALG_MD5 MBEDTLS_OID_DIGEST_ALG_MD5
-#define OID_DIGEST_ALG_SHA1 MBEDTLS_OID_DIGEST_ALG_SHA1
-#define OID_DIGEST_ALG_SHA224 MBEDTLS_OID_DIGEST_ALG_SHA224
-#define OID_DIGEST_ALG_SHA256 MBEDTLS_OID_DIGEST_ALG_SHA256
-#define OID_DIGEST_ALG_SHA384 MBEDTLS_OID_DIGEST_ALG_SHA384
-#define OID_DIGEST_ALG_SHA512 MBEDTLS_OID_DIGEST_ALG_SHA512
-#define OID_DOMAIN_COMPONENT MBEDTLS_OID_DOMAIN_COMPONENT
-#define OID_ECDSA_SHA1 MBEDTLS_OID_ECDSA_SHA1
-#define OID_ECDSA_SHA224 MBEDTLS_OID_ECDSA_SHA224
-#define OID_ECDSA_SHA256 MBEDTLS_OID_ECDSA_SHA256
-#define OID_ECDSA_SHA384 MBEDTLS_OID_ECDSA_SHA384
-#define OID_ECDSA_SHA512 MBEDTLS_OID_ECDSA_SHA512
-#define OID_EC_ALG_ECDH MBEDTLS_OID_EC_ALG_ECDH
-#define OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_EC_ALG_UNRESTRICTED
-#define OID_EC_BRAINPOOL_V1 MBEDTLS_OID_EC_BRAINPOOL_V1
-#define OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_GRP_BP256R1
-#define OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_GRP_BP384R1
-#define OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_GRP_BP512R1
-#define OID_EC_GRP_SECP192K1 MBEDTLS_OID_EC_GRP_SECP192K1
-#define OID_EC_GRP_SECP192R1 MBEDTLS_OID_EC_GRP_SECP192R1
-#define OID_EC_GRP_SECP224K1 MBEDTLS_OID_EC_GRP_SECP224K1
-#define OID_EC_GRP_SECP224R1 MBEDTLS_OID_EC_GRP_SECP224R1
-#define OID_EC_GRP_SECP256K1 MBEDTLS_OID_EC_GRP_SECP256K1
-#define OID_EC_GRP_SECP256R1 MBEDTLS_OID_EC_GRP_SECP256R1
-#define OID_EC_GRP_SECP384R1 MBEDTLS_OID_EC_GRP_SECP384R1
-#define OID_EC_GRP_SECP521R1 MBEDTLS_OID_EC_GRP_SECP521R1
-#define OID_EMAIL_PROTECTION MBEDTLS_OID_EMAIL_PROTECTION
-#define OID_EXTENDED_KEY_USAGE MBEDTLS_OID_EXTENDED_KEY_USAGE
-#define OID_FRESHEST_CRL MBEDTLS_OID_FRESHEST_CRL
-#define OID_GOV MBEDTLS_OID_GOV
-#define OID_HMAC_SHA1 MBEDTLS_OID_HMAC_SHA1
-#define OID_ID_CE MBEDTLS_OID_ID_CE
-#define OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_INIHIBIT_ANYPOLICY
-#define OID_ISO_CCITT_DS MBEDTLS_OID_ISO_CCITT_DS
-#define OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ISO_IDENTIFIED_ORG
-#define OID_ISO_ITU_COUNTRY MBEDTLS_OID_ISO_ITU_COUNTRY
-#define OID_ISO_ITU_US_ORG MBEDTLS_OID_ISO_ITU_US_ORG
-#define OID_ISO_MEMBER_BODIES MBEDTLS_OID_ISO_MEMBER_BODIES
-#define OID_ISSUER_ALT_NAME MBEDTLS_OID_ISSUER_ALT_NAME
-#define OID_KEY_USAGE MBEDTLS_OID_KEY_USAGE
-#define OID_KP MBEDTLS_OID_KP
-#define OID_MGF1 MBEDTLS_OID_MGF1
-#define OID_NAME_CONSTRAINTS MBEDTLS_OID_NAME_CONSTRAINTS
-#define OID_NETSCAPE MBEDTLS_OID_NETSCAPE
-#define OID_NS_BASE_URL MBEDTLS_OID_NS_BASE_URL
-#define OID_NS_CA_POLICY_URL MBEDTLS_OID_NS_CA_POLICY_URL
-#define OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CA_REVOCATION_URL
-#define OID_NS_CERT MBEDTLS_OID_NS_CERT
-#define OID_NS_CERT_SEQUENCE MBEDTLS_OID_NS_CERT_SEQUENCE
-#define OID_NS_CERT_TYPE MBEDTLS_OID_NS_CERT_TYPE
-#define OID_NS_COMMENT MBEDTLS_OID_NS_COMMENT
-#define OID_NS_DATA_TYPE MBEDTLS_OID_NS_DATA_TYPE
-#define OID_NS_RENEWAL_URL MBEDTLS_OID_NS_RENEWAL_URL
-#define OID_NS_REVOCATION_URL MBEDTLS_OID_NS_REVOCATION_URL
-#define OID_NS_SSL_SERVER_NAME MBEDTLS_OID_NS_SSL_SERVER_NAME
-#define OID_OCSP_SIGNING MBEDTLS_OID_OCSP_SIGNING
-#define OID_OIW_SECSIG MBEDTLS_OID_OIW_SECSIG
-#define OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG_ALG
-#define OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_SHA1
-#define OID_ORGANIZATION MBEDTLS_OID_ORGANIZATION
-#define OID_ORG_ANSI_X9_62 MBEDTLS_OID_ORG_ANSI_X9_62
-#define OID_ORG_CERTICOM MBEDTLS_OID_ORG_CERTICOM
-#define OID_ORG_DOD MBEDTLS_OID_ORG_DOD
-#define OID_ORG_GOV MBEDTLS_OID_ORG_GOV
-#define OID_ORG_NETSCAPE MBEDTLS_OID_ORG_NETSCAPE
-#define OID_ORG_OIW MBEDTLS_OID_ORG_OIW
-#define OID_ORG_RSA_DATA_SECURITY MBEDTLS_OID_ORG_RSA_DATA_SECURITY
-#define OID_ORG_TELETRUST MBEDTLS_OID_ORG_TELETRUST
-#define OID_PKCS MBEDTLS_OID_PKCS
-#define OID_PKCS1 MBEDTLS_OID_PKCS1
-#define OID_PKCS12 MBEDTLS_OID_PKCS12
-#define OID_PKCS12_PBE MBEDTLS_OID_PKCS12_PBE
-#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC
-#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC
-#define OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC
-#define OID_PKCS12_PBE_SHA1_RC2_40_CBC MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC
-#define OID_PKCS12_PBE_SHA1_RC4_128 MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128
-#define OID_PKCS12_PBE_SHA1_RC4_40 MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40
-#define OID_PKCS1_MD2 MBEDTLS_OID_PKCS1_MD2
-#define OID_PKCS1_MD4 MBEDTLS_OID_PKCS1_MD4
-#define OID_PKCS1_MD5 MBEDTLS_OID_PKCS1_MD5
-#define OID_PKCS1_RSA MBEDTLS_OID_PKCS1_RSA
-#define OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1_SHA1
-#define OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1_SHA224
-#define OID_PKCS1_SHA256 MBEDTLS_OID_PKCS1_SHA256
-#define OID_PKCS1_SHA384 MBEDTLS_OID_PKCS1_SHA384
-#define OID_PKCS1_SHA512 MBEDTLS_OID_PKCS1_SHA512
-#define OID_PKCS5 MBEDTLS_OID_PKCS5
-#define OID_PKCS5_PBES2 MBEDTLS_OID_PKCS5_PBES2
-#define OID_PKCS5_PBE_MD2_DES_CBC MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC
-#define OID_PKCS5_PBE_MD2_RC2_CBC MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC
-#define OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC
-#define OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC
-#define OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC
-#define OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC
-#define OID_PKCS5_PBKDF2 MBEDTLS_OID_PKCS5_PBKDF2
-#define OID_PKCS5_PBMAC1 MBEDTLS_OID_PKCS5_PBMAC1
-#define OID_PKCS9 MBEDTLS_OID_PKCS9
-#define OID_PKCS9_CSR_EXT_REQ MBEDTLS_OID_PKCS9_CSR_EXT_REQ
-#define OID_PKCS9_EMAIL MBEDTLS_OID_PKCS9_EMAIL
-#define OID_PKIX MBEDTLS_OID_PKIX
-#define OID_POLICY_CONSTRAINTS MBEDTLS_OID_POLICY_CONSTRAINTS
-#define OID_POLICY_MAPPINGS MBEDTLS_OID_POLICY_MAPPINGS
-#define OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD
-#define OID_RSASSA_PSS MBEDTLS_OID_RSASSA_PSS
-#define OID_RSA_COMPANY MBEDTLS_OID_RSA_COMPANY
-#define OID_RSA_SHA_OBS MBEDTLS_OID_RSA_SHA_OBS
-#define OID_SERVER_AUTH MBEDTLS_OID_SERVER_AUTH
-#define OID_SIZE MBEDTLS_OID_SIZE
-#define OID_SUBJECT_ALT_NAME MBEDTLS_OID_SUBJECT_ALT_NAME
-#define OID_SUBJECT_DIRECTORY_ATTRS MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS
-#define OID_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER
-#define OID_TELETRUST MBEDTLS_OID_TELETRUST
-#define OID_TIME_STAMPING MBEDTLS_OID_TIME_STAMPING
-#define PADLOCK_ACE MBEDTLS_PADLOCK_ACE
-#define PADLOCK_ALIGN16 MBEDTLS_PADLOCK_ALIGN16
-#define PADLOCK_PHE MBEDTLS_PADLOCK_PHE
-#define PADLOCK_PMM MBEDTLS_PADLOCK_PMM
-#define PADLOCK_RNG MBEDTLS_PADLOCK_RNG
-#define PKCS12_DERIVE_IV MBEDTLS_PKCS12_DERIVE_IV
-#define PKCS12_DERIVE_KEY MBEDTLS_PKCS12_DERIVE_KEY
-#define PKCS12_DERIVE_MAC_KEY MBEDTLS_PKCS12_DERIVE_MAC_KEY
-#define PKCS12_PBE_DECRYPT MBEDTLS_PKCS12_PBE_DECRYPT
-#define PKCS12_PBE_ENCRYPT MBEDTLS_PKCS12_PBE_ENCRYPT
-#define PKCS5_DECRYPT MBEDTLS_PKCS5_DECRYPT
-#define PKCS5_ENCRYPT MBEDTLS_PKCS5_ENCRYPT
-#define POLARSSL_AESNI_AES MBEDTLS_AESNI_AES
-#define POLARSSL_AESNI_CLMUL MBEDTLS_AESNI_CLMUL
-#define POLARSSL_AESNI_H MBEDTLS_AESNI_H
-#define POLARSSL_AES_H MBEDTLS_AES_H
-#define POLARSSL_ARC4_H MBEDTLS_ARC4_H
-#define POLARSSL_ASN1_H MBEDTLS_ASN1_H
-#define POLARSSL_ASN1_WRITE_H MBEDTLS_ASN1_WRITE_H
-#define POLARSSL_BASE64_H MBEDTLS_BASE64_H
-#define POLARSSL_BIGNUM_H MBEDTLS_BIGNUM_H
-#define POLARSSL_BLOWFISH_H MBEDTLS_BLOWFISH_H
-#define POLARSSL_BN_MUL_H MBEDTLS_BN_MUL_H
-#define POLARSSL_CAMELLIA_H MBEDTLS_CAMELLIA_H
-#define POLARSSL_CCM_H MBEDTLS_CCM_H
-#define POLARSSL_CERTS_H MBEDTLS_CERTS_H
-#define POLARSSL_CHECK_CONFIG_H MBEDTLS_CHECK_CONFIG_H
-#define POLARSSL_CIPHERSUITE_NODTLS MBEDTLS_CIPHERSUITE_NODTLS
-#define POLARSSL_CIPHERSUITE_SHORT_TAG MBEDTLS_CIPHERSUITE_SHORT_TAG
-#define POLARSSL_CIPHERSUITE_WEAK MBEDTLS_CIPHERSUITE_WEAK
-#define POLARSSL_CIPHER_AES_128_CBC MBEDTLS_CIPHER_AES_128_CBC
-#define POLARSSL_CIPHER_AES_128_CCM MBEDTLS_CIPHER_AES_128_CCM
-#define POLARSSL_CIPHER_AES_128_CFB128 MBEDTLS_CIPHER_AES_128_CFB128
-#define POLARSSL_CIPHER_AES_128_CTR MBEDTLS_CIPHER_AES_128_CTR
-#define POLARSSL_CIPHER_AES_128_ECB MBEDTLS_CIPHER_AES_128_ECB
-#define POLARSSL_CIPHER_AES_128_GCM MBEDTLS_CIPHER_AES_128_GCM
-#define POLARSSL_CIPHER_AES_192_CBC MBEDTLS_CIPHER_AES_192_CBC
-#define POLARSSL_CIPHER_AES_192_CCM MBEDTLS_CIPHER_AES_192_CCM
-#define POLARSSL_CIPHER_AES_192_CFB128 MBEDTLS_CIPHER_AES_192_CFB128
-#define POLARSSL_CIPHER_AES_192_CTR MBEDTLS_CIPHER_AES_192_CTR
-#define POLARSSL_CIPHER_AES_192_ECB MBEDTLS_CIPHER_AES_192_ECB
-#define POLARSSL_CIPHER_AES_192_GCM MBEDTLS_CIPHER_AES_192_GCM
-#define POLARSSL_CIPHER_AES_256_CBC MBEDTLS_CIPHER_AES_256_CBC
-#define POLARSSL_CIPHER_AES_256_CCM MBEDTLS_CIPHER_AES_256_CCM
-#define POLARSSL_CIPHER_AES_256_CFB128 MBEDTLS_CIPHER_AES_256_CFB128
-#define POLARSSL_CIPHER_AES_256_CTR MBEDTLS_CIPHER_AES_256_CTR
-#define POLARSSL_CIPHER_AES_256_ECB MBEDTLS_CIPHER_AES_256_ECB
-#define POLARSSL_CIPHER_AES_256_GCM MBEDTLS_CIPHER_AES_256_GCM
-#define POLARSSL_CIPHER_ARC4_128 MBEDTLS_CIPHER_ARC4_128
-#define POLARSSL_CIPHER_BLOWFISH_CBC MBEDTLS_CIPHER_BLOWFISH_CBC
-#define POLARSSL_CIPHER_BLOWFISH_CFB64 MBEDTLS_CIPHER_BLOWFISH_CFB64
-#define POLARSSL_CIPHER_BLOWFISH_CTR MBEDTLS_CIPHER_BLOWFISH_CTR
-#define POLARSSL_CIPHER_BLOWFISH_ECB MBEDTLS_CIPHER_BLOWFISH_ECB
-#define POLARSSL_CIPHER_CAMELLIA_128_CBC MBEDTLS_CIPHER_CAMELLIA_128_CBC
-#define POLARSSL_CIPHER_CAMELLIA_128_CCM MBEDTLS_CIPHER_CAMELLIA_128_CCM
-#define POLARSSL_CIPHER_CAMELLIA_128_CFB128 MBEDTLS_CIPHER_CAMELLIA_128_CFB128
-#define POLARSSL_CIPHER_CAMELLIA_128_CTR MBEDTLS_CIPHER_CAMELLIA_128_CTR
-#define POLARSSL_CIPHER_CAMELLIA_128_ECB MBEDTLS_CIPHER_CAMELLIA_128_ECB
-#define POLARSSL_CIPHER_CAMELLIA_128_GCM MBEDTLS_CIPHER_CAMELLIA_128_GCM
-#define POLARSSL_CIPHER_CAMELLIA_192_CBC MBEDTLS_CIPHER_CAMELLIA_192_CBC
-#define POLARSSL_CIPHER_CAMELLIA_192_CCM MBEDTLS_CIPHER_CAMELLIA_192_CCM
-#define POLARSSL_CIPHER_CAMELLIA_192_CFB128 MBEDTLS_CIPHER_CAMELLIA_192_CFB128
-#define POLARSSL_CIPHER_CAMELLIA_192_CTR MBEDTLS_CIPHER_CAMELLIA_192_CTR
-#define POLARSSL_CIPHER_CAMELLIA_192_ECB MBEDTLS_CIPHER_CAMELLIA_192_ECB
-#define POLARSSL_CIPHER_CAMELLIA_192_GCM MBEDTLS_CIPHER_CAMELLIA_192_GCM
-#define POLARSSL_CIPHER_CAMELLIA_256_CBC MBEDTLS_CIPHER_CAMELLIA_256_CBC
-#define POLARSSL_CIPHER_CAMELLIA_256_CCM MBEDTLS_CIPHER_CAMELLIA_256_CCM
-#define POLARSSL_CIPHER_CAMELLIA_256_CFB128 MBEDTLS_CIPHER_CAMELLIA_256_CFB128
-#define POLARSSL_CIPHER_CAMELLIA_256_CTR MBEDTLS_CIPHER_CAMELLIA_256_CTR
-#define POLARSSL_CIPHER_CAMELLIA_256_ECB MBEDTLS_CIPHER_CAMELLIA_256_ECB
-#define POLARSSL_CIPHER_CAMELLIA_256_GCM MBEDTLS_CIPHER_CAMELLIA_256_GCM
-#define POLARSSL_CIPHER_DES_CBC MBEDTLS_CIPHER_DES_CBC
-#define POLARSSL_CIPHER_DES_ECB MBEDTLS_CIPHER_DES_ECB
-#define POLARSSL_CIPHER_DES_EDE3_CBC MBEDTLS_CIPHER_DES_EDE3_CBC
-#define POLARSSL_CIPHER_DES_EDE3_ECB MBEDTLS_CIPHER_DES_EDE3_ECB
-#define POLARSSL_CIPHER_DES_EDE_CBC MBEDTLS_CIPHER_DES_EDE_CBC
-#define POLARSSL_CIPHER_DES_EDE_ECB MBEDTLS_CIPHER_DES_EDE_ECB
-#define POLARSSL_CIPHER_H MBEDTLS_CIPHER_H
-#define POLARSSL_CIPHER_ID_3DES MBEDTLS_CIPHER_ID_3DES
-#define POLARSSL_CIPHER_ID_AES MBEDTLS_CIPHER_ID_AES
-#define POLARSSL_CIPHER_ID_ARC4 MBEDTLS_CIPHER_ID_ARC4
-#define POLARSSL_CIPHER_ID_BLOWFISH MBEDTLS_CIPHER_ID_BLOWFISH
-#define POLARSSL_CIPHER_ID_CAMELLIA MBEDTLS_CIPHER_ID_CAMELLIA
-#define POLARSSL_CIPHER_ID_DES MBEDTLS_CIPHER_ID_DES
-#define POLARSSL_CIPHER_ID_NONE MBEDTLS_CIPHER_ID_NONE
-#define POLARSSL_CIPHER_ID_NULL MBEDTLS_CIPHER_ID_NULL
-#define POLARSSL_CIPHER_MODE_AEAD MBEDTLS_CIPHER_MODE_AEAD
-#define POLARSSL_CIPHER_MODE_STREAM MBEDTLS_CIPHER_MODE_STREAM
-#define POLARSSL_CIPHER_MODE_WITH_PADDING MBEDTLS_CIPHER_MODE_WITH_PADDING
-#define POLARSSL_CIPHER_NONE MBEDTLS_CIPHER_NONE
-#define POLARSSL_CIPHER_NULL MBEDTLS_CIPHER_NULL
-#define POLARSSL_CIPHER_VARIABLE_IV_LEN MBEDTLS_CIPHER_VARIABLE_IV_LEN
-#define POLARSSL_CIPHER_VARIABLE_KEY_LEN MBEDTLS_CIPHER_VARIABLE_KEY_LEN
-#define POLARSSL_CIPHER_WRAP_H MBEDTLS_CIPHER_WRAP_H
-#define POLARSSL_CONFIG_H MBEDTLS_CONFIG_H
-#define POLARSSL_CTR_DRBG_H MBEDTLS_CTR_DRBG_H
-#define POLARSSL_DEBUG_H MBEDTLS_DEBUG_H
-#define POLARSSL_DECRYPT MBEDTLS_DECRYPT
-#define POLARSSL_DES_H MBEDTLS_DES_H
-#define POLARSSL_DHM_H MBEDTLS_DHM_H
-#define POLARSSL_DHM_RFC3526_MODP_2048_G MBEDTLS_DHM_RFC3526_MODP_2048_G
-#define POLARSSL_DHM_RFC3526_MODP_2048_P MBEDTLS_DHM_RFC3526_MODP_2048_P
-#define POLARSSL_DHM_RFC3526_MODP_3072_G MBEDTLS_DHM_RFC3526_MODP_3072_G
-#define POLARSSL_DHM_RFC3526_MODP_3072_P MBEDTLS_DHM_RFC3526_MODP_3072_P
-#define POLARSSL_DHM_RFC5114_MODP_2048_G MBEDTLS_DHM_RFC5114_MODP_2048_G
-#define POLARSSL_DHM_RFC5114_MODP_2048_P MBEDTLS_DHM_RFC5114_MODP_2048_P
-#define POLARSSL_ECDH_H MBEDTLS_ECDH_H
-#define POLARSSL_ECDH_OURS MBEDTLS_ECDH_OURS
-#define POLARSSL_ECDH_THEIRS MBEDTLS_ECDH_THEIRS
-#define POLARSSL_ECDSA_H MBEDTLS_ECDSA_H
-#define POLARSSL_ECP_DP_BP256R1 MBEDTLS_ECP_DP_BP256R1
-#define POLARSSL_ECP_DP_BP384R1 MBEDTLS_ECP_DP_BP384R1
-#define POLARSSL_ECP_DP_BP512R1 MBEDTLS_ECP_DP_BP512R1
-#define POLARSSL_ECP_DP_M255 MBEDTLS_ECP_DP_CURVE25519
-#define POLARSSL_ECP_DP_MAX MBEDTLS_ECP_DP_MAX
-#define POLARSSL_ECP_DP_NONE MBEDTLS_ECP_DP_NONE
-#define POLARSSL_ECP_DP_SECP192K1 MBEDTLS_ECP_DP_SECP192K1
-#define POLARSSL_ECP_DP_SECP192R1 MBEDTLS_ECP_DP_SECP192R1
-#define POLARSSL_ECP_DP_SECP224K1 MBEDTLS_ECP_DP_SECP224K1
-#define POLARSSL_ECP_DP_SECP224R1 MBEDTLS_ECP_DP_SECP224R1
-#define POLARSSL_ECP_DP_SECP256K1 MBEDTLS_ECP_DP_SECP256K1
-#define POLARSSL_ECP_DP_SECP256R1 MBEDTLS_ECP_DP_SECP256R1
-#define POLARSSL_ECP_DP_SECP384R1 MBEDTLS_ECP_DP_SECP384R1
-#define POLARSSL_ECP_DP_SECP521R1 MBEDTLS_ECP_DP_SECP521R1
-#define POLARSSL_ECP_H MBEDTLS_ECP_H
-#define POLARSSL_ECP_MAX_BYTES MBEDTLS_ECP_MAX_BYTES
-#define POLARSSL_ECP_MAX_PT_LEN MBEDTLS_ECP_MAX_PT_LEN
-#define POLARSSL_ECP_PF_COMPRESSED MBEDTLS_ECP_PF_COMPRESSED
-#define POLARSSL_ECP_PF_UNCOMPRESSED MBEDTLS_ECP_PF_UNCOMPRESSED
-#define POLARSSL_ECP_TLS_NAMED_CURVE MBEDTLS_ECP_TLS_NAMED_CURVE
-#define POLARSSL_ENCRYPT MBEDTLS_ENCRYPT
-#define POLARSSL_ENTROPY_H MBEDTLS_ENTROPY_H
-#define POLARSSL_ENTROPY_POLL_H MBEDTLS_ENTROPY_POLL_H
-#define POLARSSL_ENTROPY_SHA256_ACCUMULATOR MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
-#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
-#define POLARSSL_ERROR_H MBEDTLS_ERROR_H
-#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
-#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
-#define POLARSSL_ERR_ASN1_BUF_TOO_SMALL MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
-#define POLARSSL_ERR_ASN1_INVALID_DATA MBEDTLS_ERR_ASN1_INVALID_DATA
-#define POLARSSL_ERR_ASN1_INVALID_LENGTH MBEDTLS_ERR_ASN1_INVALID_LENGTH
-#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
-#define POLARSSL_ERR_ASN1_MALLOC_FAILED MBEDTLS_ERR_ASN1_ALLOC_FAILED
-#define POLARSSL_ERR_ASN1_OUT_OF_DATA MBEDTLS_ERR_ASN1_OUT_OF_DATA
-#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
-#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL
-#define POLARSSL_ERR_BASE64_INVALID_CHARACTER MBEDTLS_ERR_BASE64_INVALID_CHARACTER
-#define POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
-#define POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
-#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
-#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
-#define POLARSSL_ERR_CCM_AUTH_FAILED MBEDTLS_ERR_CCM_AUTH_FAILED
-#define POLARSSL_ERR_CCM_BAD_INPUT MBEDTLS_ERR_CCM_BAD_INPUT
-#define POLARSSL_ERR_CIPHER_ALLOC_FAILED MBEDTLS_ERR_CIPHER_ALLOC_FAILED
-#define POLARSSL_ERR_CIPHER_AUTH_FAILED MBEDTLS_ERR_CIPHER_AUTH_FAILED
-#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
-#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED
-#define POLARSSL_ERR_CIPHER_INVALID_PADDING MBEDTLS_ERR_CIPHER_INVALID_PADDING
-#define POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
-#define POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR
-#define POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG
-#define POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
-#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
-#define POLARSSL_ERR_DHM_BAD_INPUT_DATA MBEDTLS_ERR_DHM_BAD_INPUT_DATA
-#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED MBEDTLS_ERR_DHM_CALC_SECRET_FAILED
-#define POLARSSL_ERR_DHM_FILE_IO_ERROR MBEDTLS_ERR_DHM_FILE_IO_ERROR
-#define POLARSSL_ERR_DHM_INVALID_FORMAT MBEDTLS_ERR_DHM_INVALID_FORMAT
-#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED
-#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED
-#define POLARSSL_ERR_DHM_MALLOC_FAILED MBEDTLS_ERR_DHM_ALLOC_FAILED
-#define POLARSSL_ERR_DHM_READ_PARAMS_FAILED MBEDTLS_ERR_DHM_READ_PARAMS_FAILED
-#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED
-#define POLARSSL_ERR_ECP_BAD_INPUT_DATA MBEDTLS_ERR_ECP_BAD_INPUT_DATA
-#define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
-#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_ECP_INVALID_KEY MBEDTLS_ERR_ECP_INVALID_KEY
-#define POLARSSL_ERR_ECP_MALLOC_FAILED MBEDTLS_ERR_ECP_ALLOC_FAILED
-#define POLARSSL_ERR_ECP_RANDOM_FAILED MBEDTLS_ERR_ECP_RANDOM_FAILED
-#define POLARSSL_ERR_ECP_SIG_LEN_MISMATCH MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH
-#define POLARSSL_ERR_ECP_VERIFY_FAILED MBEDTLS_ERR_ECP_VERIFY_FAILED
-#define POLARSSL_ERR_ENTROPY_FILE_IO_ERROR MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR
-#define POLARSSL_ERR_ENTROPY_MAX_SOURCES MBEDTLS_ERR_ENTROPY_MAX_SOURCES
-#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED
-#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
-#define POLARSSL_ERR_GCM_AUTH_FAILED MBEDTLS_ERR_GCM_AUTH_FAILED
-#define POLARSSL_ERR_GCM_BAD_INPUT MBEDTLS_ERR_GCM_BAD_INPUT
-#define POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
-#define POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
-#define POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
-#define POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
-#define POLARSSL_ERR_MD_ALLOC_FAILED MBEDTLS_ERR_MD_ALLOC_FAILED
-#define POLARSSL_ERR_MD_BAD_INPUT_DATA MBEDTLS_ERR_MD_BAD_INPUT_DATA
-#define POLARSSL_ERR_MD_FEATURE_UNAVAILABLE MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_MD_FILE_IO_ERROR MBEDTLS_ERR_MD_FILE_IO_ERROR
-#define POLARSSL_ERR_MPI_BAD_INPUT_DATA MBEDTLS_ERR_MPI_BAD_INPUT_DATA
-#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
-#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
-#define POLARSSL_ERR_MPI_FILE_IO_ERROR MBEDTLS_ERR_MPI_FILE_IO_ERROR
-#define POLARSSL_ERR_MPI_INVALID_CHARACTER MBEDTLS_ERR_MPI_INVALID_CHARACTER
-#define POLARSSL_ERR_MPI_MALLOC_FAILED MBEDTLS_ERR_MPI_ALLOC_FAILED
-#define POLARSSL_ERR_MPI_NEGATIVE_VALUE MBEDTLS_ERR_MPI_NEGATIVE_VALUE
-#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
-#define POLARSSL_ERR_NET_ACCEPT_FAILED MBEDTLS_ERR_NET_ACCEPT_FAILED
-#define POLARSSL_ERR_NET_BIND_FAILED MBEDTLS_ERR_NET_BIND_FAILED
-#define POLARSSL_ERR_NET_CONNECT_FAILED MBEDTLS_ERR_NET_CONNECT_FAILED
-#define POLARSSL_ERR_NET_CONN_RESET MBEDTLS_ERR_NET_CONN_RESET
-#define POLARSSL_ERR_NET_LISTEN_FAILED MBEDTLS_ERR_NET_LISTEN_FAILED
-#define POLARSSL_ERR_NET_RECV_FAILED MBEDTLS_ERR_NET_RECV_FAILED
-#define POLARSSL_ERR_NET_SEND_FAILED MBEDTLS_ERR_NET_SEND_FAILED
-#define POLARSSL_ERR_NET_SOCKET_FAILED MBEDTLS_ERR_NET_SOCKET_FAILED
-#define POLARSSL_ERR_NET_TIMEOUT MBEDTLS_ERR_SSL_TIMEOUT
-#define POLARSSL_ERR_NET_UNKNOWN_HOST MBEDTLS_ERR_NET_UNKNOWN_HOST
-#define POLARSSL_ERR_NET_WANT_READ MBEDTLS_ERR_SSL_WANT_READ
-#define POLARSSL_ERR_NET_WANT_WRITE MBEDTLS_ERR_SSL_WANT_WRITE
-#define POLARSSL_ERR_OID_BUF_TOO_SMALL MBEDTLS_ERR_OID_BUF_TOO_SMALL
-#define POLARSSL_ERR_OID_NOT_FOUND MBEDTLS_ERR_OID_NOT_FOUND
-#define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED
-#define POLARSSL_ERR_PEM_BAD_INPUT_DATA MBEDTLS_ERR_PEM_BAD_INPUT_DATA
-#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_PEM_INVALID_DATA MBEDTLS_ERR_PEM_INVALID_DATA
-#define POLARSSL_ERR_PEM_INVALID_ENC_IV MBEDTLS_ERR_PEM_INVALID_ENC_IV
-#define POLARSSL_ERR_PEM_MALLOC_FAILED MBEDTLS_ERR_PEM_ALLOC_FAILED
-#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
-#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH MBEDTLS_ERR_PEM_PASSWORD_MISMATCH
-#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED MBEDTLS_ERR_PEM_PASSWORD_REQUIRED
-#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG
-#define POLARSSL_ERR_PKCS12_BAD_INPUT_DATA MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA
-#define POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH
-#define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT
-#define POLARSSL_ERR_PKCS5_BAD_INPUT_DATA MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA
-#define POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_PKCS5_INVALID_FORMAT MBEDTLS_ERR_PKCS5_INVALID_FORMAT
-#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH
-#define POLARSSL_ERR_PK_BAD_INPUT_DATA MBEDTLS_ERR_PK_BAD_INPUT_DATA
-#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_PK_FILE_IO_ERROR MBEDTLS_ERR_PK_FILE_IO_ERROR
-#define POLARSSL_ERR_PK_INVALID_ALG MBEDTLS_ERR_PK_INVALID_ALG
-#define POLARSSL_ERR_PK_INVALID_PUBKEY MBEDTLS_ERR_PK_INVALID_PUBKEY
-#define POLARSSL_ERR_PK_KEY_INVALID_FORMAT MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-#define POLARSSL_ERR_PK_KEY_INVALID_VERSION MBEDTLS_ERR_PK_KEY_INVALID_VERSION
-#define POLARSSL_ERR_PK_MALLOC_FAILED MBEDTLS_ERR_PK_ALLOC_FAILED
-#define POLARSSL_ERR_PK_PASSWORD_MISMATCH MBEDTLS_ERR_PK_PASSWORD_MISMATCH
-#define POLARSSL_ERR_PK_PASSWORD_REQUIRED MBEDTLS_ERR_PK_PASSWORD_REQUIRED
-#define POLARSSL_ERR_PK_SIG_LEN_MISMATCH MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
-#define POLARSSL_ERR_PK_TYPE_MISMATCH MBEDTLS_ERR_PK_TYPE_MISMATCH
-#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE
-#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG MBEDTLS_ERR_PK_UNKNOWN_PK_ALG
-#define POLARSSL_ERR_RSA_BAD_INPUT_DATA MBEDTLS_ERR_RSA_BAD_INPUT_DATA
-#define POLARSSL_ERR_RSA_INVALID_PADDING MBEDTLS_ERR_RSA_INVALID_PADDING
-#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
-#define POLARSSL_ERR_RSA_KEY_GEN_FAILED MBEDTLS_ERR_RSA_KEY_GEN_FAILED
-#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
-#define POLARSSL_ERR_RSA_PRIVATE_FAILED MBEDTLS_ERR_RSA_PRIVATE_FAILED
-#define POLARSSL_ERR_RSA_PUBLIC_FAILED MBEDTLS_ERR_RSA_PUBLIC_FAILED
-#define POLARSSL_ERR_RSA_RNG_FAILED MBEDTLS_ERR_RSA_RNG_FAILED
-#define POLARSSL_ERR_RSA_VERIFY_FAILED MBEDTLS_ERR_RSA_VERIFY_FAILED
-#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
-#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST
-#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY
-#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC
-#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_HELLO MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO
-#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE
-#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS
-#define POLARSSL_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP
-#define POLARSSL_ERR_SSL_BAD_HS_FINISHED MBEDTLS_ERR_SSL_BAD_HS_FINISHED
-#define POLARSSL_ERR_SSL_BAD_HS_NEW_SESSION_TICKET MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET
-#define POLARSSL_ERR_SSL_BAD_HS_PROTOCOL_VERSION MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION
-#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO
-#define POLARSSL_ERR_SSL_BAD_HS_SERVER_HELLO_DONE MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE
-#define POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE
-#define POLARSSL_ERR_SSL_BAD_INPUT_DATA MBEDTLS_ERR_SSL_BAD_INPUT_DATA
-#define POLARSSL_ERR_SSL_BUFFER_TOO_SMALL MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL
-#define POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED
-#define POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED
-#define POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE
-#define POLARSSL_ERR_SSL_COMPRESSION_FAILED MBEDTLS_ERR_SSL_COMPRESSION_FAILED
-#define POLARSSL_ERR_SSL_CONN_EOF MBEDTLS_ERR_SSL_CONN_EOF
-#define POLARSSL_ERR_SSL_COUNTER_WRAPPING MBEDTLS_ERR_SSL_COUNTER_WRAPPING
-#define POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE
-#define POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED
-#define POLARSSL_ERR_SSL_HW_ACCEL_FAILED MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
-#define POLARSSL_ERR_SSL_HW_ACCEL_FALLTHROUGH MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH
-#define POLARSSL_ERR_SSL_INTERNAL_ERROR MBEDTLS_ERR_SSL_INTERNAL_ERROR
-#define POLARSSL_ERR_SSL_INVALID_MAC MBEDTLS_ERR_SSL_INVALID_MAC
-#define POLARSSL_ERR_SSL_INVALID_RECORD MBEDTLS_ERR_SSL_INVALID_RECORD
-#define POLARSSL_ERR_SSL_MALLOC_FAILED MBEDTLS_ERR_SSL_ALLOC_FAILED
-#define POLARSSL_ERR_SSL_NO_CIPHER_CHOSEN MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN
-#define POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE
-#define POLARSSL_ERR_SSL_NO_RNG MBEDTLS_ERR_SSL_NO_RNG
-#define POLARSSL_ERR_SSL_NO_USABLE_CIPHERSUITE MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE
-#define POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY
-#define POLARSSL_ERR_SSL_PEER_VERIFY_FAILED MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED
-#define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH
-#define POLARSSL_ERR_SSL_PRIVATE_KEY_REQUIRED MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED
-#define POLARSSL_ERR_SSL_SESSION_TICKET_EXPIRED MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED
-#define POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
-#define POLARSSL_ERR_SSL_UNKNOWN_CIPHER MBEDTLS_ERR_SSL_UNKNOWN_CIPHER
-#define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY
-#define POLARSSL_ERR_SSL_WAITING_SERVER_HELLO_RENEGO MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO
-#define POLARSSL_ERR_THREADING_BAD_INPUT_DATA MBEDTLS_ERR_THREADING_BAD_INPUT_DATA
-#define POLARSSL_ERR_THREADING_FEATURE_UNAVAILABLE MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_THREADING_MUTEX_ERROR MBEDTLS_ERR_THREADING_MUTEX_ERROR
-#define POLARSSL_ERR_X509_BAD_INPUT_DATA MBEDTLS_ERR_X509_BAD_INPUT_DATA
-#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT
-#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
-#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
-#define POLARSSL_ERR_X509_FILE_IO_ERROR MBEDTLS_ERR_X509_FILE_IO_ERROR
-#define POLARSSL_ERR_X509_INVALID_ALG MBEDTLS_ERR_X509_INVALID_ALG
-#define POLARSSL_ERR_X509_INVALID_DATE MBEDTLS_ERR_X509_INVALID_DATE
-#define POLARSSL_ERR_X509_INVALID_EXTENSIONS MBEDTLS_ERR_X509_INVALID_EXTENSIONS
-#define POLARSSL_ERR_X509_INVALID_FORMAT MBEDTLS_ERR_X509_INVALID_FORMAT
-#define POLARSSL_ERR_X509_INVALID_NAME MBEDTLS_ERR_X509_INVALID_NAME
-#define POLARSSL_ERR_X509_INVALID_SERIAL MBEDTLS_ERR_X509_INVALID_SERIAL
-#define POLARSSL_ERR_X509_INVALID_SIGNATURE MBEDTLS_ERR_X509_INVALID_SIGNATURE
-#define POLARSSL_ERR_X509_INVALID_VERSION MBEDTLS_ERR_X509_INVALID_VERSION
-#define POLARSSL_ERR_X509_MALLOC_FAILED MBEDTLS_ERR_X509_ALLOC_FAILED
-#define POLARSSL_ERR_X509_SIG_MISMATCH MBEDTLS_ERR_X509_SIG_MISMATCH
-#define POLARSSL_ERR_X509_UNKNOWN_OID MBEDTLS_ERR_X509_UNKNOWN_OID
-#define POLARSSL_ERR_X509_UNKNOWN_SIG_ALG MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
-#define POLARSSL_ERR_X509_UNKNOWN_VERSION MBEDTLS_ERR_X509_UNKNOWN_VERSION
-#define POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH
-#define POLARSSL_GCM_H MBEDTLS_GCM_H
-#define POLARSSL_HAVEGE_H MBEDTLS_HAVEGE_H
-#define POLARSSL_HAVE_INT32 MBEDTLS_HAVE_INT32
-#define POLARSSL_HAVE_INT64 MBEDTLS_HAVE_INT64
-#define POLARSSL_HAVE_UDBL MBEDTLS_HAVE_UDBL
-#define POLARSSL_HAVE_X86 MBEDTLS_HAVE_X86
-#define POLARSSL_HAVE_X86_64 MBEDTLS_HAVE_X86_64
-#define POLARSSL_HMAC_DRBG_H MBEDTLS_HMAC_DRBG_H
-#define POLARSSL_HMAC_DRBG_PR_OFF MBEDTLS_HMAC_DRBG_PR_OFF
-#define POLARSSL_HMAC_DRBG_PR_ON MBEDTLS_HMAC_DRBG_PR_ON
-#define POLARSSL_KEY_EXCHANGE_DHE_PSK MBEDTLS_KEY_EXCHANGE_DHE_PSK
-#define POLARSSL_KEY_EXCHANGE_DHE_RSA MBEDTLS_KEY_EXCHANGE_DHE_RSA
-#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
-#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK MBEDTLS_KEY_EXCHANGE_ECDHE_PSK
-#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA MBEDTLS_KEY_EXCHANGE_ECDHE_RSA
-#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA
-#define POLARSSL_KEY_EXCHANGE_ECDH_RSA MBEDTLS_KEY_EXCHANGE_ECDH_RSA
-#define POLARSSL_KEY_EXCHANGE_NONE MBEDTLS_KEY_EXCHANGE_NONE
-#define POLARSSL_KEY_EXCHANGE_PSK MBEDTLS_KEY_EXCHANGE_PSK
-#define POLARSSL_KEY_EXCHANGE_RSA MBEDTLS_KEY_EXCHANGE_RSA
-#define POLARSSL_KEY_EXCHANGE_RSA_PSK MBEDTLS_KEY_EXCHANGE_RSA_PSK
-#define POLARSSL_KEY_EXCHANGE__SOME__ECDHE_ENABLED MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
-#define POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
-#define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
-#define POLARSSL_KEY_LENGTH_DES MBEDTLS_KEY_LENGTH_DES
-#define POLARSSL_KEY_LENGTH_DES_EDE MBEDTLS_KEY_LENGTH_DES_EDE
-#define POLARSSL_KEY_LENGTH_DES_EDE3 MBEDTLS_KEY_LENGTH_DES_EDE3
-#define POLARSSL_KEY_LENGTH_NONE MBEDTLS_KEY_LENGTH_NONE
-#define POLARSSL_MAX_BLOCK_LENGTH MBEDTLS_MAX_BLOCK_LENGTH
-#define POLARSSL_MAX_IV_LENGTH MBEDTLS_MAX_IV_LENGTH
-#define POLARSSL_MD2_H MBEDTLS_MD2_H
-#define POLARSSL_MD4_H MBEDTLS_MD4_H
-#define POLARSSL_MD5_H MBEDTLS_MD5_H
-#define POLARSSL_MD_H MBEDTLS_MD_H
-#define POLARSSL_MD_MAX_SIZE MBEDTLS_MD_MAX_SIZE
-#define POLARSSL_MD_MD2 MBEDTLS_MD_MD2
-#define POLARSSL_MD_MD4 MBEDTLS_MD_MD4
-#define POLARSSL_MD_MD5 MBEDTLS_MD_MD5
-#define POLARSSL_MD_NONE MBEDTLS_MD_NONE
-#define POLARSSL_MD_RIPEMD160 MBEDTLS_MD_RIPEMD160
-#define POLARSSL_MD_SHA1 MBEDTLS_MD_SHA1
-#define POLARSSL_MD_SHA224 MBEDTLS_MD_SHA224
-#define POLARSSL_MD_SHA256 MBEDTLS_MD_SHA256
-#define POLARSSL_MD_SHA384 MBEDTLS_MD_SHA384
-#define POLARSSL_MD_SHA512 MBEDTLS_MD_SHA512
-#define POLARSSL_MD_WRAP_H MBEDTLS_MD_WRAP_H
-#define POLARSSL_MEMORY_BUFFER_ALLOC_H MBEDTLS_MEMORY_BUFFER_ALLOC_H
-#define POLARSSL_MODE_CBC MBEDTLS_MODE_CBC
-#define POLARSSL_MODE_CCM MBEDTLS_MODE_CCM
-#define POLARSSL_MODE_CFB MBEDTLS_MODE_CFB
-#define POLARSSL_MODE_CTR MBEDTLS_MODE_CTR
-#define POLARSSL_MODE_ECB MBEDTLS_MODE_ECB
-#define POLARSSL_MODE_GCM MBEDTLS_MODE_GCM
-#define POLARSSL_MODE_NONE MBEDTLS_MODE_NONE
-#define POLARSSL_MODE_OFB MBEDTLS_MODE_OFB
-#define POLARSSL_MODE_STREAM MBEDTLS_MODE_STREAM
-#define POLARSSL_MPI_MAX_BITS MBEDTLS_MPI_MAX_BITS
-#define POLARSSL_MPI_MAX_BITS_SCALE100 MBEDTLS_MPI_MAX_BITS_SCALE100
-#define POLARSSL_MPI_MAX_LIMBS MBEDTLS_MPI_MAX_LIMBS
-#define POLARSSL_MPI_RW_BUFFER_SIZE MBEDTLS_MPI_RW_BUFFER_SIZE
-#define POLARSSL_NET_H MBEDTLS_NET_SOCKETS_H
-#define POLARSSL_NET_LISTEN_BACKLOG MBEDTLS_NET_LISTEN_BACKLOG
-#define POLARSSL_OID_H MBEDTLS_OID_H
-#define POLARSSL_OPERATION_NONE MBEDTLS_OPERATION_NONE
-#define POLARSSL_PADDING_NONE MBEDTLS_PADDING_NONE
-#define POLARSSL_PADDING_ONE_AND_ZEROS MBEDTLS_PADDING_ONE_AND_ZEROS
-#define POLARSSL_PADDING_PKCS7 MBEDTLS_PADDING_PKCS7
-#define POLARSSL_PADDING_ZEROS MBEDTLS_PADDING_ZEROS
-#define POLARSSL_PADDING_ZEROS_AND_LEN MBEDTLS_PADDING_ZEROS_AND_LEN
-#define POLARSSL_PADLOCK_H MBEDTLS_PADLOCK_H
-#define POLARSSL_PEM_H MBEDTLS_PEM_H
-#define POLARSSL_PKCS11_H MBEDTLS_PKCS11_H
-#define POLARSSL_PKCS12_H MBEDTLS_PKCS12_H
-#define POLARSSL_PKCS5_H MBEDTLS_PKCS5_H
-#define POLARSSL_PK_DEBUG_ECP MBEDTLS_PK_DEBUG_ECP
-#define POLARSSL_PK_DEBUG_MAX_ITEMS MBEDTLS_PK_DEBUG_MAX_ITEMS
-#define POLARSSL_PK_DEBUG_MPI MBEDTLS_PK_DEBUG_MPI
-#define POLARSSL_PK_DEBUG_NONE MBEDTLS_PK_DEBUG_NONE
-#define POLARSSL_PK_ECDSA MBEDTLS_PK_ECDSA
-#define POLARSSL_PK_ECKEY MBEDTLS_PK_ECKEY
-#define POLARSSL_PK_ECKEY_DH MBEDTLS_PK_ECKEY_DH
-#define POLARSSL_PK_H MBEDTLS_PK_H
-#define POLARSSL_PK_NONE MBEDTLS_PK_NONE
-#define POLARSSL_PK_RSA MBEDTLS_PK_RSA
-#define POLARSSL_PK_RSASSA_PSS MBEDTLS_PK_RSASSA_PSS
-#define POLARSSL_PK_RSA_ALT MBEDTLS_PK_RSA_ALT
-#define POLARSSL_PK_WRAP_H MBEDTLS_PK_WRAP_H
-#define POLARSSL_PLATFORM_H MBEDTLS_PLATFORM_H
-#define POLARSSL_PREMASTER_SIZE MBEDTLS_PREMASTER_SIZE
-#define POLARSSL_RIPEMD160_H MBEDTLS_RIPEMD160_H
-#define POLARSSL_RSA_H MBEDTLS_RSA_H
-#define POLARSSL_SHA1_H MBEDTLS_SHA1_H
-#define POLARSSL_SHA256_H MBEDTLS_SHA256_H
-#define POLARSSL_SHA512_H MBEDTLS_SHA512_H
-#define POLARSSL_SSL_CACHE_H MBEDTLS_SSL_CACHE_H
-#define POLARSSL_SSL_CIPHERSUITES_H MBEDTLS_SSL_CIPHERSUITES_H
-#define POLARSSL_SSL_COOKIE_H MBEDTLS_SSL_COOKIE_H
-#define POLARSSL_SSL_H MBEDTLS_SSL_H
-#define POLARSSL_THREADING_H MBEDTLS_THREADING_H
-#define POLARSSL_THREADING_IMPL MBEDTLS_THREADING_IMPL
-#define POLARSSL_TIMING_H MBEDTLS_TIMING_H
-#define POLARSSL_VERSION_H MBEDTLS_VERSION_H
-#define POLARSSL_VERSION_MAJOR MBEDTLS_VERSION_MAJOR
-#define POLARSSL_VERSION_MINOR MBEDTLS_VERSION_MINOR
-#define POLARSSL_VERSION_NUMBER MBEDTLS_VERSION_NUMBER
-#define POLARSSL_VERSION_PATCH MBEDTLS_VERSION_PATCH
-#define POLARSSL_VERSION_STRING MBEDTLS_VERSION_STRING
-#define POLARSSL_VERSION_STRING_FULL MBEDTLS_VERSION_STRING_FULL
-#define POLARSSL_X509_CRL_H MBEDTLS_X509_CRL_H
-#define POLARSSL_X509_CRT_H MBEDTLS_X509_CRT_H
-#define POLARSSL_X509_CSR_H MBEDTLS_X509_CSR_H
-#define POLARSSL_X509_H MBEDTLS_X509_H
-#define POLARSSL_XTEA_H MBEDTLS_XTEA_H
-#define RSA_CRYPT MBEDTLS_RSA_CRYPT
-#define RSA_PKCS_V15 MBEDTLS_RSA_PKCS_V15
-#define RSA_PKCS_V21 MBEDTLS_RSA_PKCS_V21
-#define RSA_PRIVATE MBEDTLS_RSA_PRIVATE
-#define RSA_PUBLIC MBEDTLS_RSA_PUBLIC
-#define RSA_SALT_LEN_ANY MBEDTLS_RSA_SALT_LEN_ANY
-#define RSA_SIGN MBEDTLS_RSA_SIGN
-#define SSL_ALERT_LEVEL_FATAL MBEDTLS_SSL_ALERT_LEVEL_FATAL
-#define SSL_ALERT_LEVEL_WARNING MBEDTLS_SSL_ALERT_LEVEL_WARNING
-#define SSL_ALERT_MSG_ACCESS_DENIED MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED
-#define SSL_ALERT_MSG_BAD_CERT MBEDTLS_SSL_ALERT_MSG_BAD_CERT
-#define SSL_ALERT_MSG_BAD_RECORD_MAC MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC
-#define SSL_ALERT_MSG_CERT_EXPIRED MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED
-#define SSL_ALERT_MSG_CERT_REVOKED MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED
-#define SSL_ALERT_MSG_CERT_UNKNOWN MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN
-#define SSL_ALERT_MSG_CLOSE_NOTIFY MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY
-#define SSL_ALERT_MSG_DECODE_ERROR MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR
-#define SSL_ALERT_MSG_DECOMPRESSION_FAILURE MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE
-#define SSL_ALERT_MSG_DECRYPTION_FAILED MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED
-#define SSL_ALERT_MSG_DECRYPT_ERROR MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR
-#define SSL_ALERT_MSG_EXPORT_RESTRICTION MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION
-#define SSL_ALERT_MSG_HANDSHAKE_FAILURE MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE
-#define SSL_ALERT_MSG_ILLEGAL_PARAMETER MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER
-#define SSL_ALERT_MSG_INAPROPRIATE_FALLBACK MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK
-#define SSL_ALERT_MSG_INSUFFICIENT_SECURITY MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY
-#define SSL_ALERT_MSG_INTERNAL_ERROR MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR
-#define SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL
-#define SSL_ALERT_MSG_NO_CERT MBEDTLS_SSL_ALERT_MSG_NO_CERT
-#define SSL_ALERT_MSG_NO_RENEGOTIATION MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION
-#define SSL_ALERT_MSG_PROTOCOL_VERSION MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION
-#define SSL_ALERT_MSG_RECORD_OVERFLOW MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW
-#define SSL_ALERT_MSG_UNEXPECTED_MESSAGE MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE
-#define SSL_ALERT_MSG_UNKNOWN_CA MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
-#define SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY
-#define SSL_ALERT_MSG_UNRECOGNIZED_NAME MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME
-#define SSL_ALERT_MSG_UNSUPPORTED_CERT MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
-#define SSL_ALERT_MSG_UNSUPPORTED_EXT MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT
-#define SSL_ALERT_MSG_USER_CANCELED MBEDTLS_SSL_ALERT_MSG_USER_CANCELED
-#define SSL_ANTI_REPLAY_DISABLED MBEDTLS_SSL_ANTI_REPLAY_DISABLED
-#define SSL_ANTI_REPLAY_ENABLED MBEDTLS_SSL_ANTI_REPLAY_ENABLED
-#define SSL_ARC4_DISABLED MBEDTLS_SSL_ARC4_DISABLED
-#define SSL_ARC4_ENABLED MBEDTLS_SSL_ARC4_ENABLED
-#define SSL_BUFFER_LEN ( ( ( MBEDTLS_SSL_IN_BUFFER_LEN ) < ( MBEDTLS_SSL_OUT_BUFFER_LEN ) ) \
-                         ? ( MBEDTLS_SSL_IN_BUFFER_LEN ) : ( MBEDTLS_SSL_OUT_BUFFER_LEN ) )
-#define SSL_CACHE_DEFAULT_MAX_ENTRIES MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES
-#define SSL_CACHE_DEFAULT_TIMEOUT MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT
-#define SSL_CBC_RECORD_SPLITTING_DISABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
-#define SSL_CBC_RECORD_SPLITTING_ENABLED MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED
-#define SSL_CERTIFICATE_REQUEST MBEDTLS_SSL_CERTIFICATE_REQUEST
-#define SSL_CERTIFICATE_VERIFY MBEDTLS_SSL_CERTIFICATE_VERIFY
-#define SSL_CERT_TYPE_ECDSA_SIGN MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN
-#define SSL_CERT_TYPE_RSA_SIGN MBEDTLS_SSL_CERT_TYPE_RSA_SIGN
-#define SSL_CHANNEL_INBOUND MBEDTLS_SSL_CHANNEL_INBOUND
-#define SSL_CHANNEL_OUTBOUND MBEDTLS_SSL_CHANNEL_OUTBOUND
-#define SSL_CIPHERSUITES MBEDTLS_SSL_CIPHERSUITES
-#define SSL_CLIENT_CERTIFICATE MBEDTLS_SSL_CLIENT_CERTIFICATE
-#define SSL_CLIENT_CHANGE_CIPHER_SPEC MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC
-#define SSL_CLIENT_FINISHED MBEDTLS_SSL_CLIENT_FINISHED
-#define SSL_CLIENT_HELLO MBEDTLS_SSL_CLIENT_HELLO
-#define SSL_CLIENT_KEY_EXCHANGE MBEDTLS_SSL_CLIENT_KEY_EXCHANGE
-#define SSL_COMPRESSION_ADD MBEDTLS_SSL_COMPRESSION_ADD
-#define SSL_COMPRESS_DEFLATE MBEDTLS_SSL_COMPRESS_DEFLATE
-#define SSL_COMPRESS_NULL MBEDTLS_SSL_COMPRESS_NULL
-#define SSL_DEBUG_BUF MBEDTLS_SSL_DEBUG_BUF
-#define SSL_DEBUG_CRT MBEDTLS_SSL_DEBUG_CRT
-#define SSL_DEBUG_ECP MBEDTLS_SSL_DEBUG_ECP
-#define SSL_DEBUG_MPI MBEDTLS_SSL_DEBUG_MPI
-#define SSL_DEBUG_MSG MBEDTLS_SSL_DEBUG_MSG
-#define SSL_DEBUG_RET MBEDTLS_SSL_DEBUG_RET
-#define SSL_DEFAULT_TICKET_LIFETIME MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME
-#define SSL_DTLS_TIMEOUT_DFL_MAX MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX
-#define SSL_DTLS_TIMEOUT_DFL_MIN MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN
-#define SSL_EMPTY_RENEGOTIATION_INFO MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO
-#define SSL_ETM_DISABLED MBEDTLS_SSL_ETM_DISABLED
-#define SSL_ETM_ENABLED MBEDTLS_SSL_ETM_ENABLED
-#define SSL_EXTENDED_MS_DISABLED MBEDTLS_SSL_EXTENDED_MS_DISABLED
-#define SSL_EXTENDED_MS_ENABLED MBEDTLS_SSL_EXTENDED_MS_ENABLED
-#define SSL_FALLBACK_SCSV MBEDTLS_SSL_FALLBACK_SCSV
-#define SSL_FLUSH_BUFFERS MBEDTLS_SSL_FLUSH_BUFFERS
-#define SSL_HANDSHAKE_OVER MBEDTLS_SSL_HANDSHAKE_OVER
-#define SSL_HANDSHAKE_WRAPUP MBEDTLS_SSL_HANDSHAKE_WRAPUP
-#define SSL_HASH_MD5 MBEDTLS_SSL_HASH_MD5
-#define SSL_HASH_NONE MBEDTLS_SSL_HASH_NONE
-#define SSL_HASH_SHA1 MBEDTLS_SSL_HASH_SHA1
-#define SSL_HASH_SHA224 MBEDTLS_SSL_HASH_SHA224
-#define SSL_HASH_SHA256 MBEDTLS_SSL_HASH_SHA256
-#define SSL_HASH_SHA384 MBEDTLS_SSL_HASH_SHA384
-#define SSL_HASH_SHA512 MBEDTLS_SSL_HASH_SHA512
-#define SSL_HELLO_REQUEST MBEDTLS_SSL_HELLO_REQUEST
-#define SSL_HS_CERTIFICATE MBEDTLS_SSL_HS_CERTIFICATE
-#define SSL_HS_CERTIFICATE_REQUEST MBEDTLS_SSL_HS_CERTIFICATE_REQUEST
-#define SSL_HS_CERTIFICATE_VERIFY MBEDTLS_SSL_HS_CERTIFICATE_VERIFY
-#define SSL_HS_CLIENT_HELLO MBEDTLS_SSL_HS_CLIENT_HELLO
-#define SSL_HS_CLIENT_KEY_EXCHANGE MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE
-#define SSL_HS_FINISHED MBEDTLS_SSL_HS_FINISHED
-#define SSL_HS_HELLO_REQUEST MBEDTLS_SSL_HS_HELLO_REQUEST
-#define SSL_HS_HELLO_VERIFY_REQUEST MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST
-#define SSL_HS_NEW_SESSION_TICKET MBEDTLS_SSL_HS_NEW_SESSION_TICKET
-#define SSL_HS_SERVER_HELLO MBEDTLS_SSL_HS_SERVER_HELLO
-#define SSL_HS_SERVER_HELLO_DONE MBEDTLS_SSL_HS_SERVER_HELLO_DONE
-#define SSL_HS_SERVER_KEY_EXCHANGE MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE
-#define SSL_INITIAL_HANDSHAKE MBEDTLS_SSL_INITIAL_HANDSHAKE
-#define SSL_IS_CLIENT MBEDTLS_SSL_IS_CLIENT
-#define SSL_IS_FALLBACK MBEDTLS_SSL_IS_FALLBACK
-#define SSL_IS_NOT_FALLBACK MBEDTLS_SSL_IS_NOT_FALLBACK
-#define SSL_IS_SERVER MBEDTLS_SSL_IS_SERVER
-#define SSL_LEGACY_ALLOW_RENEGOTIATION MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION
-#define SSL_LEGACY_BREAK_HANDSHAKE MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
-#define SSL_LEGACY_NO_RENEGOTIATION MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
-#define SSL_LEGACY_RENEGOTIATION MBEDTLS_SSL_LEGACY_RENEGOTIATION
-#define SSL_MAC_ADD MBEDTLS_SSL_MAC_ADD
-#define SSL_MAJOR_VERSION_3 MBEDTLS_SSL_MAJOR_VERSION_3
-#define SSL_MAX_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
-#define SSL_MAX_FRAG_LEN_1024 MBEDTLS_SSL_MAX_FRAG_LEN_1024
-#define SSL_MAX_FRAG_LEN_2048 MBEDTLS_SSL_MAX_FRAG_LEN_2048
-#define SSL_MAX_FRAG_LEN_4096 MBEDTLS_SSL_MAX_FRAG_LEN_4096
-#define SSL_MAX_FRAG_LEN_512 MBEDTLS_SSL_MAX_FRAG_LEN_512
-#define SSL_MAX_FRAG_LEN_INVALID MBEDTLS_SSL_MAX_FRAG_LEN_INVALID
-#define SSL_MAX_FRAG_LEN_NONE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
-#define SSL_MAX_MAJOR_VERSION MBEDTLS_SSL_MAX_MAJOR_VERSION
-#define SSL_MAX_MINOR_VERSION MBEDTLS_SSL_MAX_MINOR_VERSION
-#define SSL_MINOR_VERSION_0 MBEDTLS_SSL_MINOR_VERSION_0
-#define SSL_MINOR_VERSION_1 MBEDTLS_SSL_MINOR_VERSION_1
-#define SSL_MINOR_VERSION_2 MBEDTLS_SSL_MINOR_VERSION_2
-#define SSL_MINOR_VERSION_3 MBEDTLS_SSL_MINOR_VERSION_3
-#define SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MIN_MAJOR_VERSION
-#define SSL_MIN_MINOR_VERSION MBEDTLS_SSL_MIN_MINOR_VERSION
-#define SSL_MSG_ALERT MBEDTLS_SSL_MSG_ALERT
-#define SSL_MSG_APPLICATION_DATA MBEDTLS_SSL_MSG_APPLICATION_DATA
-#define SSL_MSG_CHANGE_CIPHER_SPEC MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC
-#define SSL_MSG_HANDSHAKE MBEDTLS_SSL_MSG_HANDSHAKE
-#define SSL_PADDING_ADD MBEDTLS_SSL_PADDING_ADD
-#define SSL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION
-#define SSL_RENEGOTIATION_DISABLED MBEDTLS_SSL_RENEGOTIATION_DISABLED
-#define SSL_RENEGOTIATION_DONE MBEDTLS_SSL_RENEGOTIATION_DONE
-#define SSL_RENEGOTIATION_ENABLED MBEDTLS_SSL_RENEGOTIATION_ENABLED
-#define SSL_RENEGOTIATION_NOT_ENFORCED MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED
-#define SSL_RENEGOTIATION_PENDING MBEDTLS_SSL_RENEGOTIATION_PENDING
-#define SSL_RENEGO_MAX_RECORDS_DEFAULT MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT
-#define SSL_RETRANS_FINISHED MBEDTLS_SSL_RETRANS_FINISHED
-#define SSL_RETRANS_PREPARING MBEDTLS_SSL_RETRANS_PREPARING
-#define SSL_RETRANS_SENDING MBEDTLS_SSL_RETRANS_SENDING
-#define SSL_RETRANS_WAITING MBEDTLS_SSL_RETRANS_WAITING
-#define SSL_SECURE_RENEGOTIATION MBEDTLS_SSL_SECURE_RENEGOTIATION
-#define SSL_SERVER_CERTIFICATE MBEDTLS_SSL_SERVER_CERTIFICATE
-#define SSL_SERVER_CHANGE_CIPHER_SPEC MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC
-#define SSL_SERVER_FINISHED MBEDTLS_SSL_SERVER_FINISHED
-#define SSL_SERVER_HELLO MBEDTLS_SSL_SERVER_HELLO
-#define SSL_SERVER_HELLO_DONE MBEDTLS_SSL_SERVER_HELLO_DONE
-#define SSL_SERVER_HELLO_VERIFY_REQUEST_SENT MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT
-#define SSL_SERVER_KEY_EXCHANGE MBEDTLS_SSL_SERVER_KEY_EXCHANGE
-#define SSL_SERVER_NEW_SESSION_TICKET MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET
-#define SSL_SESSION_TICKETS_DISABLED MBEDTLS_SSL_SESSION_TICKETS_DISABLED
-#define SSL_SESSION_TICKETS_ENABLED MBEDTLS_SSL_SESSION_TICKETS_ENABLED
-#define SSL_SIG_ANON MBEDTLS_SSL_SIG_ANON
-#define SSL_SIG_ECDSA MBEDTLS_SSL_SIG_ECDSA
-#define SSL_SIG_RSA MBEDTLS_SSL_SIG_RSA
-#define SSL_TRANSPORT_DATAGRAM MBEDTLS_SSL_TRANSPORT_DATAGRAM
-#define SSL_TRANSPORT_STREAM MBEDTLS_SSL_TRANSPORT_STREAM
-#define SSL_TRUNCATED_HMAC_LEN MBEDTLS_SSL_TRUNCATED_HMAC_LEN
-#define SSL_TRUNC_HMAC_DISABLED MBEDTLS_SSL_TRUNC_HMAC_DISABLED
-#define SSL_TRUNC_HMAC_ENABLED MBEDTLS_SSL_TRUNC_HMAC_ENABLED
-#define SSL_VERIFY_DATA_MAX_LEN MBEDTLS_SSL_VERIFY_DATA_MAX_LEN
-#define SSL_VERIFY_NONE MBEDTLS_SSL_VERIFY_NONE
-#define SSL_VERIFY_OPTIONAL MBEDTLS_SSL_VERIFY_OPTIONAL
-#define SSL_VERIFY_REQUIRED MBEDTLS_SSL_VERIFY_REQUIRED
-#define TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
-#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
-#define TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
-#define TLS_DHE_PSK_WITH_AES_128_CCM MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM
-#define TLS_DHE_PSK_WITH_AES_128_CCM_8 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8
-#define TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
-#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
-#define TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
-#define TLS_DHE_PSK_WITH_AES_256_CCM MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM
-#define TLS_DHE_PSK_WITH_AES_256_CCM_8 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8
-#define TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
-#define TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_DHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
-#define TLS_DHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
-#define TLS_DHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
-#define TLS_DHE_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
-#define TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
-#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-#define TLS_DHE_RSA_WITH_AES_128_CCM MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM
-#define TLS_DHE_RSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8
-#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
-#define TLS_DHE_RSA_WITH_AES_256_CCM MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM
-#define TLS_DHE_RSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8
-#define TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
-#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
-#define TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
-#define TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
-#define TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_DHE_RSA_WITH_DES_CBC_SHA MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
-#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
-#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
-#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
-#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
-#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
-#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
-#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_ECDHE_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
-#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
-#define TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
-#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
-#define TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
-#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
-#define TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
-#define TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_ECDHE_PSK_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
-#define TLS_ECDHE_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
-#define TLS_ECDHE_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
-#define TLS_ECDHE_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
-#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
-#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_ECDHE_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
-#define TLS_ECDHE_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
-#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
-#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
-#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
-#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
-#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
-#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
-#define TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
-#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_ECDH_ECDSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
-#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
-#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
-#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
-#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
-#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
-#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
-#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
-#define TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
-#define TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_ECDH_RSA_WITH_NULL_SHA MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
-#define TLS_ECDH_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
-#define TLS_EXT_ALPN MBEDTLS_TLS_EXT_ALPN
-#define TLS_EXT_ENCRYPT_THEN_MAC MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC
-#define TLS_EXT_EXTENDED_MASTER_SECRET MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET
-#define TLS_EXT_MAX_FRAGMENT_LENGTH MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH
-#define TLS_EXT_RENEGOTIATION_INFO MBEDTLS_TLS_EXT_RENEGOTIATION_INFO
-#define TLS_EXT_SERVERNAME MBEDTLS_TLS_EXT_SERVERNAME
-#define TLS_EXT_SERVERNAME_HOSTNAME MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME
-#define TLS_EXT_SESSION_TICKET MBEDTLS_TLS_EXT_SESSION_TICKET
-#define TLS_EXT_SIG_ALG MBEDTLS_TLS_EXT_SIG_ALG
-#define TLS_EXT_SUPPORTED_ELLIPTIC_CURVES MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES
-#define TLS_EXT_SUPPORTED_POINT_FORMATS MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS
-#define TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT
-#define TLS_EXT_TRUNCATED_HMAC MBEDTLS_TLS_EXT_TRUNCATED_HMAC
-#define TLS_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
-#define TLS_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
-#define TLS_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
-#define TLS_PSK_WITH_AES_128_CCM MBEDTLS_TLS_PSK_WITH_AES_128_CCM
-#define TLS_PSK_WITH_AES_128_CCM_8 MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
-#define TLS_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
-#define TLS_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
-#define TLS_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
-#define TLS_PSK_WITH_AES_256_CCM MBEDTLS_TLS_PSK_WITH_AES_256_CCM
-#define TLS_PSK_WITH_AES_256_CCM_8 MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8
-#define TLS_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
-#define TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_PSK_WITH_NULL_SHA MBEDTLS_TLS_PSK_WITH_NULL_SHA
-#define TLS_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_PSK_WITH_NULL_SHA256
-#define TLS_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_PSK_WITH_NULL_SHA384
-#define TLS_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
-#define TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
-#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
-#define TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
-#define TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
-#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
-#define TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
-#define TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
-#define TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
-#define TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_RSA_PSK_WITH_NULL_SHA MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
-#define TLS_RSA_PSK_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
-#define TLS_RSA_PSK_WITH_NULL_SHA384 MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
-#define TLS_RSA_PSK_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
-#define TLS_RSA_WITH_3DES_EDE_CBC_SHA MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
-#define TLS_RSA_WITH_AES_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
-#define TLS_RSA_WITH_AES_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
-#define TLS_RSA_WITH_AES_128_CCM MBEDTLS_TLS_RSA_WITH_AES_128_CCM
-#define TLS_RSA_WITH_AES_128_CCM_8 MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8
-#define TLS_RSA_WITH_AES_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
-#define TLS_RSA_WITH_AES_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
-#define TLS_RSA_WITH_AES_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
-#define TLS_RSA_WITH_AES_256_CCM MBEDTLS_TLS_RSA_WITH_AES_256_CCM
-#define TLS_RSA_WITH_AES_256_CCM_8 MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8
-#define TLS_RSA_WITH_AES_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
-#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
-#define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
-#define TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
-#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
-#define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
-#define TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
-#define TLS_RSA_WITH_DES_CBC_SHA MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
-#define TLS_RSA_WITH_NULL_MD5 MBEDTLS_TLS_RSA_WITH_NULL_MD5
-#define TLS_RSA_WITH_NULL_SHA MBEDTLS_TLS_RSA_WITH_NULL_SHA
-#define TLS_RSA_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_WITH_NULL_SHA256
-#define TLS_RSA_WITH_RC4_128_MD5 MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
-#define TLS_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
-#define X509_CRT_VERSION_1 MBEDTLS_X509_CRT_VERSION_1
-#define X509_CRT_VERSION_2 MBEDTLS_X509_CRT_VERSION_2
-#define X509_CRT_VERSION_3 MBEDTLS_X509_CRT_VERSION_3
-#define X509_FORMAT_DER MBEDTLS_X509_FORMAT_DER
-#define X509_FORMAT_PEM MBEDTLS_X509_FORMAT_PEM
-#define X509_MAX_DN_NAME_SIZE MBEDTLS_X509_MAX_DN_NAME_SIZE
-#define X509_RFC5280_MAX_SERIAL_LEN MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN
-#define X509_RFC5280_UTC_TIME_LEN MBEDTLS_X509_RFC5280_UTC_TIME_LEN
-#define XTEA_DECRYPT MBEDTLS_XTEA_DECRYPT
-#define XTEA_ENCRYPT MBEDTLS_XTEA_ENCRYPT
-#define _asn1_bitstring mbedtls_asn1_bitstring
-#define _asn1_buf mbedtls_asn1_buf
-#define _asn1_named_data mbedtls_asn1_named_data
-#define _asn1_sequence mbedtls_asn1_sequence
-#define _ssl_cache_context mbedtls_ssl_cache_context
-#define _ssl_cache_entry mbedtls_ssl_cache_entry
-#define _ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t
-#define _ssl_context mbedtls_ssl_context
-#define _ssl_flight_item mbedtls_ssl_flight_item
-#define _ssl_handshake_params mbedtls_ssl_handshake_params
-#define _ssl_key_cert mbedtls_ssl_key_cert
-#define _ssl_premaster_secret mbedtls_ssl_premaster_secret
-#define _ssl_session mbedtls_ssl_session
-#define _ssl_transform mbedtls_ssl_transform
-#define _x509_crl mbedtls_x509_crl
-#define _x509_crl_entry mbedtls_x509_crl_entry
-#define _x509_crt mbedtls_x509_crt
-#define _x509_csr mbedtls_x509_csr
-#define _x509_time mbedtls_x509_time
-#define _x509write_cert mbedtls_x509write_cert
-#define _x509write_csr mbedtls_x509write_csr
-#define aes_context mbedtls_aes_context
-#define aes_crypt_cbc mbedtls_aes_crypt_cbc
-#define aes_crypt_cfb128 mbedtls_aes_crypt_cfb128
-#define aes_crypt_cfb8 mbedtls_aes_crypt_cfb8
-#define aes_crypt_ctr mbedtls_aes_crypt_ctr
-#define aes_crypt_ecb mbedtls_aes_crypt_ecb
-#define aes_free mbedtls_aes_free
-#define aes_init mbedtls_aes_init
-#define aes_self_test mbedtls_aes_self_test
-#define aes_setkey_dec mbedtls_aes_setkey_dec
-#define aes_setkey_enc mbedtls_aes_setkey_enc
-#define aesni_crypt_ecb mbedtls_aesni_crypt_ecb
-#define aesni_gcm_mult mbedtls_aesni_gcm_mult
-#define aesni_inverse_key mbedtls_aesni_inverse_key
-#define aesni_setkey_enc mbedtls_aesni_setkey_enc
-#define aesni_supports mbedtls_aesni_has_support
-#define alarmed mbedtls_timing_alarmed
-#define arc4_context mbedtls_arc4_context
-#define arc4_crypt mbedtls_arc4_crypt
-#define arc4_free mbedtls_arc4_free
-#define arc4_init mbedtls_arc4_init
-#define arc4_self_test mbedtls_arc4_self_test
-#define arc4_setup mbedtls_arc4_setup
-#define asn1_bitstring mbedtls_asn1_bitstring
-#define asn1_buf mbedtls_asn1_buf
-#define asn1_find_named_data mbedtls_asn1_find_named_data
-#define asn1_free_named_data mbedtls_asn1_free_named_data
-#define asn1_free_named_data_list mbedtls_asn1_free_named_data_list
-#define asn1_get_alg mbedtls_asn1_get_alg
-#define asn1_get_alg_null mbedtls_asn1_get_alg_null
-#define asn1_get_bitstring mbedtls_asn1_get_bitstring
-#define asn1_get_bitstring_null mbedtls_asn1_get_bitstring_null
-#define asn1_get_bool mbedtls_asn1_get_bool
-#define asn1_get_int mbedtls_asn1_get_int
-#define asn1_get_len mbedtls_asn1_get_len
-#define asn1_get_mpi mbedtls_asn1_get_mpi
-#define asn1_get_sequence_of mbedtls_asn1_get_sequence_of
-#define asn1_get_tag mbedtls_asn1_get_tag
-#define asn1_named_data mbedtls_asn1_named_data
-#define asn1_sequence mbedtls_asn1_sequence
-#define asn1_store_named_data mbedtls_asn1_store_named_data
-#define asn1_write_algorithm_identifier mbedtls_asn1_write_algorithm_identifier
-#define asn1_write_bitstring mbedtls_asn1_write_bitstring
-#define asn1_write_bool mbedtls_asn1_write_bool
-#define asn1_write_ia5_string mbedtls_asn1_write_ia5_string
-#define asn1_write_int mbedtls_asn1_write_int
-#define asn1_write_len mbedtls_asn1_write_len
-#define asn1_write_mpi mbedtls_asn1_write_mpi
-#define asn1_write_null mbedtls_asn1_write_null
-#define asn1_write_octet_string mbedtls_asn1_write_octet_string
-#define asn1_write_oid mbedtls_asn1_write_oid
-#define asn1_write_printable_string mbedtls_asn1_write_printable_string
-#define asn1_write_raw_buffer mbedtls_asn1_write_raw_buffer
-#define asn1_write_tag mbedtls_asn1_write_tag
-#define base64_decode mbedtls_base64_decode
-#define base64_encode mbedtls_base64_encode
-#define base64_self_test mbedtls_base64_self_test
-#define blowfish_context mbedtls_blowfish_context
-#define blowfish_crypt_cbc mbedtls_blowfish_crypt_cbc
-#define blowfish_crypt_cfb64 mbedtls_blowfish_crypt_cfb64
-#define blowfish_crypt_ctr mbedtls_blowfish_crypt_ctr
-#define blowfish_crypt_ecb mbedtls_blowfish_crypt_ecb
-#define blowfish_free mbedtls_blowfish_free
-#define blowfish_init mbedtls_blowfish_init
-#define blowfish_setkey mbedtls_blowfish_setkey
-#define camellia_context mbedtls_camellia_context
-#define camellia_crypt_cbc mbedtls_camellia_crypt_cbc
-#define camellia_crypt_cfb128 mbedtls_camellia_crypt_cfb128
-#define camellia_crypt_ctr mbedtls_camellia_crypt_ctr
-#define camellia_crypt_ecb mbedtls_camellia_crypt_ecb
-#define camellia_free mbedtls_camellia_free
-#define camellia_init mbedtls_camellia_init
-#define camellia_self_test mbedtls_camellia_self_test
-#define camellia_setkey_dec mbedtls_camellia_setkey_dec
-#define camellia_setkey_enc mbedtls_camellia_setkey_enc
-#define ccm_auth_decrypt mbedtls_ccm_auth_decrypt
-#define ccm_context mbedtls_ccm_context
-#define ccm_encrypt_and_tag mbedtls_ccm_encrypt_and_tag
-#define ccm_free mbedtls_ccm_free
-#define ccm_init mbedtls_ccm_init
-#define ccm_self_test mbedtls_ccm_self_test
-#define cipher_auth_decrypt mbedtls_cipher_auth_decrypt
-#define cipher_auth_encrypt mbedtls_cipher_auth_encrypt
-#define cipher_base_t mbedtls_cipher_base_t
-#define cipher_check_tag mbedtls_cipher_check_tag
-#define cipher_context_t mbedtls_cipher_context_t
-#define cipher_crypt mbedtls_cipher_crypt
-#define cipher_definition_t mbedtls_cipher_definition_t
-#define cipher_definitions mbedtls_cipher_definitions
-#define cipher_finish mbedtls_cipher_finish
-#define cipher_free mbedtls_cipher_free
-#define cipher_get_block_size mbedtls_cipher_get_block_size
-#define cipher_get_cipher_mode mbedtls_cipher_get_cipher_mode
-#define cipher_get_iv_size mbedtls_cipher_get_iv_size
-#define cipher_get_key_size mbedtls_cipher_get_key_bitlen
-#define cipher_get_name mbedtls_cipher_get_name
-#define cipher_get_operation mbedtls_cipher_get_operation
-#define cipher_get_type mbedtls_cipher_get_type
-#define cipher_id_t mbedtls_cipher_id_t
-#define cipher_info_from_string mbedtls_cipher_info_from_string
-#define cipher_info_from_type mbedtls_cipher_info_from_type
-#define cipher_info_from_values mbedtls_cipher_info_from_values
-#define cipher_info_t mbedtls_cipher_info_t
-#define cipher_init mbedtls_cipher_init
-#define cipher_init_ctx mbedtls_cipher_setup
-#define cipher_list mbedtls_cipher_list
-#define cipher_mode_t mbedtls_cipher_mode_t
-#define cipher_padding_t mbedtls_cipher_padding_t
-#define cipher_reset mbedtls_cipher_reset
-#define cipher_set_iv mbedtls_cipher_set_iv
-#define cipher_set_padding_mode mbedtls_cipher_set_padding_mode
-#define cipher_setkey mbedtls_cipher_setkey
-#define cipher_type_t mbedtls_cipher_type_t
-#define cipher_update mbedtls_cipher_update
-#define cipher_update_ad mbedtls_cipher_update_ad
-#define cipher_write_tag mbedtls_cipher_write_tag
-#define ctr_drbg_context mbedtls_ctr_drbg_context
-#define ctr_drbg_free mbedtls_ctr_drbg_free
-#define ctr_drbg_init mbedtls_ctr_drbg_init
-#define ctr_drbg_random mbedtls_ctr_drbg_random
-#define ctr_drbg_random_with_add mbedtls_ctr_drbg_random_with_add
-#define ctr_drbg_reseed mbedtls_ctr_drbg_reseed
-#define ctr_drbg_self_test mbedtls_ctr_drbg_self_test
-#define ctr_drbg_set_entropy_len mbedtls_ctr_drbg_set_entropy_len
-#define ctr_drbg_set_prediction_resistance mbedtls_ctr_drbg_set_prediction_resistance
-#define ctr_drbg_set_reseed_interval mbedtls_ctr_drbg_set_reseed_interval
-#define ctr_drbg_update mbedtls_ctr_drbg_update
-#define ctr_drbg_update_seed_file mbedtls_ctr_drbg_update_seed_file
-#define ctr_drbg_write_seed_file mbedtls_ctr_drbg_write_seed_file
-#define debug_print_buf mbedtls_debug_print_buf
-#define debug_print_crt mbedtls_debug_print_crt
-#define debug_print_ecp mbedtls_debug_print_ecp
-#define debug_print_mpi mbedtls_debug_print_mpi
-#define debug_print_msg mbedtls_debug_print_msg
-#define debug_print_ret mbedtls_debug_print_ret
-#define debug_set_threshold mbedtls_debug_set_threshold
-#define des3_context mbedtls_des3_context
-#define des3_crypt_cbc mbedtls_des3_crypt_cbc
-#define des3_crypt_ecb mbedtls_des3_crypt_ecb
-#define des3_free mbedtls_des3_free
-#define des3_init mbedtls_des3_init
-#define des3_set2key_dec mbedtls_des3_set2key_dec
-#define des3_set2key_enc mbedtls_des3_set2key_enc
-#define des3_set3key_dec mbedtls_des3_set3key_dec
-#define des3_set3key_enc mbedtls_des3_set3key_enc
-#define des_context mbedtls_des_context
-#define des_crypt_cbc mbedtls_des_crypt_cbc
-#define des_crypt_ecb mbedtls_des_crypt_ecb
-#define des_free mbedtls_des_free
-#define des_init mbedtls_des_init
-#define des_key_check_key_parity mbedtls_des_key_check_key_parity
-#define des_key_check_weak mbedtls_des_key_check_weak
-#define des_key_set_parity mbedtls_des_key_set_parity
-#define des_self_test mbedtls_des_self_test
-#define des_setkey_dec mbedtls_des_setkey_dec
-#define des_setkey_enc mbedtls_des_setkey_enc
-#define dhm_calc_secret mbedtls_dhm_calc_secret
-#define dhm_context mbedtls_dhm_context
-#define dhm_free mbedtls_dhm_free
-#define dhm_init mbedtls_dhm_init
-#define dhm_make_params mbedtls_dhm_make_params
-#define dhm_make_public mbedtls_dhm_make_public
-#define dhm_parse_dhm mbedtls_dhm_parse_dhm
-#define dhm_parse_dhmfile mbedtls_dhm_parse_dhmfile
-#define dhm_read_params mbedtls_dhm_read_params
-#define dhm_read_public mbedtls_dhm_read_public
-#define dhm_self_test mbedtls_dhm_self_test
-#define ecdh_calc_secret mbedtls_ecdh_calc_secret
-#define ecdh_compute_shared mbedtls_ecdh_compute_shared
-#define ecdh_context mbedtls_ecdh_context
-#define ecdh_free mbedtls_ecdh_free
-#define ecdh_gen_public mbedtls_ecdh_gen_public
-#define ecdh_get_params mbedtls_ecdh_get_params
-#define ecdh_init mbedtls_ecdh_init
-#define ecdh_make_params mbedtls_ecdh_make_params
-#define ecdh_make_public mbedtls_ecdh_make_public
-#define ecdh_read_params mbedtls_ecdh_read_params
-#define ecdh_read_public mbedtls_ecdh_read_public
-#define ecdh_side mbedtls_ecdh_side
-#define ecdsa_context mbedtls_ecdsa_context
-#define ecdsa_free mbedtls_ecdsa_free
-#define ecdsa_from_keypair mbedtls_ecdsa_from_keypair
-#define ecdsa_genkey mbedtls_ecdsa_genkey
-#define ecdsa_info mbedtls_ecdsa_info
-#define ecdsa_init mbedtls_ecdsa_init
-#define ecdsa_read_signature mbedtls_ecdsa_read_signature
-#define ecdsa_sign mbedtls_ecdsa_sign
-#define ecdsa_sign_det mbedtls_ecdsa_sign_det
-#define ecdsa_verify mbedtls_ecdsa_verify
-#define ecdsa_write_signature mbedtls_ecdsa_write_signature
-#define ecdsa_write_signature_det mbedtls_ecdsa_write_signature_det
-#define eckey_info mbedtls_eckey_info
-#define eckeydh_info mbedtls_eckeydh_info
-#define ecp_check_privkey mbedtls_ecp_check_privkey
-#define ecp_check_pub_priv mbedtls_ecp_check_pub_priv
-#define ecp_check_pubkey mbedtls_ecp_check_pubkey
-#define ecp_copy mbedtls_ecp_copy
-#define ecp_curve_info mbedtls_ecp_curve_info
-#define ecp_curve_info_from_grp_id mbedtls_ecp_curve_info_from_grp_id
-#define ecp_curve_info_from_name mbedtls_ecp_curve_info_from_name
-#define ecp_curve_info_from_tls_id mbedtls_ecp_curve_info_from_tls_id
-#define ecp_curve_list mbedtls_ecp_curve_list
-#define ecp_gen_key mbedtls_ecp_gen_key
-#define ecp_gen_keypair mbedtls_ecp_gen_keypair
-#define ecp_group mbedtls_ecp_group
-#define ecp_group_copy mbedtls_ecp_group_copy
-#define ecp_group_free mbedtls_ecp_group_free
-#define ecp_group_id mbedtls_ecp_group_id
-#define ecp_group_init mbedtls_ecp_group_init
-#define ecp_grp_id_list mbedtls_ecp_grp_id_list
-#define ecp_is_zero mbedtls_ecp_is_zero
-#define ecp_keypair mbedtls_ecp_keypair
-#define ecp_keypair_free mbedtls_ecp_keypair_free
-#define ecp_keypair_init mbedtls_ecp_keypair_init
-#define ecp_mul mbedtls_ecp_mul
-#define ecp_point mbedtls_ecp_point
-#define ecp_point_free mbedtls_ecp_point_free
-#define ecp_point_init mbedtls_ecp_point_init
-#define ecp_point_read_binary mbedtls_ecp_point_read_binary
-#define ecp_point_read_string mbedtls_ecp_point_read_string
-#define ecp_point_write_binary mbedtls_ecp_point_write_binary
-#define ecp_self_test mbedtls_ecp_self_test
-#define ecp_set_zero mbedtls_ecp_set_zero
-#define ecp_tls_read_group mbedtls_ecp_tls_read_group
-#define ecp_tls_read_point mbedtls_ecp_tls_read_point
-#define ecp_tls_write_group mbedtls_ecp_tls_write_group
-#define ecp_tls_write_point mbedtls_ecp_tls_write_point
-#define ecp_use_known_dp mbedtls_ecp_group_load
-#define entropy_add_source mbedtls_entropy_add_source
-#define entropy_context mbedtls_entropy_context
-#define entropy_free mbedtls_entropy_free
-#define entropy_func mbedtls_entropy_func
-#define entropy_gather mbedtls_entropy_gather
-#define entropy_init mbedtls_entropy_init
-#define entropy_self_test mbedtls_entropy_self_test
-#define entropy_update_manual mbedtls_entropy_update_manual
-#define entropy_update_seed_file mbedtls_entropy_update_seed_file
-#define entropy_write_seed_file mbedtls_entropy_write_seed_file
-#define error_strerror mbedtls_strerror
-#define f_source_ptr mbedtls_entropy_f_source_ptr
-#define gcm_auth_decrypt mbedtls_gcm_auth_decrypt
-#define gcm_context mbedtls_gcm_context
-#define gcm_crypt_and_tag mbedtls_gcm_crypt_and_tag
-#define gcm_finish mbedtls_gcm_finish
-#define gcm_free mbedtls_gcm_free
-#define gcm_init mbedtls_gcm_init
-#define gcm_self_test mbedtls_gcm_self_test
-#define gcm_starts mbedtls_gcm_starts
-#define gcm_update mbedtls_gcm_update
-#define get_timer mbedtls_timing_get_timer
-#define hardclock mbedtls_timing_hardclock
-#define hardclock_poll mbedtls_hardclock_poll
-#define havege_free mbedtls_havege_free
-#define havege_init mbedtls_havege_init
-#define havege_poll mbedtls_havege_poll
-#define havege_random mbedtls_havege_random
-#define havege_state mbedtls_havege_state
-#define hmac_drbg_context mbedtls_hmac_drbg_context
-#define hmac_drbg_free mbedtls_hmac_drbg_free
-#define hmac_drbg_init mbedtls_hmac_drbg_init
-#define hmac_drbg_random mbedtls_hmac_drbg_random
-#define hmac_drbg_random_with_add mbedtls_hmac_drbg_random_with_add
-#define hmac_drbg_reseed mbedtls_hmac_drbg_reseed
-#define hmac_drbg_self_test mbedtls_hmac_drbg_self_test
-#define hmac_drbg_set_entropy_len mbedtls_hmac_drbg_set_entropy_len
-#define hmac_drbg_set_prediction_resistance mbedtls_hmac_drbg_set_prediction_resistance
-#define hmac_drbg_set_reseed_interval mbedtls_hmac_drbg_set_reseed_interval
-#define hmac_drbg_update mbedtls_hmac_drbg_update
-#define hmac_drbg_update_seed_file mbedtls_hmac_drbg_update_seed_file
-#define hmac_drbg_write_seed_file mbedtls_hmac_drbg_write_seed_file
-#define hr_time mbedtls_timing_hr_time
-#define key_exchange_type_t mbedtls_key_exchange_type_t
-#define md mbedtls_md
-#define md2 mbedtls_md2
-#define md2_context mbedtls_md2_context
-#define md2_finish mbedtls_md2_finish
-#define md2_free mbedtls_md2_free
-#define md2_info mbedtls_md2_info
-#define md2_init mbedtls_md2_init
-#define md2_process mbedtls_md2_process
-#define md2_self_test mbedtls_md2_self_test
-#define md2_starts mbedtls_md2_starts
-#define md2_update mbedtls_md2_update
-#define md4 mbedtls_md4
-#define md4_context mbedtls_md4_context
-#define md4_finish mbedtls_md4_finish
-#define md4_free mbedtls_md4_free
-#define md4_info mbedtls_md4_info
-#define md4_init mbedtls_md4_init
-#define md4_process mbedtls_md4_process
-#define md4_self_test mbedtls_md4_self_test
-#define md4_starts mbedtls_md4_starts
-#define md4_update mbedtls_md4_update
-#define md5 mbedtls_md5
-#define md5_context mbedtls_md5_context
-#define md5_finish mbedtls_md5_finish
-#define md5_free mbedtls_md5_free
-#define md5_info mbedtls_md5_info
-#define md5_init mbedtls_md5_init
-#define md5_process mbedtls_md5_process
-#define md5_self_test mbedtls_md5_self_test
-#define md5_starts mbedtls_md5_starts
-#define md5_update mbedtls_md5_update
-#define md_context_t mbedtls_md_context_t
-#define md_file mbedtls_md_file
-#define md_finish mbedtls_md_finish
-#define md_free mbedtls_md_free
-#define md_get_name mbedtls_md_get_name
-#define md_get_size mbedtls_md_get_size
-#define md_get_type mbedtls_md_get_type
-#define md_hmac mbedtls_md_hmac
-#define md_hmac_finish mbedtls_md_hmac_finish
-#define md_hmac_reset mbedtls_md_hmac_reset
-#define md_hmac_starts mbedtls_md_hmac_starts
-#define md_hmac_update mbedtls_md_hmac_update
-#define md_info_from_string mbedtls_md_info_from_string
-#define md_info_from_type mbedtls_md_info_from_type
-#define md_info_t mbedtls_md_info_t
-#define md_init mbedtls_md_init
-#define md_init_ctx mbedtls_md_init_ctx
-#define md_list mbedtls_md_list
-#define md_process mbedtls_md_process
-#define md_starts mbedtls_md_starts
-#define md_type_t mbedtls_md_type_t
-#define md_update mbedtls_md_update
-#define memory_buffer_alloc_cur_get mbedtls_memory_buffer_alloc_cur_get
-#define memory_buffer_alloc_free mbedtls_memory_buffer_alloc_free
-#define memory_buffer_alloc_init mbedtls_memory_buffer_alloc_init
-#define memory_buffer_alloc_max_get mbedtls_memory_buffer_alloc_max_get
-#define memory_buffer_alloc_max_reset mbedtls_memory_buffer_alloc_max_reset
-#define memory_buffer_alloc_self_test mbedtls_memory_buffer_alloc_self_test
-#define memory_buffer_alloc_status mbedtls_memory_buffer_alloc_status
-#define memory_buffer_alloc_verify mbedtls_memory_buffer_alloc_verify
-#define memory_buffer_set_verify mbedtls_memory_buffer_set_verify
-#define mpi mbedtls_mpi
-#define mpi_add_abs mbedtls_mpi_add_abs
-#define mpi_add_int mbedtls_mpi_add_int
-#define mpi_add_mpi mbedtls_mpi_add_mpi
-#define mpi_cmp_abs mbedtls_mpi_cmp_abs
-#define mpi_cmp_int mbedtls_mpi_cmp_int
-#define mpi_cmp_mpi mbedtls_mpi_cmp_mpi
-#define mpi_copy mbedtls_mpi_copy
-#define mpi_div_int mbedtls_mpi_div_int
-#define mpi_div_mpi mbedtls_mpi_div_mpi
-#define mpi_exp_mod mbedtls_mpi_exp_mod
-#define mpi_fill_random mbedtls_mpi_fill_random
-#define mpi_free mbedtls_mpi_free
-#define mpi_gcd mbedtls_mpi_gcd
-#define mpi_gen_prime mbedtls_mpi_gen_prime
-#define mpi_get_bit mbedtls_mpi_get_bit
-#define mpi_grow mbedtls_mpi_grow
-#define mpi_init mbedtls_mpi_init
-#define mpi_inv_mod mbedtls_mpi_inv_mod
-#define mpi_is_prime mbedtls_mpi_is_prime
-#define mpi_lsb mbedtls_mpi_lsb
-#define mpi_lset mbedtls_mpi_lset
-#define mpi_mod_int mbedtls_mpi_mod_int
-#define mpi_mod_mpi mbedtls_mpi_mod_mpi
-#define mpi_msb mbedtls_mpi_bitlen
-#define mpi_mul_int mbedtls_mpi_mul_int
-#define mpi_mul_mpi mbedtls_mpi_mul_mpi
-#define mpi_read_binary mbedtls_mpi_read_binary
-#define mpi_read_file mbedtls_mpi_read_file
-#define mpi_read_string mbedtls_mpi_read_string
-#define mpi_safe_cond_assign mbedtls_mpi_safe_cond_assign
-#define mpi_safe_cond_swap mbedtls_mpi_safe_cond_swap
-#define mpi_self_test mbedtls_mpi_self_test
-#define mpi_set_bit mbedtls_mpi_set_bit
-#define mpi_shift_l mbedtls_mpi_shift_l
-#define mpi_shift_r mbedtls_mpi_shift_r
-#define mpi_shrink mbedtls_mpi_shrink
-#define mpi_size mbedtls_mpi_size
-#define mpi_sub_abs mbedtls_mpi_sub_abs
-#define mpi_sub_int mbedtls_mpi_sub_int
-#define mpi_sub_mpi mbedtls_mpi_sub_mpi
-#define mpi_swap mbedtls_mpi_swap
-#define mpi_write_binary mbedtls_mpi_write_binary
-#define mpi_write_file mbedtls_mpi_write_file
-#define mpi_write_string mbedtls_mpi_write_string
-#define net_accept mbedtls_net_accept
-#define net_bind mbedtls_net_bind
-#define net_close mbedtls_net_free
-#define net_connect mbedtls_net_connect
-#define net_recv mbedtls_net_recv
-#define net_recv_timeout mbedtls_net_recv_timeout
-#define net_send mbedtls_net_send
-#define net_set_block mbedtls_net_set_block
-#define net_set_nonblock mbedtls_net_set_nonblock
-#define net_usleep mbedtls_net_usleep
-#define oid_descriptor_t mbedtls_oid_descriptor_t
-#define oid_get_attr_short_name mbedtls_oid_get_attr_short_name
-#define oid_get_cipher_alg mbedtls_oid_get_cipher_alg
-#define oid_get_ec_grp mbedtls_oid_get_ec_grp
-#define oid_get_extended_key_usage mbedtls_oid_get_extended_key_usage
-#define oid_get_md_alg mbedtls_oid_get_md_alg
-#define oid_get_numeric_string mbedtls_oid_get_numeric_string
-#define oid_get_oid_by_ec_grp mbedtls_oid_get_oid_by_ec_grp
-#define oid_get_oid_by_md mbedtls_oid_get_oid_by_md
-#define oid_get_oid_by_pk_alg mbedtls_oid_get_oid_by_pk_alg
-#define oid_get_oid_by_sig_alg mbedtls_oid_get_oid_by_sig_alg
-#define oid_get_pk_alg mbedtls_oid_get_pk_alg
-#define oid_get_pkcs12_pbe_alg mbedtls_oid_get_pkcs12_pbe_alg
-#define oid_get_sig_alg mbedtls_oid_get_sig_alg
-#define oid_get_sig_alg_desc mbedtls_oid_get_sig_alg_desc
-#define oid_get_x509_ext_type mbedtls_oid_get_x509_ext_type
-#define operation_t mbedtls_operation_t
-#define padlock_supports mbedtls_padlock_has_support
-#define padlock_xcryptcbc mbedtls_padlock_xcryptcbc
-#define padlock_xcryptecb mbedtls_padlock_xcryptecb
-#define pem_context mbedtls_pem_context
-#define pem_free mbedtls_pem_free
-#define pem_init mbedtls_pem_init
-#define pem_read_buffer mbedtls_pem_read_buffer
-#define pem_write_buffer mbedtls_pem_write_buffer
-#define pk_can_do mbedtls_pk_can_do
-#define pk_check_pair mbedtls_pk_check_pair
-#define pk_context mbedtls_pk_context
-#define pk_debug mbedtls_pk_debug
-#define pk_debug_item mbedtls_pk_debug_item
-#define pk_debug_type mbedtls_pk_debug_type
-#define pk_decrypt mbedtls_pk_decrypt
-#define pk_ec mbedtls_pk_ec
-#define pk_encrypt mbedtls_pk_encrypt
-#define pk_free mbedtls_pk_free
-#define pk_get_len mbedtls_pk_get_len
-#define pk_get_name mbedtls_pk_get_name
-#define pk_get_size mbedtls_pk_get_bitlen
-#define pk_get_type mbedtls_pk_get_type
-#define pk_info_from_type mbedtls_pk_info_from_type
-#define pk_info_t mbedtls_pk_info_t
-#define pk_init mbedtls_pk_init
-#define pk_init_ctx mbedtls_pk_setup
-#define pk_init_ctx_rsa_alt mbedtls_pk_setup_rsa_alt
-#define pk_load_file mbedtls_pk_load_file
-#define pk_parse_key mbedtls_pk_parse_key
-#define pk_parse_keyfile mbedtls_pk_parse_keyfile
-#define pk_parse_public_key mbedtls_pk_parse_public_key
-#define pk_parse_public_keyfile mbedtls_pk_parse_public_keyfile
-#define pk_parse_subpubkey mbedtls_pk_parse_subpubkey
-#define pk_rsa mbedtls_pk_rsa
-#define pk_rsa_alt_decrypt_func mbedtls_pk_rsa_alt_decrypt_func
-#define pk_rsa_alt_key_len_func mbedtls_pk_rsa_alt_key_len_func
-#define pk_rsa_alt_sign_func mbedtls_pk_rsa_alt_sign_func
-#define pk_rsassa_pss_options mbedtls_pk_rsassa_pss_options
-#define pk_sign mbedtls_pk_sign
-#define pk_type_t mbedtls_pk_type_t
-#define pk_verify mbedtls_pk_verify
-#define pk_verify_ext mbedtls_pk_verify_ext
-#define pk_write_key_der mbedtls_pk_write_key_der
-#define pk_write_key_pem mbedtls_pk_write_key_pem
-#define pk_write_pubkey mbedtls_pk_write_pubkey
-#define pk_write_pubkey_der mbedtls_pk_write_pubkey_der
-#define pk_write_pubkey_pem mbedtls_pk_write_pubkey_pem
-#define pkcs11_context mbedtls_pkcs11_context
-#define pkcs11_decrypt mbedtls_pkcs11_decrypt
-#define pkcs11_priv_key_free mbedtls_pkcs11_priv_key_free
-#define pkcs11_priv_key_init mbedtls_pkcs11_priv_key_bind
-#define pkcs11_sign mbedtls_pkcs11_sign
-#define pkcs11_x509_cert_init mbedtls_pkcs11_x509_cert_bind
-#define pkcs12_derivation mbedtls_pkcs12_derivation
-#define pkcs12_pbe mbedtls_pkcs12_pbe
-#define pkcs12_pbe_sha1_rc4_128 mbedtls_pkcs12_pbe_sha1_rc4_128
-#define pkcs5_pbes2 mbedtls_pkcs5_pbes2
-#define pkcs5_pbkdf2_hmac mbedtls_pkcs5_pbkdf2_hmac
-#define pkcs5_self_test mbedtls_pkcs5_self_test
-#define platform_entropy_poll mbedtls_platform_entropy_poll
-#define platform_set_exit mbedtls_platform_set_exit
-#define platform_set_fprintf mbedtls_platform_set_fprintf
-#define platform_set_printf mbedtls_platform_set_printf
-#define platform_set_snprintf mbedtls_platform_set_snprintf
-#define polarssl_exit mbedtls_exit
-#define polarssl_fprintf mbedtls_fprintf
-#define polarssl_free mbedtls_free
-#define polarssl_mutex_free mbedtls_mutex_free
-#define polarssl_mutex_init mbedtls_mutex_init
-#define polarssl_mutex_lock mbedtls_mutex_lock
-#define polarssl_mutex_unlock mbedtls_mutex_unlock
-#define polarssl_printf mbedtls_printf
-#define polarssl_snprintf mbedtls_snprintf
-#define polarssl_strerror mbedtls_strerror
-#define ripemd160 mbedtls_ripemd160
-#define ripemd160_context mbedtls_ripemd160_context
-#define ripemd160_finish mbedtls_ripemd160_finish
-#define ripemd160_free mbedtls_ripemd160_free
-#define ripemd160_info mbedtls_ripemd160_info
-#define ripemd160_init mbedtls_ripemd160_init
-#define ripemd160_process mbedtls_ripemd160_process
-#define ripemd160_self_test mbedtls_ripemd160_self_test
-#define ripemd160_starts mbedtls_ripemd160_starts
-#define ripemd160_update mbedtls_ripemd160_update
-#define rsa_alt_context mbedtls_rsa_alt_context
-#define rsa_alt_info mbedtls_rsa_alt_info
-#define rsa_check_privkey mbedtls_rsa_check_privkey
-#define rsa_check_pub_priv mbedtls_rsa_check_pub_priv
-#define rsa_check_pubkey mbedtls_rsa_check_pubkey
-#define rsa_context mbedtls_rsa_context
-#define rsa_copy mbedtls_rsa_copy
-#define rsa_free mbedtls_rsa_free
-#define rsa_gen_key mbedtls_rsa_gen_key
-#define rsa_info mbedtls_rsa_info
-#define rsa_init mbedtls_rsa_init
-#define rsa_pkcs1_decrypt mbedtls_rsa_pkcs1_decrypt
-#define rsa_pkcs1_encrypt mbedtls_rsa_pkcs1_encrypt
-#define rsa_pkcs1_sign mbedtls_rsa_pkcs1_sign
-#define rsa_pkcs1_verify mbedtls_rsa_pkcs1_verify
-#define rsa_private mbedtls_rsa_private
-#define rsa_public mbedtls_rsa_public
-#define rsa_rsaes_oaep_decrypt mbedtls_rsa_rsaes_oaep_decrypt
-#define rsa_rsaes_oaep_encrypt mbedtls_rsa_rsaes_oaep_encrypt
-#define rsa_rsaes_pkcs1_v15_decrypt mbedtls_rsa_rsaes_pkcs1_v15_decrypt
-#define rsa_rsaes_pkcs1_v15_encrypt mbedtls_rsa_rsaes_pkcs1_v15_encrypt
-#define rsa_rsassa_pkcs1_v15_sign mbedtls_rsa_rsassa_pkcs1_v15_sign
-#define rsa_rsassa_pkcs1_v15_verify mbedtls_rsa_rsassa_pkcs1_v15_verify
-#define rsa_rsassa_pss_sign mbedtls_rsa_rsassa_pss_sign
-#define rsa_rsassa_pss_verify mbedtls_rsa_rsassa_pss_verify
-#define rsa_rsassa_pss_verify_ext mbedtls_rsa_rsassa_pss_verify_ext
-#define rsa_self_test mbedtls_rsa_self_test
-#define rsa_set_padding mbedtls_rsa_set_padding
-#define safer_memcmp mbedtls_ssl_safer_memcmp
-#define set_alarm mbedtls_set_alarm
-#define sha1 mbedtls_sha1
-#define sha1_context mbedtls_sha1_context
-#define sha1_finish mbedtls_sha1_finish
-#define sha1_free mbedtls_sha1_free
-#define sha1_info mbedtls_sha1_info
-#define sha1_init mbedtls_sha1_init
-#define sha1_process mbedtls_sha1_process
-#define sha1_self_test mbedtls_sha1_self_test
-#define sha1_starts mbedtls_sha1_starts
-#define sha1_update mbedtls_sha1_update
-#define sha224_info mbedtls_sha224_info
-#define sha256 mbedtls_sha256
-#define sha256_context mbedtls_sha256_context
-#define sha256_finish mbedtls_sha256_finish
-#define sha256_free mbedtls_sha256_free
-#define sha256_info mbedtls_sha256_info
-#define sha256_init mbedtls_sha256_init
-#define sha256_process mbedtls_sha256_process
-#define sha256_self_test mbedtls_sha256_self_test
-#define sha256_starts mbedtls_sha256_starts
-#define sha256_update mbedtls_sha256_update
-#define sha384_info mbedtls_sha384_info
-#define sha512 mbedtls_sha512
-#define sha512_context mbedtls_sha512_context
-#define sha512_finish mbedtls_sha512_finish
-#define sha512_free mbedtls_sha512_free
-#define sha512_info mbedtls_sha512_info
-#define sha512_init mbedtls_sha512_init
-#define sha512_process mbedtls_sha512_process
-#define sha512_self_test mbedtls_sha512_self_test
-#define sha512_starts mbedtls_sha512_starts
-#define sha512_update mbedtls_sha512_update
-#define source_state mbedtls_entropy_source_state
-#define ssl_cache_context mbedtls_ssl_cache_context
-#define ssl_cache_entry mbedtls_ssl_cache_entry
-#define ssl_cache_free mbedtls_ssl_cache_free
-#define ssl_cache_get mbedtls_ssl_cache_get
-#define ssl_cache_init mbedtls_ssl_cache_init
-#define ssl_cache_set mbedtls_ssl_cache_set
-#define ssl_cache_set_max_entries mbedtls_ssl_cache_set_max_entries
-#define ssl_cache_set_timeout mbedtls_ssl_cache_set_timeout
-#define ssl_check_cert_usage mbedtls_ssl_check_cert_usage
-#define ssl_ciphersuite_from_id mbedtls_ssl_ciphersuite_from_id
-#define ssl_ciphersuite_from_string mbedtls_ssl_ciphersuite_from_string
-#define ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t
-#define ssl_ciphersuite_uses_ec mbedtls_ssl_ciphersuite_uses_ec
-#define ssl_ciphersuite_uses_psk mbedtls_ssl_ciphersuite_uses_psk
-#define ssl_close_notify mbedtls_ssl_close_notify
-#define ssl_context mbedtls_ssl_context
-#define ssl_cookie_check mbedtls_ssl_cookie_check
-#define ssl_cookie_check_t mbedtls_ssl_cookie_check_t
-#define ssl_cookie_ctx mbedtls_ssl_cookie_ctx
-#define ssl_cookie_free mbedtls_ssl_cookie_free
-#define ssl_cookie_init mbedtls_ssl_cookie_init
-#define ssl_cookie_set_timeout mbedtls_ssl_cookie_set_timeout
-#define ssl_cookie_setup mbedtls_ssl_cookie_setup
-#define ssl_cookie_write mbedtls_ssl_cookie_write
-#define ssl_cookie_write_t mbedtls_ssl_cookie_write_t
-#define ssl_derive_keys mbedtls_ssl_derive_keys
-#define ssl_dtls_replay_check mbedtls_ssl_dtls_replay_check
-#define ssl_dtls_replay_update mbedtls_ssl_dtls_replay_update
-#define ssl_fetch_input mbedtls_ssl_fetch_input
-#define ssl_flight_item mbedtls_ssl_flight_item
-#define ssl_flush_output mbedtls_ssl_flush_output
-#define ssl_free mbedtls_ssl_free
-#define ssl_get_alpn_protocol mbedtls_ssl_get_alpn_protocol
-#define ssl_get_bytes_avail mbedtls_ssl_get_bytes_avail
-#define ssl_get_ciphersuite mbedtls_ssl_get_ciphersuite
-#define ssl_get_ciphersuite_id mbedtls_ssl_get_ciphersuite_id
-#define ssl_get_ciphersuite_name mbedtls_ssl_get_ciphersuite_name
-#define ssl_get_ciphersuite_sig_pk_alg mbedtls_ssl_get_ciphersuite_sig_pk_alg
-#define ssl_get_peer_cert mbedtls_ssl_get_peer_cert
-#define ssl_get_record_expansion mbedtls_ssl_get_record_expansion
-#define ssl_get_session mbedtls_ssl_get_session
-#define ssl_get_verify_result mbedtls_ssl_get_verify_result
-#define ssl_get_version mbedtls_ssl_get_version
-#define ssl_handshake mbedtls_ssl_handshake
-#define ssl_handshake_client_step mbedtls_ssl_handshake_client_step
-#define ssl_handshake_free mbedtls_ssl_handshake_free
-#define ssl_handshake_params mbedtls_ssl_handshake_params
-#define ssl_handshake_server_step mbedtls_ssl_handshake_server_step
-#define ssl_handshake_step mbedtls_ssl_handshake_step
-#define ssl_handshake_wrapup mbedtls_ssl_handshake_wrapup
-#define ssl_hdr_len mbedtls_ssl_hdr_len
-#define ssl_hs_hdr_len mbedtls_ssl_hs_hdr_len
-#define ssl_hw_record_activate mbedtls_ssl_hw_record_activate
-#define ssl_hw_record_finish mbedtls_ssl_hw_record_finish
-#define ssl_hw_record_init mbedtls_ssl_hw_record_init
-#define ssl_hw_record_read mbedtls_ssl_hw_record_read
-#define ssl_hw_record_reset mbedtls_ssl_hw_record_reset
-#define ssl_hw_record_write mbedtls_ssl_hw_record_write
-#define ssl_init mbedtls_ssl_init
-#define ssl_key_cert mbedtls_ssl_key_cert
-#define ssl_legacy_renegotiation mbedtls_ssl_conf_legacy_renegotiation
-#define ssl_list_ciphersuites mbedtls_ssl_list_ciphersuites
-#define ssl_md_alg_from_hash mbedtls_ssl_md_alg_from_hash
-#define ssl_optimize_checksum mbedtls_ssl_optimize_checksum
-#define ssl_own_cert mbedtls_ssl_own_cert
-#define ssl_own_key mbedtls_ssl_own_key
-#define ssl_parse_certificate mbedtls_ssl_parse_certificate
-#define ssl_parse_change_cipher_spec mbedtls_ssl_parse_change_cipher_spec
-#define ssl_parse_finished mbedtls_ssl_parse_finished
-#define ssl_pk_alg_from_sig mbedtls_ssl_pk_alg_from_sig
-#define ssl_pkcs11_decrypt mbedtls_ssl_pkcs11_decrypt
-#define ssl_pkcs11_key_len mbedtls_ssl_pkcs11_key_len
-#define ssl_pkcs11_sign mbedtls_ssl_pkcs11_sign
-#define ssl_psk_derive_premaster mbedtls_ssl_psk_derive_premaster
-#define ssl_read mbedtls_ssl_read
-#define ssl_read_record mbedtls_ssl_read_record
-#define ssl_read_version mbedtls_ssl_read_version
-#define ssl_recv_flight_completed mbedtls_ssl_recv_flight_completed
-#define ssl_renegotiate mbedtls_ssl_renegotiate
-#define ssl_resend mbedtls_ssl_resend
-#define ssl_reset_checksum mbedtls_ssl_reset_checksum
-#define ssl_send_alert_message mbedtls_ssl_send_alert_message
-#define ssl_send_fatal_handshake_failure mbedtls_ssl_send_fatal_handshake_failure
-#define ssl_send_flight_completed mbedtls_ssl_send_flight_completed
-#define ssl_session mbedtls_ssl_session
-#define ssl_session_free mbedtls_ssl_session_free
-#define ssl_session_init mbedtls_ssl_session_init
-#define ssl_session_reset mbedtls_ssl_session_reset
-#define ssl_set_alpn_protocols mbedtls_ssl_conf_alpn_protocols
-#define ssl_set_arc4_support mbedtls_ssl_conf_arc4_support
-#define ssl_set_authmode mbedtls_ssl_conf_authmode
-#define ssl_set_bio mbedtls_ssl_set_bio
-#define ssl_set_ca_chain mbedtls_ssl_conf_ca_chain
-#define ssl_set_cbc_record_splitting mbedtls_ssl_conf_cbc_record_splitting
-#define ssl_set_ciphersuites mbedtls_ssl_conf_ciphersuites
-#define ssl_set_ciphersuites_for_version mbedtls_ssl_conf_ciphersuites_for_version
-#define ssl_set_client_transport_id mbedtls_ssl_set_client_transport_id
-#define ssl_set_curves mbedtls_ssl_conf_curves
-#define ssl_set_dbg mbedtls_ssl_conf_dbg
-#define ssl_set_dh_param mbedtls_ssl_conf_dh_param
-#define ssl_set_dh_param_ctx mbedtls_ssl_conf_dh_param_ctx
-#define ssl_set_dtls_anti_replay mbedtls_ssl_conf_dtls_anti_replay
-#define ssl_set_dtls_badmac_limit mbedtls_ssl_conf_dtls_badmac_limit
-#define ssl_set_dtls_cookies mbedtls_ssl_conf_dtls_cookies
-#define ssl_set_encrypt_then_mac mbedtls_ssl_conf_encrypt_then_mac
-#define ssl_set_endpoint mbedtls_ssl_conf_endpoint
-#define ssl_set_extended_master_secret mbedtls_ssl_conf_extended_master_secret
-#define ssl_set_fallback mbedtls_ssl_conf_fallback
-#define ssl_set_handshake_timeout mbedtls_ssl_conf_handshake_timeout
-#define ssl_set_hostname mbedtls_ssl_set_hostname
-#define ssl_set_max_frag_len mbedtls_ssl_conf_max_frag_len
-#define ssl_set_max_version mbedtls_ssl_conf_max_version
-#define ssl_set_min_version mbedtls_ssl_conf_min_version
-#define ssl_set_own_cert mbedtls_ssl_conf_own_cert
-#define ssl_set_psk mbedtls_ssl_conf_psk
-#define ssl_set_psk_cb mbedtls_ssl_conf_psk_cb
-#define ssl_set_renegotiation mbedtls_ssl_conf_renegotiation
-#define ssl_set_renegotiation_enforced mbedtls_ssl_conf_renegotiation_enforced
-#define ssl_set_renegotiation_period mbedtls_ssl_conf_renegotiation_period
-#define ssl_set_rng mbedtls_ssl_conf_rng
-#define ssl_set_session mbedtls_ssl_set_session
-#define ssl_set_session_cache mbedtls_ssl_conf_session_cache
-#define ssl_set_session_tickets mbedtls_ssl_conf_session_tickets
-#define ssl_set_sni mbedtls_ssl_conf_sni
-#define ssl_set_transport mbedtls_ssl_conf_transport
-#define ssl_set_truncated_hmac mbedtls_ssl_conf_truncated_hmac
-#define ssl_set_verify mbedtls_ssl_conf_verify
-#define ssl_sig_from_pk mbedtls_ssl_sig_from_pk
-#define ssl_states mbedtls_ssl_states
-#define ssl_transform mbedtls_ssl_transform
-#define ssl_transform_free mbedtls_ssl_transform_free
-#define ssl_write mbedtls_ssl_write
-#define ssl_write_certificate mbedtls_ssl_write_certificate
-#define ssl_write_change_cipher_spec mbedtls_ssl_write_change_cipher_spec
-#define ssl_write_finished mbedtls_ssl_write_finished
-#define ssl_write_record mbedtls_ssl_write_record
-#define ssl_write_version mbedtls_ssl_write_version
-#define supported_ciphers mbedtls_cipher_supported
-#define t_sint mbedtls_mpi_sint
-#define t_udbl mbedtls_t_udbl
-#define t_uint mbedtls_mpi_uint
-#define test_ca_crt mbedtls_test_ca_crt
-#define test_ca_crt_ec mbedtls_test_ca_crt_ec
-#define test_ca_crt_rsa mbedtls_test_ca_crt_rsa
-#define test_ca_key mbedtls_test_ca_key
-#define test_ca_key_ec mbedtls_test_ca_key_ec
-#define test_ca_key_rsa mbedtls_test_ca_key_rsa
-#define test_ca_list mbedtls_test_cas_pem
-#define test_ca_pwd mbedtls_test_ca_pwd
-#define test_ca_pwd_ec mbedtls_test_ca_pwd_ec
-#define test_ca_pwd_rsa mbedtls_test_ca_pwd_rsa
-#define test_cli_crt mbedtls_test_cli_crt
-#define test_cli_crt_ec mbedtls_test_cli_crt_ec
-#define test_cli_crt_rsa mbedtls_test_cli_crt_rsa
-#define test_cli_key mbedtls_test_cli_key
-#define test_cli_key_ec mbedtls_test_cli_key_ec
-#define test_cli_key_rsa mbedtls_test_cli_key_rsa
-#define test_srv_crt mbedtls_test_srv_crt
-#define test_srv_crt_ec mbedtls_test_srv_crt_ec
-#define test_srv_crt_rsa mbedtls_test_srv_crt_rsa
-#define test_srv_key mbedtls_test_srv_key
-#define test_srv_key_ec mbedtls_test_srv_key_ec
-#define test_srv_key_rsa mbedtls_test_srv_key_rsa
-#define threading_mutex_t mbedtls_threading_mutex_t
-#define threading_set_alt mbedtls_threading_set_alt
-#define timing_self_test mbedtls_timing_self_test
-#define version_check_feature mbedtls_version_check_feature
-#define version_get_number mbedtls_version_get_number
-#define version_get_string mbedtls_version_get_string
-#define version_get_string_full mbedtls_version_get_string_full
-#define x509_bitstring mbedtls_x509_bitstring
-#define x509_buf mbedtls_x509_buf
-#define x509_crl mbedtls_x509_crl
-#define x509_crl_entry mbedtls_x509_crl_entry
-#define x509_crl_free mbedtls_x509_crl_free
-#define x509_crl_info mbedtls_x509_crl_info
-#define x509_crl_init mbedtls_x509_crl_init
-#define x509_crl_parse mbedtls_x509_crl_parse
-#define x509_crl_parse_der mbedtls_x509_crl_parse_der
-#define x509_crl_parse_file mbedtls_x509_crl_parse_file
-#define x509_crt mbedtls_x509_crt
-#define x509_crt_check_extended_key_usage mbedtls_x509_crt_check_extended_key_usage
-#define x509_crt_check_key_usage mbedtls_x509_crt_check_key_usage
-#define x509_crt_free mbedtls_x509_crt_free
-#define x509_crt_info mbedtls_x509_crt_info
-#define x509_crt_init mbedtls_x509_crt_init
-#define x509_crt_parse mbedtls_x509_crt_parse
-#define x509_crt_parse_der mbedtls_x509_crt_parse_der
-#define x509_crt_parse_file mbedtls_x509_crt_parse_file
-#define x509_crt_parse_path mbedtls_x509_crt_parse_path
-#define x509_crt_revoked mbedtls_x509_crt_is_revoked
-#define x509_crt_verify mbedtls_x509_crt_verify
-#define x509_csr mbedtls_x509_csr
-#define x509_csr_free mbedtls_x509_csr_free
-#define x509_csr_info mbedtls_x509_csr_info
-#define x509_csr_init mbedtls_x509_csr_init
-#define x509_csr_parse mbedtls_x509_csr_parse
-#define x509_csr_parse_der mbedtls_x509_csr_parse_der
-#define x509_csr_parse_file mbedtls_x509_csr_parse_file
-#define x509_dn_gets mbedtls_x509_dn_gets
-#define x509_get_alg mbedtls_x509_get_alg
-#define x509_get_alg_null mbedtls_x509_get_alg_null
-#define x509_get_ext mbedtls_x509_get_ext
-#define x509_get_name mbedtls_x509_get_name
-#define x509_get_rsassa_pss_params mbedtls_x509_get_rsassa_pss_params
-#define x509_get_serial mbedtls_x509_get_serial
-#define x509_get_sig mbedtls_x509_get_sig
-#define x509_get_sig_alg mbedtls_x509_get_sig_alg
-#define x509_get_time mbedtls_x509_get_time
-#define x509_key_size_helper mbedtls_x509_key_size_helper
-#define x509_name mbedtls_x509_name
-#define x509_self_test mbedtls_x509_self_test
-#define x509_sequence mbedtls_x509_sequence
-#define x509_serial_gets mbedtls_x509_serial_gets
-#define x509_set_extension mbedtls_x509_set_extension
-#define x509_sig_alg_gets mbedtls_x509_sig_alg_gets
-#define x509_string_to_names mbedtls_x509_string_to_names
-#define x509_time mbedtls_x509_time
-#define x509_time_expired mbedtls_x509_time_is_past
-#define x509_time_future mbedtls_x509_time_is_future
-#define x509_write_extensions mbedtls_x509_write_extensions
-#define x509_write_names mbedtls_x509_write_names
-#define x509_write_sig mbedtls_x509_write_sig
-#define x509write_cert mbedtls_x509write_cert
-#define x509write_crt_der mbedtls_x509write_crt_der
-#define x509write_crt_free mbedtls_x509write_crt_free
-#define x509write_crt_init mbedtls_x509write_crt_init
-#define x509write_crt_pem mbedtls_x509write_crt_pem
-#define x509write_crt_set_authority_key_identifier mbedtls_x509write_crt_set_authority_key_identifier
-#define x509write_crt_set_basic_constraints mbedtls_x509write_crt_set_basic_constraints
-#define x509write_crt_set_extension mbedtls_x509write_crt_set_extension
-#define x509write_crt_set_issuer_key mbedtls_x509write_crt_set_issuer_key
-#define x509write_crt_set_issuer_name mbedtls_x509write_crt_set_issuer_name
-#define x509write_crt_set_key_usage mbedtls_x509write_crt_set_key_usage
-#define x509write_crt_set_md_alg mbedtls_x509write_crt_set_md_alg
-#define x509write_crt_set_ns_cert_type mbedtls_x509write_crt_set_ns_cert_type
-#define x509write_crt_set_serial mbedtls_x509write_crt_set_serial
-#define x509write_crt_set_subject_key mbedtls_x509write_crt_set_subject_key
-#define x509write_crt_set_subject_key_identifier mbedtls_x509write_crt_set_subject_key_identifier
-#define x509write_crt_set_subject_name mbedtls_x509write_crt_set_subject_name
-#define x509write_crt_set_validity mbedtls_x509write_crt_set_validity
-#define x509write_crt_set_version mbedtls_x509write_crt_set_version
-#define x509write_csr mbedtls_x509write_csr
-#define x509write_csr_der mbedtls_x509write_csr_der
-#define x509write_csr_free mbedtls_x509write_csr_free
-#define x509write_csr_init mbedtls_x509write_csr_init
-#define x509write_csr_pem mbedtls_x509write_csr_pem
-#define x509write_csr_set_extension mbedtls_x509write_csr_set_extension
-#define x509write_csr_set_key mbedtls_x509write_csr_set_key
-#define x509write_csr_set_key_usage mbedtls_x509write_csr_set_key_usage
-#define x509write_csr_set_md_alg mbedtls_x509write_csr_set_md_alg
-#define x509write_csr_set_ns_cert_type mbedtls_x509write_csr_set_ns_cert_type
-#define x509write_csr_set_subject_name mbedtls_x509write_csr_set_subject_name
-#define xtea_context mbedtls_xtea_context
-#define xtea_crypt_cbc mbedtls_xtea_crypt_cbc
-#define xtea_crypt_ecb mbedtls_xtea_crypt_ecb
-#define xtea_free mbedtls_xtea_free
-#define xtea_init mbedtls_xtea_init
-#define xtea_self_test mbedtls_xtea_self_test
-#define xtea_setup mbedtls_xtea_setup
-
-#endif /* compat-1.3.h */
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
diff --git a/Sources/mbedtls/include/mbedtls/config.h b/Sources/mbedtls/include/mbedtls/config.h
deleted file mode 100644
index 61db793..0000000
--- a/Sources/mbedtls/include/mbedtls/config.h
+++ /dev/null
@@ -1,4130 +0,0 @@
-/**
- * \file config.h
- *
- * \brief Configuration options (set of defines)
- *
- *  This set of compile-time options may be used to enable
- *  or disable features selectively, and reduce the global
- *  memory footprint.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
-
-#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
-#define _CRT_SECURE_NO_DEPRECATE 1
-#endif
-
-/**
- * \name SECTION: System support
- *
- * This section sets system specific settings.
- * \{
- */
-
-/**
- * \def MBEDTLS_HAVE_ASM
- *
- * The compiler has support for asm().
- *
- * Requires support for asm() in compiler.
- *
- * Used in:
- *      library/aria.c
- *      library/timing.c
- *      include/mbedtls/bn_mul.h
- *
- * Required by:
- *      MBEDTLS_AESNI_C
- *      MBEDTLS_PADLOCK_C
- *
- * Comment to disable the use of assembly code.
- */
-#define MBEDTLS_HAVE_ASM
-
-/**
- * \def MBEDTLS_NO_UDBL_DIVISION
- *
- * The platform lacks support for double-width integer division (64-bit
- * division on a 32-bit platform, 128-bit division on a 64-bit platform).
- *
- * Used in:
- *      include/mbedtls/bignum.h
- *      library/bignum.c
- *
- * The bignum code uses double-width division to speed up some operations.
- * Double-width division is often implemented in software that needs to
- * be linked with the program. The presence of a double-width integer
- * type is usually detected automatically through preprocessor macros,
- * but the automatic detection cannot know whether the code needs to
- * and can be linked with an implementation of division for that type.
- * By default division is assumed to be usable if the type is present.
- * Uncomment this option to prevent the use of double-width division.
- *
- * Note that division for the native integer type is always required.
- * Furthermore, a 64-bit type is always required even on a 32-bit
- * platform, but it need not support multiplication or division. In some
- * cases it is also desirable to disable some double-width operations. For
- * example, if double-width division is implemented in software, disabling
- * it can reduce code size in some embedded targets.
- */
-//#define MBEDTLS_NO_UDBL_DIVISION
-
-/**
- * \def MBEDTLS_NO_64BIT_MULTIPLICATION
- *
- * The platform lacks support for 32x32 -> 64-bit multiplication.
- *
- * Used in:
- *      library/poly1305.c
- *
- * Some parts of the library may use multiplication of two unsigned 32-bit
- * operands with a 64-bit result in order to speed up computations. On some
- * platforms, this is not available in hardware and has to be implemented in
- * software, usually in a library provided by the toolchain.
- *
- * Sometimes it is not desirable to have to link to that library. This option
- * removes the dependency of that library on platforms that lack a hardware
- * 64-bit multiplier by embedding a software implementation in Mbed TLS.
- *
- * Note that depending on the compiler, this may decrease performance compared
- * to using the library function provided by the toolchain.
- */
-//#define MBEDTLS_NO_64BIT_MULTIPLICATION
-
-/**
- * \def MBEDTLS_HAVE_SSE2
- *
- * CPU supports SSE2 instruction set.
- *
- * Uncomment if the CPU supports SSE2 (IA-32 specific).
- */
-//#define MBEDTLS_HAVE_SSE2
-
-/**
- * \def MBEDTLS_HAVE_TIME
- *
- * System has time.h and time().
- * The time does not need to be correct, only time differences are used,
- * by contrast with MBEDTLS_HAVE_TIME_DATE
- *
- * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
- * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
- * MBEDTLS_PLATFORM_STD_TIME.
- *
- * Comment if your system does not support time functions.
- *
- * \note If MBEDTLS_TIMING_C is set - to enable the semi-portable timing
- *       interface - timing.c will include time.h on suitable platforms
- *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
- *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
- */
-#define MBEDTLS_HAVE_TIME
-
-/**
- * \def MBEDTLS_HAVE_TIME_DATE
- *
- * System has time.h, time(), and an implementation for
- * mbedtls_platform_gmtime_r() (see below).
- * The time needs to be correct (not necessarily very accurate, but at least
- * the date should be correct). This is used to verify the validity period of
- * X.509 certificates.
- *
- * Comment if your system does not have a correct clock.
- *
- * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
- * behaves similarly to the gmtime_r() function from the C standard. Refer to
- * the documentation for mbedtls_platform_gmtime_r() for more information.
- *
- * \note It is possible to configure an implementation for
- * mbedtls_platform_gmtime_r() at compile-time by using the macro
- * MBEDTLS_PLATFORM_GMTIME_R_ALT.
- */
-#define MBEDTLS_HAVE_TIME_DATE
-
-/**
- * \def MBEDTLS_PLATFORM_MEMORY
- *
- * Enable the memory allocation layer.
- *
- * By default mbed TLS uses the system-provided calloc() and free().
- * This allows different allocators (self-implemented or provided) to be
- * provided to the platform abstraction layer.
- *
- * Enabling MBEDTLS_PLATFORM_MEMORY without the
- * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
- * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
- * free() function pointer at runtime.
- *
- * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
- * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
- * alternate function at compile time.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Enable this layer to allow use of alternative memory allocators.
- */
-//#define MBEDTLS_PLATFORM_MEMORY
-
-/**
- * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
- *
- * Do not assign standard functions in the platform layer (e.g. calloc() to
- * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
- *
- * This makes sure there are no linking errors on platforms that do not support
- * these functions. You will HAVE to provide alternatives, either at runtime
- * via the platform_set_xxx() functions or at compile time by setting
- * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
- * MBEDTLS_PLATFORM_XXX_MACRO.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Uncomment to prevent default assignment of standard functions in the
- * platform layer.
- */
-//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-
-/**
- * \def MBEDTLS_PLATFORM_EXIT_ALT
- *
- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
- * function in the platform abstraction layer.
- *
- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
- * provide a function "mbedtls_platform_set_printf()" that allows you to set an
- * alternative printf function pointer.
- *
- * All these define require MBEDTLS_PLATFORM_C to be defined!
- *
- * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
- * it will be enabled automatically by check_config.h
- *
- * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
- * MBEDTLS_PLATFORM_XXX_MACRO!
- *
- * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
- *
- * Uncomment a macro to enable alternate implementation of specific base
- * platform function
- */
-//#define MBEDTLS_PLATFORM_EXIT_ALT
-//#define MBEDTLS_PLATFORM_TIME_ALT
-//#define MBEDTLS_PLATFORM_FPRINTF_ALT
-//#define MBEDTLS_PLATFORM_PRINTF_ALT
-//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
-//#define MBEDTLS_PLATFORM_NV_SEED_ALT
-//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
-
-/**
- * \def MBEDTLS_DEPRECATED_WARNING
- *
- * Mark deprecated functions and features so that they generate a warning if
- * used. Functionality deprecated in one version will usually be removed in the
- * next version. You can enable this to help you prepare the transition to a
- * new major version by making sure your code is not using this functionality.
- *
- * This only works with GCC and Clang. With other compilers, you may want to
- * use MBEDTLS_DEPRECATED_REMOVED
- *
- * Uncomment to get warnings on using deprecated functions and features.
- */
-//#define MBEDTLS_DEPRECATED_WARNING
-
-/**
- * \def MBEDTLS_DEPRECATED_REMOVED
- *
- * Remove deprecated functions and features so that they generate an error if
- * used. Functionality deprecated in one version will usually be removed in the
- * next version. You can enable this to help you prepare the transition to a
- * new major version by making sure your code is not using this functionality.
- *
- * Uncomment to get errors on using deprecated functions and features.
- */
-//#define MBEDTLS_DEPRECATED_REMOVED
-
-/**
- * \def MBEDTLS_CHECK_PARAMS
- *
- * This configuration option controls whether the library validates more of
- * the parameters passed to it.
- *
- * When this flag is not defined, the library only attempts to validate an
- * input parameter if: (1) they may come from the outside world (such as the
- * network, the filesystem, etc.) or (2) not validating them could result in
- * internal memory errors such as overflowing a buffer controlled by the
- * library. On the other hand, it doesn't attempt to validate parameters whose
- * values are fully controlled by the application (such as pointers).
- *
- * When this flag is defined, the library additionally attempts to validate
- * parameters that are fully controlled by the application, and should always
- * be valid if the application code is fully correct and trusted.
- *
- * For example, when a function accepts as input a pointer to a buffer that may
- * contain untrusted data, and its documentation mentions that this pointer
- * must not be NULL:
- * - The pointer is checked to be non-NULL only if this option is enabled.
- * - The content of the buffer is always validated.
- *
- * When this flag is defined, if a library function receives a parameter that
- * is invalid:
- * 1. The function will invoke the macro MBEDTLS_PARAM_FAILED().
- * 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function
- *   will immediately return. If the function returns an Mbed TLS error code,
- *   the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
- *
- * When defining this flag, you also need to arrange a definition for
- * MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods:
- * - By default, the library defines MBEDTLS_PARAM_FAILED() to call a
- *   function mbedtls_param_failed(), but the library does not define this
- *   function. If you do not make any other arrangements, you must provide
- *   the function mbedtls_param_failed() in your application.
- *   See `platform_util.h` for its prototype.
- * - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the
- *   library defines MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`.
- *   You can still supply an alternative definition of
- *   MBEDTLS_PARAM_FAILED(), which may call `assert`.
- * - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h`
- *   or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`,
- *   the library will call the macro that you defined and will not supply
- *   its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`,
- *   you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source
- *   files include `<assert.h>`.
- *
- * Uncomment to enable validation of application-controlled parameters.
- */
-//#define MBEDTLS_CHECK_PARAMS
-
-/**
- * \def MBEDTLS_CHECK_PARAMS_ASSERT
- *
- * Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to
- * `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined.
- *
- * If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to
- * calling a function mbedtls_param_failed(). See the documentation of
- * #MBEDTLS_CHECK_PARAMS for details.
- *
- * Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`.
- */
-//#define MBEDTLS_CHECK_PARAMS_ASSERT
-
-/** \} name SECTION: System support */
-
-/**
- * \name SECTION: mbed TLS feature support
- *
- * This section sets support for features that are or are not needed
- * within the modules that are enabled.
- * \{
- */
-
-/**
- * \def MBEDTLS_TIMING_ALT
- *
- * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
- * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
- *
- * Only works if you have MBEDTLS_TIMING_C enabled.
- *
- * You will need to provide a header "timing_alt.h" and an implementation at
- * compile time.
- */
-//#define MBEDTLS_TIMING_ALT
-
-/**
- * \def MBEDTLS_AES_ALT
- *
- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternate core implementation of a symmetric crypto, an arithmetic or hash
- * module (e.g. platform specific assembly optimized implementations). Keep
- * in mind that the function prototypes should remain the same.
- *
- * This replaces the whole module. If you only want to replace one of the
- * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
- * provide the "struct mbedtls_aes_context" definition and omit the base
- * function declarations and implementations. "aes_alt.h" will be included from
- * "aes.h" to include the new function definitions.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * module.
- *
- * \warning   MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their
- *            use constitutes a security risk. If possible, we recommend
- *            avoiding dependencies on them, and considering stronger message
- *            digests and ciphers instead.
- *
- */
-//#define MBEDTLS_AES_ALT
-//#define MBEDTLS_ARC4_ALT
-//#define MBEDTLS_ARIA_ALT
-//#define MBEDTLS_BLOWFISH_ALT
-//#define MBEDTLS_CAMELLIA_ALT
-//#define MBEDTLS_CCM_ALT
-//#define MBEDTLS_CHACHA20_ALT
-//#define MBEDTLS_CHACHAPOLY_ALT
-//#define MBEDTLS_CMAC_ALT
-//#define MBEDTLS_DES_ALT
-//#define MBEDTLS_DHM_ALT
-//#define MBEDTLS_ECJPAKE_ALT
-//#define MBEDTLS_GCM_ALT
-//#define MBEDTLS_NIST_KW_ALT
-//#define MBEDTLS_MD2_ALT
-//#define MBEDTLS_MD4_ALT
-//#define MBEDTLS_MD5_ALT
-//#define MBEDTLS_POLY1305_ALT
-//#define MBEDTLS_RIPEMD160_ALT
-//#define MBEDTLS_RSA_ALT
-//#define MBEDTLS_SHA1_ALT
-//#define MBEDTLS_SHA256_ALT
-//#define MBEDTLS_SHA512_ALT
-//#define MBEDTLS_XTEA_ALT
-
-/*
- * When replacing the elliptic curve module, please consider, that it is
- * implemented with two .c files:
- *      - ecp.c
- *      - ecp_curves.c
- * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
- * macros as described above. The only difference is that you have to make sure
- * that you provide functionality for both .c files.
- */
-//#define MBEDTLS_ECP_ALT
-
-/**
- * \def MBEDTLS_MD2_PROCESS_ALT
- *
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
- * alternate core implementation of symmetric crypto or hash function. Keep in
- * mind that function prototypes should remain the same.
- *
- * This replaces only one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
- * no longer provide the mbedtls_sha1_process() function, but it will still provide
- * the other function (using your mbedtls_sha1_process() function) and the definition
- * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
- * with this definition.
- *
- * \note Because of a signature change, the core AES encryption and decryption routines are
- *       currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
- *       respectively. When setting up alternative implementations, these functions should
- *       be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
- *       must stay untouched.
- *
- * \note If you use the AES_xxx_ALT macros, then it is recommended to also set
- *       MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
- *       tables.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- *
- * \warning   MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
- *            constitutes a security risk. If possible, we recommend avoiding
- *            dependencies on them, and considering stronger message digests
- *            and ciphers instead.
- *
- * \warning   If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are
- *            enabled, then the deterministic ECDH signature functions pass the
- *            the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore
- *            alternative implementations should use the RNG only for generating
- *            the ephemeral key and nothing else. If this is not possible, then
- *            MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative
- *            implementation should be provided for mbedtls_ecdsa_sign_det_ext()
- *            (and for mbedtls_ecdsa_sign_det() too if backward compatibility is
- *            desirable).
- *
- */
-//#define MBEDTLS_MD2_PROCESS_ALT
-//#define MBEDTLS_MD4_PROCESS_ALT
-//#define MBEDTLS_MD5_PROCESS_ALT
-//#define MBEDTLS_RIPEMD160_PROCESS_ALT
-//#define MBEDTLS_SHA1_PROCESS_ALT
-//#define MBEDTLS_SHA256_PROCESS_ALT
-//#define MBEDTLS_SHA512_PROCESS_ALT
-//#define MBEDTLS_DES_SETKEY_ALT
-//#define MBEDTLS_DES_CRYPT_ECB_ALT
-//#define MBEDTLS_DES3_CRYPT_ECB_ALT
-//#define MBEDTLS_AES_SETKEY_ENC_ALT
-//#define MBEDTLS_AES_SETKEY_DEC_ALT
-//#define MBEDTLS_AES_ENCRYPT_ALT
-//#define MBEDTLS_AES_DECRYPT_ALT
-//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
-//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
-//#define MBEDTLS_ECDSA_VERIFY_ALT
-//#define MBEDTLS_ECDSA_SIGN_ALT
-//#define MBEDTLS_ECDSA_GENKEY_ALT
-
-/**
- * \def MBEDTLS_ECP_INTERNAL_ALT
- *
- * Expose a part of the internal interface of the Elliptic Curve Point module.
- *
- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternative core implementation of elliptic curve arithmetic. Keep in mind
- * that function prototypes should remain the same.
- *
- * This partially replaces one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
- * is still present and it is used for group structures not supported by the
- * alternative.
- *
- * The original implementation can in addition be removed by setting the
- * MBEDTLS_ECP_NO_FALLBACK option, in which case any function for which the
- * corresponding MBEDTLS_ECP__FUNCTION_NAME__ALT macro is defined will not be
- * able to fallback to curves not supported by the alternative implementation.
- *
- * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
- * and implementing the following functions:
- *      unsigned char mbedtls_internal_ecp_grp_capable(
- *          const mbedtls_ecp_group *grp )
- *      int  mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
- *      void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
- * The mbedtls_internal_ecp_grp_capable function should return 1 if the
- * replacement functions implement arithmetic for the given group and 0
- * otherwise.
- * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
- * called before and after each point operation and provide an opportunity to
- * implement optimized set up and tear down instructions.
- *
- * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
- * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac()
- * function, but will use your mbedtls_internal_ecp_double_jac() if the group
- * for the operation is supported by your implementation (i.e. your
- * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
- * group is not supported by your implementation, then the original mbed TLS
- * implementation of ecp_double_jac() is used instead, unless this fallback
- * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
- * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
- *
- * The function prototypes and the definition of mbedtls_ecp_group and
- * mbedtls_ecp_point will not change based on MBEDTLS_ECP_INTERNAL_ALT, so your
- * implementation of mbedtls_internal_ecp__function_name__ must be compatible
- * with their definitions.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- */
-/* Required for all the functions in this section */
-//#define MBEDTLS_ECP_INTERNAL_ALT
-/* Turn off software fallback for curves not supported in hardware */
-//#define MBEDTLS_ECP_NO_FALLBACK
-/* Support for Weierstrass curves with Jacobi representation */
-//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
-//#define MBEDTLS_ECP_ADD_MIXED_ALT
-//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
-/* Support for curves with Montgomery arithmetic */
-//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
-//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
-//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
-
-/**
- * \def MBEDTLS_TEST_NULL_ENTROPY
- *
- * Enables testing and use of mbed TLS without any configured entropy sources.
- * This permits use of the library on platforms before an entropy source has
- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
- * MBEDTLS_ENTROPY_NV_SEED switches).
- *
- * WARNING! This switch MUST be disabled in production builds, and is suitable
- * only for development.
- * Enabling the switch negates any security provided by the library.
- *
- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- */
-//#define MBEDTLS_TEST_NULL_ENTROPY
-
-/**
- * \def MBEDTLS_ENTROPY_HARDWARE_ALT
- *
- * Uncomment this macro to let mbed TLS use your own implementation of a
- * hardware entropy collector.
- *
- * Your function must be called \c mbedtls_hardware_poll(), have the same
- * prototype as declared in entropy_poll.h, and accept NULL as first argument.
- *
- * Uncomment to use your own hardware entropy collector.
- */
-//#define MBEDTLS_ENTROPY_HARDWARE_ALT
-
-/**
- * \def MBEDTLS_AES_ROM_TABLES
- *
- * Use precomputed AES tables stored in ROM.
- *
- * Uncomment this macro to use precomputed AES tables stored in ROM.
- * Comment this macro to generate AES tables in RAM at runtime.
- *
- * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
- * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
- * initialization time before the first AES operation can be performed.
- * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
- * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
- * performance if ROM access is slower than RAM access.
- *
- * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
- *
- */
-//#define MBEDTLS_AES_ROM_TABLES
-
-/**
- * \def MBEDTLS_AES_FEWER_TABLES
- *
- * Use less ROM/RAM for AES tables.
- *
- * Uncommenting this macro omits 75% of the AES tables from
- * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
- * by computing their values on the fly during operations
- * (the tables are entry-wise rotations of one another).
- *
- * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
- * by ~6kb but at the cost of more arithmetic operations during
- * runtime. Specifically, one has to compare 4 accesses within
- * different tables to 4 accesses with additional arithmetic
- * operations within the same table. The performance gain/loss
- * depends on the system and memory details.
- *
- * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
- *
- */
-//#define MBEDTLS_AES_FEWER_TABLES
-
-/**
- * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
- *
- * Use less ROM for the Camellia implementation (saves about 768 bytes).
- *
- * Uncomment this macro to use less memory for Camellia.
- */
-//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
-
-/**
- * \def MBEDTLS_CHECK_RETURN_WARNING
- *
- * If this macro is defined, emit a compile-time warning if application code
- * calls a function without checking its return value, but the return value
- * should generally be checked in portable applications.
- *
- * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is
- * implemented. Otherwise this option has no effect.
- *
- * Uncomment to get warnings on using fallible functions without checking
- * their return value.
- *
- * \note  This feature is a work in progress.
- *        Warnings will be added to more functions in the future.
- *
- * \note  A few functions are considered critical, and ignoring the return
- *        value of these functions will trigger a warning even if this
- *        macro is not defined. To completely disable return value check
- *        warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion.
- */
-//#define MBEDTLS_CHECK_RETURN_WARNING
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CBC
- *
- * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CBC
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CFB
- *
- * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CFB
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CTR
- *
- * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CTR
-
-/**
- * \def MBEDTLS_CIPHER_MODE_OFB
- *
- * Enable Output Feedback mode (OFB) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_OFB
-
-/**
- * \def MBEDTLS_CIPHER_MODE_XTS
- *
- * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
- */
-#define MBEDTLS_CIPHER_MODE_XTS
-
-/**
- * \def MBEDTLS_CIPHER_NULL_CIPHER
- *
- * Enable NULL cipher.
- * Warning: Only do so when you know what you are doing. This allows for
- * encryption or channels without any security!
- *
- * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
- * the following ciphersuites:
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
- *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
- *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
- *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
- *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
- *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
- *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
- *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
- *
- * Uncomment this macro to enable the NULL cipher and ciphersuites
- */
-//#define MBEDTLS_CIPHER_NULL_CIPHER
-
-/**
- * \def MBEDTLS_CIPHER_PADDING_PKCS7
- *
- * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
- * specific padding modes in the cipher layer with cipher modes that support
- * padding (e.g. CBC)
- *
- * If you disable all padding modes, only full blocks can be used with CBC.
- *
- * Enable padding modes in the cipher layer.
- */
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-#define MBEDTLS_CIPHER_PADDING_ZEROS
-
-/** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
- *
- * Uncomment this macro to use a 128-bit key in the CTR_DRBG module.
- * By default, CTR_DRBG uses a 256-bit key.
- */
-//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
-
-/**
- * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
- *
- * Enable weak ciphersuites in SSL / TLS.
- * Warning: Only do so when you know what you are doing. This allows for
- * channels with virtually no security at all!
- *
- * This enables the following ciphersuites:
- *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
- *
- * Uncomment this macro to enable weak ciphersuites
- *
- * \warning   DES is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
- */
-//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
-
-/**
- * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
- *
- * Remove RC4 ciphersuites by default in SSL / TLS.
- * This flag removes the ciphersuites based on RC4 from the default list as
- * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
- * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
- * explicitly.
- *
- * Uncomment this macro to remove RC4 ciphersuites by default.
- */
-#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-
-/**
- * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES
- *
- * Remove 3DES ciphersuites by default in SSL / TLS.
- * This flag removes the ciphersuites based on 3DES from the default list as
- * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible
- * to enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including
- * them explicitly.
- *
- * A man-in-the-browser attacker can recover authentication tokens sent through
- * a TLS connection using a 3DES based cipher suite (see "On the Practical
- * (In-)Security of 64-bit Block Ciphers" by Karthikeyan Bhargavan and Gaëtan
- * Leurent, see https://sweet32.info/SWEET32_CCS16.pdf). If this attack falls
- * in your threat model or you are unsure, then you should keep this option
- * enabled to remove 3DES based cipher suites.
- *
- * Comment this macro to keep 3DES in the default ciphersuite list.
- */
-#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
-
-/**
- * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
- *
- * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
- * module.  By default all supported curves are enabled.
- *
- * Comment macros to disable the curve and functions for it
- */
-/* Short Weierstrass curves (supporting ECP, ECDH, ECDSA) */
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-/* Montgomery curves (supporting ECP) */
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_ECP_DP_CURVE448_ENABLED
-
-/**
- * \def MBEDTLS_ECP_NIST_OPTIM
- *
- * Enable specific 'modulo p' routines for each NIST prime.
- * Depending on the prime and architecture, makes operations 4 to 8 times
- * faster on the corresponding curve.
- *
- * Comment this macro to disable NIST curves optimisation.
- */
-#define MBEDTLS_ECP_NIST_OPTIM
-
-/**
- * \def MBEDTLS_ECP_NO_INTERNAL_RNG
- *
- * When this option is disabled, mbedtls_ecp_mul() will make use of an
- * internal RNG when called with a NULL \c f_rng argument, in order to protect
- * against some side-channel attacks.
- *
- * This protection introduces a dependency of the ECP module on one of the
- * DRBG modules. For very constrained implementations that don't require this
- * protection (for example, because you're only doing signature verification,
- * so not manipulating any secret, or because local/physical side-channel
- * attacks are outside your threat model), it might be desirable to get rid of
- * that dependency.
- *
- * \warning Enabling this option makes some uses of ECP vulnerable to some
- * side-channel attacks. Only enable it if you know that's not a problem for
- * your use case.
- *
- * Uncomment this macro to disable some counter-measures in ECP.
- */
-//#define MBEDTLS_ECP_NO_INTERNAL_RNG
-
-/**
- * \def MBEDTLS_ECP_RESTARTABLE
- *
- * Enable "non-blocking" ECC operations that can return early and be resumed.
- *
- * This allows various functions to pause by returning
- * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
- * order to further progress and eventually complete their operation. This is
- * controlled through mbedtls_ecp_set_max_ops() which limits the maximum
- * number of ECC operations a function may perform before pausing; see
- * mbedtls_ecp_set_max_ops() for more information.
- *
- * This is useful in non-threaded environments if you want to avoid blocking
- * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
- *
- * Uncomment this macro to enable restartable ECC computations.
- *
- * \note  This option only works with the default software implementation of
- *        elliptic curve functionality. It is incompatible with
- *        MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT
- *        and MBEDTLS_ECDH_LEGACY_CONTEXT.
- */
-//#define MBEDTLS_ECP_RESTARTABLE
-
-/**
- * \def MBEDTLS_ECDH_LEGACY_CONTEXT
- *
- * Use a backward compatible ECDH context.
- *
- * Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
- * defined in `ecdh.h`). For most applications, the choice of format makes
- * no difference, since all library functions can work with either format,
- * except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE.
-
- * The new format used when this option is disabled is smaller
- * (56 bytes on a 32-bit platform). In future versions of the library, it
- * will support alternative implementations of ECDH operations.
- * The new format is incompatible with applications that access
- * context fields directly and with restartable ECP operations.
- *
- * Define this macro if you enable MBEDTLS_ECP_RESTARTABLE or if you
- * want to access ECDH context fields directly. Otherwise you should
- * comment out this macro definition.
- *
- * This option has no effect if #MBEDTLS_ECDH_C is not enabled.
- *
- * \note This configuration option is experimental. Future versions of the
- *       library may modify the way the ECDH context layout is configured
- *       and may modify the layout of the new context type.
- */
-#define MBEDTLS_ECDH_LEGACY_CONTEXT
-
-/**
- * \def MBEDTLS_ECDSA_DETERMINISTIC
- *
- * Enable deterministic ECDSA (RFC 6979).
- * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
- * may result in a compromise of the long-term signing key. This is avoided by
- * the deterministic variant.
- *
- * Requires: MBEDTLS_HMAC_DRBG_C, MBEDTLS_ECDSA_C
- *
- * Comment this macro to disable deterministic ECDSA.
- */
-#define MBEDTLS_ECDSA_DETERMINISTIC
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
- *
- * Enable the PSK based ciphersuite modes in SSL / TLS.
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
- *
- * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_DHM_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
- *
- * \warning    Using DHE constitutes a security risk as it
- *             is not possible to validate custom DH parameters.
- *             If possible, it is recommended users should consider
- *             preferring other methods of key exchange.
- *             See dhm.h for more details.
- *
- */
-#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
- *
- * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
- *
- * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- *           MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
- *
- * Enable the RSA-only based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- *           MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
- */
-#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
- *
- * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- *           MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- *
- * \warning    Using DHE constitutes a security risk as it
- *             is not possible to validate custom DH parameters.
- *             If possible, it is recommended users should consider
- *             preferring other methods of key exchange.
- *             See dhm.h for more details.
- *
- */
-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
- *
- * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- *           MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
- *
- * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
- *
- * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
- *
- * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
- *
- * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
- *
- * \warning This is currently experimental. EC J-PAKE support is based on the
- * Thread v1.0.0 specification; incompatible changes to the specification
- * might still happen. For this reason, this is disabled by default.
- *
- * Requires: MBEDTLS_ECJPAKE_C
- *           MBEDTLS_SHA256_C
- *           MBEDTLS_ECP_DP_SECP256R1_ENABLED
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
- */
-//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
-
-/**
- * \def MBEDTLS_PK_PARSE_EC_EXTENDED
- *
- * Enhance support for reading EC keys using variants of SEC1 not allowed by
- * RFC 5915 and RFC 5480.
- *
- * Currently this means parsing the SpecifiedECDomain choice of EC
- * parameters (only known groups are supported, not arbitrary domains, to
- * avoid validation issues).
- *
- * Disable if you only need to support RFC 5915 + 5480 key formats.
- */
-#define MBEDTLS_PK_PARSE_EC_EXTENDED
-
-/**
- * \def MBEDTLS_ERROR_STRERROR_DUMMY
- *
- * Enable a dummy error function to make use of mbedtls_strerror() in
- * third party libraries easier when MBEDTLS_ERROR_C is disabled
- * (no effect when MBEDTLS_ERROR_C is enabled).
- *
- * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
- * not using mbedtls_strerror() or error_strerror() in your application.
- *
- * Disable if you run into name conflicts and want to really remove the
- * mbedtls_strerror()
- */
-#define MBEDTLS_ERROR_STRERROR_DUMMY
-
-/**
- * \def MBEDTLS_GENPRIME
- *
- * Enable the prime-number generation code.
- *
- * Requires: MBEDTLS_BIGNUM_C
- */
-#define MBEDTLS_GENPRIME
-
-/**
- * \def MBEDTLS_FS_IO
- *
- * Enable functions that use the filesystem.
- */
-#define MBEDTLS_FS_IO
-
-/**
- * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- * Do not add default entropy sources. These are the platform specific,
- * mbedtls_timing_hardclock and HAVEGE based poll functions.
- *
- * This is useful to have more control over the added entropy sources in an
- * application.
- *
- * Uncomment this macro to prevent loading of default entropy functions.
- */
-//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-
-/**
- * \def MBEDTLS_NO_PLATFORM_ENTROPY
- *
- * Do not use built-in platform entropy functions.
- * This is useful if your platform does not support
- * standards like the /dev/urandom or Windows CryptoAPI.
- *
- * Uncomment this macro to disable the built-in platform entropy functions.
- */
-//#define MBEDTLS_NO_PLATFORM_ENTROPY
-
-/**
- * \def MBEDTLS_ENTROPY_FORCE_SHA256
- *
- * Force the entropy accumulator to use a SHA-256 accumulator instead of the
- * default SHA-512 based one (if both are available).
- *
- * Requires: MBEDTLS_SHA256_C
- *
- * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
- * if you have performance concerns.
- *
- * This option is only useful if both MBEDTLS_SHA256_C and
- * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
- */
-//#define MBEDTLS_ENTROPY_FORCE_SHA256
-
-/**
- * \def MBEDTLS_ENTROPY_NV_SEED
- *
- * Enable the non-volatile (NV) seed file-based entropy source.
- * (Also enables the NV seed read/write functions in the platform layer)
- *
- * This is crucial (if not required) on systems that do not have a
- * cryptographic entropy source (in hardware or kernel) available.
- *
- * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
- *
- * \note The read/write functions that are used by the entropy source are
- *       determined in the platform layer, and can be modified at runtime and/or
- *       compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
- *
- * \note If you use the default implementation functions that read a seedfile
- *       with regular fopen(), please make sure you make a seedfile with the
- *       proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
- *       least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
- *       and written to or you will get an entropy source error! The default
- *       implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
- *       bytes from the file.
- *
- * \note The entropy collector will write to the seed file before entropy is
- *       given to an external source, to update it.
- */
-//#define MBEDTLS_ENTROPY_NV_SEED
-
-/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
- *
- * Enable key identifiers that encode a key owner identifier.
- *
- * The owner of a key is identified by a value of type ::mbedtls_key_owner_id_t
- * which is currently hard-coded to be int32_t.
- *
- * Note that this option is meant for internal use only and may be removed
- * without notice. It is incompatible with MBEDTLS_USE_PSA_CRYPTO.
- */
-//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
-
-/**
- * \def MBEDTLS_MEMORY_DEBUG
- *
- * Enable debugging of buffer allocator memory issues. Automatically prints
- * (to stderr) all (fatal) messages on memory allocation issues. Enables
- * function for 'debug output' of allocated memory.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Uncomment this macro to let the buffer allocator print out error messages.
- */
-//#define MBEDTLS_MEMORY_DEBUG
-
-/**
- * \def MBEDTLS_MEMORY_BACKTRACE
- *
- * Include backtrace information with each allocated block.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *           GLIBC-compatible backtrace() and backtrace_symbols() support
- *
- * Uncomment this macro to include backtrace information
- */
-//#define MBEDTLS_MEMORY_BACKTRACE
-
-/**
- * \def MBEDTLS_PK_RSA_ALT_SUPPORT
- *
- * Support external private RSA keys (eg from a HSM) in the PK layer.
- *
- * Comment this macro to disable support for external private RSA keys.
- */
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
-
-/**
- * \def MBEDTLS_PKCS1_V15
- *
- * Enable support for PKCS#1 v1.5 encoding.
- *
- * Requires: MBEDTLS_RSA_C
- *
- * This enables support for PKCS#1 v1.5 operations.
- */
-#define MBEDTLS_PKCS1_V15
-
-/**
- * \def MBEDTLS_PKCS1_V21
- *
- * Enable support for PKCS#1 v2.1 encoding.
- *
- * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
- *
- * This enables support for RSAES-OAEP and RSASSA-PSS operations.
- */
-#define MBEDTLS_PKCS1_V21
-
-/** \def MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
- *
- * Enable support for platform built-in keys. If you enable this feature,
- * you must implement the function mbedtls_psa_platform_get_builtin_key().
- * See the documentation of that function for more information.
- *
- * Built-in keys are typically derived from a hardware unique key or
- * stored in a secure element.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C.
- *
- * \warning This interface is experimental and may change or be removed
- * without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
-
-/** \def MBEDTLS_PSA_CRYPTO_CLIENT
- *
- * Enable support for PSA crypto client.
- *
- * \note This option allows to include the code necessary for a PSA
- *       crypto client when the PSA crypto implementation is not included in
- *       the library (MBEDTLS_PSA_CRYPTO_C disabled). The code included is the
- *       code to set and get PSA key attributes.
- *       The development of PSA drivers partially relying on the library to
- *       fulfill the hardware gaps is another possible usage of this option.
- *
- * \warning This interface is experimental and may change or be removed
- * without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_CLIENT
-
-/** \def MBEDTLS_PSA_CRYPTO_DRIVERS
- *
- * Enable support for the experimental PSA crypto driver interface.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- * \warning This interface is experimental and may change or be removed
- * without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_DRIVERS
-
-/** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
- *
- * Make the PSA Crypto module use an external random generator provided
- * by a driver, instead of Mbed TLS's entropy and DRBG modules.
- *
- * \note This random generator must deliver random numbers with cryptographic
- *       quality and high performance. It must supply unpredictable numbers
- *       with a uniform distribution. The implementation of this function
- *       is responsible for ensuring that the random generator is seeded
- *       with sufficient entropy. If you have a hardware TRNG which is slow
- *       or delivers non-uniform output, declare it as an entropy source
- *       with mbedtls_entropy_add_source() instead of enabling this option.
- *
- * If you enable this option, you must configure the type
- * ::mbedtls_psa_external_random_context_t in psa/crypto_platform.h
- * and define a function called mbedtls_psa_external_get_random()
- * with the following prototype:
- * ```
- * psa_status_t mbedtls_psa_external_get_random(
- *     mbedtls_psa_external_random_context_t *context,
- *     uint8_t *output, size_t output_size, size_t *output_length);
- * );
- * ```
- * The \c context value is initialized to 0 before the first call.
- * The function must fill the \c output buffer with \p output_size bytes
- * of random data and set \c *output_length to \p output_size.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- * \warning If you enable this option, code that uses the PSA cryptography
- *          interface will not use any of the entropy sources set up for
- *          the entropy module, nor the NV seed that MBEDTLS_ENTROPY_NV_SEED
- *          enables.
- *
- * \note This option is experimental and may be removed without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_SPM
- *
- * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
- * Partition Manager) integration which separates the code into two parts: a
- * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
- * Environment).
- *
- * Module:  library/psa_crypto.c
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- */
-//#define MBEDTLS_PSA_CRYPTO_SPM
-
-/**
- * \def MBEDTLS_PSA_INJECT_ENTROPY
- *
- * Enable support for entropy injection at first boot. This feature is
- * required on systems that do not have a built-in entropy source (TRNG).
- * This feature is currently not supported on systems that have a built-in
- * entropy source.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
- *
- */
-//#define MBEDTLS_PSA_INJECT_ENTROPY
-
-/**
- * \def MBEDTLS_RSA_NO_CRT
- *
- * Do not use the Chinese Remainder Theorem
- * for the RSA private operation.
- *
- * Uncomment this macro to disable the use of CRT in RSA.
- *
- */
-//#define MBEDTLS_RSA_NO_CRT
-
-/**
- * \def MBEDTLS_SELF_TEST
- *
- * Enable the checkup functions (*_self_test).
- */
-#define MBEDTLS_SELF_TEST
-
-/**
- * \def MBEDTLS_SHA256_SMALLER
- *
- * Enable an implementation of SHA-256 that has lower ROM footprint but also
- * lower performance.
- *
- * The default implementation is meant to be a reasonable compromise between
- * performance and size. This version optimizes more aggressively for size at
- * the expense of performance. Eg on Cortex-M4 it reduces the size of
- * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
- * 30%.
- *
- * Uncomment to enable the smaller implementation of SHA256.
- */
-//#define MBEDTLS_SHA256_SMALLER
-
-/**
- * \def MBEDTLS_SHA512_SMALLER
- *
- * Enable an implementation of SHA-512 that has lower ROM footprint but also
- * lower performance.
- *
- * Uncomment to enable the smaller implementation of SHA512.
- */
-//#define MBEDTLS_SHA512_SMALLER
-
-/**
- * \def MBEDTLS_SHA512_NO_SHA384
- *
- * Disable the SHA-384 option of the SHA-512 module. Use this to save some
- * code size on devices that don't use SHA-384.
- *
- * Requires: MBEDTLS_SHA512_C
- *
- * Uncomment to disable SHA-384
- */
-//#define MBEDTLS_SHA512_NO_SHA384
-
-/**
- * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
- *
- * Enable sending of alert messages in case of encountered errors as per RFC.
- * If you choose not to send the alert messages, mbed TLS can still communicate
- * with other servers, only debugging of failures is harder.
- *
- * The advantage of not sending alert messages, is that no information is given
- * about reasons for failures thus preventing adversaries of gaining intel.
- *
- * Enable sending of all alert messages
- */
-#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
-
-/**
- * \def MBEDTLS_SSL_RECORD_CHECKING
- *
- * Enable the function mbedtls_ssl_check_record() which can be used to check
- * the validity and authenticity of an incoming record, to verify that it has
- * not been seen before. These checks are performed without modifying the
- * externally visible state of the SSL context.
- *
- * See mbedtls_ssl_check_record() for more information.
- *
- * Uncomment to enable support for record checking.
- */
-#define MBEDTLS_SSL_RECORD_CHECKING
-
-/**
- * \def MBEDTLS_SSL_DTLS_CONNECTION_ID
- *
- * Enable support for the DTLS Connection ID extension
- * (version draft-ietf-tls-dtls-connection-id-05,
- * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
- * which allows to identify DTLS connections across changes
- * in the underlying transport.
- *
- * Setting this option enables the SSL APIs `mbedtls_ssl_set_cid()`,
- * `mbedtls_ssl_get_peer_cid()` and `mbedtls_ssl_conf_cid()`.
- * See the corresponding documentation for more information.
- *
- * \warning The Connection ID extension is still in draft state.
- *          We make no stability promises for the availability
- *          or the shape of the API controlled by this option.
- *
- * The maximum lengths of outgoing and incoming CIDs can be configured
- * through the options
- * - MBEDTLS_SSL_CID_OUT_LEN_MAX
- * - MBEDTLS_SSL_CID_IN_LEN_MAX.
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- *
- * Uncomment to enable the Connection ID extension.
- */
-//#define MBEDTLS_SSL_DTLS_CONNECTION_ID
-
-/**
- * \def MBEDTLS_SSL_ASYNC_PRIVATE
- *
- * Enable asynchronous external private key operations in SSL. This allows
- * you to configure an SSL connection to call an external cryptographic
- * module to perform private key operations instead of performing the
- * operation inside the library.
- *
- */
-//#define MBEDTLS_SSL_ASYNC_PRIVATE
-
-/**
- * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
- *
- * Enable serialization of the TLS context structures, through use of the
- * functions mbedtls_ssl_context_save() and mbedtls_ssl_context_load().
- *
- * This pair of functions allows one side of a connection to serialize the
- * context associated with the connection, then free or re-use that context
- * while the serialized state is persisted elsewhere, and finally deserialize
- * that state to a live context for resuming read/write operations on the
- * connection. From a protocol perspective, the state of the connection is
- * unaffected, in particular this is entirely transparent to the peer.
- *
- * Note: this is distinct from TLS session resumption, which is part of the
- * protocol and fully visible by the peer. TLS session resumption enables
- * establishing new connections associated to a saved session with shorter,
- * lighter handshakes, while context serialization is a local optimization in
- * handling a single, potentially long-lived connection.
- *
- * Enabling these APIs makes some SSL structures larger, as 64 extra bytes are
- * saved after the handshake to allow for more efficient serialization, so if
- * you don't need this feature you'll save RAM by disabling it.
- *
- * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C
- *
- * Comment to disable the context serialization APIs.
- */
-#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
-
-/**
- * \def MBEDTLS_SSL_DEBUG_ALL
- *
- * Enable the debug messages in SSL module for all issues.
- * Debug messages have been disabled in some places to prevent timing
- * attacks due to (unbalanced) debugging function calls.
- *
- * If you need all error reporting you should enable this during debugging,
- * but remove this for production servers that should log as well.
- *
- * Uncomment this macro to report all debug messages on errors introducing
- * a timing side-channel.
- *
- */
-//#define MBEDTLS_SSL_DEBUG_ALL
-
-/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
- *
- * Enable support for Encrypt-then-MAC, RFC 7366.
- *
- * This allows peers that both support it to use a more robust protection for
- * ciphersuites using CBC, providing deep resistance against timing attacks
- * on the padding or underlying cipher.
- *
- * This only affects CBC ciphersuites, and is useless if none is defined.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1    or
- *           MBEDTLS_SSL_PROTO_TLS1_1  or
- *           MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for Encrypt-then-MAC
- */
-#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
-
-/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
- *
- * Enable support for RFC 7627: Session Hash and Extended Master Secret
- * Extension.
- *
- * This was introduced as "the proper fix" to the Triple Handshake family of
- * attacks, but it is recommended to always use it (even if you disable
- * renegotiation), since it actually fixes a more fundamental issue in the
- * original SSL/TLS design, and has implications beyond Triple Handshake.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1    or
- *           MBEDTLS_SSL_PROTO_TLS1_1  or
- *           MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for Extended Master Secret.
- */
-#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
-
-/**
- * \def MBEDTLS_SSL_FALLBACK_SCSV
- *
- * Enable support for RFC 7507: Fallback Signaling Cipher Suite Value (SCSV)
- * for Preventing Protocol Downgrade Attacks.
- *
- * For servers, it is recommended to always enable this, unless you support
- * only one version of TLS, or know for sure that none of your clients
- * implements a fallback strategy.
- *
- * For clients, you only need this if you're using a fallback strategy, which
- * is not recommended in the first place, unless you absolutely need it to
- * interoperate with buggy (version-intolerant) servers.
- *
- * Comment this macro to disable support for FALLBACK_SCSV
- */
-#define MBEDTLS_SSL_FALLBACK_SCSV
-
-/**
- * \def MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
- *
- * This option controls the availability of the API mbedtls_ssl_get_peer_cert()
- * giving access to the peer's certificate after completion of the handshake.
- *
- * Unless you need mbedtls_ssl_peer_cert() in your application, it is
- * recommended to disable this option for reduced RAM usage.
- *
- * \note If this option is disabled, mbedtls_ssl_get_peer_cert() is still
- *       defined, but always returns \c NULL.
- *
- * \note This option has no influence on the protection against the
- *       triple handshake attack. Even if it is disabled, Mbed TLS will
- *       still ensure that certificates do not change during renegotiation,
- *       for example by keeping a hash of the peer's certificate.
- *
- * Comment this macro to disable storing the peer's certificate
- * after the handshake.
- */
-#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
-
-/**
- * \def MBEDTLS_SSL_HW_RECORD_ACCEL
- *
- * Enable hooking functions in SSL module for hardware acceleration of
- * individual records.
- *
- * \deprecated This option is deprecated and will be removed in a future
- *             version of Mbed TLS.
- *
- * Uncomment this macro to enable hooking functions.
- */
-//#define MBEDTLS_SSL_HW_RECORD_ACCEL
-
-/**
- * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
- *
- * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
- *
- * This is a countermeasure to the BEAST attack, which also minimizes the risk
- * of interoperability issues compared to sending 0-length records.
- *
- * Comment this macro to disable 1/n-1 record splitting.
- */
-#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
-
-/**
- * \def MBEDTLS_SSL_RENEGOTIATION
- *
- * Enable support for TLS renegotiation.
- *
- * The two main uses of renegotiation are (1) refresh keys on long-lived
- * connections and (2) client authentication after the initial handshake.
- * If you don't need renegotiation, it's probably better to disable it, since
- * it has been associated with security issues in the past and is easy to
- * misuse/misunderstand.
- *
- * Comment this to disable support for renegotiation.
- *
- * \note   Even if this option is disabled, both client and server are aware
- *         of the Renegotiation Indication Extension (RFC 5746) used to
- *         prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
- *         (See \c mbedtls_ssl_conf_legacy_renegotiation for the
- *          configuration of this extension).
- *
- */
-#define MBEDTLS_SSL_RENEGOTIATION
-
-/**
- * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
- *
- * Enable support for receiving and parsing SSLv2 Client Hello messages for the
- * SSL Server module (MBEDTLS_SSL_SRV_C).
- *
- * \deprecated This option is deprecated and will be removed in a future
- *             version of Mbed TLS.
- *
- * Uncomment this macro to enable support for SSLv2 Client Hello messages.
- */
-//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
-
-/**
- * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
- *
- * Pick the ciphersuite according to the client's preferences rather than ours
- * in the SSL Server module (MBEDTLS_SSL_SRV_C).
- *
- * Uncomment this macro to respect client's ciphersuite order
- */
-//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
-
-/**
- * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
- *
- * Enable support for RFC 6066 max_fragment_length extension in SSL.
- *
- * Comment this macro to disable support for the max_fragment_length extension
- */
-#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-
-/**
- * \def MBEDTLS_SSL_PROTO_SSL3
- *
- * Enable support for SSL 3.0.
- *
- * Requires: MBEDTLS_MD5_C
- *           MBEDTLS_SHA1_C
- *
- * \deprecated This option is deprecated and will be removed in a future
- *             version of Mbed TLS.
- *
- * Comment this macro to disable support for SSL 3.0
- */
-//#define MBEDTLS_SSL_PROTO_SSL3
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1
- *
- * Enable support for TLS 1.0.
- *
- * Requires: MBEDTLS_MD5_C
- *           MBEDTLS_SHA1_C
- *
- * Comment this macro to disable support for TLS 1.0
- */
-#define MBEDTLS_SSL_PROTO_TLS1
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1_1
- *
- * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
- *
- * Requires: MBEDTLS_MD5_C
- *           MBEDTLS_SHA1_C
- *
- * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
- */
-#define MBEDTLS_SSL_PROTO_TLS1_1
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
- *
- * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
- *           (Depends on ciphersuites)
- *
- * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
- */
-#define MBEDTLS_SSL_PROTO_TLS1_2
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
- *
- * This macro is used to selectively enable experimental parts
- * of the code that contribute to the ongoing development of
- * the prototype TLS 1.3 and DTLS 1.3 implementation, and provide
- * no other purpose.
- *
- * \warning TLS 1.3 and DTLS 1.3 aren't yet supported in Mbed TLS,
- *          and no feature exposed through this macro is part of the
- *          public API. In particular, features under the control
- *          of this macro are experimental and don't come with any
- *          stability guarantees.
- *
- * Uncomment this macro to enable experimental and partial
- * functionality specific to TLS 1.3.
- */
-//#define MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
-
-/**
- * \def MBEDTLS_SSL_PROTO_DTLS
- *
- * Enable support for DTLS (all available versions).
- *
- * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
- * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1_1
- *        or MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for DTLS
- */
-#define MBEDTLS_SSL_PROTO_DTLS
-
-/**
- * \def MBEDTLS_SSL_ALPN
- *
- * Enable support for RFC 7301 Application Layer Protocol Negotiation.
- *
- * Comment this macro to disable support for ALPN.
- */
-#define MBEDTLS_SSL_ALPN
-
-/**
- * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
- *
- * Enable support for the anti-replay mechanism in DTLS.
- *
- * Requires: MBEDTLS_SSL_TLS_C
- *           MBEDTLS_SSL_PROTO_DTLS
- *
- * \warning Disabling this is often a security risk!
- * See mbedtls_ssl_conf_dtls_anti_replay() for details.
- *
- * Comment this to disable anti-replay in DTLS.
- */
-#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
-
-/**
- * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
- *
- * Enable support for HelloVerifyRequest on DTLS servers.
- *
- * This feature is highly recommended to prevent DTLS servers being used as
- * amplifiers in DoS attacks against other hosts. It should always be enabled
- * unless you know for sure amplification cannot be a problem in the
- * environment in which your server operates.
- *
- * \warning Disabling this can be a security risk! (see above)
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- *
- * Comment this to disable support for HelloVerifyRequest.
- */
-#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
-
-/**
- * \def MBEDTLS_SSL_DTLS_SRTP
- *
- * Enable support for negotiation of DTLS-SRTP (RFC 5764)
- * through the use_srtp extension.
- *
- * \note This feature provides the minimum functionality required
- * to negotiate the use of DTLS-SRTP and to allow the derivation of
- * the associated SRTP packet protection key material.
- * In particular, the SRTP packet protection itself, as well as the
- * demultiplexing of RTP and DTLS packets at the datagram layer
- * (see Section 5 of RFC 5764), are not handled by this feature.
- * Instead, after successful completion of a handshake negotiating
- * the use of DTLS-SRTP, the extended key exporter API
- * mbedtls_ssl_conf_export_keys_ext_cb() should be used to implement
- * the key exporter described in Section 4.2 of RFC 5764 and RFC 5705
- * (this is implemented in the SSL example programs).
- * The resulting key should then be passed to an SRTP stack.
- *
- * Setting this option enables the runtime API
- * mbedtls_ssl_conf_dtls_srtp_protection_profiles()
- * through which the supported DTLS-SRTP protection
- * profiles can be configured. You must call this API at
- * runtime if you wish to negotiate the use of DTLS-SRTP.
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- *
- * Uncomment this to enable support for use_srtp extension.
- */
-//#define MBEDTLS_SSL_DTLS_SRTP
-
-/**
- * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
- *
- * Enable server-side support for clients that reconnect from the same port.
- *
- * Some clients unexpectedly close the connection and try to reconnect using the
- * same source port. This needs special support from the server to handle the
- * new connection securely, as described in section 4.2.8 of RFC 6347. This
- * flag enables that support.
- *
- * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
- *
- * Comment this to disable support for clients reusing the source port.
- */
-#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
-
-/**
- * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
- *
- * Enable support for a limit of records with bad MAC.
- *
- * See mbedtls_ssl_conf_dtls_badmac_limit().
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- */
-#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
-
-/**
- * \def MBEDTLS_SSL_SESSION_TICKETS
- *
- * Enable support for RFC 5077 session tickets in SSL.
- * Client-side, provides full support for session tickets (maintenance of a
- * session store remains the responsibility of the application, though).
- * Server-side, you also need to provide callbacks for writing and parsing
- * tickets, including authenticated encryption and key management. Example
- * callbacks are provided by MBEDTLS_SSL_TICKET_C.
- *
- * Comment this macro to disable support for SSL session tickets
- */
-#define MBEDTLS_SSL_SESSION_TICKETS
-
-/**
- * \def MBEDTLS_SSL_EXPORT_KEYS
- *
- * Enable support for exporting key block and master secret.
- * This is required for certain users of TLS, e.g. EAP-TLS.
- *
- * Comment this macro to disable support for key export
- */
-#define MBEDTLS_SSL_EXPORT_KEYS
-
-/**
- * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
- *
- * Enable support for RFC 6066 server name indication (SNI) in SSL.
- *
- * Requires: MBEDTLS_X509_CRT_PARSE_C
- *
- * Comment this macro to disable support for server name indication in SSL
- */
-#define MBEDTLS_SSL_SERVER_NAME_INDICATION
-
-/**
- * \def MBEDTLS_SSL_TRUNCATED_HMAC
- *
- * Enable support for RFC 6066 truncated HMAC in SSL.
- *
- * Comment this macro to disable support for truncated HMAC in SSL
- */
-#define MBEDTLS_SSL_TRUNCATED_HMAC
-
-/**
- * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
- *
- * Fallback to old (pre-2.7), non-conforming implementation of the truncated
- * HMAC extension which also truncates the HMAC key. Note that this option is
- * only meant for a transitory upgrade period and will be removed in a future
- * version of the library.
- *
- * \warning The old implementation is non-compliant and has a security weakness
- *          (2^80 brute force attack on the HMAC key used for a single,
- *          uninterrupted connection). This should only be enabled temporarily
- *          when (1) the use of truncated HMAC is essential in order to save
- *          bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
- *          the fixed implementation yet (pre-2.7).
- *
- * \deprecated This option is deprecated and will be removed in a
- *             future version of Mbed TLS.
- *
- * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
- *
- * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
- */
-//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
-
-/**
- * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
- *
- * When this option is enabled, the SSL buffer will be resized automatically
- * based on the negotiated maximum fragment length in each direction.
- *
- * Requires: MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
- */
-//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
-
-/**
- * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
- *
- * Enable testing of the constant-flow nature of some sensitive functions with
- * clang's MemorySanitizer. This causes some existing tests to also test
- * this non-functional property of the code under test.
- *
- * This setting requires compiling with clang -fsanitize=memory. The test
- * suites can then be run normally.
- *
- * \warning This macro is only used for extended testing; it is not considered
- * part of the library's API, so it may change or disappear at any time.
- *
- * Uncomment to enable testing of the constant-flow nature of selected code.
- */
-//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
-
-/**
- * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
- *
- * Enable testing of the constant-flow nature of some sensitive functions with
- * valgrind's memcheck tool. This causes some existing tests to also test
- * this non-functional property of the code under test.
- *
- * This setting requires valgrind headers for building, and is only useful for
- * testing if the tests suites are run with valgrind's memcheck. This can be
- * done for an individual test suite with 'valgrind ./test_suite_xxx', or when
- * using CMake, this can be done for all test suites with 'make memcheck'.
- *
- * \warning This macro is only used for extended testing; it is not considered
- * part of the library's API, so it may change or disappear at any time.
- *
- * Uncomment to enable testing of the constant-flow nature of selected code.
- */
-//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
-
-/**
- * \def MBEDTLS_TEST_HOOKS
- *
- * Enable features for invasive testing such as introspection functions and
- * hooks for fault injection. This enables additional unit tests.
- *
- * Merely enabling this feature should not change the behavior of the product.
- * It only adds new code, and new branching points where the default behavior
- * is the same as when this feature is disabled.
- * However, this feature increases the attack surface: there is an added
- * risk of vulnerabilities, and more gadgets that can make exploits easier.
- * Therefore this feature must never be enabled in production.
- *
- * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more
- * information.
- *
- * Uncomment to enable invasive tests.
- */
-//#define MBEDTLS_TEST_HOOKS
-
-/**
- * \def MBEDTLS_THREADING_ALT
- *
- * Provide your own alternate threading implementation.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to allow your own alternate threading implementation.
- */
-//#define MBEDTLS_THREADING_ALT
-
-/**
- * \def MBEDTLS_THREADING_PTHREAD
- *
- * Enable the pthread wrapper layer for the threading layer.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to enable pthread mutexes.
- */
-//#define MBEDTLS_THREADING_PTHREAD
-
-/**
- * \def MBEDTLS_USE_PSA_CRYPTO
- *
- * Make the X.509 and TLS library use PSA for cryptographic operations, and
- * enable new APIs for using keys handled by PSA Crypto.
- *
- * \note Development of this option is currently in progress, and parts of Mbed
- * TLS's X.509 and TLS modules are not ported to PSA yet. However, these parts
- * will still continue to work as usual, so enabling this option should not
- * break backwards compatibility.
- *
- * \note See docs/use-psa-crypto.md for a complete description of what this
- * option currently does, and of parts that are not affected by it so far.
- *
- * \warning This option enables new Mbed TLS APIs which are currently
- * considered experimental and may change in incompatible ways at any time.
- * That is, the APIs enabled by this option are not covered by the usual
- * promises of API stability.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C.
- *
- * Uncomment this to enable internal use of PSA Crypto and new associated APIs.
- */
-//#define MBEDTLS_USE_PSA_CRYPTO
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_CONFIG
- *
- * This setting allows support for cryptographic mechanisms through the PSA
- * API to be configured separately from support through the mbedtls API.
- *
- * When this option is disabled, the PSA API exposes the cryptographic
- * mechanisms that can be implemented on top of the `mbedtls_xxx` API
- * configured with `MBEDTLS_XXX` symbols.
- *
- * When this option is enabled, the PSA API exposes the cryptographic
- * mechanisms requested by the `PSA_WANT_XXX` symbols defined in
- * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
- * automatically enabled if required (i.e. if no PSA driver provides the
- * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
- * in config.h.
- *
- * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
- * an alternative header to include instead of include/psa/crypto_config.h.
- *
- * If you enable this option and write your own configuration file, you must
- * include mbedtls/config_psa.h in your configuration file. The default
- * provided mbedtls/config.h contains the necessary inclusion.
- *
- * This feature is still experimental and is not ready for production since
- * it is not completed.
- */
-//#define MBEDTLS_PSA_CRYPTO_CONFIG
-
-/**
- * \def MBEDTLS_VERSION_FEATURES
- *
- * Allow run-time checking of compile-time enabled features. Thus allowing users
- * to check at run-time if the library is for instance compiled with threading
- * support via mbedtls_version_check_feature().
- *
- * Requires: MBEDTLS_VERSION_C
- *
- * Comment this to disable run-time checking and save ROM space
- */
-#define MBEDTLS_VERSION_FEATURES
-
-/**
- * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
- *
- * If set, the X509 parser will not break-off when parsing an X509 certificate
- * and encountering an extension in a v1 or v2 certificate.
- *
- * Uncomment to prevent an error.
- */
-//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-
-/**
- * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
- *
- * If set, the X509 parser will not break-off when parsing an X509 certificate
- * and encountering an unknown critical extension.
- *
- * \warning Depending on your PKI use, enabling this can be a security risk!
- *
- * Uncomment to prevent an error.
- */
-//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-
-/**
- * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
- *
- * If set, this enables the X.509 API `mbedtls_x509_crt_verify_with_ca_cb()`
- * and the SSL API `mbedtls_ssl_conf_ca_cb()` which allow users to configure
- * the set of trusted certificates through a callback instead of a linked
- * list.
- *
- * This is useful for example in environments where a large number of trusted
- * certificates is present and storing them in a linked list isn't efficient
- * enough, or when the set of trusted certificates changes frequently.
- *
- * See the documentation of `mbedtls_x509_crt_verify_with_ca_cb()` and
- * `mbedtls_ssl_conf_ca_cb()` for more information.
- *
- * Uncomment to enable trusted certificate callbacks.
- */
-//#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-
-/**
- * \def MBEDTLS_X509_CHECK_KEY_USAGE
- *
- * Enable verification of the keyUsage extension (CA and leaf certificates).
- *
- * Disabling this avoids problems with mis-issued and/or misused
- * (intermediate) CA and leaf certificates.
- *
- * \warning Depending on your PKI use, disabling this can be a security risk!
- *
- * Comment to skip keyUsage checking for both CA and leaf certificates.
- */
-#define MBEDTLS_X509_CHECK_KEY_USAGE
-
-/**
- * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
- *
- * Enable verification of the extendedKeyUsage extension (leaf certificates).
- *
- * Disabling this avoids problems with mis-issued and/or misused certificates.
- *
- * \warning Depending on your PKI use, disabling this can be a security risk!
- *
- * Comment to skip extendedKeyUsage checking for certificates.
- */
-#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
-
-/**
- * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
- *
- * Enable parsing and verification of X.509 certificates, CRLs and CSRS
- * signed with RSASSA-PSS (aka PKCS#1 v2.1).
- *
- * Comment this macro to disallow using RSASSA-PSS in certificates.
- */
-#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-
-/**
- * \def MBEDTLS_ZLIB_SUPPORT
- *
- * If set, the SSL/TLS module uses ZLIB to support compression and
- * decompression of packet data.
- *
- * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
- * CRIME attack. Before enabling this option, you should examine with care if
- * CRIME or similar exploits may be applicable to your use case.
- *
- * \note Currently compression can't be used with DTLS.
- *
- * \deprecated This feature is deprecated and will be removed
- *             in the next major revision of the library.
- *
- * Used in: library/ssl_tls.c
- *          library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * This feature requires zlib library and headers to be present.
- *
- * Uncomment to enable use of ZLIB
- */
-//#define MBEDTLS_ZLIB_SUPPORT
-/** \} name SECTION: mbed TLS feature support */
-
-/**
- * \name SECTION: mbed TLS modules
- *
- * This section enables or disables entire modules in mbed TLS
- * \{
- */
-
-/**
- * \def MBEDTLS_AESNI_C
- *
- * Enable AES-NI support on x86-64.
- *
- * Module:  library/aesni.c
- * Caller:  library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM
- *
- * This modules adds support for the AES-NI instructions on x86-64
- */
-#define MBEDTLS_AESNI_C
-
-/**
- * \def MBEDTLS_AES_C
- *
- * Enable the AES block cipher.
- *
- * Module:  library/aes.c
- * Caller:  library/cipher.c
- *          library/pem.c
- *          library/ctr_drbg.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
- *
- * PEM_PARSE uses AES for decrypting encrypted keys.
- */
-#define MBEDTLS_AES_C
-
-/**
- * \def MBEDTLS_ARC4_C
- *
- * Enable the ARCFOUR stream cipher.
- *
- * Module:  library/arc4.c
- * Caller:  library/cipher.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
- *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
- *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
- *
- * \warning   ARC4 is considered a weak cipher and its use constitutes a
- *            security risk. If possible, we recommend avoiding dependencies on
- *            it, and considering stronger ciphers instead.
- *
- */
-#define MBEDTLS_ARC4_C
-
-/**
- * \def MBEDTLS_ASN1_PARSE_C
- *
- * Enable the generic ASN1 parser.
- *
- * Module:  library/asn1.c
- * Caller:  library/x509.c
- *          library/dhm.c
- *          library/pkcs12.c
- *          library/pkcs5.c
- *          library/pkparse.c
- */
-#define MBEDTLS_ASN1_PARSE_C
-
-/**
- * \def MBEDTLS_ASN1_WRITE_C
- *
- * Enable the generic ASN1 writer.
- *
- * Module:  library/asn1write.c
- * Caller:  library/ecdsa.c
- *          library/pkwrite.c
- *          library/x509_create.c
- *          library/x509write_crt.c
- *          library/x509write_csr.c
- */
-#define MBEDTLS_ASN1_WRITE_C
-
-/**
- * \def MBEDTLS_BASE64_C
- *
- * Enable the Base64 module.
- *
- * Module:  library/base64.c
- * Caller:  library/pem.c
- *
- * This module is required for PEM support (required by X.509).
- */
-#define MBEDTLS_BASE64_C
-
-/**
- * \def MBEDTLS_BIGNUM_C
- *
- * Enable the multi-precision integer library.
- *
- * Module:  library/bignum.c
- * Caller:  library/dhm.c
- *          library/ecp.c
- *          library/ecdsa.c
- *          library/rsa.c
- *          library/rsa_internal.c
- *          library/ssl_tls.c
- *
- * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
- */
-#define MBEDTLS_BIGNUM_C
-
-/**
- * \def MBEDTLS_BLOWFISH_C
- *
- * Enable the Blowfish block cipher.
- *
- * Module:  library/blowfish.c
- */
-#define MBEDTLS_BLOWFISH_C
-
-/**
- * \def MBEDTLS_CAMELLIA_C
- *
- * Enable the Camellia block cipher.
- *
- * Module:  library/camellia.c
- * Caller:  library/cipher.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- */
-#define MBEDTLS_CAMELLIA_C
-
-/**
- * \def MBEDTLS_ARIA_C
- *
- * Enable the ARIA block cipher.
- *
- * Module:  library/aria.c
- * Caller:  library/cipher.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *
- *      MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
- *      MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
- *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
- *      MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
- *      MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
- *      MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
- *      MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
- *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
- *      MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
- *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
- *      MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
- */
-//#define MBEDTLS_ARIA_C
-
-/**
- * \def MBEDTLS_CCM_C
- *
- * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
- *
- * Module:  library/ccm.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
- *
- * This module enables the AES-CCM ciphersuites, if other requisites are
- * enabled as well.
- */
-#define MBEDTLS_CCM_C
-
-/**
- * \def MBEDTLS_CERTS_C
- *
- * Enable the test certificates.
- *
- * Module:  library/certs.c
- * Caller:
- *
- * This module is used for testing (ssl_client/server).
- */
-#define MBEDTLS_CERTS_C
-
-/**
- * \def MBEDTLS_CHACHA20_C
- *
- * Enable the ChaCha20 stream cipher.
- *
- * Module:  library/chacha20.c
- */
-#define MBEDTLS_CHACHA20_C
-
-/**
- * \def MBEDTLS_CHACHAPOLY_C
- *
- * Enable the ChaCha20-Poly1305 AEAD algorithm.
- *
- * Module:  library/chachapoly.c
- *
- * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
- */
-#define MBEDTLS_CHACHAPOLY_C
-
-/**
- * \def MBEDTLS_CIPHER_C
- *
- * Enable the generic cipher layer.
- *
- * Module:  library/cipher.c
- * Caller:  library/ssl_tls.c
- *
- * Uncomment to enable generic cipher wrappers.
- */
-#define MBEDTLS_CIPHER_C
-
-/**
- * \def MBEDTLS_CMAC_C
- *
- * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
- * ciphers.
- *
- * \note When #MBEDTLS_CMAC_ALT is active, meaning that the underlying
- *       implementation of the CMAC algorithm is provided by an alternate
- *       implementation, that alternate implementation may opt to not support
- *       AES-192 or 3DES as underlying block ciphers for the CMAC operation.
- *
- * Module:  library/cmac.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
- *
- */
-//#define MBEDTLS_CMAC_C
-
-/**
- * \def MBEDTLS_CTR_DRBG_C
- *
- * Enable the CTR_DRBG AES-based random generator.
- * The CTR_DRBG generator uses AES-256 by default.
- * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
- *
- * \note To achieve a 256-bit security strength with CTR_DRBG,
- *       you must use AES-256 *and* use sufficient entropy.
- *       See ctr_drbg.h for more details.
- *
- * Module:  library/ctr_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_AES_C
- *
- * This module provides the CTR_DRBG AES random number generator.
- */
-#define MBEDTLS_CTR_DRBG_C
-
-/**
- * \def MBEDTLS_DEBUG_C
- *
- * Enable the debug functions.
- *
- * Module:  library/debug.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *          library/ssl_tls.c
- *
- * This module provides debugging functions.
- */
-#define MBEDTLS_DEBUG_C
-
-/**
- * \def MBEDTLS_DES_C
- *
- * Enable the DES block cipher.
- *
- * Module:  library/des.c
- * Caller:  library/pem.c
- *          library/cipher.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
- *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
- *
- * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
- *
- * \warning   DES is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers instead.
- */
-#define MBEDTLS_DES_C
-
-/**
- * \def MBEDTLS_DHM_C
- *
- * Enable the Diffie-Hellman-Merkle module.
- *
- * Module:  library/dhm.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * This module is used by the following key exchanges:
- *      DHE-RSA, DHE-PSK
- *
- * \warning    Using DHE constitutes a security risk as it
- *             is not possible to validate custom DH parameters.
- *             If possible, it is recommended users should consider
- *             preferring other methods of key exchange.
- *             See dhm.h for more details.
- *
- */
-#define MBEDTLS_DHM_C
-
-/**
- * \def MBEDTLS_ECDH_C
- *
- * Enable the elliptic curve Diffie-Hellman library.
- *
- * Module:  library/ecdh.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * This module is used by the following key exchanges:
- *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
- *
- * Requires: MBEDTLS_ECP_C
- */
-#define MBEDTLS_ECDH_C
-
-/**
- * \def MBEDTLS_ECDSA_C
- *
- * Enable the elliptic curve DSA library.
- *
- * Module:  library/ecdsa.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- *      ECDHE-ECDSA
- *
- * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C,
- *           and at least one MBEDTLS_ECP_DP_XXX_ENABLED for a
- *           short Weierstrass curve.
- */
-#define MBEDTLS_ECDSA_C
-
-/**
- * \def MBEDTLS_ECJPAKE_C
- *
- * Enable the elliptic curve J-PAKE library.
- *
- * \warning This is currently experimental. EC J-PAKE support is based on the
- * Thread v1.0.0 specification; incompatible changes to the specification
- * might still happen. For this reason, this is disabled by default.
- *
- * Module:  library/ecjpake.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- *      ECJPAKE
- *
- * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
- */
-//#define MBEDTLS_ECJPAKE_C
-
-/**
- * \def MBEDTLS_ECP_C
- *
- * Enable the elliptic curve over GF(p) library.
- *
- * Module:  library/ecp.c
- * Caller:  library/ecdh.c
- *          library/ecdsa.c
- *          library/ecjpake.c
- *
- * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
- */
-#define MBEDTLS_ECP_C
-
-/**
- * \def MBEDTLS_ENTROPY_C
- *
- * Enable the platform-specific entropy code.
- *
- * Module:  library/entropy.c
- * Caller:
- *
- * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
- *
- * This module provides a generic entropy pool
- */
-#define MBEDTLS_ENTROPY_C
-
-/**
- * \def MBEDTLS_ERROR_C
- *
- * Enable error code to error string conversion.
- *
- * Module:  library/error.c
- * Caller:
- *
- * This module enables mbedtls_strerror().
- */
-#define MBEDTLS_ERROR_C
-
-/**
- * \def MBEDTLS_GCM_C
- *
- * Enable the Galois/Counter Mode (GCM).
- *
- * Module:  library/gcm.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_ARIA_C
- *
- * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
- * requisites are enabled as well.
- */
-#define MBEDTLS_GCM_C
-
-/**
- * \def MBEDTLS_HAVEGE_C
- *
- * Enable the HAVEGE random generator.
- *
- * Warning: the HAVEGE random generator is not suitable for virtualized
- *          environments
- *
- * Warning: the HAVEGE random generator is dependent on timing and specific
- *          processor traits. It is therefore not advised to use HAVEGE as
- *          your applications primary random generator or primary entropy pool
- *          input. As a secondary input to your entropy pool, it IS able add
- *          the (limited) extra entropy it provides.
- *
- * Module:  library/havege.c
- * Caller:
- *
- * Requires: MBEDTLS_TIMING_C
- *
- * Uncomment to enable the HAVEGE random generator.
- */
-//#define MBEDTLS_HAVEGE_C
-
-/**
- * \def MBEDTLS_HKDF_C
- *
- * Enable the HKDF algorithm (RFC 5869).
- *
- * Module:  library/hkdf.c
- * Caller:
- *
- * Requires: MBEDTLS_MD_C
- *
- * This module adds support for the Hashed Message Authentication Code
- * (HMAC)-based key derivation function (HKDF).
- */
-#define MBEDTLS_HKDF_C
-
-/**
- * \def MBEDTLS_HMAC_DRBG_C
- *
- * Enable the HMAC_DRBG random generator.
- *
- * Module:  library/hmac_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_MD_C
- *
- * Uncomment to enable the HMAC_DRBG random number generator.
- */
-#define MBEDTLS_HMAC_DRBG_C
-
-/**
- * \def MBEDTLS_NIST_KW_C
- *
- * Enable the Key Wrapping mode for 128-bit block ciphers,
- * as defined in NIST SP 800-38F. Only KW and KWP modes
- * are supported. At the moment, only AES is approved by NIST.
- *
- * Module:  library/nist_kw.c
- *
- * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
- */
-//#define MBEDTLS_NIST_KW_C
-
-/**
- * \def MBEDTLS_MD_C
- *
- * Enable the generic message digest layer.
- *
- * Module:  library/md.c
- * Caller:
- *
- * Uncomment to enable generic message digest wrappers.
- */
-#define MBEDTLS_MD_C
-
-/**
- * \def MBEDTLS_MD2_C
- *
- * Enable the MD2 hash algorithm.
- *
- * Module:  library/md2.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD2-signed X.509 certs.
- *
- * \warning   MD2 is considered a weak message digest and its use constitutes a
- *            security risk. If possible, we recommend avoiding dependencies on
- *            it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD2_C
-
-/**
- * \def MBEDTLS_MD4_C
- *
- * Enable the MD4 hash algorithm.
- *
- * Module:  library/md4.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD4-signed X.509 certs.
- *
- * \warning   MD4 is considered a weak message digest and its use constitutes a
- *            security risk. If possible, we recommend avoiding dependencies on
- *            it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD4_C
-
-/**
- * \def MBEDTLS_MD5_C
- *
- * Enable the MD5 hash algorithm.
- *
- * Module:  library/md5.c
- * Caller:  library/md.c
- *          library/pem.c
- *          library/ssl_tls.c
- *
- * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
- * depending on the handshake parameters. Further, it is used for checking
- * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
- * encrypted keys.
- *
- * \warning   MD5 is considered a weak message digest and its use constitutes a
- *            security risk. If possible, we recommend avoiding dependencies on
- *            it, and considering stronger message digests instead.
- *
- */
-#define MBEDTLS_MD5_C
-
-/**
- * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Enable the buffer allocator implementation that makes use of a (stack)
- * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
- * calls)
- *
- * Module:  library/memory_buffer_alloc.c
- *
- * Requires: MBEDTLS_PLATFORM_C
- *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
- *
- * Enable this module to enable the buffer memory allocator.
- */
-//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-
-/**
- * \def MBEDTLS_NET_C
- *
- * Enable the TCP and UDP over IPv6/IPv4 networking routines.
- *
- * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
- * and Windows. For other platforms, you'll want to disable it, and write your
- * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
- *
- * \note See also our Knowledge Base article about porting to a new
- * environment:
- * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
- *
- * Module:  library/net_sockets.c
- *
- * This module provides networking routines.
- */
-#define MBEDTLS_NET_C
-
-/**
- * \def MBEDTLS_OID_C
- *
- * Enable the OID database.
- *
- * Module:  library/oid.c
- * Caller:  library/asn1write.c
- *          library/pkcs5.c
- *          library/pkparse.c
- *          library/pkwrite.c
- *          library/rsa.c
- *          library/x509.c
- *          library/x509_create.c
- *          library/x509_crl.c
- *          library/x509_crt.c
- *          library/x509_csr.c
- *          library/x509write_crt.c
- *          library/x509write_csr.c
- *
- * This modules translates between OIDs and internal values.
- */
-#define MBEDTLS_OID_C
-
-/**
- * \def MBEDTLS_PADLOCK_C
- *
- * Enable VIA Padlock support on x86.
- *
- * Module:  library/padlock.c
- * Caller:  library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM
- *
- * This modules adds support for the VIA PadLock on x86.
- */
-#define MBEDTLS_PADLOCK_C
-
-/**
- * \def MBEDTLS_PEM_PARSE_C
- *
- * Enable PEM decoding / parsing.
- *
- * Module:  library/pem.c
- * Caller:  library/dhm.c
- *          library/pkparse.c
- *          library/x509_crl.c
- *          library/x509_crt.c
- *          library/x509_csr.c
- *
- * Requires: MBEDTLS_BASE64_C
- *
- * This modules adds support for decoding / parsing PEM files.
- */
-#define MBEDTLS_PEM_PARSE_C
-
-/**
- * \def MBEDTLS_PEM_WRITE_C
- *
- * Enable PEM encoding / writing.
- *
- * Module:  library/pem.c
- * Caller:  library/pkwrite.c
- *          library/x509write_crt.c
- *          library/x509write_csr.c
- *
- * Requires: MBEDTLS_BASE64_C
- *
- * This modules adds support for encoding / writing PEM files.
- */
-#define MBEDTLS_PEM_WRITE_C
-
-/**
- * \def MBEDTLS_PK_C
- *
- * Enable the generic public (asymmetric) key layer.
- *
- * Module:  library/pk.c
- * Caller:  library/ssl_tls.c
- *          library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
- *
- * Uncomment to enable generic public key wrappers.
- */
-#define MBEDTLS_PK_C
-
-/**
- * \def MBEDTLS_PK_PARSE_C
- *
- * Enable the generic public (asymmetric) key parser.
- *
- * Module:  library/pkparse.c
- * Caller:  library/x509_crt.c
- *          library/x509_csr.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key parse functions.
- */
-#define MBEDTLS_PK_PARSE_C
-
-/**
- * \def MBEDTLS_PK_WRITE_C
- *
- * Enable the generic public (asymmetric) key writer.
- *
- * Module:  library/pkwrite.c
- * Caller:  library/x509write.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key write functions.
- */
-#define MBEDTLS_PK_WRITE_C
-
-/**
- * \def MBEDTLS_PKCS5_C
- *
- * Enable PKCS#5 functions.
- *
- * Module:  library/pkcs5.c
- *
- * Requires: MBEDTLS_MD_C
- *
- * This module adds support for the PKCS#5 functions.
- */
-#define MBEDTLS_PKCS5_C
-
-/**
- * \def MBEDTLS_PKCS11_C
- *
- * Enable wrapper for PKCS#11 smartcard support via the pkcs11-helper library.
- *
- * \deprecated This option is deprecated and will be removed in a future
- *             version of Mbed TLS.
- *
- * Module:  library/pkcs11.c
- * Caller:  library/pk.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * This module enables SSL/TLS PKCS #11 smartcard support.
- * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
- */
-//#define MBEDTLS_PKCS11_C
-
-/**
- * \def MBEDTLS_PKCS12_C
- *
- * Enable PKCS#12 PBE functions.
- * Adds algorithms for parsing PKCS#8 encrypted private keys
- *
- * Module:  library/pkcs12.c
- * Caller:  library/pkparse.c
- *
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
- * Can use:  MBEDTLS_ARC4_C
- *
- * This module enables PKCS#12 functions.
- */
-#define MBEDTLS_PKCS12_C
-
-/**
- * \def MBEDTLS_PLATFORM_C
- *
- * Enable the platform abstraction layer that allows you to re-assign
- * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
- *
- * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
- * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
- * above to be specified at runtime or compile time respectively.
- *
- * \note This abstraction layer must be enabled on Windows (including MSYS2)
- * as other module rely on it for a fixed snprintf implementation.
- *
- * Module:  library/platform.c
- * Caller:  Most other .c files
- *
- * This module enables abstraction of common (libc) functions.
- */
-#define MBEDTLS_PLATFORM_C
-
-/**
- * \def MBEDTLS_POLY1305_C
- *
- * Enable the Poly1305 MAC algorithm.
- *
- * Module:  library/poly1305.c
- * Caller:  library/chachapoly.c
- */
-#define MBEDTLS_POLY1305_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_C
- *
- * Enable the Platform Security Architecture cryptography API.
- *
- * Module:  library/psa_crypto.c
- *
- * Requires: either MBEDTLS_CTR_DRBG_C and MBEDTLS_ENTROPY_C,
- *           or MBEDTLS_HMAC_DRBG_C and MBEDTLS_ENTROPY_C,
- *           or MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.
- *
- */
-#define MBEDTLS_PSA_CRYPTO_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_SE_C
- *
- * Enable secure element support in the Platform Security Architecture
- * cryptography API.
- *
- * \warning This feature is not yet suitable for production. It is provided
- *          for API evaluation and testing purposes only.
- *
- * Module:  library/psa_crypto_se.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_CRYPTO_STORAGE_C
- *
- */
-//#define MBEDTLS_PSA_CRYPTO_SE_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
- *
- * Enable the Platform Security Architecture persistent key storage.
- *
- * Module:  library/psa_crypto_storage.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C,
- *           either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
- *           the PSA ITS interface
- */
-#define MBEDTLS_PSA_CRYPTO_STORAGE_C
-
-/**
- * \def MBEDTLS_PSA_ITS_FILE_C
- *
- * Enable the emulation of the Platform Security Architecture
- * Internal Trusted Storage (PSA ITS) over files.
- *
- * Module:  library/psa_its_file.c
- *
- * Requires: MBEDTLS_FS_IO
- */
-#define MBEDTLS_PSA_ITS_FILE_C
-
-/**
- * \def MBEDTLS_RIPEMD160_C
- *
- * Enable the RIPEMD-160 hash algorithm.
- *
- * Module:  library/ripemd160.c
- * Caller:  library/md.c
- *
- */
-#define MBEDTLS_RIPEMD160_C
-
-/**
- * \def MBEDTLS_RSA_C
- *
- * Enable the RSA public-key cryptosystem.
- *
- * Module:  library/rsa.c
- *          library/rsa_internal.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *          library/ssl_tls.c
- *          library/x509.c
- *
- * This module is used by the following key exchanges:
- *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
- *
- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
- */
-#define MBEDTLS_RSA_C
-
-/**
- * \def MBEDTLS_SHA1_C
- *
- * Enable the SHA1 cryptographic hash algorithm.
- *
- * Module:  library/sha1.c
- * Caller:  library/md.c
- *          library/ssl_cli.c
- *          library/ssl_srv.c
- *          library/ssl_tls.c
- *          library/x509write_crt.c
- *
- * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
- * depending on the handshake parameters, and for SHA1-signed certificates.
- *
- * \warning   SHA-1 is considered a weak message digest and its use constitutes
- *            a security risk. If possible, we recommend avoiding dependencies
- *            on it, and considering stronger message digests instead.
- *
- */
-#define MBEDTLS_SHA1_C
-
-/**
- * \def MBEDTLS_SHA256_C
- *
- * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
- *
- * Module:  library/sha256.c
- * Caller:  library/entropy.c
- *          library/md.c
- *          library/ssl_cli.c
- *          library/ssl_srv.c
- *          library/ssl_tls.c
- *
- * This module adds support for SHA-224 and SHA-256.
- * This module is required for the SSL/TLS 1.2 PRF function.
- */
-#define MBEDTLS_SHA256_C
-
-/**
- * \def MBEDTLS_SHA512_C
- *
- * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
- *
- * Module:  library/sha512.c
- * Caller:  library/entropy.c
- *          library/md.c
- *          library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * This module adds support for SHA-384 and SHA-512.
- */
-#define MBEDTLS_SHA512_C
-
-/**
- * \def MBEDTLS_SSL_CACHE_C
- *
- * Enable simple SSL cache implementation.
- *
- * Module:  library/ssl_cache.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_CACHE_C
- */
-#define MBEDTLS_SSL_CACHE_C
-
-/**
- * \def MBEDTLS_SSL_COOKIE_C
- *
- * Enable basic implementation of DTLS cookies for hello verification.
- *
- * Module:  library/ssl_cookie.c
- * Caller:
- */
-#define MBEDTLS_SSL_COOKIE_C
-
-/**
- * \def MBEDTLS_SSL_TICKET_C
- *
- * Enable an implementation of TLS server-side callbacks for session tickets.
- *
- * Module:  library/ssl_ticket.c
- * Caller:
- *
- * Requires: MBEDTLS_CIPHER_C &&
- *           ( MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C )
- */
-#define MBEDTLS_SSL_TICKET_C
-
-/**
- * \def MBEDTLS_SSL_CLI_C
- *
- * Enable the SSL/TLS client code.
- *
- * Module:  library/ssl_cli.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_TLS_C
- *
- * This module is required for SSL/TLS client support.
- */
-#define MBEDTLS_SSL_CLI_C
-
-/**
- * \def MBEDTLS_SSL_SRV_C
- *
- * Enable the SSL/TLS server code.
- *
- * Module:  library/ssl_srv.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_TLS_C
- *
- * This module is required for SSL/TLS server support.
- */
-#define MBEDTLS_SSL_SRV_C
-
-/**
- * \def MBEDTLS_SSL_TLS_C
- *
- * Enable the generic SSL/TLS code.
- *
- * Module:  library/ssl_tls.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *
- * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
- *           and at least one of the MBEDTLS_SSL_PROTO_XXX defines
- *
- * This module is required for SSL/TLS.
- */
-#define MBEDTLS_SSL_TLS_C
-
-/**
- * \def MBEDTLS_THREADING_C
- *
- * Enable the threading abstraction layer.
- * By default mbed TLS assumes it is used in a non-threaded environment or that
- * contexts are not shared between threads. If you do intend to use contexts
- * between threads, you will need to enable this layer to prevent race
- * conditions. See also our Knowledge Base article about threading:
- * https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading
- *
- * Module:  library/threading.c
- *
- * This allows different threading implementations (self-implemented or
- * provided).
- *
- * You will have to enable either MBEDTLS_THREADING_ALT or
- * MBEDTLS_THREADING_PTHREAD.
- *
- * Enable this layer to allow use of mutexes within mbed TLS
- */
-//#define MBEDTLS_THREADING_C
-
-/**
- * \def MBEDTLS_TIMING_C
- *
- * Enable the semi-portable timing interface.
- *
- * \note The provided implementation only works on POSIX/Unix (including Linux,
- * BSD and OS X) and Windows. On other platforms, you can either disable that
- * module and provide your own implementations of the callbacks needed by
- * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
- * your own implementation of the whole module by setting
- * \c MBEDTLS_TIMING_ALT in the current file.
- *
- * \note The timing module will include time.h on suitable platforms
- *       regardless of the setting of MBEDTLS_HAVE_TIME, unless
- *       MBEDTLS_TIMING_ALT is used. See timing.c for more information.
- *
- * \note See also our Knowledge Base article about porting to a new
- * environment:
- * https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
- *
- * Module:  library/timing.c
- * Caller:  library/havege.c
- *
- * This module is used by the HAVEGE random number generator.
- */
-#define MBEDTLS_TIMING_C
-
-/**
- * \def MBEDTLS_VERSION_C
- *
- * Enable run-time version information.
- *
- * Module:  library/version.c
- *
- * This module provides run-time version information.
- */
-#define MBEDTLS_VERSION_C
-
-/**
- * \def MBEDTLS_X509_USE_C
- *
- * Enable X.509 core for using certificates.
- *
- * Module:  library/x509.c
- * Caller:  library/x509_crl.c
- *          library/x509_crt.c
- *          library/x509_csr.c
- *
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
- *           MBEDTLS_PK_PARSE_C
- *
- * This module is required for the X.509 parsing modules.
- */
-#define MBEDTLS_X509_USE_C
-
-/**
- * \def MBEDTLS_X509_CRT_PARSE_C
- *
- * Enable X.509 certificate parsing.
- *
- * Module:  library/x509_crt.c
- * Caller:  library/ssl_cli.c
- *          library/ssl_srv.c
- *          library/ssl_tls.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is required for X.509 certificate parsing.
- */
-#define MBEDTLS_X509_CRT_PARSE_C
-
-/**
- * \def MBEDTLS_X509_CRL_PARSE_C
- *
- * Enable X.509 CRL parsing.
- *
- * Module:  library/x509_crl.c
- * Caller:  library/x509_crt.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is required for X.509 CRL parsing.
- */
-#define MBEDTLS_X509_CRL_PARSE_C
-
-/**
- * \def MBEDTLS_X509_CSR_PARSE_C
- *
- * Enable X.509 Certificate Signing Request (CSR) parsing.
- *
- * Module:  library/x509_csr.c
- * Caller:  library/x509_crt_write.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is used for reading X.509 certificate request.
- */
-#define MBEDTLS_X509_CSR_PARSE_C
-
-/**
- * \def MBEDTLS_X509_CREATE_C
- *
- * Enable X.509 core for creating certificates.
- *
- * Module:  library/x509_create.c
- *
- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
- *
- * This module is the basis for creating X.509 certificates and CSRs.
- */
-#define MBEDTLS_X509_CREATE_C
-
-/**
- * \def MBEDTLS_X509_CRT_WRITE_C
- *
- * Enable creating X.509 certificates.
- *
- * Module:  library/x509_crt_write.c
- *
- * Requires: MBEDTLS_X509_CREATE_C
- *
- * This module is required for X.509 certificate creation.
- */
-#define MBEDTLS_X509_CRT_WRITE_C
-
-/**
- * \def MBEDTLS_X509_CSR_WRITE_C
- *
- * Enable creating X.509 Certificate Signing Requests (CSR).
- *
- * Module:  library/x509_csr_write.c
- *
- * Requires: MBEDTLS_X509_CREATE_C
- *
- * This module is required for X.509 certificate request writing.
- */
-#define MBEDTLS_X509_CSR_WRITE_C
-
-/**
- * \def MBEDTLS_XTEA_C
- *
- * Enable the XTEA block cipher.
- *
- * Module:  library/xtea.c
- * Caller:
- */
-#define MBEDTLS_XTEA_C
-
-/** \} name SECTION: mbed TLS modules */
-
-/**
- * \name SECTION: General configuration options
- *
- * This section contains Mbed TLS build settings that are not associated
- * with a particular module.
- *
- * \{
- */
-
-/**
- * \def MBEDTLS_CONFIG_FILE
- *
- * If defined, this is a header which will be included instead of
- * `"mbedtls/config.h"`.
- * This header file specifies the compile-time configuration of Mbed TLS.
- * Unlike other configuration options, this one must be defined on the
- * compiler command line: a definition in `config.h` would have no effect.
- *
- * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
- * non-standard feature of the C language, so this feature is only available
- * with compilers that perform macro expansion on an <tt>\#include</tt> line.
- *
- * The value of this symbol is typically a path in double quotes, either
- * absolute or relative to a directory on the include search path.
- */
-//#define MBEDTLS_CONFIG_FILE "mbedtls/config.h"
-
-/**
- * \def MBEDTLS_USER_CONFIG_FILE
- *
- * If defined, this is a header which will be included after
- * `"mbedtls/config.h"` or #MBEDTLS_CONFIG_FILE.
- * This allows you to modify the default configuration, including the ability
- * to undefine options that are enabled by default.
- *
- * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
- * non-standard feature of the C language, so this feature is only available
- * with compilers that perform macro expansion on an <tt>\#include</tt> line.
- *
- * The value of this symbol is typically a path in double quotes, either
- * absolute or relative to a directory on the include search path.
- */
-//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
- *
- * If defined, this is a header which will be included instead of
- * `"psa/crypto_config.h"`.
- * This header file specifies which cryptographic mechanisms are available
- * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
- * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
- *
- * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
- * non-standard feature of the C language, so this feature is only available
- * with compilers that perform macro expansion on an <tt>\#include</tt> line.
- *
- * The value of this symbol is typically a path in double quotes, either
- * absolute or relative to a directory on the include search path.
- */
-//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
- *
- * If defined, this is a header which will be included after
- * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
- * This allows you to modify the default configuration, including the ability
- * to undefine options that are enabled by default.
- *
- * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
- * non-standard feature of the C language, so this feature is only available
- * with compilers that perform macro expansion on an <tt>\#include</tt> line.
- *
- * The value of this symbol is typically a path in double quotes, either
- * absolute or relative to a directory on the include search path.
- */
-//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
-
-/** \} name SECTION: General configuration options */
-
-/**
- * \name SECTION: Module configuration options
- *
- * This section allows for the setting of module specific sizes and
- * configuration options. The default values are already present in the
- * relevant header files and should suffice for the regular use cases.
- *
- * Our advice is to enable options and change their values here
- * only if you have a good reason and know the consequences.
- * \{
- */
-/* The Doxygen documentation here is used when a user comments out a
- * setting and runs doxygen themselves. On the other hand, when we typeset
- * the full documentation including disabled settings, the documentation
- * in specific modules' header files is used if present. When editing this
- * file, make sure that each option is documented in exactly one place,
- * plus optionally a same-line Doxygen comment here if there is a Doxygen
- * comment in the specific module. */
-
-/* MPI / BIGNUM options */
-//#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum window size used. */
-//#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
-
-/* CTR_DRBG options */
-//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
-//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
-
-/* HMAC_DRBG options */
-//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
-
-/* ECP options */
-//#define MBEDTLS_ECP_MAX_BITS             521 /**< Maximum bit size of groups. Normally determined automatically from the configured curves. */
-//#define MBEDTLS_ECP_WINDOW_SIZE            4 /**< Maximum window size used */
-//#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
-
-/* Entropy options */
-//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
-//#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
-//#define MBEDTLS_ENTROPY_MIN_HARDWARE               32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
-
-/* Memory buffer allocator options */
-//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
-
-/* Platform options */
-//#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define MBEDTLS_PLATFORM_STD_CALLOC        calloc /**< Default allocator to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
-/* Note: your snprintf must correctly zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS       0 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE       1 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE  "seedfile" /**< Seed file to read/write with default implementation */
-
-/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
-/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
-//#define MBEDTLS_PLATFORM_CALLOC_MACRO        calloc /**< Default allocator macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_TIME_MACRO            time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO       time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
-/* Note: your snprintf must correctly zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO    vsnprintf /**< Default vsnprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-
-/**
- * \brief       This macro is invoked by the library when an invalid parameter
- *              is detected that is only checked with #MBEDTLS_CHECK_PARAMS
- *              (see the documentation of that option for context).
- *
- *              When you leave this undefined here, the library provides
- *              a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT
- *              is defined, the default definition is `assert(cond)`,
- *              otherwise the default definition calls a function
- *              mbedtls_param_failed(). This function is declared in
- *              `platform_util.h` for the benefit of the library, but
- *              you need to define in your application.
- *
- *              When you define this here, this replaces the default
- *              definition in platform_util.h (which no longer declares the
- *              function mbedtls_param_failed()) and it is your responsibility
- *              to make sure this macro expands to something suitable (in
- *              particular, that all the necessary declarations are visible
- *              from within the library - you can ensure that by providing
- *              them in this file next to the macro definition).
- *              If you define this macro to call `assert`, also define
- *              #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files
- *              include `<assert.h>`.
- *
- *              Note that you may define this macro to expand to nothing, in
- *              which case you don't have to worry about declarations or
- *              definitions. However, you will then be notified about invalid
- *              parameters only in non-void functions, and void function will
- *              just silently return early on invalid parameters, which
- *              partially negates the benefits of enabling
- *              #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
- *
- * \param cond  The expression that should evaluate to true, but doesn't.
- */
-//#define MBEDTLS_PARAM_FAILED( cond )               assert( cond )
-
-/** \def MBEDTLS_CHECK_RETURN
- *
- * This macro is used at the beginning of the declaration of a function
- * to indicate that its return value should be checked. It should
- * instruct the compiler to emit a warning or an error if the function
- * is called without checking its return value.
- *
- * There is a default implementation for popular compilers in platform_util.h.
- * You can override the default implementation by defining your own here.
- *
- * If the implementation here is empty, this will effectively disable the
- * checking of functions' return values.
- */
-//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
-
-/** \def MBEDTLS_IGNORE_RETURN
- *
- * This macro requires one argument, which should be a C function call.
- * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this
- * warning is suppressed.
- */
-//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result))
-
-/* PSA options */
-/**
- * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
- * PSA crypto subsystem.
- *
- * If this option is unset:
- * - If CTR_DRBG is available, the PSA subsystem uses it rather than HMAC_DRBG.
- * - Otherwise, the PSA subsystem uses HMAC_DRBG with either
- *   #MBEDTLS_MD_SHA512 or #MBEDTLS_MD_SHA256 based on availability and
- *   on unspecified heuristics.
- */
-//#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
-
-/** \def MBEDTLS_PSA_KEY_SLOT_COUNT
- * Restrict the PSA library to supporting a maximum amount of simultaneously
- * loaded keys. A loaded key is a key stored by the PSA Crypto core as a
- * volatile key, or a persistent key which is loaded temporarily by the
- * library as part of a crypto operation in flight.
- *
- * If this option is unset, the library will fall back to a default value of
- * 32 keys.
- */
-//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
-
-/* SSL Cache options */
-//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
-//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
-
-/* SSL options */
-
-/** \def MBEDTLS_SSL_MAX_CONTENT_LEN
- *
- * Maximum length (in bytes) of incoming and outgoing plaintext fragments.
- *
- * This determines the size of both the incoming and outgoing TLS I/O buffers
- * in such a way that both are capable of holding the specified amount of
- * plaintext data, regardless of the protection mechanism used.
- *
- * To configure incoming and outgoing I/O buffers separately, use
- * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN,
- * which overwrite the value set by this option.
- *
- * \note When using a value less than the default of 16KB on the client, it is
- *       recommended to use the Maximum Fragment Length (MFL) extension to
- *       inform the server about this limitation. On the server, there
- *       is no supported, standardized way of informing the client about
- *       restriction on the maximum size of incoming messages, and unless
- *       the limitation has been communicated by other means, it is recommended
- *       to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
- *       while keeping the default value of 16KB for the incoming buffer.
- *
- * Uncomment to set the maximum plaintext size of both
- * incoming and outgoing I/O buffers.
- */
-//#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384
-
-/** \def MBEDTLS_SSL_IN_CONTENT_LEN
- *
- * Maximum length (in bytes) of incoming plaintext fragments.
- *
- * This determines the size of the incoming TLS I/O buffer in such a way
- * that it is capable of holding the specified amount of plaintext data,
- * regardless of the protection mechanism used.
- *
- * If this option is undefined, it inherits its value from
- * #MBEDTLS_SSL_MAX_CONTENT_LEN.
- *
- * \note When using a value less than the default of 16KB on the client, it is
- *       recommended to use the Maximum Fragment Length (MFL) extension to
- *       inform the server about this limitation. On the server, there
- *       is no supported, standardized way of informing the client about
- *       restriction on the maximum size of incoming messages, and unless
- *       the limitation has been communicated by other means, it is recommended
- *       to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
- *       while keeping the default value of 16KB for the incoming buffer.
- *
- * Uncomment to set the maximum plaintext size of the incoming I/O buffer
- * independently of the outgoing I/O buffer.
- */
-//#define MBEDTLS_SSL_IN_CONTENT_LEN              16384
-
-/** \def MBEDTLS_SSL_CID_IN_LEN_MAX
- *
- * The maximum length of CIDs used for incoming DTLS messages.
- *
- */
-//#define MBEDTLS_SSL_CID_IN_LEN_MAX 32
-
-/** \def MBEDTLS_SSL_CID_OUT_LEN_MAX
- *
- * The maximum length of CIDs used for outgoing DTLS messages.
- *
- */
-//#define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
-
-/** \def MBEDTLS_SSL_CID_PADDING_GRANULARITY
- *
- * This option controls the use of record plaintext padding
- * when using the Connection ID extension in DTLS 1.2.
- *
- * The padding will always be chosen so that the length of the
- * padded plaintext is a multiple of the value of this option.
- *
- * Note: A value of \c 1 means that no padding will be used
- *       for outgoing records.
- *
- * Note: On systems lacking division instructions,
- *       a power of two should be preferred.
- *
- */
-//#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
-
-/** \def MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY
- *
- * This option controls the use of record plaintext padding
- * in TLS 1.3.
- *
- * The padding will always be chosen so that the length of the
- * padded plaintext is a multiple of the value of this option.
- *
- * Note: A value of \c 1 means that no padding will be used
- *       for outgoing records.
- *
- * Note: On systems lacking division instructions,
- *       a power of two should be preferred.
- */
-//#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
-
-/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
- *
- * Maximum length (in bytes) of outgoing plaintext fragments.
- *
- * This determines the size of the outgoing TLS I/O buffer in such a way
- * that it is capable of holding the specified amount of plaintext data,
- * regardless of the protection mechanism used.
- *
- * If this option undefined, it inherits its value from
- * #MBEDTLS_SSL_MAX_CONTENT_LEN.
- *
- * It is possible to save RAM by setting a smaller outward buffer, while keeping
- * the default inward 16384 byte buffer to conform to the TLS specification.
- *
- * The minimum required outward buffer size is determined by the handshake
- * protocol's usage. Handshaking will fail if the outward buffer is too small.
- * The specific size requirement depends on the configured ciphers and any
- * certificate data which is sent during the handshake.
- *
- * Uncomment to set the maximum plaintext size of the outgoing I/O buffer
- * independently of the incoming I/O buffer.
- */
-//#define MBEDTLS_SSL_OUT_CONTENT_LEN             16384
-
-/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
- *
- * Maximum number of heap-allocated bytes for the purpose of
- * DTLS handshake message reassembly and future message buffering.
- *
- * This should be at least 9/8 * MBEDTLS_SSL_IN_CONTENT_LEN
- * to account for a reassembled handshake message of maximum size,
- * together with its reassembly bitmap.
- *
- * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
- * should be sufficient for all practical situations as it allows
- * to reassembly a large handshake message (such as a certificate)
- * while buffering multiple smaller handshake messages.
- *
- */
-//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING             32768
-
-//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
-//#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
-//#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
-
-/** \def MBEDTLS_TLS_EXT_CID
- *
- * At the time of writing, the CID extension has not been assigned its
- * final value. Set this configuration option to make Mbed TLS use a
- * different value.
- *
- * A future minor revision of Mbed TLS may change the default value of
- * this option to match evolving standards and usage.
- */
-//#define MBEDTLS_TLS_EXT_CID                        254
-
-/**
- * Complete list of ciphersuites to use, in order of preference.
- *
- * \warning No dependency checking is done on that field! This option can only
- * be used to restrict the set of available ciphersuites. It is your
- * responsibility to make sure the needed modules are active.
- *
- * Use this to save a few hundred bytes of ROM (default ordering of all
- * available ciphersuites) and a few to a few hundred bytes of RAM.
- *
- * The value below is only an example, not the default.
- */
-//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-
-/* X509 options */
-//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
-//#define MBEDTLS_X509_MAX_FILE_PATH_LEN     512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
-
-/**
- * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
- * signature and ciphersuite selection. Without this build-time option, SHA-1
- * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
- * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
- * default. At the time of writing, there is no practical attack on the use
- * of SHA-1 in handshake signatures, hence this option is turned on by default
- * to preserve compatibility with existing peers, but the general
- * warning applies nonetheless:
- *
- * \warning   SHA-1 is considered a weak message digest and its use constitutes
- *            a security risk. If possible, we recommend avoiding dependencies
- *            on it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
-
-/**
- * Uncomment the macro to let mbed TLS use your alternate implementation of
- * mbedtls_platform_zeroize(). This replaces the default implementation in
- * platform_util.c.
- *
- * mbedtls_platform_zeroize() is a widely used function across the library to
- * zero a block of memory. The implementation is expected to be secure in the
- * sense that it has been written to prevent the compiler from removing calls
- * to mbedtls_platform_zeroize() as part of redundant code elimination
- * optimizations. However, it is difficult to guarantee that calls to
- * mbedtls_platform_zeroize() will not be optimized by the compiler as older
- * versions of the C language standards do not provide a secure implementation
- * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
- * configure their own implementation of mbedtls_platform_zeroize(), for
- * example by using directives specific to their compiler, features from newer
- * C standards (e.g using memset_s() in C11) or calling a secure memset() from
- * their system (e.g explicit_bzero() in BSD).
- */
-//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
-
-/**
- * Uncomment the macro to let Mbed TLS use your alternate implementation of
- * mbedtls_platform_gmtime_r(). This replaces the default implementation in
- * platform_util.c.
- *
- * gmtime() is not a thread-safe function as defined in the C standard. The
- * library will try to use safer implementations of this function, such as
- * gmtime_r() when available. However, if Mbed TLS cannot identify the target
- * system, the implementation of mbedtls_platform_gmtime_r() will default to
- * using the standard gmtime(). In this case, calls from the library to
- * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
- * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
- * library are also guarded with this mutex to avoid race conditions. However,
- * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
- * unconditionally use the implementation for mbedtls_platform_gmtime_r()
- * supplied at compile time.
- */
-//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
-
-/**
- * Enable the verified implementations of ECDH primitives from Project Everest
- * (currently only Curve25519). This feature changes the layout of ECDH
- * contexts and therefore is a compatibility break for applications that access
- * fields of a mbedtls_ecdh_context structure directly. See also
- * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
- */
-//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
-
-/** \} name SECTION: Module configuration options */
-
-/* Target and application specific configurations
- *
- * Allow user to override any previous default.
- *
- */
-#if defined(MBEDTLS_USER_CONFIG_FILE)
-#include MBEDTLS_USER_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#include "mbedtls/config_psa.h"
-#endif
-
-#include "mbedtls/check_config.h"
-
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/Sources/mbedtls/include/mbedtls/config_psa.h b/Sources/mbedtls/include/mbedtls/config_psa.h
deleted file mode 100644
index d27fb54..0000000
--- a/Sources/mbedtls/include/mbedtls/config_psa.h
+++ /dev/null
@@ -1,833 +0,0 @@
-/**
- * \file mbedtls/config_psa.h
- * \brief PSA crypto configuration options (set of defines)
- *
- *  This set of compile-time options takes settings defined in
- *  include/mbedtls/config.h and include/psa/crypto_config.h and uses
- *  those definitions to define symbols used in the library code.
- *
- *  Users and integrators should not edit this file, please edit
- *  include/mbedtls/config.h for MBEDTLS_XXX settings or
- *  include/psa/crypto_config.h for PSA_WANT_XXX settings.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_CONFIG_PSA_H
-#define MBEDTLS_CONFIG_PSA_H
-
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
-#include MBEDTLS_PSA_CRYPTO_CONFIG_FILE
-#else
-#include "psa/crypto_config.h"
-#endif
-#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
-
-#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
-#include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-
-/****************************************************************/
-/* De facto synonyms */
-/****************************************************************/
-
-#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
-#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
-#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
-#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
-#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS)
-#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT
-#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS)
-#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS
-#endif
-
-
-
-/****************************************************************/
-/* Require built-in implementations based on PSA requirements */
-/****************************************************************/
-
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-
-#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
-#define MBEDTLS_ECDSA_DETERMINISTIC
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_HMAC_DRBG_C
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
-#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
-
-#if defined(PSA_WANT_ALG_ECDH)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define MBEDTLS_ECDH_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */
-#endif /* PSA_WANT_ALG_ECDH */
-
-#if defined(PSA_WANT_ALG_ECDSA)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
-#endif /* PSA_WANT_ALG_ECDSA */
-
-#if defined(PSA_WANT_ALG_HKDF)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
-#endif /* PSA_WANT_ALG_HKDF */
-
-#if defined(PSA_WANT_ALG_HMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
-#endif /* PSA_WANT_ALG_HMAC */
-
-#if defined(PSA_WANT_ALG_MD2) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD2)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD2 1
-#define MBEDTLS_MD2_C
-#endif
-
-#if defined(PSA_WANT_ALG_MD4) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD4)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD4 1
-#define MBEDTLS_MD4_C
-#endif
-
-#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
-#define MBEDTLS_MD5_C
-#endif
-
-#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
-#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
-#define MBEDTLS_RIPEMD160_C
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_OAEP)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V21
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */
-#endif /* PSA_WANT_ALG_RSA_OAEP */
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V15
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */
-#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V15
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
-#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
-
-#if defined(PSA_WANT_ALG_RSA_PSS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V21
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
-#endif /* PSA_WANT_ALG_RSA_PSS */
-
-#if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
-#define MBEDTLS_SHA1_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
-#define MBEDTLS_SHA256_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define MBEDTLS_SHA256_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define MBEDTLS_SHA512_C
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
-#define MBEDTLS_SHA512_C
-#endif
-
-#if defined(PSA_WANT_ALG_TLS12_PRF)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */
-#endif /* PSA_WANT_ALG_TLS12_PRF */
-
-#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
-#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_GENPRIME
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */
-#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
-
-/* If any of the block modes are requested that don't have an
- * associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking
- * in the block cipher key types. */
-#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
-    (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
-    (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
-    defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
-    (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
-     !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
-    (defined(PSA_WANT_ALG_CBC_PKCS7) && \
-     !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
-    (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
-#define PSA_HAVE_SOFT_BLOCK_MODE 1
-#endif
-
-#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
-    (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
-#define PSA_HAVE_SOFT_BLOCK_AEAD 1
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
-#define PSA_HAVE_SOFT_KEY_TYPE_AES 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
-    defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
-    defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
-#define MBEDTLS_AES_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_AES */
-
-#if defined(PSA_WANT_KEY_TYPE_ARC4)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4 1
-#define MBEDTLS_ARC4_C
-#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4 */
-#endif /* PSA_WANT_KEY_TYPE_ARC4 */
-
-#if defined(PSA_WANT_KEY_TYPE_ARIA)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
-#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
-    defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
-    defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
-#define MBEDTLS_ARIA_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_ARIA */
-
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
-#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
-    defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
-    defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
-#define MBEDTLS_CAMELLIA_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
-
-#if defined(PSA_WANT_KEY_TYPE_DES)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
-#define PSA_HAVE_SOFT_KEY_TYPE_DES 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
-    defined(PSA_HAVE_SOFT_BLOCK_MODE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
-#define MBEDTLS_DES_C
-#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_DES */
-
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
-#define MBEDTLS_CHACHA20_C
-#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
-#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
-
-/* If any of the software block ciphers are selected, define
- * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these
- * situations. */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
-#endif
-
-#if defined(PSA_WANT_ALG_STREAM_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#endif /* PSA_WANT_ALG_STREAM_CIPHER */
-
-#if defined(PSA_WANT_ALG_CBC_MAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
-#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
-#endif /* PSA_WANT_ALG_CBC_MAC */
-
-#if defined(PSA_WANT_ALG_CMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
-#define MBEDTLS_CMAC_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
-#endif /* PSA_WANT_ALG_CMAC */
-
-#if defined(PSA_WANT_ALG_CTR)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
-#define MBEDTLS_CIPHER_MODE_CTR
-#endif
-#endif /* PSA_WANT_ALG_CTR */
-
-#if defined(PSA_WANT_ALG_CFB)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
-#define MBEDTLS_CIPHER_MODE_CFB
-#endif
-#endif /* PSA_WANT_ALG_CFB */
-
-#if defined(PSA_WANT_ALG_OFB)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
-#define MBEDTLS_CIPHER_MODE_OFB
-#endif
-#endif /* PSA_WANT_ALG_OFB */
-
-#if defined(PSA_WANT_ALG_ECB_NO_PADDING) &&     \
-    !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
-#endif
-
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
-#endif
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-
-#if defined(PSA_WANT_ALG_CBC_PKCS7)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#endif
-#endif /* PSA_WANT_ALG_CBC_PKCS7 */
-
-#if defined(PSA_WANT_ALG_CCM)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define MBEDTLS_CCM_C
-#endif
-#endif /* PSA_WANT_ALG_CCM */
-
-#if defined(PSA_WANT_ALG_GCM)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
-#define MBEDTLS_GCM_C
-#endif
-#endif /* PSA_WANT_ALG_GCM */
-
-#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#define MBEDTLS_CHACHAPOLY_C
-#define MBEDTLS_CHACHA20_C
-#define MBEDTLS_POLY1305_C
-#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
-#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */
-#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_255)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */
-#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_448)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
-/*
- * Curve448 is not yet supported via the PSA API in Mbed TLS
- * (https://github.com/Mbed-TLS/mbedtls/issues/4249).
- */
-#error "Curve448 is not yet supported via the PSA API in Mbed TLS."
-#define MBEDTLS_ECP_DP_CURVE448_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */
-#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_192)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */
-#endif /* PSA_WANT_ECC_SECP_R1_192 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */
-#endif /* PSA_WANT_ECC_SECP_R1_224 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */
-#endif /* PSA_WANT_ECC_SECP_R1_256 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_384)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */
-#endif /* PSA_WANT_ECC_SECP_R1_384 */
-
-#if defined(PSA_WANT_ECC_SECP_R1_521)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */
-#endif /* PSA_WANT_ECC_SECP_R1_521 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_192)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */
-#endif /* PSA_WANT_ECC_SECP_K1_192 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
-/*
- * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/Mbed-TLS/mbedtls/issues/3541).
- */
-#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */
-#endif /* PSA_WANT_ECC_SECP_K1_224 */
-
-#if defined(PSA_WANT_ECC_SECP_K1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
-#endif /* PSA_WANT_ECC_SECP_K1_256 */
-
-
-
-/****************************************************************/
-/* Infer PSA requirements from Mbed TLS capabilities */
-/****************************************************************/
-
-#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
-
-/*
- * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
- * is not defined
- */
-
-#if defined(MBEDTLS_CCM_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define PSA_WANT_ALG_CCM 1
-#endif /* MBEDTLS_CCM_C */
-
-#if defined(MBEDTLS_CMAC_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
-#define PSA_WANT_ALG_CMAC 1
-#endif /* MBEDTLS_CMAC_C */
-
-#if defined(MBEDTLS_ECDH_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define PSA_WANT_ALG_ECDH 1
-#endif /* MBEDTLS_ECDH_C */
-
-#if defined(MBEDTLS_ECDSA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#define PSA_WANT_ALG_ECDSA 1
-#define PSA_WANT_ALG_ECDSA_ANY 1
-
-// Only add in DETERMINISTIC support if ECDSA is also enabled
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
-#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-#endif /* MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_GCM_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
-#define PSA_WANT_ALG_GCM 1
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_HKDF_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define PSA_WANT_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
-#define PSA_WANT_ALG_HKDF 1
-#endif /* MBEDTLS_HKDF_C */
-
-#if defined(MBEDTLS_MD_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define PSA_WANT_ALG_HMAC 1
-#define PSA_WANT_KEY_TYPE_HMAC
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
-#define PSA_WANT_ALG_TLS12_PRF 1
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
-#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
-#endif /* MBEDTLS_MD_C */
-
-#if defined(MBEDTLS_MD2_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD2 1
-#define PSA_WANT_ALG_MD2 1
-#endif
-
-#if defined(MBEDTLS_MD4_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD4 1
-#define PSA_WANT_ALG_MD4 1
-#endif
-
-#if defined(MBEDTLS_MD5_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
-#define PSA_WANT_ALG_MD5 1
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
-#define PSA_WANT_ALG_RIPEMD160 1
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_PKCS1_V15)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
-#endif /* MBEDTLS_PKCS1_V15 */
-#if defined(MBEDTLS_PKCS1_V21)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
-#define PSA_WANT_ALG_RSA_OAEP 1
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
-#define PSA_WANT_ALG_RSA_PSS 1
-#endif /* MBEDTLS_PKCS1_V21 */
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
-#define PSA_WANT_ALG_SHA_1 1
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define PSA_WANT_ALG_SHA_224 1
-#define PSA_WANT_ALG_SHA_256 1
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define PSA_WANT_ALG_SHA_384 1
-#endif
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
-#define PSA_WANT_ALG_SHA_512 1
-#endif
-
-#if defined(MBEDTLS_AES_C)
-#define PSA_WANT_KEY_TYPE_AES 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
-#define PSA_WANT_KEY_TYPE_ARC4 1
-#define PSA_WANT_ALG_STREAM_CIPHER 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4 1
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#endif
-
-#if defined(MBEDTLS_ARIA_C)
-#define PSA_WANT_KEY_TYPE_ARIA 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1
-#endif
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#define PSA_WANT_KEY_TYPE_CAMELLIA 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
-#endif
-
-#if defined(MBEDTLS_DES_C)
-#define PSA_WANT_KEY_TYPE_DES 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
-#endif
-
-#if defined(MBEDTLS_CHACHA20_C)
-#define PSA_WANT_KEY_TYPE_CHACHA20 1
-#define PSA_WANT_ALG_STREAM_CIPHER 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#if defined(MBEDTLS_CHACHAPOLY_C)
-#define PSA_WANT_ALG_CHACHA20_POLY1305 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
-#endif
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
-#define PSA_WANT_ALG_CBC_NO_PADDING 1
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
-#define PSA_WANT_ALG_CBC_PKCS7 1
-#endif
-#endif
-
-#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
-    defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
-#define PSA_WANT_ALG_ECB_NO_PADDING 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
-#define PSA_WANT_ALG_CFB 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
-#define PSA_WANT_ALG_CTR 1
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
-#define PSA_WANT_ALG_OFB 1
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_256
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_384
-#endif
-
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_512
-#endif
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#define PSA_WANT_ECC_MONTGOMERY_255
-#endif
-
-/* Curve448 is not yet supported via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/4249) */
-#if 0 && defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#define PSA_WANT_ECC_MONTGOMERY_448
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#define PSA_WANT_ECC_SECP_R1_192
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#define PSA_WANT_ECC_SECP_R1_224
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#define PSA_WANT_ECC_SECP_R1_256
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#define PSA_WANT_ECC_SECP_R1_384
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#define PSA_WANT_ECC_SECP_R1_521
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#define PSA_WANT_ECC_SECP_K1_192
-#endif
-
-/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
-#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#define PSA_WANT_ECC_SECP_K1_224
-#endif
-
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#define PSA_WANT_ECC_SECP_K1_256
-#endif
-
-#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
-
-/* These features are always enabled. */
-#define PSA_WANT_KEY_TYPE_DERIVE 1
-#define PSA_WANT_KEY_TYPE_RAW_DATA 1
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_CONFIG_PSA_H */
diff --git a/Sources/mbedtls/include/mbedtls/constant_time.h b/Sources/mbedtls/include/mbedtls/constant_time.h
deleted file mode 100644
index c5de57a..0000000
--- a/Sources/mbedtls/include/mbedtls/constant_time.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- *  Constant-time functions
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_CONSTANT_TIME_H
-#define MBEDTLS_CONSTANT_TIME_H
-
-#include <stddef.h>
-
-
-/** Constant-time buffer comparison without branches.
- *
- * This is equivalent to the standard memcmp function, but is likely to be
- * compiled to code using bitwise operation rather than a branch.
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
- *
- * \param a     Pointer to the first buffer.
- * \param b     Pointer to the second buffer.
- * \param n     The number of bytes to compare in the buffer.
- *
- * \return      Zero if the content of the two buffer is the same,
- *              otherwise non-zero.
- */
-int mbedtls_ct_memcmp( const void *a,
-                       const void *b,
-                       size_t n );
-
-#endif /* MBEDTLS_CONSTANT_TIME_H */
diff --git a/Sources/mbedtls/include/mbedtls/ctr_drbg.h b/Sources/mbedtls/include/mbedtls/ctr_drbg.h
deleted file mode 100644
index e68237a..0000000
--- a/Sources/mbedtls/include/mbedtls/ctr_drbg.h
+++ /dev/null
@@ -1,611 +0,0 @@
-/**
- * \file ctr_drbg.h
- *
- * \brief    This file contains definitions and functions for the
- *           CTR_DRBG pseudorandom generator.
- *
- * CTR_DRBG is a standardized way of building a PRNG from a block-cipher
- * in counter mode operation, as defined in <em>NIST SP 800-90A:
- * Recommendation for Random Number Generation Using Deterministic Random
- * Bit Generators</em>.
- *
- * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128
- * (if \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled at compile time)
- * as the underlying block cipher, with a derivation function.
- *
- * The security strength as defined in NIST SP 800-90A is
- * 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
- * and 256 bits otherwise, provided that #MBEDTLS_CTR_DRBG_ENTROPY_LEN is
- * kept at its default value (and not overridden in config.h) and that the
- * DRBG instance is set up with default parameters.
- * See the documentation of mbedtls_ctr_drbg_seed() for more
- * information.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_CTR_DRBG_H
-#define MBEDTLS_CTR_DRBG_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/aes.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/** The entropy source failed. */
-#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED        -0x0034
-/** The requested random buffer length is too big. */
-#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG              -0x0036
-/** The input (entropy + additional data) is too large. */
-#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG                -0x0038
-/** Read or write error in file. */
-#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR                -0x003A
-
-#define MBEDTLS_CTR_DRBG_BLOCKSIZE          16 /**< The block size used by the cipher. */
-
-#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
-#define MBEDTLS_CTR_DRBG_KEYSIZE            16
-/**< The key size in bytes used by the cipher.
- *
- * Compile-time choice: 16 bytes (128 bits)
- * because #MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled.
- */
-#else
-#define MBEDTLS_CTR_DRBG_KEYSIZE            32
-/**< The key size in bytes used by the cipher.
- *
- * Compile-time choice: 32 bytes (256 bits)
- * because \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled.
- */
-#endif
-
-#define MBEDTLS_CTR_DRBG_KEYBITS            ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
-#define MBEDTLS_CTR_DRBG_SEEDLEN            ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them using the compiler command
- * line.
- * \{
- */
-
-/** \def MBEDTLS_CTR_DRBG_ENTROPY_LEN
- *
- * \brief The amount of entropy used per seed by default, in bytes.
- */
-#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
-#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
-/** This is 48 bytes because the entropy module uses SHA-512
- * (\c MBEDTLS_ENTROPY_FORCE_SHA256 is disabled).
- */
-#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        48
-
-#else /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
-
-/** This is 32 bytes because the entropy module uses SHA-256
- * (the SHA512 module is disabled or
- * \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled).
- */
-#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
-/** \warning To achieve a 256-bit security strength, you must pass a nonce
- *           to mbedtls_ctr_drbg_seed().
- */
-#endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
-#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        32
-#endif /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
-#endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */
-
-#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
-#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL    10000
-/**< The interval before reseed is performed by default. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
-#define MBEDTLS_CTR_DRBG_MAX_INPUT          256
-/**< The maximum number of additional input Bytes. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
-#define MBEDTLS_CTR_DRBG_MAX_REQUEST        1024
-/**< The maximum number of requested Bytes per call. */
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
-#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT     384
-/**< The maximum size of seed or reseed buffer in bytes. */
-#endif
-
-/** \} name SECTION: Module settings */
-
-#define MBEDTLS_CTR_DRBG_PR_OFF             0
-/**< Prediction resistance is disabled. */
-#define MBEDTLS_CTR_DRBG_PR_ON              1
-/**< Prediction resistance is enabled. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if MBEDTLS_CTR_DRBG_ENTROPY_LEN >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2
-/** The default length of the nonce read from the entropy source.
- *
- * This is \c 0 because a single read from the entropy source is sufficient
- * to include a nonce.
- * See the documentation of mbedtls_ctr_drbg_seed() for more information.
- */
-#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
-#else
-/** The default length of the nonce read from the entropy source.
- *
- * This is half of the default entropy length because a single read from
- * the entropy source does not provide enough material to form a nonce.
- * See the documentation of mbedtls_ctr_drbg_seed() for more information.
- */
-#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN ( MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1 ) / 2
-#endif
-
-/**
- * \brief          The CTR_DRBG context structure.
- */
-typedef struct mbedtls_ctr_drbg_context
-{
-    unsigned char counter[16];  /*!< The counter (V). */
-    int reseed_counter;         /*!< The reseed counter.
-                                 * This is the number of requests that have
-                                 * been made since the last (re)seeding,
-                                 * minus one.
-                                 * Before the initial seeding, this field
-                                 * contains the amount of entropy in bytes
-                                 * to use as a nonce for the initial seeding,
-                                 * or -1 if no nonce length has been explicitly
-                                 * set (see mbedtls_ctr_drbg_set_nonce_len()).
-                                 */
-    int prediction_resistance;  /*!< This determines whether prediction
-                                     resistance is enabled, that is
-                                     whether to systematically reseed before
-                                     each random generation. */
-    size_t entropy_len;         /*!< The amount of entropy grabbed on each
-                                     seed or reseed operation, in bytes. */
-    int reseed_interval;        /*!< The reseed interval.
-                                 * This is the maximum number of requests
-                                 * that can be made between reseedings. */
-
-    mbedtls_aes_context aes_ctx;        /*!< The AES context. */
-
-    /*
-     * Callbacks (Entropy)
-     */
-    int (*f_entropy)(void *, unsigned char *, size_t);
-                                /*!< The entropy callback function. */
-
-    void *p_entropy;            /*!< The context for the entropy function. */
-
-#if defined(MBEDTLS_THREADING_C)
-    /* Invariant: the mutex is initialized if and only if f_entropy != NULL.
-     * This means that the mutex is initialized during the initial seeding
-     * in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free().
-     *
-     * Note that this invariant may change without notice. Do not rely on it
-     * and do not access the mutex directly in application code.
-     */
-    mbedtls_threading_mutex_t mutex;
-#endif
-}
-mbedtls_ctr_drbg_context;
-
-/**
- * \brief               This function initializes the CTR_DRBG context,
- *                      and prepares it for mbedtls_ctr_drbg_seed()
- *                      or mbedtls_ctr_drbg_free().
- *
- * \note                The reseed interval is
- *                      #MBEDTLS_CTR_DRBG_RESEED_INTERVAL by default.
- *                      You can override it by calling
- *                      mbedtls_ctr_drbg_set_reseed_interval().
- *
- * \param ctx           The CTR_DRBG context to initialize.
- */
-void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
-
-/**
- * \brief               This function seeds and sets up the CTR_DRBG
- *                      entropy source for future reseeds.
- *
- * A typical choice for the \p f_entropy and \p p_entropy parameters is
- * to use the entropy module:
- * - \p f_entropy is mbedtls_entropy_func();
- * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized
- *   with mbedtls_entropy_init() (which registers the platform's default
- *   entropy sources).
- *
- * The entropy length is #MBEDTLS_CTR_DRBG_ENTROPY_LEN by default.
- * You can override it by calling mbedtls_ctr_drbg_set_entropy_len().
- *
- * The entropy nonce length is:
- * - \c 0 if the entropy length is at least 3/2 times the entropy length,
- *   which guarantees that the security strength is the maximum permitted
- *   by the key size and entropy length according to NIST SP 800-90A §10.2.1;
- * - Half the entropy length otherwise.
- * You can override it by calling mbedtls_ctr_drbg_set_nonce_len().
- * With the default entropy length, the entropy nonce length is
- * #MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN.
- *
- * You can provide a nonce and personalization string in addition to the
- * entropy source, to make this instantiation as unique as possible.
- * See SP 800-90A §8.6.7 for more details about nonces.
- *
- * The _seed_material_ value passed to the derivation function in
- * the CTR_DRBG Instantiate Process described in NIST SP 800-90A §10.2.1.3.2
- * is the concatenation of the following strings:
- * - A string obtained by calling \p f_entropy function for the entropy
- *   length.
- */
-#if MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN == 0
-/**
- * - If mbedtls_ctr_drbg_set_nonce_len() has been called, a string
- *   obtained by calling \p f_entropy function for the specified length.
- */
-#else
-/**
- * - A string obtained by calling \p f_entropy function for the entropy nonce
- *   length. If the entropy nonce length is \c 0, this function does not
- *   make a second call to \p f_entropy.
- */
-#endif
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note                When Mbed TLS is built with threading support,
- *                      after this function returns successfully,
- *                      it is safe to call mbedtls_ctr_drbg_random()
- *                      from multiple threads. Other operations, including
- *                      reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
- * - The \p custom string.
- *
- * \note                To achieve the nominal security strength permitted
- *                      by CTR_DRBG, the entropy length must be:
- *                      - at least 16 bytes for a 128-bit strength
- *                      (maximum achievable strength when using AES-128);
- *                      - at least 32 bytes for a 256-bit strength
- *                      (maximum achievable strength when using AES-256).
- *
- *                      In addition, if you do not pass a nonce in \p custom,
- *                      the sum of the entropy length
- *                      and the entropy nonce length must be:
- *                      - at least 24 bytes for a 128-bit strength
- *                      (maximum achievable strength when using AES-128);
- *                      - at least 48 bytes for a 256-bit strength
- *                      (maximum achievable strength when using AES-256).
- *
- * \param ctx           The CTR_DRBG context to seed.
- *                      It must have been initialized with
- *                      mbedtls_ctr_drbg_init().
- *                      After a successful call to mbedtls_ctr_drbg_seed(),
- *                      you may not call mbedtls_ctr_drbg_seed() again on
- *                      the same context unless you call
- *                      mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
- *                      again first.
- *                      After a failed call to mbedtls_ctr_drbg_seed(),
- *                      you must call mbedtls_ctr_drbg_free().
- * \param f_entropy     The entropy callback, taking as arguments the
- *                      \p p_entropy context, the buffer to fill, and the
- *                      length of the buffer.
- *                      \p f_entropy is always called with a buffer size
- *                      less than or equal to the entropy length.
- * \param p_entropy     The entropy context to pass to \p f_entropy.
- * \param custom        The personalization string.
- *                      This can be \c NULL, in which case the personalization
- *                      string is empty regardless of the value of \p len.
- * \param len           The length of the personalization string.
- *                      This must be at most
- *                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
- *                      - #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
- */
-int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
-                   int (*f_entropy)(void *, unsigned char *, size_t),
-                   void *p_entropy,
-                   const unsigned char *custom,
-                   size_t len );
-
-/**
- * \brief               This function resets CTR_DRBG context to the state immediately
- *                      after initial call of mbedtls_ctr_drbg_init().
- *
- * \param ctx           The CTR_DRBG context to clear.
- */
-void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
-
-/**
- * \brief               This function turns prediction resistance on or off.
- *                      The default value is off.
- *
- * \note                If enabled, entropy is gathered at the beginning of
- *                      every call to mbedtls_ctr_drbg_random_with_add()
- *                      or mbedtls_ctr_drbg_random().
- *                      Only use this if your entropy source has sufficient
- *                      throughput.
- *
- * \param ctx           The CTR_DRBG context.
- * \param resistance    #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
- */
-void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
-                                         int resistance );
-
-/**
- * \brief               This function sets the amount of entropy grabbed on each
- *                      seed or reseed.
- *
- * The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
- *
- * \note                The security strength of CTR_DRBG is bounded by the
- *                      entropy length. Thus:
- *                      - When using AES-256
- *                        (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled,
- *                        which is the default),
- *                        \p len must be at least 32 (in bytes)
- *                        to achieve a 256-bit strength.
- *                      - When using AES-128
- *                        (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled)
- *                        \p len must be at least 16 (in bytes)
- *                        to achieve a 128-bit strength.
- *
- * \param ctx           The CTR_DRBG context.
- * \param len           The amount of entropy to grab, in bytes.
- *                      This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
- *                      and at most the maximum length accepted by the
- *                      entropy function that is set in the context.
- */
-void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
-                               size_t len );
-
-/**
- * \brief               This function sets the amount of entropy grabbed
- *                      as a nonce for the initial seeding.
- *
- * Call this function before calling mbedtls_ctr_drbg_seed() to read
- * a nonce from the entropy source during the initial seeding.
- *
- * \param ctx           The CTR_DRBG context.
- * \param len           The amount of entropy to grab for the nonce, in bytes.
- *                      This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
- *                      and at most the maximum length accepted by the
- *                      entropy function that is set in the context.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if \p len is
- *                      more than #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
- * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
- *                      if the initial seeding has already taken place.
- */
-int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
-                                    size_t len );
-
-/**
- * \brief               This function sets the reseed interval.
- *
- * The reseed interval is the number of calls to mbedtls_ctr_drbg_random()
- * or mbedtls_ctr_drbg_random_with_add() after which the entropy function
- * is called again.
- *
- * The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
- *
- * \param ctx           The CTR_DRBG context.
- * \param interval      The reseed interval.
- */
-void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
-                                   int interval );
-
-/**
- * \brief               This function reseeds the CTR_DRBG context, that is
- *                      extracts data from the entropy source.
- *
- * \note                This function is not thread-safe. It is not safe
- *                      to call this function if another thread might be
- *                      concurrently obtaining random numbers from the same
- *                      context or updating or reseeding the same context.
- *
- * \param ctx           The CTR_DRBG context.
- * \param additional    Additional data to add to the state. Can be \c NULL.
- * \param len           The length of the additional data.
- *                      This must be less than
- *                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
- *                      where \c entropy_len is the entropy length
- *                      configured for the context.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
- */
-int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
-                     const unsigned char *additional, size_t len );
-
-/**
- * \brief              This function updates the state of the CTR_DRBG context.
- *
- * \note                This function is not thread-safe. It is not safe
- *                      to call this function if another thread might be
- *                      concurrently obtaining random numbers from the same
- *                      context or updating or reseeding the same context.
- *
- * \param ctx          The CTR_DRBG context.
- * \param additional   The data to update the state with. This must not be
- *                     \c NULL unless \p add_len is \c 0.
- * \param add_len      Length of \p additional in bytes. This must be at
- *                     most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
- *
- * \return             \c 0 on success.
- * \return             #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if
- *                     \p add_len is more than
- *                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
- * \return             An error from the underlying AES cipher on failure.
- */
-int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
-                                 const unsigned char *additional,
-                                 size_t add_len );
-
-/**
- * \brief   This function updates a CTR_DRBG instance with additional
- *          data and uses it to generate random data.
- *
- * This function automatically reseeds if the reseed counter is exceeded
- * or prediction resistance is enabled.
- *
- * \note                This function is not thread-safe. It is not safe
- *                      to call this function if another thread might be
- *                      concurrently obtaining random numbers from the same
- *                      context or updating or reseeding the same context.
- *
- * \param p_rng         The CTR_DRBG context. This must be a pointer to a
- *                      #mbedtls_ctr_drbg_context structure.
- * \param output        The buffer to fill.
- * \param output_len    The length of the buffer in bytes.
- * \param additional    Additional data to update. Can be \c NULL, in which
- *                      case the additional data is empty regardless of
- *                      the value of \p add_len.
- * \param add_len       The length of the additional data
- *                      if \p additional is not \c NULL.
- *                      This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT
- *                      and less than
- *                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
- *                      where \c entropy_len is the entropy length
- *                      configured for the context.
- *
- * \return    \c 0 on success.
- * \return    #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
- *            #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
- */
-int mbedtls_ctr_drbg_random_with_add( void *p_rng,
-                              unsigned char *output, size_t output_len,
-                              const unsigned char *additional, size_t add_len );
-
-/**
- * \brief   This function uses CTR_DRBG to generate random data.
- *
- * This function automatically reseeds if the reseed counter is exceeded
- * or prediction resistance is enabled.
- */
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note                When Mbed TLS is built with threading support,
- *                      it is safe to call mbedtls_ctr_drbg_random()
- *                      from multiple threads. Other operations, including
- *                      reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
- * \param p_rng         The CTR_DRBG context. This must be a pointer to a
- *                      #mbedtls_ctr_drbg_context structure.
- * \param output        The buffer to fill.
- * \param output_len    The length of the buffer in bytes.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
- *                      #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
- */
-int mbedtls_ctr_drbg_random( void *p_rng,
-                     unsigned char *output, size_t output_len );
-
-
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief              This function updates the state of the CTR_DRBG context.
- *
- * \deprecated         Superseded by mbedtls_ctr_drbg_update_ret()
- *                     in 2.16.0.
- *
- * \note               If \p add_len is greater than
- *                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first
- *                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used.
- *                     The remaining Bytes are silently discarded.
- *
- * \param ctx          The CTR_DRBG context.
- * \param additional   The data to update the state with.
- * \param add_len      Length of \p additional data.
- */
-MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update(
-    mbedtls_ctr_drbg_context *ctx,
-    const unsigned char *additional,
-    size_t add_len );
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief               This function writes a seed file.
- *
- * \param ctx           The CTR_DRBG context.
- * \param path          The name of the file.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
- * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed
- *                      failure.
- */
-int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
-
-/**
- * \brief               This function reads and updates a seed file. The seed
- *                      is added to this instance.
- *
- * \param ctx           The CTR_DRBG context.
- * \param path          The name of the file.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
- * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
- *                      reseed failure.
- * \return              #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing
- *                      seed file is too large.
- */
-int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief               The CTR_DRBG checkup routine.
- *
- * \return              \c 0 on success.
- * \return              \c 1 on failure.
- */
-int mbedtls_ctr_drbg_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ctr_drbg.h */
diff --git a/Sources/mbedtls/include/mbedtls/debug.h b/Sources/mbedtls/include/mbedtls/debug.h
deleted file mode 100644
index 4fc4662..0000000
--- a/Sources/mbedtls/include/mbedtls/debug.h
+++ /dev/null
@@ -1,311 +0,0 @@
-/**
- * \file debug.h
- *
- * \brief Functions for controlling and providing debug output from the library.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_DEBUG_H
-#define MBEDTLS_DEBUG_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/ssl.h"
-
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-
-#if defined(MBEDTLS_DEBUG_C)
-
-#define MBEDTLS_DEBUG_STRIP_PARENS( ... )   __VA_ARGS__
-
-#define MBEDTLS_SSL_DEBUG_MSG( level, args )                    \
-    mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__,    \
-                             MBEDTLS_DEBUG_STRIP_PARENS args )
-
-#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )                \
-    mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret )
-
-#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )           \
-    mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len )
-
-#if defined(MBEDTLS_BIGNUM_C)
-#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )                  \
-    mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X )
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )                  \
-    mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X )
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )                \
-    mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
-#endif
-
-#if defined(MBEDTLS_ECDH_C)
-#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr )               \
-    mbedtls_debug_printf_ecdh( ssl, level, __FILE__, __LINE__, ecdh, attr )
-#endif
-
-#else /* MBEDTLS_DEBUG_C */
-
-#define MBEDTLS_SSL_DEBUG_MSG( level, args )            do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )       do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )  do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )         do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )         do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )       do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr )     do { } while( 0 )
-
-#endif /* MBEDTLS_DEBUG_C */
-
-/**
- * \def MBEDTLS_PRINTF_ATTRIBUTE
- *
- * Mark a function as having printf attributes, and thus enable checking
- * via -wFormat and other flags. This does nothing on builds with compilers
- * that do not support the format attribute
- *
- * Module:  library/debug.c
- * Caller:
- *
- * This module provides debugging functions.
- */
-#if defined(__has_attribute)
-#if __has_attribute(format)
-#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)    \
-    __attribute__((__format__ (gnu_printf, string_index, first_to_check)))
-#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)    \
-    __attribute__((format(printf, string_index, first_to_check)))
-#endif
-#else /* __has_attribute(format) */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
-#endif /* __has_attribute(format) */
-#else /* defined(__has_attribute) */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
-#endif
-
-/**
- * \def MBEDTLS_PRINTF_SIZET
- *
- * MBEDTLS_PRINTF_xxx: Due to issues with older window compilers
- * and MinGW we need to define the printf specifier for size_t
- * and long long per platform.
- *
- * Module:  library/debug.c
- * Caller:
- *
- * This module provides debugging functions.
- */
-#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800)
-   #include <inttypes.h>
-   #define MBEDTLS_PRINTF_SIZET     PRIuPTR
-   #define MBEDTLS_PRINTF_LONGLONG  "I64d"
-#else /* (defined(__MINGW32__)  && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
-   #define MBEDTLS_PRINTF_SIZET     "zu"
-   #define MBEDTLS_PRINTF_LONGLONG  "lld"
-#endif /* (defined(__MINGW32__)  && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief   Set the threshold error level to handle globally all debug output.
- *          Debug messages that have a level over the threshold value are
- *          discarded.
- *          (Default value: 0 = No debug )
- *
- * \param threshold     threshold level of messages to filter on. Messages at a
- *                      higher level will be discarded.
- *                          - Debug levels
- *                              - 0 No debug
- *                              - 1 Error
- *                              - 2 State change
- *                              - 3 Informational
- *                              - 4 Verbose
- */
-void mbedtls_debug_set_threshold( int threshold );
-
-/**
- * \brief    Print a message to the debug output. This function is always used
- *          through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
- *          context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the message has occurred in
- * \param line      line number the message has occurred at
- * \param format    format specifier, in printf format
- * \param ...       variables used by the format specifier
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
-                              const char *file, int line,
-                              const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
-
-/**
- * \brief   Print the return value of a function to the debug output. This
- *          function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
- *          which supplies the ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      the name of the function that returned the error
- * \param ret       the return code value
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, int ret );
-
-/**
- * \brief   Output a buffer of size len bytes to the debug output. This function
- *          is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
- *          which supplies the ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      a name or label for the buffer being dumped. Normally the
- *                  variable or buffer name
- * \param buf       the buffer to be outputted
- * \param len       length of the buffer
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line, const char *text,
-                      const unsigned char *buf, size_t len );
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief   Print a MPI variable to the debug output. This function is always
- *          used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
- *          ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      a name or label for the MPI being output. Normally the
- *                  variable name
- * \param X         the MPI variable
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_mpi *X );
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * \brief   Print an ECP point to the debug output. This function is always
- *          used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
- *          ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      a name or label for the ECP point being output. Normally the
- *                  variable name
- * \param X         the ECP point
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_ecp_point *X );
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief   Print a X.509 certificate structure to the debug output. This
- *          function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
- *          which supplies the ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      a name or label for the certificate being output
- * \param crt       X.509 certificate structure
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_x509_crt *crt );
-#endif
-
-#if defined(MBEDTLS_ECDH_C)
-typedef enum
-{
-    MBEDTLS_DEBUG_ECDH_Q,
-    MBEDTLS_DEBUG_ECDH_QP,
-    MBEDTLS_DEBUG_ECDH_Z,
-} mbedtls_debug_ecdh_attr;
-
-/**
- * \brief   Print a field of the ECDH structure in the SSL context to the debug
- *          output. This function is always used through the
- *          MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
- *          and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param ecdh      the ECDH context
- * \param attr      the identifier of the attribute being output
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
-                                const char *file, int line,
-                                const mbedtls_ecdh_context *ecdh,
-                                mbedtls_debug_ecdh_attr attr );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* debug.h */
diff --git a/Sources/mbedtls/include/mbedtls/des.h b/Sources/mbedtls/include/mbedtls/des.h
deleted file mode 100644
index 325aab5..0000000
--- a/Sources/mbedtls/include/mbedtls/des.h
+++ /dev/null
@@ -1,370 +0,0 @@
-/**
- * \file des.h
- *
- * \brief DES block cipher
- *
- * \warning   DES is considered a weak cipher and its use constitutes a
- *            security risk. We recommend considering stronger ciphers
- *            instead.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-#ifndef MBEDTLS_DES_H
-#define MBEDTLS_DES_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-#include "mbedtls/platform_util.h"
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_DES_ENCRYPT     1
-#define MBEDTLS_DES_DECRYPT     0
-
-/** The data input has an invalid length. */
-#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH              -0x0032
-
-/* MBEDTLS_ERR_DES_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** DES hardware accelerator failed. */
-#define MBEDTLS_ERR_DES_HW_ACCEL_FAILED                   -0x0033
-
-#define MBEDTLS_DES_KEY_SIZE    8
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_DES_ALT)
-// Regular implementation
-//
-
-/**
- * \brief          DES context structure
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-typedef struct mbedtls_des_context
-{
-    uint32_t sk[32];            /*!<  DES subkeys       */
-}
-mbedtls_des_context;
-
-/**
- * \brief          Triple-DES context structure
- */
-typedef struct mbedtls_des3_context
-{
-    uint32_t sk[96];            /*!<  3DES subkeys      */
-}
-mbedtls_des3_context;
-
-#else  /* MBEDTLS_DES_ALT */
-#include "des_alt.h"
-#endif /* MBEDTLS_DES_ALT */
-
-/**
- * \brief          Initialize DES context
- *
- * \param ctx      DES context to be initialized
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-void mbedtls_des_init( mbedtls_des_context *ctx );
-
-/**
- * \brief          Clear DES context
- *
- * \param ctx      DES context to be cleared
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-void mbedtls_des_free( mbedtls_des_context *ctx );
-
-/**
- * \brief          Initialize Triple-DES context
- *
- * \param ctx      DES3 context to be initialized
- */
-void mbedtls_des3_init( mbedtls_des3_context *ctx );
-
-/**
- * \brief          Clear Triple-DES context
- *
- * \param ctx      DES3 context to be cleared
- */
-void mbedtls_des3_free( mbedtls_des3_context *ctx );
-
-/**
- * \brief          Set key parity on the given key to odd.
- *
- *                 DES keys are 56 bits long, but each byte is padded with
- *                 a parity bit to allow verification.
- *
- * \param key      8-byte secret key
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief          Check that key parity on the given key is odd.
- *
- *                 DES keys are 56 bits long, but each byte is padded with
- *                 a parity bit to allow verification.
- *
- * \param key      8-byte secret key
- *
- * \return         0 is parity was ok, 1 if parity was not correct.
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief          Check that key is not a weak or semi-weak DES key
- *
- * \param key      8-byte secret key
- *
- * \return         0 if no weak key was found, 1 if a weak key was identified.
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief          DES key schedule (56-bit, encryption)
- *
- * \param ctx      DES context to be initialized
- * \param key      8-byte secret key
- *
- * \return         0
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief          DES key schedule (56-bit, decryption)
- *
- * \param ctx      DES context to be initialized
- * \param key      8-byte secret key
- *
- * \return         0
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-/**
- * \brief          Triple-DES key schedule (112-bit, encryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      16-byte secret key
- *
- * \return         0
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
-
-/**
- * \brief          Triple-DES key schedule (112-bit, decryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      16-byte secret key
- *
- * \return         0
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
-
-/**
- * \brief          Triple-DES key schedule (168-bit, encryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      24-byte secret key
- *
- * \return         0
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
-
-/**
- * \brief          Triple-DES key schedule (168-bit, decryption)
- *
- * \param ctx      3DES context to be initialized
- * \param key      24-byte secret key
- *
- * \return         0
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
-
-/**
- * \brief          DES-ECB block encryption/decryption
- *
- * \param ctx      DES context
- * \param input    64-bit input block
- * \param output   64-bit output block
- *
- * \return         0 if successful
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
-                    const unsigned char input[8],
-                    unsigned char output[8] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief          DES-CBC buffer encryption/decryption
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      DES context
- * \param mode     MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[8],
-                    const unsigned char *input,
-                    unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-/**
- * \brief          3DES-ECB block encryption/decryption
- *
- * \param ctx      3DES context
- * \param input    64-bit input block
- * \param output   64-bit output block
- *
- * \return         0 if successful
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
-                     const unsigned char input[8],
-                     unsigned char output[8] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief          3DES-CBC buffer encryption/decryption
- *
- * \note           Upon exit, the content of the IV is updated so that you can
- *                 call the function same function again on the following
- *                 block(s) of data and get the same result as if it was
- *                 encrypted in one call. This allows a "streaming" usage.
- *                 If on the other hand you need to retain the contents of the
- *                 IV, you should either save it manually or use the cipher
- *                 module instead.
- *
- * \param ctx      3DES context
- * \param mode     MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \return         0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
-                     int mode,
-                     size_t length,
-                     unsigned char iv[8],
-                     const unsigned char *input,
-                     unsigned char *output );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-/**
- * \brief          Internal function for key expansion.
- *                 (Only exposed to allow overriding it,
- *                 see MBEDTLS_DES_SETKEY_ALT)
- *
- * \param SK       Round keys
- * \param key      Base key
- *
- * \warning        DES is considered a weak cipher and its use constitutes a
- *                 security risk. We recommend considering stronger ciphers
- *                 instead.
- */
-void mbedtls_des_setkey( uint32_t SK[32],
-                         const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_des_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* des.h */
diff --git a/Sources/mbedtls/include/mbedtls/dhm.h b/Sources/mbedtls/include/mbedtls/dhm.h
deleted file mode 100644
index c4b15a2..0000000
--- a/Sources/mbedtls/include/mbedtls/dhm.h
+++ /dev/null
@@ -1,1103 +0,0 @@
-/**
- * \file dhm.h
- *
- * \brief   This file contains Diffie-Hellman-Merkle (DHM) key exchange
- *          definitions and functions.
- *
- * Diffie-Hellman-Merkle (DHM) key exchange is defined in
- * <em>RFC-2631: Diffie-Hellman Key Agreement Method</em> and
- * <em>Public-Key Cryptography Standards (PKCS) #3: Diffie
- * Hellman Key Agreement Standard</em>.
- *
- * <em>RFC-3526: More Modular Exponential (MODP) Diffie-Hellman groups for
- * Internet Key Exchange (IKE)</em> defines a number of standardized
- * Diffie-Hellman groups for IKE.
- *
- * <em>RFC-5114: Additional Diffie-Hellman Groups for Use with IETF
- * Standards</em> defines a number of standardized Diffie-Hellman
- * groups that can be used.
- *
- * \warning  The security of the DHM key exchange relies on the proper choice
- *           of prime modulus - optimally, it should be a safe prime. The usage
- *           of non-safe primes both decreases the difficulty of the underlying
- *           discrete logarithm problem and can lead to small subgroup attacks
- *           leaking private exponent bits when invalid public keys are used
- *           and not detected. This is especially relevant if the same DHM
- *           parameters are reused for multiple key exchanges as in static DHM,
- *           while the criticality of small-subgroup attacks is lower for
- *           ephemeral DHM.
- *
- * \warning  For performance reasons, the code does neither perform primality
- *           nor safe primality tests, nor the expensive checks for invalid
- *           subgroups. Moreover, even if these were performed, non-standardized
- *           primes cannot be trusted because of the possibility of backdoors
- *           that can't be effectively checked for.
- *
- * \warning  Diffie-Hellman-Merkle is therefore a security risk when not using
- *           standardized primes generated using a trustworthy ("nothing up
- *           my sleeve") method, such as the RFC 3526 / 7919 primes. In the TLS
- *           protocol, DH parameters need to be negotiated, so using the default
- *           primes systematically is not always an option. If possible, use
- *           Elliptic Curve Diffie-Hellman (ECDH), which has better performance,
- *           and for which the TLS protocol mandates the use of standard
- *           parameters.
- *
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_DHM_H
-#define MBEDTLS_DHM_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-#include "mbedtls/bignum.h"
-
-/*
- * DHM Error codes
- */
-/** Bad input parameters. */
-#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA                    -0x3080
-/** Reading of the DHM parameters failed. */
-#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED                -0x3100
-/** Making of the DHM parameters failed. */
-#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED                -0x3180
-/** Reading of the public values failed. */
-#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED                -0x3200
-/** Making of the public value failed. */
-#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED                -0x3280
-/** Calculation of the DHM secret failed. */
-#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED                -0x3300
-/** The ASN.1 data is not formatted correctly. */
-#define MBEDTLS_ERR_DHM_INVALID_FORMAT                    -0x3380
-/** Allocation of memory failed. */
-#define MBEDTLS_ERR_DHM_ALLOC_FAILED                      -0x3400
-/** Read or write of file failed. */
-#define MBEDTLS_ERR_DHM_FILE_IO_ERROR                     -0x3480
-
-/* MBEDTLS_ERR_DHM_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** DHM hardware accelerator failed. */
-#define MBEDTLS_ERR_DHM_HW_ACCEL_FAILED                   -0x3500
-
-/** Setting the modulus and generator failed. */
-#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED                  -0x3580
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_DHM_ALT)
-
-/**
- * \brief          The DHM context structure.
- */
-typedef struct mbedtls_dhm_context
-{
-    size_t len;         /*!<  The size of \p P in Bytes. */
-    mbedtls_mpi P;      /*!<  The prime modulus. */
-    mbedtls_mpi G;      /*!<  The generator. */
-    mbedtls_mpi X;      /*!<  Our secret value. */
-    mbedtls_mpi GX;     /*!<  Our public key = \c G^X mod \c P. */
-    mbedtls_mpi GY;     /*!<  The public key of the peer = \c G^Y mod \c P. */
-    mbedtls_mpi K;      /*!<  The shared secret = \c G^(XY) mod \c P. */
-    mbedtls_mpi RP;     /*!<  The cached value = \c R^2 mod \c P. */
-    mbedtls_mpi Vi;     /*!<  The blinding value. */
-    mbedtls_mpi Vf;     /*!<  The unblinding value. */
-    mbedtls_mpi pX;     /*!<  The previous \c X. */
-}
-mbedtls_dhm_context;
-
-#else /* MBEDTLS_DHM_ALT */
-#include "dhm_alt.h"
-#endif /* MBEDTLS_DHM_ALT */
-
-/**
- * \brief          This function initializes the DHM context.
- *
- * \param ctx      The DHM context to initialize.
- */
-void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
-
-/**
- * \brief          This function parses the DHM parameters in a
- *                 TLS ServerKeyExchange handshake message
- *                 (DHM modulus, generator, and public key).
- *
- * \note           In a TLS handshake, this is the how the client
- *                 sets up its DHM context from the server's public
- *                 DHM key material.
- *
- * \param ctx      The DHM context to use. This must be initialized.
- * \param p        On input, *p must be the start of the input buffer.
- *                 On output, *p is updated to point to the end of the data
- *                 that has been read. On success, this is the first byte
- *                 past the end of the ServerKeyExchange parameters.
- *                 On error, this is the point at which an error has been
- *                 detected, which is usually not useful except to debug
- *                 failures.
- * \param end      The end of the input buffer.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
- */
-int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
-                             unsigned char **p,
-                             const unsigned char *end );
-
-/**
- * \brief          This function generates a DHM key pair and exports its
- *                 public part together with the DHM parameters in the format
- *                 used in a TLS ServerKeyExchange handshake message.
- *
- * \note           This function assumes that the DHM parameters \c ctx->P
- *                 and \c ctx->G have already been properly set. For that, use
- *                 mbedtls_dhm_set_group() below in conjunction with
- *                 mbedtls_mpi_read_binary() and mbedtls_mpi_read_string().
- *
- * \note           In a TLS handshake, this is the how the server generates
- *                 and exports its DHM key material.
- *
- * \param ctx      The DHM context to use. This must be initialized
- *                 and have the DHM parameters set. It may or may not
- *                 already have imported the peer's public key.
- * \param x_size   The private key size in Bytes.
- * \param olen     The address at which to store the number of Bytes
- *                 written on success. This must not be \c NULL.
- * \param output   The destination buffer. This must be a writable buffer of
- *                 sufficient size to hold the reduced binary presentation of
- *                 the modulus, the generator and the public key, each wrapped
- *                 with a 2-byte length field. It is the responsibility of the
- *                 caller to ensure that enough space is available. Refer to
- *                 mbedtls_mpi_size() to computing the byte-size of an MPI.
- * \param f_rng    The RNG function. Must not be \c NULL.
- * \param p_rng    The RNG context to be passed to \p f_rng. This may be
- *                 \c NULL if \p f_rng doesn't need a context parameter.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
- */
-int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
-                     unsigned char *output, size_t *olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
-
-/**
- * \brief          This function sets the prime modulus and generator.
- *
- * \note           This function can be used to set \c ctx->P, \c ctx->G
- *                 in preparation for mbedtls_dhm_make_params().
- *
- * \param ctx      The DHM context to configure. This must be initialized.
- * \param P        The MPI holding the DHM prime modulus. This must be
- *                 an initialized MPI.
- * \param G        The MPI holding the DHM generator. This must be an
- *                 initialized MPI.
- *
- * \return         \c 0 if successful.
- * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
- */
-int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
-                           const mbedtls_mpi *P,
-                           const mbedtls_mpi *G );
-
-/**
- * \brief          This function imports the raw public value of the peer.
- *
- * \note           In a TLS handshake, this is the how the server imports
- *                 the Client's public DHM key.
- *
- * \param ctx      The DHM context to use. This must be initialized and have
- *                 its DHM parameters set, e.g. via mbedtls_dhm_set_group().
- *                 It may or may not already have generated its own private key.
- * \param input    The input buffer containing the \c G^Y value of the peer.
- *                 This must be a readable buffer of size \p ilen Bytes.
- * \param ilen     The size of the input buffer \p input in Bytes.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
- */
-int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
-                     const unsigned char *input, size_t ilen );
-
-/**
- * \brief          This function creates a DHM key pair and exports
- *                 the raw public key in big-endian format.
- *
- * \note           The destination buffer is always fully written
- *                 so as to contain a big-endian representation of G^X mod P.
- *                 If it is larger than \c ctx->len, it is padded accordingly
- *                 with zero-bytes at the beginning.
- *
- * \param ctx      The DHM context to use. This must be initialized and
- *                 have the DHM parameters set. It may or may not already
- *                 have imported the peer's public key.
- * \param x_size   The private key size in Bytes.
- * \param output   The destination buffer. This must be a writable buffer of
- *                 size \p olen Bytes.
- * \param olen     The length of the destination buffer. This must be at least
- *                 equal to `ctx->len` (the size of \c P).
- * \param f_rng    The RNG function. This must not be \c NULL.
- * \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
- *                 if \p f_rng doesn't need a context argument.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
- */
-int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
-                     unsigned char *output, size_t olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
-
-/**
- * \brief          This function derives and exports the shared secret
- *                 \c (G^Y)^X mod \c P.
- *
- * \note           If \p f_rng is not \c NULL, it is used to blind the input as
- *                 a countermeasure against timing attacks. Blinding is used
- *                 only if our private key \c X is re-used, and not used
- *                 otherwise. We recommend always passing a non-NULL
- *                 \p f_rng argument.
- *
- * \param ctx           The DHM context to use. This must be initialized
- *                      and have its own private key generated and the peer's
- *                      public key imported.
- * \param output        The buffer to write the generated shared key to. This
- *                      must be a writable buffer of size \p output_size Bytes.
- * \param output_size   The size of the destination buffer. This must be at
- *                      least the size of \c ctx->len (the size of \c P).
- * \param olen          On exit, holds the actual number of Bytes written.
- * \param f_rng         The RNG function, for blinding purposes. This may
- *                      b \c NULL if blinding isn't needed.
- * \param p_rng         The RNG context. This may be \c NULL if \p f_rng
- *                      doesn't need a context argument.
- *
- * \return              \c 0 on success.
- * \return              An \c MBEDTLS_ERR_DHM_XXX error code on failure.
- */
-int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
-                     unsigned char *output, size_t output_size, size_t *olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
-
-/**
- * \brief          This function frees and clears the components
- *                 of a DHM context.
- *
- * \param ctx      The DHM context to free and clear. This may be \c NULL,
- *                 in which case this function is a no-op. If it is not \c NULL,
- *                 it must point to an initialized DHM context.
- */
-void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-/**
- * \brief             This function parses DHM parameters in PEM or DER format.
- *
- * \param dhm         The DHM context to import the DHM parameters into.
- *                    This must be initialized.
- * \param dhmin       The input buffer. This must be a readable buffer of
- *                    length \p dhminlen Bytes.
- * \param dhminlen    The size of the input buffer \p dhmin, including the
- *                    terminating \c NULL Byte for PEM data.
- *
- * \return            \c 0 on success.
- * \return            An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error
- *                    code on failure.
- */
-int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
-                           size_t dhminlen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief          This function loads and parses DHM parameters from a file.
- *
- * \param dhm      The DHM context to load the parameters to.
- *                 This must be initialized.
- * \param path     The filename to read the DHM parameters from.
- *                 This must not be \c NULL.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX
- *                 error code on failure.
- */
-int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          The DMH checkup routine.
- *
- * \return         \c 0 on success.
- * \return         \c 1 on failure.
- */
-int mbedtls_dhm_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-#ifdef __cplusplus
-}
-#endif
-
-/**
- * RFC 3526, RFC 5114 and RFC 7919 standardize a number of
- * Diffie-Hellman groups, some of which are included here
- * for use within the SSL/TLS module and the user's convenience
- * when configuring the Diffie-Hellman parameters by hand
- * through \c mbedtls_ssl_conf_dh_param.
- *
- * The following lists the source of the above groups in the standards:
- * - RFC 5114 section 2.2:  2048-bit MODP Group with 224-bit Prime Order Subgroup
- * - RFC 3526 section 3:    2048-bit MODP Group
- * - RFC 3526 section 4:    3072-bit MODP Group
- * - RFC 3526 section 5:    4096-bit MODP Group
- * - RFC 7919 section A.1:  ffdhe2048
- * - RFC 7919 section A.2:  ffdhe3072
- * - RFC 7919 section A.3:  ffdhe4096
- * - RFC 7919 section A.4:  ffdhe6144
- * - RFC 7919 section A.5:  ffdhe8192
- *
- * The constants with suffix "_p" denote the chosen prime moduli, while
- * the constants with suffix "_g" denote the chosen generator
- * of the associated prime field.
- *
- * The constants further suffixed with "_bin" are provided in binary format,
- * while all other constants represent null-terminated strings holding the
- * hexadecimal presentation of the respective numbers.
- *
- * The primes from RFC 3526 and RFC 7919 have been generating by the following
- * trust-worthy procedure:
- * - Fix N in { 2048, 3072, 4096, 6144, 8192 } and consider the N-bit number
- *   the first and last 64 bits are all 1, and the remaining N - 128 bits of
- *   which are 0x7ff...ff.
- * - Add the smallest multiple of the first N - 129 bits of the binary expansion
- *   of pi (for RFC 5236) or e (for RFC 7919) to this intermediate bit-string
- *   such that the resulting integer is a safe-prime.
- * - The result is the respective RFC 3526 / 7919 prime, and the corresponding
- *   generator is always chosen to be 2 (which is a square for these prime,
- *   hence the corresponding subgroup has order (p-1)/2 and avoids leaking a
- *   bit in the private exponent).
- *
- */
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-
-/**
- * \warning The origin of the primes in RFC 5114 is not documented and
- *          their use therefore constitutes a security risk!
- *
- * \deprecated The hex-encoded primes from RFC 5114 are deprecated and are
- *             likely to be removed in a future version of the library without
- *             replacement.
- */
-
-/**
- * The hexadecimal presentation of the prime underlying the
- * 2048-bit MODP Group with 224-bit Prime Order Subgroup, as defined
- * in <em>RFC-5114: Additional Diffie-Hellman Groups for Use with
- * IETF Standards</em>.
- */
-#define MBEDTLS_DHM_RFC5114_MODP_2048_P                         \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT(                         \
-        "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"      \
-        "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"      \
-        "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"      \
-        "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"      \
-        "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"      \
-        "B3BF8A317091883681286130BC8985DB1602E714415D9330"      \
-        "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"      \
-        "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"      \
-        "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"      \
-        "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"      \
-        "CF9DE5384E71B81C0AC4DFFE0C10E64F" )
-
-/**
- * The hexadecimal presentation of the chosen generator of the 2048-bit MODP
- * Group with 224-bit Prime Order Subgroup, as defined in <em>RFC-5114:
- * Additional Diffie-Hellman Groups for Use with IETF Standards</em>.
- */
-#define MBEDTLS_DHM_RFC5114_MODP_2048_G                         \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT(                         \
-        "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"      \
-        "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"      \
-        "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"      \
-        "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"      \
-        "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"      \
-        "F180EB34118E98D119529A45D6F834566E3025E316A330EF"      \
-        "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"      \
-        "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"      \
-        "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"      \
-        "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"      \
-        "81BC087F2A7065B384B890D3191F2BFA" )
-
-/**
- * The hexadecimal presentation of the prime underlying the 2048-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- *
- * \deprecated The hex-encoded primes from RFC 3625 are deprecated and
- *             superseded by the corresponding macros providing them as
- *             binary constants. Their hex-encoded constants are likely
- *             to be removed in a future version of the library.
- *
- */
-#define MBEDTLS_DHM_RFC3526_MODP_2048_P                         \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT(                         \
-        "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"      \
-        "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"      \
-        "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"      \
-        "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"      \
-        "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"      \
-        "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"      \
-        "83655D23DCA3AD961C62F356208552BB9ED529077096966D"      \
-        "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"      \
-        "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"      \
-        "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"      \
-        "15728E5A8AACAA68FFFFFFFFFFFFFFFF" )
-
-/**
- * The hexadecimal presentation of the chosen generator of the 2048-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_2048_G                         \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
-
-/**
- * The hexadecimal presentation of the prime underlying the 3072-bit MODP
- * Group, as defined in <em>RFC-3072: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_3072_P                         \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT(                         \
-        "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"      \
-        "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"      \
-        "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"      \
-        "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"      \
-        "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"      \
-        "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"      \
-        "83655D23DCA3AD961C62F356208552BB9ED529077096966D"      \
-        "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"      \
-        "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"      \
-        "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"      \
-        "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"      \
-        "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"      \
-        "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"      \
-        "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"      \
-        "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"      \
-        "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" )
-
-/**
- * The hexadecimal presentation of the chosen generator of the 3072-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_3072_G                      \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
-
-/**
- * The hexadecimal presentation of the prime underlying the 4096-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_4096_P                      \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT(                      \
-        "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"   \
-        "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"   \
-        "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"   \
-        "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"   \
-        "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"   \
-        "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"   \
-        "83655D23DCA3AD961C62F356208552BB9ED529077096966D"   \
-        "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"   \
-        "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"   \
-        "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"   \
-        "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"   \
-        "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"   \
-        "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"   \
-        "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"   \
-        "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"   \
-        "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"   \
-        "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"   \
-        "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"   \
-        "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"   \
-        "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"   \
-        "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199"   \
-        "FFFFFFFFFFFFFFFF" )
-
-/**
- * The hexadecimal presentation of the chosen generator of the 4096-bit MODP
- * Group, as defined in <em>RFC-3526: More Modular Exponential (MODP)
- * Diffie-Hellman groups for Internet Key Exchange (IKE)</em>.
- */
-#define MBEDTLS_DHM_RFC3526_MODP_4096_G                      \
-    MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" )
-
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/*
- * Trustworthy DHM parameters in binary form
- */
-
-#define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
-     0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
-     0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
-     0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
-     0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
-     0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
-     0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
-     0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
-     0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
-     0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
-     0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
-     0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
-     0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
-     0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
-     0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
-     0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
-     0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
-     0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
-     0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
-     0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
-     0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
-     0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
-     0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
-     0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
-     0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
-     0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
-     0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
-     0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
-     0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
-     0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN {       \
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-    0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
-    0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
-    0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
-    0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
-    0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
-    0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
-    0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
-    0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
-    0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
-    0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
-    0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
-    0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
-    0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
-    0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
-    0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
-    0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
-    0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
-    0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
-    0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
-    0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
-    0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
-    0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
-    0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
-    0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
-    0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
-    0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
-    0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
-    0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
-    0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
-    0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \
-    0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \
-    0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
-    0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \
-    0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \
-    0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \
-    0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \
-    0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \
-    0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \
-    0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \
-    0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \
-    0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \
-    0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \
-    0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
-    0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \
-    0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \
-    0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, \
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC3526_MODP_4096_P_BIN  {       \
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,  \
-    0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,  \
-    0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,  \
-    0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,  \
-    0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,  \
-    0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,  \
-    0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,  \
-    0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,  \
-    0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,  \
-    0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,  \
-    0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,  \
-    0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,  \
-    0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,  \
-    0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,  \
-    0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,  \
-    0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,  \
-    0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,  \
-    0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,  \
-    0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,  \
-    0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,  \
-    0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,  \
-    0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,  \
-    0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,  \
-    0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,  \
-    0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,  \
-    0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,  \
-    0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,  \
-    0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,  \
-    0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,  \
-    0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,  \
-    0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,  \
-    0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,  \
-    0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,  \
-    0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,  \
-    0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,  \
-    0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,  \
-    0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,  \
-    0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,  \
-    0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,  \
-    0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,  \
-    0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,  \
-    0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,  \
-    0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,  \
-    0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,  \
-    0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,  \
-    0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,  \
-    0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,  \
-    0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,  \
-    0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,  \
-    0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,  \
-    0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,  \
-    0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,  \
-    0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,  \
-    0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,  \
-    0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,  \
-    0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,  \
-    0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,  \
-    0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,  \
-    0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,  \
-    0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,  \
-    0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,  \
-    0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,  \
-    0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,  \
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC3526_MODP_4096_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN { \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
-     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
-     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
-     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
-     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
-     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
-     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
-     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
-     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
-     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
-     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
-     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
-     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
-     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
-     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
-     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
-     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
-     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
-     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
-     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
-     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
-     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
-     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
-     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
-     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
-     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
-     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
-     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
-     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
-     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
-     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
-     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
-     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
-     0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
-     0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
-     0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
-     0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
-     0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
-     0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
-     0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
-     0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
-     0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
-     0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
-     0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
-     0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
-     0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
-     0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
-     0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
-     0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
-     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
-     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
-     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
-     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
-     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
-     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
-     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
-     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
-     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
-     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
-     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
-     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
-     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
-     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
-     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
-     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
-     0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
-     0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
-     0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
-     0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
-     0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
-     0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
-     0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
-     0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
-     0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
-     0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
-     0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
-     0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
-     0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
-     0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
-     0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
-     0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
-     0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
-     0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
-     0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
-     0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
-     0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
-     0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
-     0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
-     0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
-     0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
-     0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
-     0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
-     0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
-     0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
-     0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
-     0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
-     0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
-     0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
-     0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
-     0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
-     0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
-     0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
-     0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
-     0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
-     0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
-     0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
-     0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
-     0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
-     0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
-     0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
-     0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
-     0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
-     0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN { 0x02 }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
-     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
-     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
-     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
-     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
-     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
-     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
-     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
-     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
-     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
-     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
-     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
-     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
-     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
-     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
-     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
-     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
-     0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
-     0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
-     0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
-     0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
-     0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
-     0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
-     0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
-     0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
-     0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
-     0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
-     0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
-     0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
-     0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
-     0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
-     0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
-     0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
-     0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
-     0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
-     0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
-     0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
-     0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
-     0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
-     0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
-     0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
-     0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
-     0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
-     0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
-     0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
-     0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
-     0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
-     0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
-     0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
-     0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
-     0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
-     0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
-     0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
-     0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
-     0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
-     0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
-     0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
-     0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
-     0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
-     0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
-     0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
-     0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
-     0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
-     0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
-     0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, \
-     0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, \
-     0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, \
-     0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, \
-     0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \
-     0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, \
-     0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, \
-     0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, \
-     0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, \
-     0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, \
-     0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, \
-     0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, \
-     0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, \
-     0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, \
-     0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, \
-     0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \
-     0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, \
-     0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, \
-     0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, \
-     0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, \
-     0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, \
-     0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, \
-     0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, \
-     0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, \
-     0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, \
-     0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, \
-     0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \
-     0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, \
-     0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, \
-     0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, \
-     0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, \
-     0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, \
-     0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
-
-#define MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN { 0x02 }
-
-#endif /* dhm.h */
diff --git a/Sources/mbedtls/include/mbedtls/ecdh.h b/Sources/mbedtls/include/mbedtls/ecdh.h
deleted file mode 100644
index 05855cd..0000000
--- a/Sources/mbedtls/include/mbedtls/ecdh.h
+++ /dev/null
@@ -1,446 +0,0 @@
-/**
- * \file ecdh.h
- *
- * \brief This file contains ECDH definitions and functions.
- *
- * The Elliptic Curve Diffie-Hellman (ECDH) protocol is an anonymous
- * key agreement protocol allowing two parties to establish a shared
- * secret over an insecure channel. Each party must have an
- * elliptic-curve public–private key pair.
- *
- * For more information, see <em>NIST SP 800-56A Rev. 2: Recommendation for
- * Pair-Wise Key Establishment Schemes Using Discrete Logarithm
- * Cryptography</em>.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_ECDH_H
-#define MBEDTLS_ECDH_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/ecp.h"
-
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-#undef MBEDTLS_ECDH_LEGACY_CONTEXT
-#include "everest/everest.h"
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Defines the source of the imported EC key.
- */
-typedef enum
-{
-    MBEDTLS_ECDH_OURS,   /**< Our key. */
-    MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
-} mbedtls_ecdh_side;
-
-#if !defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-/**
- * Defines the ECDH implementation used.
- *
- * Later versions of the library may add new variants, therefore users should
- * not make any assumptions about them.
- */
-typedef enum
-{
-    MBEDTLS_ECDH_VARIANT_NONE = 0,   /*!< Implementation not defined. */
-    MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-    MBEDTLS_ECDH_VARIANT_EVEREST     /*!< Everest implementation */
-#endif
-} mbedtls_ecdh_variant;
-
-/**
- * The context used by the default ECDH implementation.
- *
- * Later versions might change the structure of this context, therefore users
- * should not make any assumptions about the structure of
- * mbedtls_ecdh_context_mbed.
- */
-typedef struct mbedtls_ecdh_context_mbed
-{
-    mbedtls_ecp_group grp;   /*!< The elliptic curve used. */
-    mbedtls_mpi d;           /*!< The private key. */
-    mbedtls_ecp_point Q;     /*!< The public key. */
-    mbedtls_ecp_point Qp;    /*!< The value of the public key of the peer. */
-    mbedtls_mpi z;           /*!< The shared secret. */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
-#endif
-} mbedtls_ecdh_context_mbed;
-#endif
-
-/**
- *
- * \warning         Performing multiple operations concurrently on the same
- *                  ECDSA context is not supported; objects of this type
- *                  should not be shared between multiple threads.
- * \brief           The ECDH context structure.
- */
-typedef struct mbedtls_ecdh_context
-{
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    mbedtls_ecp_group grp;   /*!< The elliptic curve used. */
-    mbedtls_mpi d;           /*!< The private key. */
-    mbedtls_ecp_point Q;     /*!< The public key. */
-    mbedtls_ecp_point Qp;    /*!< The value of the public key of the peer. */
-    mbedtls_mpi z;           /*!< The shared secret. */
-    int point_format;        /*!< The format of point export in TLS messages. */
-    mbedtls_ecp_point Vi;    /*!< The blinding value. */
-    mbedtls_ecp_point Vf;    /*!< The unblinding value. */
-    mbedtls_mpi _d;          /*!< The previous \p d. */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    int restart_enabled;        /*!< The flag for restartable mode. */
-    mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-#else
-    uint8_t point_format;       /*!< The format of point export in TLS messages
-                                  as defined in RFC 4492. */
-    mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */
-    mbedtls_ecdh_variant var;   /*!< The ECDH implementation/structure used. */
-    union
-    {
-        mbedtls_ecdh_context_mbed   mbed_ecdh;
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-        mbedtls_ecdh_context_everest everest_ecdh;
-#endif
-    } ctx;                      /*!< Implementation-specific context. The
-                                  context in use is specified by the \c var
-                                  field. */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    uint8_t restart_enabled;    /*!< The flag for restartable mode. Functions of
-                                  an alternative implementation not supporting
-                                  restartable mode must return
-                                  MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
-                                  if this flag is set. */
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
-}
-mbedtls_ecdh_context;
-
-/**
- * \brief          Check whether a given group can be used for ECDH.
- *
- * \param gid      The ECP group ID to check.
- *
- * \return         \c 1 if the group can be used, \c 0 otherwise
- */
-int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid );
-
-/**
- * \brief           This function generates an ECDH keypair on an elliptic
- *                  curve.
- *
- *                  This function performs the first of two core computations
- *                  implemented during the ECDH key exchange. The second core
- *                  computation is performed by mbedtls_ecdh_compute_shared().
- *
- * \see             ecp.h
- *
- * \param grp       The ECP group to use. This must be initialized and have
- *                  domain parameters loaded, for example through
- *                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
- * \param d         The destination MPI (private key).
- *                  This must be initialized.
- * \param Q         The destination point (public key).
- *                  This must be initialized.
- * \param f_rng     The RNG function to use. This must not be \c NULL.
- * \param p_rng     The RNG context to be passed to \p f_rng. This may be
- *                  \c NULL in case \p f_rng doesn't need a context argument.
- *
- * \return          \c 0 on success.
- * \return          Another \c MBEDTLS_ERR_ECP_XXX or
- *                  \c MBEDTLS_MPI_XXX error code on failure.
- */
-int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
-
-/**
- * \brief           This function computes the shared secret.
- *
- *                  This function performs the second of two core computations
- *                  implemented during the ECDH key exchange. The first core
- *                  computation is performed by mbedtls_ecdh_gen_public().
- *
- * \see             ecp.h
- *
- * \note            If \p f_rng is not NULL, it is used to implement
- *                  countermeasures against side-channel attacks.
- *                  For more information, see mbedtls_ecp_mul().
- *
- * \param grp       The ECP group to use. This must be initialized and have
- *                  domain parameters loaded, for example through
- *                  mbedtls_ecp_load() or mbedtls_ecp_tls_read_group().
- * \param z         The destination MPI (shared secret).
- *                  This must be initialized.
- * \param Q         The public key from another party.
- *                  This must be initialized.
- * \param d         Our secret exponent (private key).
- *                  This must be initialized.
- * \param f_rng     The RNG function. This may be \c NULL if randomization
- *                  of intermediate results during the ECP computations is
- *                  not needed (discouraged). See the documentation of
- *                  mbedtls_ecp_mul() for more.
- * \param p_rng     The RNG context to be passed to \p f_rng. This may be
- *                  \c NULL if \p f_rng is \c NULL or doesn't need a
- *                  context argument.
- *
- * \return          \c 0 on success.
- * \return          Another \c MBEDTLS_ERR_ECP_XXX or
- *                  \c MBEDTLS_MPI_XXX error code on failure.
- */
-int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
-                         const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng );
-
-/**
- * \brief           This function initializes an ECDH context.
- *
- * \param ctx       The ECDH context to initialize. This must not be \c NULL.
- */
-void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
-
-/**
- * \brief           This function sets up the ECDH context with the information
- *                  given.
- *
- *                  This function should be called after mbedtls_ecdh_init() but
- *                  before mbedtls_ecdh_make_params(). There is no need to call
- *                  this function before mbedtls_ecdh_read_params().
- *
- *                  This is the first function used by a TLS server for ECDHE
- *                  ciphersuites.
- *
- * \param ctx       The ECDH context to set up. This must be initialized.
- * \param grp_id    The group id of the group to set up the context for.
- *
- * \return          \c 0 on success.
- */
-int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx,
-                        mbedtls_ecp_group_id grp_id );
-
-/**
- * \brief           This function frees a context.
- *
- * \param ctx       The context to free. This may be \c NULL, in which
- *                  case this function does nothing. If it is not \c NULL,
- *                  it must point to an initialized ECDH context.
- */
-void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
-
-/**
- * \brief           This function generates an EC key pair and exports its
- *                  in the format used in a TLS ServerKeyExchange handshake
- *                  message.
- *
- *                  This is the second function used by a TLS server for ECDHE
- *                  ciphersuites. (It is called after mbedtls_ecdh_setup().)
- *
- * \see             ecp.h
- *
- * \param ctx       The ECDH context to use. This must be initialized
- *                  and bound to a group, for example via mbedtls_ecdh_setup().
- * \param olen      The address at which to store the number of Bytes written.
- * \param buf       The destination buffer. This must be a writable buffer of
- *                  length \p blen Bytes.
- * \param blen      The length of the destination buffer \p buf in Bytes.
- * \param f_rng     The RNG function to use. This must not be \c NULL.
- * \param p_rng     The RNG context to be passed to \p f_rng. This may be
- *                  \c NULL in case \p f_rng doesn't need a context argument.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
-
-/**
- * \brief           This function parses the ECDHE parameters in a
- *                  TLS ServerKeyExchange handshake message.
- *
- * \note            In a TLS handshake, this is the how the client
- *                  sets up its ECDHE context from the server's public
- *                  ECDHE key material.
- *
- * \see             ecp.h
- *
- * \param ctx       The ECDHE context to use. This must be initialized.
- * \param buf       On input, \c *buf must be the start of the input buffer.
- *                  On output, \c *buf is updated to point to the end of the
- *                  data that has been read. On success, this is the first byte
- *                  past the end of the ServerKeyExchange parameters.
- *                  On error, this is the point at which an error has been
- *                  detected, which is usually not useful except to debug
- *                  failures.
- * \param end       The end of the input buffer.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- *
- */
-int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
-                              const unsigned char **buf,
-                              const unsigned char *end );
-
-/**
- * \brief           This function sets up an ECDH context from an EC key.
- *
- *                  It is used by clients and servers in place of the
- *                  ServerKeyEchange for static ECDH, and imports ECDH
- *                  parameters from the EC key information of a certificate.
- *
- * \see             ecp.h
- *
- * \param ctx       The ECDH context to set up. This must be initialized.
- * \param key       The EC key to use. This must be initialized.
- * \param side      Defines the source of the key. Possible values are:
- *                  - #MBEDTLS_ECDH_OURS: The key is ours.
- *                  - #MBEDTLS_ECDH_THEIRS: The key is that of the peer.
- *
- * \return          \c 0 on success.
- * \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
- *
- */
-int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
-                             const mbedtls_ecp_keypair *key,
-                             mbedtls_ecdh_side side );
-
-/**
- * \brief           This function generates a public key and exports it
- *                  as a TLS ClientKeyExchange payload.
- *
- *                  This is the second function used by a TLS client for ECDH(E)
- *                  ciphersuites.
- *
- * \see             ecp.h
- *
- * \param ctx       The ECDH context to use. This must be initialized
- *                  and bound to a group, the latter usually by
- *                  mbedtls_ecdh_read_params().
- * \param olen      The address at which to store the number of Bytes written.
- *                  This must not be \c NULL.
- * \param buf       The destination buffer. This must be a writable buffer
- *                  of length \p blen Bytes.
- * \param blen      The size of the destination buffer \p buf in Bytes.
- * \param f_rng     The RNG function to use. This must not be \c NULL.
- * \param p_rng     The RNG context to be passed to \p f_rng. This may be
- *                  \c NULL in case \p f_rng doesn't need a context argument.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
-
-/**
- * \brief       This function parses and processes the ECDHE payload of a
- *              TLS ClientKeyExchange message.
- *
- *              This is the third function used by a TLS server for ECDH(E)
- *              ciphersuites. (It is called after mbedtls_ecdh_setup() and
- *              mbedtls_ecdh_make_params().)
- *
- * \see         ecp.h
- *
- * \param ctx   The ECDH context to use. This must be initialized
- *              and bound to a group, for example via mbedtls_ecdh_setup().
- * \param buf   The pointer to the ClientKeyExchange payload. This must
- *              be a readable buffer of length \p blen Bytes.
- * \param blen  The length of the input buffer \p buf in Bytes.
- *
- * \return      \c 0 on success.
- * \return      An \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
-                              const unsigned char *buf, size_t blen );
-
-/**
- * \brief           This function derives and exports the shared secret.
- *
- *                  This is the last function used by both TLS client
- *                  and servers.
- *
- * \note            If \p f_rng is not NULL, it is used to implement
- *                  countermeasures against side-channel attacks.
- *                  For more information, see mbedtls_ecp_mul().
- *
- * \see             ecp.h
-
- * \param ctx       The ECDH context to use. This must be initialized
- *                  and have its own private key generated and the peer's
- *                  public key imported.
- * \param olen      The address at which to store the total number of
- *                  Bytes written on success. This must not be \c NULL.
- * \param buf       The buffer to write the generated shared key to. This
- *                  must be a writable buffer of size \p blen Bytes.
- * \param blen      The length of the destination buffer \p buf in Bytes.
- * \param f_rng     The RNG function, for blinding purposes. This may
- *                  b \c NULL if blinding isn't needed.
- * \param p_rng     The RNG context. This may be \c NULL if \p f_rng
- *                  doesn't need a context argument.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
- */
-int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief           This function enables restartable EC computations for this
- *                  context.  (Default: disabled.)
- *
- * \see             \c mbedtls_ecp_set_max_ops()
- *
- * \note            It is not possible to safely disable restartable
- *                  computations once enabled, except by free-ing the context,
- *                  which cancels possible in-progress operations.
- *
- * \param ctx       The ECDH context to use. This must be initialized.
- */
-void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ecdh.h */
diff --git a/Sources/mbedtls/include/mbedtls/ecdsa.h b/Sources/mbedtls/include/mbedtls/ecdsa.h
deleted file mode 100644
index 118f7ce..0000000
--- a/Sources/mbedtls/include/mbedtls/ecdsa.h
+++ /dev/null
@@ -1,624 +0,0 @@
-/**
- * \file ecdsa.h
- *
- * \brief This file contains ECDSA definitions and functions.
- *
- * The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in
- * <em>Standards for Efficient Cryptography Group (SECG):
- * SEC1 Elliptic Curve Cryptography</em>.
- * The use of ECDSA for TLS is defined in <em>RFC-4492: Elliptic Curve
- * Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
- *
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_ECDSA_H
-#define MBEDTLS_ECDSA_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/ecp.h"
-#include "mbedtls/md.h"
-
-/**
- * \brief           Maximum ECDSA signature size for a given curve bit size
- *
- * \param bits      Curve size in bits
- * \return          Maximum signature size in bytes
- *
- * \note            This macro returns a compile-time constant if its argument
- *                  is one. It may evaluate its argument multiple times.
- */
-/*
- *     Ecdsa-Sig-Value ::= SEQUENCE {
- *         r       INTEGER,
- *         s       INTEGER
- *     }
- *
- * For each of r and s, the value (V) may include an extra initial "0" bit.
- */
-#define MBEDTLS_ECDSA_MAX_SIG_LEN( bits )                               \
-    ( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) +              \
-      /*T,L of r,s*/        2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) +     \
-      /*V of r,s*/                ( ( bits ) + 8 ) / 8 ) )
-
-/** The maximal size of an ECDSA signature in Bytes. */
-#define MBEDTLS_ECDSA_MAX_LEN  MBEDTLS_ECDSA_MAX_SIG_LEN( MBEDTLS_ECP_MAX_BITS )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief           The ECDSA context structure.
- *
- * \warning         Performing multiple operations concurrently on the same
- *                  ECDSA context is not supported; objects of this type
- *                  should not be shared between multiple threads.
- */
-typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-
-/**
- * \brief           Internal restart context for ecdsa_verify()
- *
- * \note            Opaque struct, defined in ecdsa.c
- */
-typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx;
-
-/**
- * \brief           Internal restart context for ecdsa_sign()
- *
- * \note            Opaque struct, defined in ecdsa.c
- */
-typedef struct mbedtls_ecdsa_restart_sig mbedtls_ecdsa_restart_sig_ctx;
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-/**
- * \brief           Internal restart context for ecdsa_sign_det()
- *
- * \note            Opaque struct, defined in ecdsa.c
- */
-typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
-#endif
-
-/**
- * \brief           General context for resuming ECDSA operations
- */
-typedef struct
-{
-    mbedtls_ecp_restart_ctx ecp;        /*!<  base context for ECP restart and
-                                              shared administrative info    */
-    mbedtls_ecdsa_restart_ver_ctx *ver; /*!<  ecdsa_verify() sub-context    */
-    mbedtls_ecdsa_restart_sig_ctx *sig; /*!<  ecdsa_sign() sub-context      */
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-    mbedtls_ecdsa_restart_det_ctx *det; /*!<  ecdsa_sign_det() sub-context  */
-#endif
-} mbedtls_ecdsa_restart_ctx;
-
-#else /* MBEDTLS_ECP_RESTARTABLE */
-
-/* Now we can declare functions that take a pointer to that */
-typedef void mbedtls_ecdsa_restart_ctx;
-
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief          This function checks whether a given group can be used
- *                 for ECDSA.
- *
- * \param gid      The ECP group ID to check.
- *
- * \return         \c 1 if the group can be used, \c 0 otherwise
- */
-int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid );
-
-/**
- * \brief           This function computes the ECDSA signature of a
- *                  previously-hashed message.
- *
- * \note            The deterministic version implemented in
- *                  mbedtls_ecdsa_sign_det() is usually preferred.
- *
- * \note            If the bitlength of the message hash is larger than the
- *                  bitlength of the group order, then the hash is truncated
- *                  as defined in <em>Standards for Efficient Cryptography Group
- *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- *                  4.1.3, step 5.
- *
- * \see             ecp.h
- *
- * \param grp       The context for the elliptic curve to use.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param r         The MPI context in which to store the first part
- *                  the signature. This must be initialized.
- * \param s         The MPI context in which to store the second part
- *                  the signature. This must be initialized.
- * \param d         The private signing key. This must be initialized.
- * \param buf       The content to be signed. This is usually the hash of
- *                  the original data to be signed. This must be a readable
- *                  buffer of length \p blen Bytes. It may be \c NULL if
- *                  \p blen is zero.
- * \param blen      The length of \p buf in Bytes.
- * \param f_rng     The RNG function. This must not be \c NULL.
- * \param p_rng     The RNG context to be passed to \p f_rng. This may be
- *                  \c NULL if \p f_rng doesn't need a context parameter.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX
- *                  or \c MBEDTLS_MPI_XXX error code on failure.
- */
-int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
-                const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief           This function computes the ECDSA signature of a
- *                  previously-hashed message, deterministic version.
- *
- *                  For more information, see <em>RFC-6979: Deterministic
- *                  Usage of the Digital Signature Algorithm (DSA) and Elliptic
- *                  Curve Digital Signature Algorithm (ECDSA)</em>.
- *
- * \note            If the bitlength of the message hash is larger than the
- *                  bitlength of the group order, then the hash is truncated as
- *                  defined in <em>Standards for Efficient Cryptography Group
- *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- *                  4.1.3, step 5.
- *
- * \warning         Since the output of the internal RNG is always the same for
- *                  the same key and message, this limits the efficiency of
- *                  blinding and leaks information through side channels. For
- *                  secure behavior use mbedtls_ecdsa_sign_det_ext() instead.
- *
- *                  (Optimally the blinding is a random value that is different
- *                  on every execution. In this case the blinding is still
- *                  random from the attackers perspective, but is the same on
- *                  each execution. This means that this blinding does not
- *                  prevent attackers from recovering secrets by combining
- *                  several measurement traces, but may prevent some attacks
- *                  that exploit relationships between secret data.)
- *
- * \see             ecp.h
- *
- * \param grp       The context for the elliptic curve to use.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param r         The MPI context in which to store the first part
- *                  the signature. This must be initialized.
- * \param s         The MPI context in which to store the second part
- *                  the signature. This must be initialized.
- * \param d         The private signing key. This must be initialized
- *                  and setup, for example through mbedtls_ecp_gen_privkey().
- * \param buf       The hashed content to be signed. This must be a readable
- *                  buffer of length \p blen Bytes. It may be \c NULL if
- *                  \p blen is zero.
- * \param blen      The length of \p buf in Bytes.
- * \param md_alg    The hash algorithm used to hash the original data.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
- *                  error code on failure.
- */
-int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
-                            mbedtls_mpi *s, const mbedtls_mpi *d,
-                            const unsigned char *buf, size_t blen,
-                            mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
-#undef MBEDTLS_DEPRECATED
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief           This function computes the ECDSA signature of a
- *                  previously-hashed message, deterministic version.
- *
- *                  For more information, see <em>RFC-6979: Deterministic
- *                  Usage of the Digital Signature Algorithm (DSA) and Elliptic
- *                  Curve Digital Signature Algorithm (ECDSA)</em>.
- *
- * \note            If the bitlength of the message hash is larger than the
- *                  bitlength of the group order, then the hash is truncated as
- *                  defined in <em>Standards for Efficient Cryptography Group
- *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- *                  4.1.3, step 5.
- *
- * \see             ecp.h
- *
- * \param grp           The context for the elliptic curve to use.
- *                      This must be initialized and have group parameters
- *                      set, for example through mbedtls_ecp_group_load().
- * \param r             The MPI context in which to store the first part
- *                      the signature. This must be initialized.
- * \param s             The MPI context in which to store the second part
- *                      the signature. This must be initialized.
- * \param d             The private signing key. This must be initialized
- *                      and setup, for example through mbedtls_ecp_gen_privkey().
- * \param buf           The hashed content to be signed. This must be a readable
- *                      buffer of length \p blen Bytes. It may be \c NULL if
- *                      \p blen is zero.
- * \param blen          The length of \p buf in Bytes.
- * \param md_alg        The hash algorithm used to hash the original data.
- * \param f_rng_blind   The RNG function used for blinding. This must not be
- *                      \c NULL.
- * \param p_rng_blind   The RNG context to be passed to \p f_rng. This may be
- *                      \c NULL if \p f_rng doesn't need a context parameter.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
- *                  error code on failure.
- */
-int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
-                            mbedtls_mpi *s, const mbedtls_mpi *d,
-                            const unsigned char *buf, size_t blen,
-                            mbedtls_md_type_t md_alg,
-                            int (*f_rng_blind)(void *, unsigned char *, size_t),
-                            void *p_rng_blind );
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-/**
- * \brief           This function verifies the ECDSA signature of a
- *                  previously-hashed message.
- *
- * \note            If the bitlength of the message hash is larger than the
- *                  bitlength of the group order, then the hash is truncated as
- *                  defined in <em>Standards for Efficient Cryptography Group
- *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- *                  4.1.4, step 3.
- *
- * \see             ecp.h
- *
- * \param grp       The ECP group to use.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param buf       The hashed content that was signed. This must be a readable
- *                  buffer of length \p blen Bytes. It may be \c NULL if
- *                  \p blen is zero.
- * \param blen      The length of \p buf in Bytes.
- * \param Q         The public key to use for verification. This must be
- *                  initialized and setup.
- * \param r         The first integer of the signature.
- *                  This must be initialized.
- * \param s         The second integer of the signature.
- *                  This must be initialized.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
- *                  error code on failure.
- */
-int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
-                          const unsigned char *buf, size_t blen,
-                          const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
-                          const mbedtls_mpi *s);
-
-/**
- * \brief           This function computes the ECDSA signature and writes it
- *                  to a buffer, serialized as defined in <em>RFC-4492:
- *                  Elliptic Curve Cryptography (ECC) Cipher Suites for
- *                  Transport Layer Security (TLS)</em>.
- *
- * \warning         It is not thread-safe to use the same context in
- *                  multiple threads.
- *
- * \note            The deterministic version is used if
- *                  #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
- *                  information, see <em>RFC-6979: Deterministic Usage
- *                  of the Digital Signature Algorithm (DSA) and Elliptic
- *                  Curve Digital Signature Algorithm (ECDSA)</em>.
- *
- * \note            If the bitlength of the message hash is larger than the
- *                  bitlength of the group order, then the hash is truncated as
- *                  defined in <em>Standards for Efficient Cryptography Group
- *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- *                  4.1.3, step 5.
- *
- * \see             ecp.h
- *
- * \param ctx       The ECDSA context to use. This must be initialized
- *                  and have a group and private key bound to it, for example
- *                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
- * \param md_alg    The message digest that was used to hash the message.
- * \param hash      The message hash to be signed. This must be a readable
- *                  buffer of length \p blen Bytes.
- * \param hlen      The length of the hash \p hash in Bytes.
- * \param sig       The buffer to which to write the signature. This must be a
- *                  writable buffer of length at least twice as large as the
- *                  size of the curve used, plus 9. For example, 73 Bytes if
- *                  a 256-bit curve is used. A buffer length of
- *                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
- * \param slen      The address at which to store the actual length of
- *                  the signature written. Must not be \c NULL.
- * \param f_rng     The RNG function. This must not be \c NULL if
- *                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
- *                  it is used only for blinding and may be set to \c NULL, but
- *                  doing so is DEPRECATED.
- * \param p_rng     The RNG context to be passed to \p f_rng. This may be
- *                  \c NULL if \p f_rng is \c NULL or doesn't use a context.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
- *                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
-                                   mbedtls_md_type_t md_alg,
-                           const unsigned char *hash, size_t hlen,
-                           unsigned char *sig, size_t *slen,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng );
-
-/**
- * \brief           This function computes the ECDSA signature and writes it
- *                  to a buffer, in a restartable way.
- *
- * \see             \c mbedtls_ecdsa_write_signature()
- *
- * \note            This function is like \c mbedtls_ecdsa_write_signature()
- *                  but it can return early and restart according to the limit
- *                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \param ctx       The ECDSA context to use. This must be initialized
- *                  and have a group and private key bound to it, for example
- *                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
- * \param md_alg    The message digest that was used to hash the message.
- * \param hash      The message hash to be signed. This must be a readable
- *                  buffer of length \p blen Bytes.
- * \param hlen      The length of the hash \p hash in Bytes.
- * \param sig       The buffer to which to write the signature. This must be a
- *                  writable buffer of length at least twice as large as the
- *                  size of the curve used, plus 9. For example, 73 Bytes if
- *                  a 256-bit curve is used. A buffer length of
- *                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
- * \param slen      The address at which to store the actual length of
- *                  the signature written. Must not be \c NULL.
- * \param f_rng     The RNG function. This must not be \c NULL if
- *                  #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
- *                  it is unused and may be set to \c NULL.
- * \param p_rng     The RNG context to be passed to \p f_rng. This may be
- *                  \c NULL if \p f_rng is \c NULL or doesn't use a context.
- * \param rs_ctx    The restart context to use. This may be \c NULL to disable
- *                  restarting. If it is not \c NULL, it must point to an
- *                  initialized restart context.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return          Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
- *                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
-                           mbedtls_md_type_t md_alg,
-                           const unsigned char *hash, size_t hlen,
-                           unsigned char *sig, size_t *slen,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng,
-                           mbedtls_ecdsa_restart_ctx *rs_ctx );
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief           This function computes an ECDSA signature and writes
- *                  it to a buffer, serialized as defined in <em>RFC-4492:
- *                  Elliptic Curve Cryptography (ECC) Cipher Suites for
- *                  Transport Layer Security (TLS)</em>.
- *
- *                  The deterministic version is defined in <em>RFC-6979:
- *                  Deterministic Usage of the Digital Signature Algorithm (DSA)
- *                  and Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
- *
- * \warning         It is not thread-safe to use the same context in
- *                  multiple threads.
- *
- * \note            If the bitlength of the message hash is larger than the
- *                  bitlength of the group order, then the hash is truncated as
- *                  defined in <em>Standards for Efficient Cryptography Group
- *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- *                  4.1.3, step 5.
- *
- * \see             ecp.h
- *
- * \deprecated      Superseded by mbedtls_ecdsa_write_signature() in
- *                  Mbed TLS version 2.0 and later.
- *
- * \param ctx       The ECDSA context to use. This must be initialized
- *                  and have a group and private key bound to it, for example
- *                  via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
- * \param hash      The message hash to be signed. This must be a readable
- *                  buffer of length \p blen Bytes.
- * \param hlen      The length of the hash \p hash in Bytes.
- * \param sig       The buffer to which to write the signature. This must be a
- *                  writable buffer of length at least twice as large as the
- *                  size of the curve used, plus 9. For example, 73 Bytes if
- *                  a 256-bit curve is used. A buffer length of
- *                  #MBEDTLS_ECDSA_MAX_LEN is always safe.
- * \param slen      The address at which to store the actual length of
- *                  the signature written. Must not be \c NULL.
- * \param md_alg    The message digest that was used to hash the message.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
- *                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
- */
-int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
-                               const unsigned char *hash, size_t hlen,
-                               unsigned char *sig, size_t *slen,
-                               mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
-#undef MBEDTLS_DEPRECATED
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-/**
- * \brief           This function reads and verifies an ECDSA signature.
- *
- * \note            If the bitlength of the message hash is larger than the
- *                  bitlength of the group order, then the hash is truncated as
- *                  defined in <em>Standards for Efficient Cryptography Group
- *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
- *                  4.1.4, step 3.
- *
- * \see             ecp.h
- *
- * \param ctx       The ECDSA context to use. This must be initialized
- *                  and have a group and public key bound to it.
- * \param hash      The message hash that was signed. This must be a readable
- *                  buffer of length \p size Bytes.
- * \param hlen      The size of the hash \p hash.
- * \param sig       The signature to read and verify. This must be a readable
- *                  buffer of length \p slen Bytes.
- * \param slen      The size of \p sig in Bytes.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
- * \return          #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
- *                  signature in \p sig, but its length is less than \p siglen.
- * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
- *                  error code on failure for any other reason.
- */
-int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
-                          const unsigned char *hash, size_t hlen,
-                          const unsigned char *sig, size_t slen );
-
-/**
- * \brief           This function reads and verifies an ECDSA signature,
- *                  in a restartable way.
- *
- * \see             \c mbedtls_ecdsa_read_signature()
- *
- * \note            This function is like \c mbedtls_ecdsa_read_signature()
- *                  but it can return early and restart according to the limit
- *                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \param ctx       The ECDSA context to use. This must be initialized
- *                  and have a group and public key bound to it.
- * \param hash      The message hash that was signed. This must be a readable
- *                  buffer of length \p size Bytes.
- * \param hlen      The size of the hash \p hash.
- * \param sig       The signature to read and verify. This must be a readable
- *                  buffer of length \p slen Bytes.
- * \param slen      The size of \p sig in Bytes.
- * \param rs_ctx    The restart context to use. This may be \c NULL to disable
- *                  restarting. If it is not \c NULL, it must point to an
- *                  initialized restart context.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
- * \return          #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
- *                  signature in \p sig, but its length is less than \p siglen.
- * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return          Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
- *                  error code on failure for any other reason.
- */
-int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
-                          const unsigned char *hash, size_t hlen,
-                          const unsigned char *sig, size_t slen,
-                          mbedtls_ecdsa_restart_ctx *rs_ctx );
-
-/**
- * \brief          This function generates an ECDSA keypair on the given curve.
- *
- * \see            ecp.h
- *
- * \param ctx      The ECDSA context to store the keypair in.
- *                 This must be initialized.
- * \param gid      The elliptic curve to use. One of the various
- *                 \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
- * \param f_rng    The RNG function to use. This must not be \c NULL.
- * \param p_rng    The RNG context to be passed to \p f_rng. This may be
- *                 \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_ECP_XXX code on failure.
- */
-int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
-                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief           This function sets up an ECDSA context from an EC key pair.
- *
- * \see             ecp.h
- *
- * \param ctx       The ECDSA context to setup. This must be initialized.
- * \param key       The EC key to use. This must be initialized and hold
- *                  a private-public key pair or a public key. In the former
- *                  case, the ECDSA context may be used for signature creation
- *                  and verification after this call. In the latter case, it
- *                  may be used for signature verification.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX code on failure.
- */
-int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx,
-                                const mbedtls_ecp_keypair *key );
-
-/**
- * \brief           This function initializes an ECDSA context.
- *
- * \param ctx       The ECDSA context to initialize.
- *                  This must not be \c NULL.
- */
-void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
-
-/**
- * \brief           This function frees an ECDSA context.
- *
- * \param ctx       The ECDSA context to free. This may be \c NULL,
- *                  in which case this function does nothing. If it
- *                  is not \c NULL, it must be initialized.
- */
-void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief           Initialize a restart context.
- *
- * \param ctx       The restart context to initialize.
- *                  This must not be \c NULL.
- */
-void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx );
-
-/**
- * \brief           Free the components of a restart context.
- *
- * \param ctx       The restart context to free. This may be \c NULL,
- *                  in which case this function does nothing. If it
- *                  is not \c NULL, it must be initialized.
- */
-void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ecdsa.h */
diff --git a/Sources/mbedtls/include/mbedtls/ecjpake.h b/Sources/mbedtls/include/mbedtls/ecjpake.h
deleted file mode 100644
index 3564ff8..0000000
--- a/Sources/mbedtls/include/mbedtls/ecjpake.h
+++ /dev/null
@@ -1,275 +0,0 @@
-/**
- * \file ecjpake.h
- *
- * \brief Elliptic curve J-PAKE
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_ECJPAKE_H
-#define MBEDTLS_ECJPAKE_H
-
-/*
- * J-PAKE is a password-authenticated key exchange that allows deriving a
- * strong shared secret from a (potentially low entropy) pre-shared
- * passphrase, with forward secrecy and mutual authentication.
- * https://en.wikipedia.org/wiki/Password_Authenticated_Key_Exchange_by_Juggling
- *
- * This file implements the Elliptic Curve variant of J-PAKE,
- * as defined in Chapter 7.4 of the Thread v1.0 Specification,
- * available to members of the Thread Group http://threadgroup.org/
- *
- * As the J-PAKE algorithm is inherently symmetric, so is our API.
- * Each party needs to send its first round message, in any order, to the
- * other party, then each sends its second round message, in any order.
- * The payloads are serialized in a way suitable for use in TLS, but could
- * also be use outside TLS.
- */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/ecp.h"
-#include "mbedtls/md.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Roles in the EC J-PAKE exchange
- */
-typedef enum {
-    MBEDTLS_ECJPAKE_CLIENT = 0,         /**< Client                         */
-    MBEDTLS_ECJPAKE_SERVER,             /**< Server                         */
-} mbedtls_ecjpake_role;
-
-#if !defined(MBEDTLS_ECJPAKE_ALT)
-/**
- * EC J-PAKE context structure.
- *
- * J-PAKE is a symmetric protocol, except for the identifiers used in
- * Zero-Knowledge Proofs, and the serialization of the second message
- * (KeyExchange) as defined by the Thread spec.
- *
- * In order to benefit from this symmetry, we choose a different naming
- * convention from the Thread v1.0 spec. Correspondence is indicated in the
- * description as a pair C: client name, S: server name
- */
-typedef struct mbedtls_ecjpake_context
-{
-    const mbedtls_md_info_t *md_info;   /**< Hash to use                    */
-    mbedtls_ecp_group grp;              /**< Elliptic curve                 */
-    mbedtls_ecjpake_role role;          /**< Are we client or server?       */
-    int point_format;                   /**< Format for point export        */
-
-    mbedtls_ecp_point Xm1;              /**< My public key 1   C: X1, S: X3 */
-    mbedtls_ecp_point Xm2;              /**< My public key 2   C: X2, S: X4 */
-    mbedtls_ecp_point Xp1;              /**< Peer public key 1 C: X3, S: X1 */
-    mbedtls_ecp_point Xp2;              /**< Peer public key 2 C: X4, S: X2 */
-    mbedtls_ecp_point Xp;               /**< Peer public key   C: Xs, S: Xc */
-
-    mbedtls_mpi xm1;                    /**< My private key 1  C: x1, S: x3 */
-    mbedtls_mpi xm2;                    /**< My private key 2  C: x2, S: x4 */
-
-    mbedtls_mpi s;                      /**< Pre-shared secret (passphrase) */
-} mbedtls_ecjpake_context;
-
-#else  /* MBEDTLS_ECJPAKE_ALT */
-#include "ecjpake_alt.h"
-#endif /* MBEDTLS_ECJPAKE_ALT */
-
-/**
- * \brief           Initialize an ECJPAKE context.
- *
- * \param ctx       The ECJPAKE context to initialize.
- *                  This must not be \c NULL.
- */
-void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
-
-/**
- * \brief           Set up an ECJPAKE context for use.
- *
- * \note            Currently the only values for hash/curve allowed by the
- *                  standard are #MBEDTLS_MD_SHA256/#MBEDTLS_ECP_DP_SECP256R1.
- *
- * \param ctx       The ECJPAKE context to set up. This must be initialized.
- * \param role      The role of the caller. This must be either
- *                  #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER.
- * \param hash      The identifier of the hash function to use,
- *                  for example #MBEDTLS_MD_SHA256.
- * \param curve     The identifier of the elliptic curve to use,
- *                  for example #MBEDTLS_ECP_DP_SECP256R1.
- * \param secret    The pre-shared secret (passphrase). This must be
- *                  a readable buffer of length \p len Bytes. It need
- *                  only be valid for the duration of this call.
- * \param len       The length of the pre-shared secret \p secret.
- *
- * \return          \c 0 if successful.
- * \return          A negative error code on failure.
- */
-int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
-                           mbedtls_ecjpake_role role,
-                           mbedtls_md_type_t hash,
-                           mbedtls_ecp_group_id curve,
-                           const unsigned char *secret,
-                           size_t len );
-
-/**
- * \brief           Check if an ECJPAKE context is ready for use.
- *
- * \param ctx       The ECJPAKE context to check. This must be
- *                  initialized.
- *
- * \return          \c 0 if the context is ready for use.
- * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise.
- */
-int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
-
-/**
- * \brief           Generate and write the first round message
- *                  (TLS: contents of the Client/ServerHello extension,
- *                  excluding extension type and length bytes).
- *
- * \param ctx       The ECJPAKE context to use. This must be
- *                  initialized and set up.
- * \param buf       The buffer to write the contents to. This must be a
- *                  writable buffer of length \p len Bytes.
- * \param len       The length of \p buf in Bytes.
- * \param olen      The address at which to store the total number
- *                  of Bytes written to \p buf. This must not be \c NULL.
- * \param f_rng     The RNG function to use. This must not be \c NULL.
- * \param p_rng     The RNG parameter to be passed to \p f_rng. This
- *                  may be \c NULL if \p f_rng doesn't use a context.
- *
- * \return          \c 0 if successful.
- * \return          A negative error code on failure.
- */
-int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng );
-
-/**
- * \brief           Read and process the first round message
- *                  (TLS: contents of the Client/ServerHello extension,
- *                  excluding extension type and length bytes).
- *
- * \param ctx       The ECJPAKE context to use. This must be initialized
- *                  and set up.
- * \param buf       The buffer holding the first round message. This must
- *                  be a readable buffer of length \p len Bytes.
- * \param len       The length in Bytes of \p buf.
- *
- * \return          \c 0 if successful.
- * \return          A negative error code on failure.
- */
-int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
-                                    const unsigned char *buf,
-                                    size_t len );
-
-/**
- * \brief           Generate and write the second round message
- *                  (TLS: contents of the Client/ServerKeyExchange).
- *
- * \param ctx       The ECJPAKE context to use. This must be initialized,
- *                  set up, and already have performed round one.
- * \param buf       The buffer to write the round two contents to.
- *                  This must be a writable buffer of length \p len Bytes.
- * \param len       The size of \p buf in Bytes.
- * \param olen      The address at which to store the total number of Bytes
- *                  written to \p buf. This must not be \c NULL.
- * \param f_rng     The RNG function to use. This must not be \c NULL.
- * \param p_rng     The RNG parameter to be passed to \p f_rng. This
- *                  may be \c NULL if \p f_rng doesn't use a context.
- *
- * \return          \c 0 if successful.
- * \return          A negative error code on failure.
- */
-int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng );
-
-/**
- * \brief           Read and process the second round message
- *                  (TLS: contents of the Client/ServerKeyExchange).
- *
- * \param ctx       The ECJPAKE context to use. This must be initialized
- *                  and set up and already have performed round one.
- * \param buf       The buffer holding the second round message. This must
- *                  be a readable buffer of length \p len Bytes.
- * \param len       The length in Bytes of \p buf.
- *
- * \return          \c 0 if successful.
- * \return          A negative error code on failure.
- */
-int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
-                                    const unsigned char *buf,
-                                    size_t len );
-
-/**
- * \brief           Derive the shared secret
- *                  (TLS: Pre-Master Secret).
- *
- * \param ctx       The ECJPAKE context to use. This must be initialized,
- *                  set up and have performed both round one and two.
- * \param buf       The buffer to write the derived secret to. This must
- *                  be a writable buffer of length \p len Bytes.
- * \param len       The length of \p buf in Bytes.
- * \param olen      The address at which to store the total number of Bytes
- *                  written to \p buf. This must not be \c NULL.
- * \param f_rng     The RNG function to use. This must not be \c NULL.
- * \param p_rng     The RNG parameter to be passed to \p f_rng. This
- *                  may be \c NULL if \p f_rng doesn't use a context.
- *
- * \return          \c 0 if successful.
- * \return          A negative error code on failure.
- */
-int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng );
-
-/**
- * \brief           This clears an ECJPAKE context and frees any
- *                  embedded data structure.
- *
- * \param ctx       The ECJPAKE context to free. This may be \c NULL,
- *                  in which case this function does nothing. If it is not
- *                  \c NULL, it must point to an initialized ECJPAKE context.
- */
-void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if a test failed
- */
-int mbedtls_ecjpake_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#endif /* ecjpake.h */
diff --git a/Sources/mbedtls/include/mbedtls/ecp.h b/Sources/mbedtls/include/mbedtls/ecp.h
deleted file mode 100644
index 64a0bcc..0000000
--- a/Sources/mbedtls/include/mbedtls/ecp.h
+++ /dev/null
@@ -1,1311 +0,0 @@
-/**
- * \file ecp.h
- *
- * \brief This file provides an API for Elliptic Curves over GF(P) (ECP).
- *
- * The use of ECP in cryptography and TLS is defined in
- * <em>Standards for Efficient Cryptography Group (SECG): SEC1
- * Elliptic Curve Cryptography</em> and
- * <em>RFC-4492: Elliptic Curve Cryptography (ECC) Cipher Suites
- * for Transport Layer Security (TLS)</em>.
- *
- * <em>RFC-2409: The Internet Key Exchange (IKE)</em> defines ECP
- * group types.
- *
- */
-
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_ECP_H
-#define MBEDTLS_ECP_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/bignum.h"
-
-/*
- * ECP error codes
- */
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA                    -0x4F80
-/** The buffer is too small to write to. */
-#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL                  -0x4F00
-/** The requested feature is not available, for example, the requested curve is not supported. */
-#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE               -0x4E80
-/** The signature is not valid. */
-#define MBEDTLS_ERR_ECP_VERIFY_FAILED                     -0x4E00
-/** Memory allocation failed. */
-#define MBEDTLS_ERR_ECP_ALLOC_FAILED                      -0x4D80
-/** Generation of random value, such as ephemeral key, failed. */
-#define MBEDTLS_ERR_ECP_RANDOM_FAILED                     -0x4D00
-/** Invalid private or public key. */
-#define MBEDTLS_ERR_ECP_INVALID_KEY                       -0x4C80
-/** The buffer contains a valid signature followed by more data. */
-#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH                  -0x4C00
-
-/* MBEDTLS_ERR_ECP_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** The ECP hardware accelerator failed. */
-#define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED                   -0x4B80
-
-/** Operation in progress, call again with the same parameters to continue. */
-#define MBEDTLS_ERR_ECP_IN_PROGRESS                       -0x4B00
-
-/* Flags indicating whether to include code that is specific to certain
- * types of curves. These flags are for internal library use only. */
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
-    defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
-    defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
-    defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
-    defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
-    defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
-    defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
-    defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
-    defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
-    defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
-    defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED
-#endif
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
-    defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_ECP_MONTGOMERY_ENABLED
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Domain-parameter identifiers: curve, subgroup, and generator.
- *
- * \note Only curves over prime fields are supported.
- *
- * \warning This library does not support validation of arbitrary domain
- * parameters. Therefore, only standardized domain parameters from trusted
- * sources should be used. See mbedtls_ecp_group_load().
- */
-/* Note: when adding a new curve:
- * - Add it at the end of this enum, otherwise you'll break the ABI by
- *   changing the numerical value for existing curves.
- * - Increment MBEDTLS_ECP_DP_MAX below if needed.
- * - Update the calculation of MBEDTLS_ECP_MAX_BITS_MIN below.
- * - Add the corresponding MBEDTLS_ECP_DP_xxx_ENABLED macro definition to
- *   config.h.
- * - List the curve as a dependency of MBEDTLS_ECP_C and
- *   MBEDTLS_ECDSA_C if supported in check_config.h.
- * - Add the curve to the appropriate curve type macro
- *   MBEDTLS_ECP_yyy_ENABLED above.
- * - Add the necessary definitions to ecp_curves.c.
- * - Add the curve to the ecp_supported_curves array in ecp.c.
- * - Add the curve to applicable profiles in x509_crt.c if applicable.
- */
-typedef enum
-{
-    MBEDTLS_ECP_DP_NONE = 0,       /*!< Curve not defined. */
-    MBEDTLS_ECP_DP_SECP192R1,      /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
-    MBEDTLS_ECP_DP_SECP224R1,      /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
-    MBEDTLS_ECP_DP_SECP256R1,      /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */
-    MBEDTLS_ECP_DP_SECP384R1,      /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */
-    MBEDTLS_ECP_DP_SECP521R1,      /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */
-    MBEDTLS_ECP_DP_BP256R1,        /*!< Domain parameters for 256-bit Brainpool curve. */
-    MBEDTLS_ECP_DP_BP384R1,        /*!< Domain parameters for 384-bit Brainpool curve. */
-    MBEDTLS_ECP_DP_BP512R1,        /*!< Domain parameters for 512-bit Brainpool curve. */
-    MBEDTLS_ECP_DP_CURVE25519,     /*!< Domain parameters for Curve25519. */
-    MBEDTLS_ECP_DP_SECP192K1,      /*!< Domain parameters for 192-bit "Koblitz" curve. */
-    MBEDTLS_ECP_DP_SECP224K1,      /*!< Domain parameters for 224-bit "Koblitz" curve. */
-    MBEDTLS_ECP_DP_SECP256K1,      /*!< Domain parameters for 256-bit "Koblitz" curve. */
-    MBEDTLS_ECP_DP_CURVE448,       /*!< Domain parameters for Curve448. */
-} mbedtls_ecp_group_id;
-
-/**
- * The number of supported curves, plus one for #MBEDTLS_ECP_DP_NONE.
- *
- * \note Montgomery curves are currently excluded.
- */
-#define MBEDTLS_ECP_DP_MAX     12
-
-/*
- * Curve types
- */
-typedef enum
-{
-    MBEDTLS_ECP_TYPE_NONE = 0,
-    MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS,    /* y^2 = x^3 + a x + b      */
-    MBEDTLS_ECP_TYPE_MONTGOMERY,           /* y^2 = x^3 + a x^2 + x    */
-} mbedtls_ecp_curve_type;
-
-/**
- * Curve information, for use by other modules.
- */
-typedef struct mbedtls_ecp_curve_info
-{
-    mbedtls_ecp_group_id grp_id;    /*!< An internal identifier. */
-    uint16_t tls_id;                /*!< The TLS NamedCurve identifier. */
-    uint16_t bit_size;              /*!< The curve size in bits. */
-    const char *name;               /*!< A human-friendly name. */
-} mbedtls_ecp_curve_info;
-
-/**
- * \brief           The ECP point structure, in Jacobian coordinates.
- *
- * \note            All functions expect and return points satisfying
- *                  the following condition: <code>Z == 0</code> or
- *                  <code>Z == 1</code>. Other values of \p Z are
- *                  used only by internal functions.
- *                  The point is zero, or "at infinity", if <code>Z == 0</code>.
- *                  Otherwise, \p X and \p Y are its standard (affine)
- *                  coordinates.
- */
-typedef struct mbedtls_ecp_point
-{
-    mbedtls_mpi X;          /*!< The X coordinate of the ECP point. */
-    mbedtls_mpi Y;          /*!< The Y coordinate of the ECP point. */
-    mbedtls_mpi Z;          /*!< The Z coordinate of the ECP point. */
-}
-mbedtls_ecp_point;
-
-/* Determine the minimum safe value of MBEDTLS_ECP_MAX_BITS. */
-#if !defined(MBEDTLS_ECP_C)
-#define MBEDTLS_ECP_MAX_BITS_MIN 0
-/* Note: the curves must be listed in DECREASING size! */
-#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS_MIN 521
-#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS_MIN 512
-#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS_MIN 448
-#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS_MIN 384
-#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS_MIN 384
-#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS_MIN 256
-#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS_MIN 256
-#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS_MIN 256
-#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS_MIN 255
-#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS_MIN 225 // n is slightly above 2^224
-#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS_MIN 224
-#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS_MIN 192
-#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS_MIN 192
-#else
-#error "MBEDTLS_ECP_C enabled, but no curve?"
-#endif
-
-#if !defined(MBEDTLS_ECP_ALT)
-/*
- * default mbed TLS elliptic curve arithmetic implementation
- *
- * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
- * alternative implementation for the whole module and it will replace this
- * one.)
- */
-
-/**
- * \brief           The ECP group structure.
- *
- * We consider two types of curve equations:
- * <ul><li>Short Weierstrass: <code>y^2 = x^3 + A x + B mod P</code>
- * (SEC1 + RFC-4492)</li>
- * <li>Montgomery: <code>y^2 = x^3 + A x^2 + x mod P</code> (Curve25519,
- * Curve448)</li></ul>
- * In both cases, the generator (\p G) for a prime-order subgroup is fixed.
- *
- * For Short Weierstrass, this subgroup is the whole curve, and its
- * cardinality is denoted by \p N. Our code requires that \p N is an
- * odd prime as mbedtls_ecp_mul() requires an odd number, and
- * mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
- *
- * For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>,
- * which is the quantity used in the formulas. Additionally, \p nbits is
- * not the size of \p N but the required size for private keys.
- *
- * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
- * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
- * range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
- * which is congruent mod \p P to the given MPI, and is close enough to \p pbits
- * in size, so that it may be efficiently brought in the 0..P-1 range by a few
- * additions or subtractions. Therefore, it is only an approximative modular
- * reduction. It must return 0 on success and non-zero on failure.
- *
- * \note        Alternative implementations must keep the group IDs distinct. If
- *              two group structures have the same ID, then they must be
- *              identical.
- *
- */
-typedef struct mbedtls_ecp_group
-{
-    mbedtls_ecp_group_id id;    /*!< An internal group identifier. */
-    mbedtls_mpi P;              /*!< The prime modulus of the base field. */
-    mbedtls_mpi A;              /*!< For Short Weierstrass: \p A in the equation. For
-                                     Montgomery curves: <code>(A + 2) / 4</code>. */
-    mbedtls_mpi B;              /*!< For Short Weierstrass: \p B in the equation.
-                                     For Montgomery curves: unused. */
-    mbedtls_ecp_point G;        /*!< The generator of the subgroup used. */
-    mbedtls_mpi N;              /*!< The order of \p G. */
-    size_t pbits;               /*!< The number of bits in \p P.*/
-    size_t nbits;               /*!< For Short Weierstrass: The number of bits in \p P.
-                                     For Montgomery curves: the number of bits in the
-                                     private keys. */
-    unsigned int h;             /*!< \internal 1 if the constants are static. */
-    int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
-                                     mod \p P (see above).*/
-    int (*t_pre)(mbedtls_ecp_point *, void *);  /*!< Unused. */
-    int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */
-    void *t_data;               /*!< Unused. */
-    mbedtls_ecp_point *T;       /*!< Pre-computed points for ecp_mul_comb(). */
-    size_t T_size;              /*!< The number of pre-computed points. */
-}
-mbedtls_ecp_group;
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h, or define them using the compiler command line.
- * \{
- */
-
-#if defined(MBEDTLS_ECP_MAX_BITS)
-
-#if MBEDTLS_ECP_MAX_BITS < MBEDTLS_ECP_MAX_BITS_MIN
-#error "MBEDTLS_ECP_MAX_BITS is smaller than the largest supported curve"
-#endif
-
-#elif defined(MBEDTLS_ECP_C)
-/**
- * The maximum size of the groups, that is, of \c N and \c P.
- */
-#define MBEDTLS_ECP_MAX_BITS     MBEDTLS_ECP_MAX_BITS_MIN
-
-#else
-/* MBEDTLS_ECP_MAX_BITS is not relevant without MBEDTLS_ECP_C, but set it
- * to a nonzero value so that code that unconditionally allocates an array
- * of a size based on it keeps working if built without ECC support. */
-#define MBEDTLS_ECP_MAX_BITS 1
-#endif
-
-#define MBEDTLS_ECP_MAX_BYTES    ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
-#define MBEDTLS_ECP_MAX_PT_LEN   ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
-
-#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
-/*
- * Maximum "window" size used for point multiplication.
- * Default: a point where higher memory usage yields diminishing performance
- *          returns.
- * Minimum value: 2. Maximum value: 7.
- *
- * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
- * points used for point multiplication. This value is directly tied to EC
- * peak memory usage, so decreasing it by one should roughly cut memory usage
- * by two (if large curves are in use).
- *
- * Reduction in size may reduce speed, but larger curves are impacted first.
- * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
- *      w-size:     6       5       4       3       2
- *      521       145     141     135     120      97
- *      384       214     209     198     177     146
- *      256       320     320     303     262     226
- *      224       475     475     453     398     342
- *      192       640     640     633     587     476
- */
-#define MBEDTLS_ECP_WINDOW_SIZE    4   /**< The maximum window size used. */
-#endif /* MBEDTLS_ECP_WINDOW_SIZE */
-
-#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
-/*
- * Trade memory for speed on fixed-point multiplication.
- *
- * This speeds up repeated multiplication of the generator (that is, the
- * multiplication in ECDSA signatures, and half of the multiplications in
- * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
- *
- * The cost is increasing EC peak memory usage by a factor roughly 2.
- *
- * Change this value to 0 to reduce peak memory usage.
- */
-#define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up. */
-#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
-
-/** \} name SECTION: Module settings */
-
-#else  /* MBEDTLS_ECP_ALT */
-#include "ecp_alt.h"
-#endif /* MBEDTLS_ECP_ALT */
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-
-/**
- * \brief           Internal restart context for multiplication
- *
- * \note            Opaque struct
- */
-typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx;
-
-/**
- * \brief           Internal restart context for ecp_muladd()
- *
- * \note            Opaque struct
- */
-typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx;
-
-/**
- * \brief           General context for resuming ECC operations
- */
-typedef struct
-{
-    unsigned ops_done;                  /*!<  current ops count             */
-    unsigned depth;                     /*!<  call depth (0 = top-level)    */
-    mbedtls_ecp_restart_mul_ctx *rsm;   /*!<  ecp_mul_comb() sub-context    */
-    mbedtls_ecp_restart_muladd_ctx *ma; /*!<  ecp_muladd() sub-context      */
-} mbedtls_ecp_restart_ctx;
-
-/*
- * Operation counts for restartable functions
- */
-#define MBEDTLS_ECP_OPS_CHK   3 /*!< basic ops count for ecp_check_pubkey()  */
-#define MBEDTLS_ECP_OPS_DBL   8 /*!< basic ops count for ecp_double_jac()    */
-#define MBEDTLS_ECP_OPS_ADD  11 /*!< basic ops count for see ecp_add_mixed() */
-#define MBEDTLS_ECP_OPS_INV 120 /*!< empirical equivalent for mpi_mod_inv()  */
-
-/**
- * \brief           Internal; for restartable functions in other modules.
- *                  Check and update basic ops budget.
- *
- * \param grp       Group structure
- * \param rs_ctx    Restart context
- * \param ops       Number of basic ops to do
- *
- * \return          \c 0 if doing \p ops basic ops is still allowed,
- * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS otherwise.
- */
-int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
-                              mbedtls_ecp_restart_ctx *rs_ctx,
-                              unsigned ops );
-
-/* Utility macro for checking and updating ops budget */
-#define MBEDTLS_ECP_BUDGET( ops )   \
-    MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, \
-                                               (unsigned) (ops) ) );
-
-#else /* MBEDTLS_ECP_RESTARTABLE */
-
-#define MBEDTLS_ECP_BUDGET( ops )   /* no-op; for compatibility */
-
-/* We want to declare restartable versions of existing functions anyway */
-typedef void mbedtls_ecp_restart_ctx;
-
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief    The ECP key-pair structure.
- *
- * A generic key-pair that may be used for ECDSA and fixed ECDH, for example.
- *
- * \note    Members are deliberately in the same order as in the
- *          ::mbedtls_ecdsa_context structure.
- */
-typedef struct mbedtls_ecp_keypair
-{
-    mbedtls_ecp_group grp;      /*!<  Elliptic curve and base point     */
-    mbedtls_mpi d;              /*!<  our secret value                  */
-    mbedtls_ecp_point Q;        /*!<  our public value                  */
-}
-mbedtls_ecp_keypair;
-
-/*
- * Point formats, from RFC 4492's enum ECPointFormat
- */
-#define MBEDTLS_ECP_PF_UNCOMPRESSED    0   /**< Uncompressed point format. */
-#define MBEDTLS_ECP_PF_COMPRESSED      1   /**< Compressed point format. */
-
-/*
- * Some other constants from RFC 4492
- */
-#define MBEDTLS_ECP_TLS_NAMED_CURVE    3   /**< The named_curve of ECCurveType. */
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief           Set the maximum number of basic operations done in a row.
- *
- *                  If more operations are needed to complete a computation,
- *                  #MBEDTLS_ERR_ECP_IN_PROGRESS will be returned by the
- *                  function performing the computation. It is then the
- *                  caller's responsibility to either call again with the same
- *                  parameters until it returns 0 or an error code; or to free
- *                  the restart context if the operation is to be aborted.
- *
- *                  It is strictly required that all input parameters and the
- *                  restart context be the same on successive calls for the
- *                  same operation, but output parameters need not be the
- *                  same; they must not be used until the function finally
- *                  returns 0.
- *
- *                  This only applies to functions whose documentation
- *                  mentions they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or
- *                  #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS for functions in the
- *                  SSL module). For functions that accept a "restart context"
- *                  argument, passing NULL disables restart and makes the
- *                  function equivalent to the function with the same name
- *                  with \c _restartable removed. For functions in the ECDH
- *                  module, restart is disabled unless the function accepts
- *                  an "ECDH context" argument and
- *                  mbedtls_ecdh_enable_restart() was previously called on
- *                  that context. For function in the SSL module, restart is
- *                  only enabled for specific sides and key exchanges
- *                  (currently only for clients and ECDHE-ECDSA).
- *
- * \param max_ops   Maximum number of basic operations done in a row.
- *                  Default: 0 (unlimited).
- *                  Lower (non-zero) values mean ECC functions will block for
- *                  a lesser maximum amount of time.
- *
- * \note            A "basic operation" is defined as a rough equivalent of a
- *                  multiplication in GF(p) for the NIST P-256 curve.
- *                  As an indication, with default settings, a scalar
- *                  multiplication (full run of \c mbedtls_ecp_mul()) is:
- *                  - about 3300 basic operations for P-256
- *                  - about 9400 basic operations for P-384
- *
- * \note            Very low values are not always respected: sometimes
- *                  functions need to block for a minimum number of
- *                  operations, and will do so even if max_ops is set to a
- *                  lower value.  That minimum depends on the curve size, and
- *                  can be made lower by decreasing the value of
- *                  \c MBEDTLS_ECP_WINDOW_SIZE.  As an indication, here is the
- *                  lowest effective value for various curves and values of
- *                  that parameter (w for short):
- *                          w=6     w=5     w=4     w=3     w=2
- *                  P-256   208     208     160     136     124
- *                  P-384   682     416     320     272     248
- *                  P-521  1364     832     640     544     496
- *
- * \note            This setting is currently ignored by Curve25519.
- */
-void mbedtls_ecp_set_max_ops( unsigned max_ops );
-
-/**
- * \brief           Check if restart is enabled (max_ops != 0)
- *
- * \return          \c 0 if \c max_ops == 0 (restart disabled)
- * \return          \c 1 otherwise (restart enabled)
- */
-int mbedtls_ecp_restart_is_enabled( void );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/*
- * Get the type of a curve
- */
-mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp );
-
-/**
- * \brief           This function retrieves the information defined in
- *                  mbedtls_ecp_curve_info() for all supported curves.
- *
- * \note            This function returns information about all curves
- *                  supported by the library. Some curves may not be
- *                  supported for all algorithms. Call mbedtls_ecdh_can_do()
- *                  or mbedtls_ecdsa_can_do() to check if a curve is
- *                  supported for ECDH or ECDSA.
- *
- * \return          A statically allocated array. The last entry is 0.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
-
-/**
- * \brief           This function retrieves the list of internal group
- *                  identifiers of all supported curves in the order of
- *                  preference.
- *
- * \note            This function returns information about all curves
- *                  supported by the library. Some curves may not be
- *                  supported for all algorithms. Call mbedtls_ecdh_can_do()
- *                  or mbedtls_ecdsa_can_do() to check if a curve is
- *                  supported for ECDH or ECDSA.
- *
- * \return          A statically allocated array,
- *                  terminated with MBEDTLS_ECP_DP_NONE.
- */
-const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
-
-/**
- * \brief           This function retrieves curve information from an internal
- *                  group identifier.
- *
- * \param grp_id    An \c MBEDTLS_ECP_DP_XXX value.
- *
- * \return          The associated curve information on success.
- * \return          NULL on failure.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
-
-/**
- * \brief           This function retrieves curve information from a TLS
- *                  NamedCurve value.
- *
- * \param tls_id    An \c MBEDTLS_ECP_DP_XXX value.
- *
- * \return          The associated curve information on success.
- * \return          NULL on failure.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
-
-/**
- * \brief           This function retrieves curve information from a
- *                  human-readable name.
- *
- * \param name      The human-readable name.
- *
- * \return          The associated curve information on success.
- * \return          NULL on failure.
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
-
-/**
- * \brief           This function initializes a point as zero.
- *
- * \param pt        The point to initialize.
- */
-void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
-
-/**
- * \brief           This function initializes an ECP group context
- *                  without loading any domain parameters.
- *
- * \note            After this function is called, domain parameters
- *                  for various ECP groups can be loaded through the
- *                  mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
- *                  functions.
- */
-void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
-
-/**
- * \brief           This function initializes a key pair as an invalid one.
- *
- * \param key       The key pair to initialize.
- */
-void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
-
-/**
- * \brief           This function frees the components of a point.
- *
- * \param pt        The point to free.
- */
-void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
-
-/**
- * \brief           This function frees the components of an ECP group.
- *
- * \param grp       The group to free. This may be \c NULL, in which
- *                  case this function returns immediately. If it is not
- *                  \c NULL, it must point to an initialized ECP group.
- */
-void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
-
-/**
- * \brief           This function frees the components of a key pair.
- *
- * \param key       The key pair to free. This may be \c NULL, in which
- *                  case this function returns immediately. If it is not
- *                  \c NULL, it must point to an initialized ECP key pair.
- */
-void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief           Initialize a restart context.
- *
- * \param ctx       The restart context to initialize. This must
- *                  not be \c NULL.
- */
-void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx );
-
-/**
- * \brief           Free the components of a restart context.
- *
- * \param ctx       The restart context to free. This may be \c NULL, in which
- *                  case this function returns immediately. If it is not
- *                  \c NULL, it must point to an initialized restart context.
- */
-void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief           This function copies the contents of point \p Q into
- *                  point \p P.
- *
- * \param P         The destination point. This must be initialized.
- * \param Q         The source point. This must be initialized.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return          Another negative error code for other kinds of failure.
- */
-int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
-
-/**
- * \brief           This function copies the contents of group \p src into
- *                  group \p dst.
- *
- * \param dst       The destination group. This must be initialized.
- * \param src       The source group. This must be initialized.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst,
-                            const mbedtls_ecp_group *src );
-
-/**
- * \brief           This function sets a point to the point at infinity.
- *
- * \param pt        The point to set. This must be initialized.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
-
-/**
- * \brief           This function checks if a point is the point at infinity.
- *
- * \param pt        The point to test. This must be initialized.
- *
- * \return          \c 1 if the point is zero.
- * \return          \c 0 if the point is non-zero.
- * \return          A negative error code on failure.
- */
-int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
-
-/**
- * \brief           This function compares two points.
- *
- * \note            This assumes that the points are normalized. Otherwise,
- *                  they may compare as "not equal" even if they are.
- *
- * \param P         The first point to compare. This must be initialized.
- * \param Q         The second point to compare. This must be initialized.
- *
- * \return          \c 0 if the points are equal.
- * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
- */
-int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
-                           const mbedtls_ecp_point *Q );
-
-/**
- * \brief           This function imports a non-zero point from two ASCII
- *                  strings.
- *
- * \param P         The destination point. This must be initialized.
- * \param radix     The numeric base of the input.
- * \param x         The first affine coordinate, as a null-terminated string.
- * \param y         The second affine coordinate, as a null-terminated string.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_MPI_XXX error code on failure.
- */
-int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
-                           const char *x, const char *y );
-
-/**
- * \brief           This function exports a point into unsigned binary data.
- *
- * \param grp       The group to which the point should belong.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param P         The point to export. This must be initialized.
- * \param format    The point format. This must be either
- *                  #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
- *                  (For groups without these formats, this parameter is
- *                  ignored. But it still has to be either of the above
- *                  values.)
- * \param olen      The address at which to store the length of
- *                  the output in Bytes. This must not be \c NULL.
- * \param buf       The output buffer. This must be a writable buffer
- *                  of length \p buflen Bytes.
- * \param buflen    The length of the output buffer \p buf in Bytes.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
- *                  is too small to hold the point.
- * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
- *                  or the export for the given group is not implemented.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
-                                    const mbedtls_ecp_point *P,
-                                    int format, size_t *olen,
-                                    unsigned char *buf, size_t buflen );
-
-/**
- * \brief           This function imports a point from unsigned binary data.
- *
- * \note            This function does not check that the point actually
- *                  belongs to the given group, see mbedtls_ecp_check_pubkey()
- *                  for that.
- *
- * \param grp       The group to which the point should belong.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param P         The destination context to import the point to.
- *                  This must be initialized.
- * \param buf       The input buffer. This must be a readable buffer
- *                  of length \p ilen Bytes.
- * \param ilen      The length of the input buffer \p buf in Bytes.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
- * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
- *                  given group is not implemented.
- */
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
-                                   mbedtls_ecp_point *P,
-                                   const unsigned char *buf, size_t ilen );
-
-/**
- * \brief           This function imports a point from a TLS ECPoint record.
- *
- * \note            On function return, \p *buf is updated to point immediately
- *                  after the ECPoint record.
- *
- * \param grp       The ECP group to use.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param pt        The destination point.
- * \param buf       The address of the pointer to the start of the input buffer.
- * \param len       The length of the buffer.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_MPI_XXX error code on initialization
- *                  failure.
- * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
- */
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
-                                mbedtls_ecp_point *pt,
-                                const unsigned char **buf, size_t len );
-
-/**
- * \brief           This function exports a point as a TLS ECPoint record
- *                  defined in RFC 4492, Section 5.4.
- *
- * \param grp       The ECP group to use.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param pt        The point to be exported. This must be initialized.
- * \param format    The point format to use. This must be either
- *                  #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
- * \param olen      The address at which to store the length in Bytes
- *                  of the data written.
- * \param buf       The target buffer. This must be a writable buffer of
- *                  length \p blen Bytes.
- * \param blen      The length of the target buffer \p buf in Bytes.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
- * \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the target buffer
- *                  is too small to hold the exported point.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp,
-                                 const mbedtls_ecp_point *pt,
-                                 int format, size_t *olen,
-                                 unsigned char *buf, size_t blen );
-
-/**
- * \brief           This function sets up an ECP group context
- *                  from a standardized set of domain parameters.
- *
- * \note            The index should be a value of the NamedCurve enum,
- *                  as defined in <em>RFC-4492: Elliptic Curve Cryptography
- *                  (ECC) Cipher Suites for Transport Layer Security (TLS)</em>,
- *                  usually in the form of an \c MBEDTLS_ECP_DP_XXX macro.
- *
- * \param grp       The group context to setup. This must be initialized.
- * \param id        The identifier of the domain parameter set to load.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p id doesn't
- *                  correspond to a known group.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
-
-/**
- * \brief           This function sets up an ECP group context from a TLS
- *                  ECParameters record as defined in RFC 4492, Section 5.4.
- *
- * \note            The read pointer \p buf is updated to point right after
- *                  the ECParameters record on exit.
- *
- * \param grp       The group context to setup. This must be initialized.
- * \param buf       The address of the pointer to the start of the input buffer.
- * \param len       The length of the input buffer \c *buf in Bytes.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
- * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
- *                  recognized.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
-                                const unsigned char **buf, size_t len );
-
-/**
- * \brief           This function extracts an elliptic curve group ID from a
- *                  TLS ECParameters record as defined in RFC 4492, Section 5.4.
- *
- * \note            The read pointer \p buf is updated to point right after
- *                  the ECParameters record on exit.
- *
- * \param grp       The address at which to store the group id.
- *                  This must not be \c NULL.
- * \param buf       The address of the pointer to the start of the input buffer.
- * \param len       The length of the input buffer \c *buf in Bytes.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
- * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the group is not
- *                  recognized.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
-                                   const unsigned char **buf,
-                                   size_t len );
-/**
- * \brief           This function exports an elliptic curve as a TLS
- *                  ECParameters record as defined in RFC 4492, Section 5.4.
- *
- * \param grp       The ECP group to be exported.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param olen      The address at which to store the number of Bytes written.
- *                  This must not be \c NULL.
- * \param buf       The buffer to write to. This must be a writable buffer
- *                  of length \p blen Bytes.
- * \param blen      The length of the output buffer \p buf in Bytes.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output
- *                  buffer is too small to hold the exported group.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp,
-                                 size_t *olen,
-                                 unsigned char *buf, size_t blen );
-
-/**
- * \brief           This function performs a scalar multiplication of a point
- *                  by an integer: \p R = \p m * \p P.
- *
- *                  It is not thread-safe to use same group in multiple threads.
- *
- * \note            To prevent timing attacks, this function
- *                  executes the exact same sequence of base-field
- *                  operations for any valid \p m. It avoids any if-branch or
- *                  array index depending on the value of \p m.
- *
- * \note            If \p f_rng is not NULL, it is used to randomize
- *                  intermediate results to prevent potential timing attacks
- *                  targeting these results. We recommend always providing
- *                  a non-NULL \p f_rng. The overhead is negligible.
- *                  Note: unless #MBEDTLS_ECP_NO_INTERNAL_RNG is defined, when
- *                  \p f_rng is NULL, an internal RNG (seeded from the value
- *                  of \p m) will be used instead.
- *
- * \param grp       The ECP group to use.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param R         The point in which to store the result of the calculation.
- *                  This must be initialized.
- * \param m         The integer by which to multiply. This must be initialized.
- * \param P         The point to multiply. This must be initialized.
- * \param f_rng     The RNG function. This may be \c NULL if randomization
- *                  of intermediate results isn't desired (discouraged).
- * \param p_rng     The RNG context to be passed to \p p_rng.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
- *                  key, or \p P is not a valid public key.
- * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief           This function performs multiplication of a point by
- *                  an integer: \p R = \p m * \p P in a restartable way.
- *
- * \see             mbedtls_ecp_mul()
- *
- * \note            This function does the same as \c mbedtls_ecp_mul(), but
- *                  it can return early and restart according to the limit set
- *                  with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \param grp       The ECP group to use.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param R         The point in which to store the result of the calculation.
- *                  This must be initialized.
- * \param m         The integer by which to multiply. This must be initialized.
- * \param P         The point to multiply. This must be initialized.
- * \param f_rng     The RNG function. This may be \c NULL if randomization
- *                  of intermediate results isn't desired (discouraged).
- * \param p_rng     The RNG context to be passed to \p p_rng.
- * \param rs_ctx    The restart context (NULL disables restart).
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
- *                  key, or \p P is not a valid public key.
- * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-             mbedtls_ecp_restart_ctx *rs_ctx );
-
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-/**
- * \brief           This function performs multiplication and addition of two
- *                  points by integers: \p R = \p m * \p P + \p n * \p Q
- *
- *                  It is not thread-safe to use same group in multiple threads.
- *
- * \note            In contrast to mbedtls_ecp_mul(), this function does not
- *                  guarantee a constant execution flow and timing.
- *
- * \note            This function is only defined for short Weierstrass curves.
- *                  It may not be included in builds without any short
- *                  Weierstrass curve.
- *
- * \param grp       The ECP group to use.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param R         The point in which to store the result of the calculation.
- *                  This must be initialized.
- * \param m         The integer by which to multiply \p P.
- *                  This must be initialized.
- * \param P         The point to multiply by \p m. This must be initialized.
- * \param n         The integer by which to multiply \p Q.
- *                  This must be initialized.
- * \param Q         The point to be multiplied by \p n.
- *                  This must be initialized.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
- *                  valid private keys, or \p P or \p Q are not valid public
- *                  keys.
- * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
- *                  designate a short Weierstrass curve.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
-
-/**
- * \brief           This function performs multiplication and addition of two
- *                  points by integers: \p R = \p m * \p P + \p n * \p Q in a
- *                  restartable way.
- *
- * \see             \c mbedtls_ecp_muladd()
- *
- * \note            This function works the same as \c mbedtls_ecp_muladd(),
- *                  but it can return early and restart according to the limit
- *                  set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \note            This function is only defined for short Weierstrass curves.
- *                  It may not be included in builds without any short
- *                  Weierstrass curve.
- *
- * \param grp       The ECP group to use.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param R         The point in which to store the result of the calculation.
- *                  This must be initialized.
- * \param m         The integer by which to multiply \p P.
- *                  This must be initialized.
- * \param P         The point to multiply by \p m. This must be initialized.
- * \param n         The integer by which to multiply \p Q.
- *                  This must be initialized.
- * \param Q         The point to be multiplied by \p n.
- *                  This must be initialized.
- * \param rs_ctx    The restart context (NULL disables restart).
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_INVALID_KEY if \p m or \p n are not
- *                  valid private keys, or \p P or \p Q are not valid public
- *                  keys.
- * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
- * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if \p grp does not
- *                  designate a short Weierstrass curve.
- * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_muladd_restartable(
-             mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
-             mbedtls_ecp_restart_ctx *rs_ctx );
-#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-
-/**
- * \brief           This function checks that a point is a valid public key
- *                  on this curve.
- *
- *                  It only checks that the point is non-zero, has
- *                  valid coordinates and lies on the curve. It does not verify
- *                  that it is indeed a multiple of \p G. This additional
- *                  check is computationally more expensive, is not required
- *                  by standards, and should not be necessary if the group
- *                  used has a small cofactor. In particular, it is useless for
- *                  the NIST groups which all have a cofactor of 1.
- *
- * \note            This function uses bare components rather than an
- *                  ::mbedtls_ecp_keypair structure, to ease use with other
- *                  structures, such as ::mbedtls_ecdh_context or
- *                  ::mbedtls_ecdsa_context.
- *
- * \param grp       The ECP group the point should belong to.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param pt        The point to check. This must be initialized.
- *
- * \return          \c 0 if the point is a valid public key.
- * \return          #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not
- *                  a valid public key for the given curve.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
-                              const mbedtls_ecp_point *pt );
-
-/**
- * \brief           This function checks that an \p mbedtls_mpi is a
- *                  valid private key for this curve.
- *
- * \note            This function uses bare components rather than an
- *                  ::mbedtls_ecp_keypair structure to ease use with other
- *                  structures, such as ::mbedtls_ecdh_context or
- *                  ::mbedtls_ecdsa_context.
- *
- * \param grp       The ECP group the private key should belong to.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param d         The integer to check. This must be initialized.
- *
- * \return          \c 0 if the point is a valid private key.
- * \return          #MBEDTLS_ERR_ECP_INVALID_KEY if the point is not a valid
- *                  private key for the given curve.
- * \return          Another negative error code on other kinds of failure.
- */
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
-                               const mbedtls_mpi *d );
-
-/**
- * \brief           This function generates a private key.
- *
- * \param grp       The ECP group to generate a private key for.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param d         The destination MPI (secret part). This must be initialized.
- * \param f_rng     The RNG function. This must not be \c NULL.
- * \param p_rng     The RNG parameter to be passed to \p f_rng. This may be
- *                  \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- *                  on failure.
- */
-int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
-                     mbedtls_mpi *d,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
-
-/**
- * \brief           This function generates a keypair with a configurable base
- *                  point.
- *
- * \note            This function uses bare components rather than an
- *                  ::mbedtls_ecp_keypair structure to ease use with other
- *                  structures, such as ::mbedtls_ecdh_context or
- *                  ::mbedtls_ecdsa_context.
- *
- * \param grp       The ECP group to generate a key pair for.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param G         The base point to use. This must be initialized
- *                  and belong to \p grp. It replaces the default base
- *                  point \c grp->G used by mbedtls_ecp_gen_keypair().
- * \param d         The destination MPI (secret part).
- *                  This must be initialized.
- * \param Q         The destination point (public part).
- *                  This must be initialized.
- * \param f_rng     The RNG function. This must not be \c NULL.
- * \param p_rng     The RNG context to be passed to \p f_rng. This may
- *                  be \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- *                  on failure.
- */
-int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
-                                  const mbedtls_ecp_point *G,
-                                  mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                                  int (*f_rng)(void *, unsigned char *, size_t),
-                                  void *p_rng );
-
-/**
- * \brief           This function generates an ECP keypair.
- *
- * \note            This function uses bare components rather than an
- *                  ::mbedtls_ecp_keypair structure to ease use with other
- *                  structures, such as ::mbedtls_ecdh_context or
- *                  ::mbedtls_ecdsa_context.
- *
- * \param grp       The ECP group to generate a key pair for.
- *                  This must be initialized and have group parameters
- *                  set, for example through mbedtls_ecp_group_load().
- * \param d         The destination MPI (secret part).
- *                  This must be initialized.
- * \param Q         The destination point (public part).
- *                  This must be initialized.
- * \param f_rng     The RNG function. This must not be \c NULL.
- * \param p_rng     The RNG context to be passed to \p f_rng. This may
- *                  be \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- *                  on failure.
- */
-int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d,
-                             mbedtls_ecp_point *Q,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng );
-
-/**
- * \brief           This function generates an ECP key.
- *
- * \param grp_id    The ECP group identifier.
- * \param key       The destination key. This must be initialized.
- * \param f_rng     The RNG function to use. This must not be \c NULL.
- * \param p_rng     The RNG context to be passed to \p f_rng. This may
- *                  be \c NULL if \p f_rng doesn't need a context argument.
- *
- * \return          \c 0 on success.
- * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
- *                  on failure.
- */
-int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng );
-
-/**
- * \brief           This function reads an elliptic curve private key.
- *
- * \param grp_id    The ECP group identifier.
- * \param key       The destination key.
- * \param buf       The buffer containing the binary representation of the
- *                  key. (Big endian integer for Weierstrass curves, byte
- *                  string for Montgomery curves.)
- * \param buflen    The length of the buffer in bytes.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_INVALID_KEY error if the key is
- *                  invalid.
- * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
- * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
- *                  the group is not implemented.
- * \return          Another negative error code on different kinds of failure.
- */
-int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
-                          const unsigned char *buf, size_t buflen );
-
-/**
- * \brief           This function exports an elliptic curve private key.
- *
- * \param key       The private key.
- * \param buf       The output buffer for containing the binary representation
- *                  of the key. (Big endian integer for Weierstrass curves, byte
- *                  string for Montgomery curves.)
- * \param buflen    The total length of the buffer in bytes.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key
-                    representation is larger than the available space in \p buf.
- * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
- *                  the group is not implemented.
- * \return          Another negative error code on different kinds of failure.
- */
-int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key,
-                           unsigned char *buf, size_t buflen );
-
-/**
- * \brief           This function checks that the keypair objects
- *                  \p pub and \p prv have the same group and the
- *                  same public point, and that the private key in
- *                  \p prv is consistent with the public key.
- *
- * \param pub       The keypair structure holding the public key. This
- *                  must be initialized. If it contains a private key, that
- *                  part is ignored.
- * \param prv       The keypair structure holding the full keypair.
- *                  This must be initialized.
- *
- * \return          \c 0 on success, meaning that the keys are valid and match.
- * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
- * \return          An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
- *                  error code on calculation failure.
- */
-int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub,
-                                const mbedtls_ecp_keypair *prv );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          The ECP checkup routine.
- *
- * \return         \c 0 on success.
- * \return         \c 1 on failure.
- */
-int mbedtls_ecp_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ecp.h */
diff --git a/Sources/mbedtls/include/mbedtls/ecp_internal.h b/Sources/mbedtls/include/mbedtls/ecp_internal.h
deleted file mode 100644
index 6a47a8f..0000000
--- a/Sources/mbedtls/include/mbedtls/ecp_internal.h
+++ /dev/null
@@ -1,297 +0,0 @@
-/**
- * \file ecp_internal.h
- *
- * \brief Function declarations for alternative implementation of elliptic curve
- * point arithmetic.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- * References:
- *
- * [1] BERNSTEIN, Daniel J. Curve25519: new Diffie-Hellman speed records.
- *     <http://cr.yp.to/ecdh/curve25519-20060209.pdf>
- *
- * [2] CORON, Jean-S'ebastien. Resistance against differential power analysis
- *     for elliptic curve cryptosystems. In : Cryptographic Hardware and
- *     Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302.
- *     <http://link.springer.com/chapter/10.1007/3-540-48059-5_25>
- *
- * [3] HEDABOU, Mustapha, PINEL, Pierre, et B'EN'ETEAU, Lucien. A comb method to
- *     render ECC resistant against Side Channel Attacks. IACR Cryptology
- *     ePrint Archive, 2004, vol. 2004, p. 342.
- *     <http://eprint.iacr.org/2004/342.pdf>
- *
- * [4] Certicom Research. SEC 2: Recommended Elliptic Curve Domain Parameters.
- *     <http://www.secg.org/sec2-v2.pdf>
- *
- * [5] HANKERSON, Darrel, MENEZES, Alfred J., VANSTONE, Scott. Guide to Elliptic
- *     Curve Cryptography.
- *
- * [6] Digital Signature Standard (DSS), FIPS 186-4.
- *     <http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>
- *
- * [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer
- *     Security (TLS), RFC 4492.
- *     <https://tools.ietf.org/search/rfc4492>
- *
- * [8] <http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html>
- *
- * [9] COHEN, Henri. A Course in Computational Algebraic Number Theory.
- *     Springer Science & Business Media, 1 Aug 2000
- */
-
-#ifndef MBEDTLS_ECP_INTERNAL_H
-#define MBEDTLS_ECP_INTERNAL_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-
-/**
- * \brief           Indicate if the Elliptic Curve Point module extension can
- *                  handle the group.
- *
- * \param grp       The pointer to the elliptic curve group that will be the
- *                  basis of the cryptographic computations.
- *
- * \return          Non-zero if successful.
- */
-unsigned char mbedtls_internal_ecp_grp_capable( const mbedtls_ecp_group *grp );
-
-/**
- * \brief           Initialise the Elliptic Curve Point module extension.
- *
- *                  If mbedtls_internal_ecp_grp_capable returns true for a
- *                  group, this function has to be able to initialise the
- *                  module for it.
- *
- *                  This module can be a driver to a crypto hardware
- *                  accelerator, for which this could be an initialise function.
- *
- * \param grp       The pointer to the group the module needs to be
- *                  initialised for.
- *
- * \return          0 if successful.
- */
-int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp );
-
-/**
- * \brief           Frees and deallocates the Elliptic Curve Point module
- *                  extension.
- *
- * \param grp       The pointer to the group the module was initialised for.
- */
-void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp );
-
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-
-#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
-/**
- * \brief           Randomize jacobian coordinates:
- *                  (X, Y, Z) -> (l^2 X, l^3 Y, l Z) for random l.
- *
- * \param grp       Pointer to the group representing the curve.
- *
- * \param pt        The point on the curve to be randomised, given with Jacobian
- *                  coordinates.
- *
- * \param f_rng     A function pointer to the random number generator.
- *
- * \param p_rng     A pointer to the random number generator state.
- *
- * \return          0 if successful.
- */
-int mbedtls_internal_ecp_randomize_jac( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *pt, int (*f_rng)(void *, unsigned char *, size_t),
-        void *p_rng );
-#endif
-
-#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
-/**
- * \brief           Addition: R = P + Q, mixed affine-Jacobian coordinates.
- *
- *                  The coordinates of Q must be normalized (= affine),
- *                  but those of P don't need to. R is not normalized.
- *
- *                  This function is used only as a subrutine of
- *                  ecp_mul_comb().
- *
- *                  Special cases: (1) P or Q is zero, (2) R is zero,
- *                      (3) P == Q.
- *                  None of these cases can happen as intermediate step in
- *                  ecp_mul_comb():
- *                      - at each step, P, Q and R are multiples of the base
- *                      point, the factor being less than its order, so none of
- *                      them is zero;
- *                      - Q is an odd multiple of the base point, P an even
- *                      multiple, due to the choice of precomputed points in the
- *                      modified comb method.
- *                  So branches for these cases do not leak secret information.
- *
- *                  We accept Q->Z being unset (saving memory in tables) as
- *                  meaning 1.
- *
- *                  Cost in field operations if done by [5] 3.22:
- *                      1A := 8M + 3S
- *
- * \param grp       Pointer to the group representing the curve.
- *
- * \param R         Pointer to a point structure to hold the result.
- *
- * \param P         Pointer to the first summand, given with Jacobian
- *                  coordinates
- *
- * \param Q         Pointer to the second summand, given with affine
- *                  coordinates.
- *
- * \return          0 if successful.
- */
-int mbedtls_internal_ecp_add_mixed( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *R, const mbedtls_ecp_point *P,
-        const mbedtls_ecp_point *Q );
-#endif
-
-/**
- * \brief           Point doubling R = 2 P, Jacobian coordinates.
- *
- *                  Cost:   1D := 3M + 4S    (A ==  0)
- *                          4M + 4S          (A == -3)
- *                          3M + 6S + 1a     otherwise
- *                  when the implementation is based on the "dbl-1998-cmo-2"
- *                  doubling formulas in [8] and standard optimizations are
- *                  applied when curve parameter A is one of { 0, -3 }.
- *
- * \param grp       Pointer to the group representing the curve.
- *
- * \param R         Pointer to a point structure to hold the result.
- *
- * \param P         Pointer to the point that has to be doubled, given with
- *                  Jacobian coordinates.
- *
- * \return          0 if successful.
- */
-#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
-int mbedtls_internal_ecp_double_jac( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *R, const mbedtls_ecp_point *P );
-#endif
-
-/**
- * \brief           Normalize jacobian coordinates of an array of (pointers to)
- *                  points.
- *
- *                  Using Montgomery's trick to perform only one inversion mod P
- *                  the cost is:
- *                      1N(t) := 1I + (6t - 3)M + 1S
- *                  (See for example Algorithm 10.3.4. in [9])
- *
- *                  This function is used only as a subrutine of
- *                  ecp_mul_comb().
- *
- *                  Warning: fails (returning an error) if one of the points is
- *                  zero!
- *                  This should never happen, see choice of w in ecp_mul_comb().
- *
- * \param grp       Pointer to the group representing the curve.
- *
- * \param T         Array of pointers to the points to normalise.
- *
- * \param t_len     Number of elements in the array.
- *
- * \return          0 if successful,
- *                      an error if one of the points is zero.
- */
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
-int mbedtls_internal_ecp_normalize_jac_many( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *T[], size_t t_len );
-#endif
-
-/**
- * \brief           Normalize jacobian coordinates so that Z == 0 || Z == 1.
- *
- *                  Cost in field operations if done by [5] 3.2.1:
- *                      1N := 1I + 3M + 1S
- *
- * \param grp       Pointer to the group representing the curve.
- *
- * \param pt        pointer to the point to be normalised. This is an
- *                  input/output parameter.
- *
- * \return          0 if successful.
- */
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
-int mbedtls_internal_ecp_normalize_jac( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *pt );
-#endif
-
-#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-
-#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
-int mbedtls_internal_ecp_double_add_mxz( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *R, mbedtls_ecp_point *S, const mbedtls_ecp_point *P,
-        const mbedtls_ecp_point *Q, const mbedtls_mpi *d );
-#endif
-
-/**
- * \brief           Randomize projective x/z coordinates:
- *                      (X, Z) -> (l X, l Z) for random l
- *
- * \param grp       pointer to the group representing the curve
- *
- * \param P         the point on the curve to be randomised given with
- *                  projective coordinates. This is an input/output parameter.
- *
- * \param f_rng     a function pointer to the random number generator
- *
- * \param p_rng     a pointer to the random number generator state
- *
- * \return          0 if successful
- */
-#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
-int mbedtls_internal_ecp_randomize_mxz( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t),
-        void *p_rng );
-#endif
-
-/**
- * \brief           Normalize Montgomery x/z coordinates: X = X/Z, Z = 1.
- *
- * \param grp       pointer to the group representing the curve
- *
- * \param P         pointer to the point to be normalised. This is an
- *                  input/output parameter.
- *
- * \return          0 if successful
- */
-#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
-int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *P );
-#endif
-
-#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
-
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-
-#endif /* ecp_internal.h */
-
diff --git a/Sources/mbedtls/include/mbedtls/entropy.h b/Sources/mbedtls/include/mbedtls/entropy.h
deleted file mode 100644
index 40259eb..0000000
--- a/Sources/mbedtls/include/mbedtls/entropy.h
+++ /dev/null
@@ -1,294 +0,0 @@
-/**
- * \file entropy.h
- *
- * \brief Entropy accumulator implementation
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_ENTROPY_H
-#define MBEDTLS_ENTROPY_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
-#include "mbedtls/sha512.h"
-#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
-#else
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
-#include "mbedtls/sha256.h"
-#endif
-#endif
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-#if defined(MBEDTLS_HAVEGE_C)
-#include "mbedtls/havege.h"
-#endif
-
-/** Critical entropy source failure. */
-#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED                 -0x003C
-/** No more sources can be added. */
-#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES                   -0x003E
-/** No sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED            -0x0040
-/** No strong sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE              -0x003D
-/** Read/write error in file. */
-#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR                 -0x003F
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
-#define MBEDTLS_ENTROPY_MAX_SOURCES     20      /**< Maximum number of sources supported */
-#endif
-
-#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
-#define MBEDTLS_ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
-#endif
-
-/** \} name SECTION: Module settings */
-
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-#define MBEDTLS_ENTROPY_BLOCK_SIZE      64      /**< Block size of entropy accumulator (SHA-512) */
-#else
-#define MBEDTLS_ENTROPY_BLOCK_SIZE      32      /**< Block size of entropy accumulator (SHA-256) */
-#endif
-
-#define MBEDTLS_ENTROPY_MAX_SEED_SIZE   1024    /**< Maximum size of seed we read from seed file */
-#define MBEDTLS_ENTROPY_SOURCE_MANUAL   MBEDTLS_ENTROPY_MAX_SOURCES
-
-#define MBEDTLS_ENTROPY_SOURCE_STRONG   1       /**< Entropy source is strong   */
-#define MBEDTLS_ENTROPY_SOURCE_WEAK     0       /**< Entropy source is weak     */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief           Entropy poll callback pointer
- *
- * \param data      Callback-specific data pointer
- * \param output    Data to fill
- * \param len       Maximum size to provide
- * \param olen      The actual amount of bytes put into the buffer (Can be 0)
- *
- * \return          0 if no critical failures occurred,
- *                  MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
- */
-typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
-                            size_t *olen);
-
-/**
- * \brief           Entropy source state
- */
-typedef struct mbedtls_entropy_source_state
-{
-    mbedtls_entropy_f_source_ptr    f_source;   /**< The entropy source callback */
-    void *          p_source;   /**< The callback data pointer */
-    size_t          size;       /**< Amount received in bytes */
-    size_t          threshold;  /**< Minimum bytes required before release */
-    int             strong;     /**< Is the source strong? */
-}
-mbedtls_entropy_source_state;
-
-/**
- * \brief           Entropy context structure
- */
-typedef struct mbedtls_entropy_context
-{
-    int accumulator_started; /* 0 after init.
-                              * 1 after the first update.
-                              * -1 after free. */
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-    mbedtls_sha512_context  accumulator;
-#elif defined(MBEDTLS_ENTROPY_SHA256_ACCUMULATOR)
-    mbedtls_sha256_context  accumulator;
-#endif
-    int             source_count; /* Number of entries used in source. */
-    mbedtls_entropy_source_state    source[MBEDTLS_ENTROPY_MAX_SOURCES];
-#if defined(MBEDTLS_HAVEGE_C)
-    mbedtls_havege_state    havege_data;
-#endif
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t mutex;    /*!< mutex                  */
-#endif
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-    int initial_entropy_run;
-#endif
-}
-mbedtls_entropy_context;
-
-/**
- * \brief           Initialize the context
- *
- * \param ctx       Entropy context to initialize
- */
-void mbedtls_entropy_init( mbedtls_entropy_context *ctx );
-
-/**
- * \brief           Free the data in the context
- *
- * \param ctx       Entropy context to free
- */
-void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
-
-/**
- * \brief           Adds an entropy source to poll
- *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx       Entropy context
- * \param f_source  Entropy function
- * \param p_source  Function data
- * \param threshold Minimum required from source before entropy is released
- *                  ( with mbedtls_entropy_func() ) (in bytes)
- * \param strong    MBEDTLS_ENTROPY_SOURCE_STRONG or
- *                  MBEDTLS_ENTROPY_SOURCE_WEAK.
- *                  At least one strong source needs to be added.
- *                  Weaker sources (such as the cycle counter) can be used as
- *                  a complement.
- *
- * \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
- */
-int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
-                        mbedtls_entropy_f_source_ptr f_source, void *p_source,
-                        size_t threshold, int strong );
-
-/**
- * \brief           Trigger an extra gather poll for the accumulator
- *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx       Entropy context
- *
- * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
-
-/**
- * \brief           Retrieve entropy from the accumulator
- *                  (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
- *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param data      Entropy context
- * \param output    Buffer to fill
- * \param len       Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
- *
- * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
-
-/**
- * \brief           Add data to the accumulator manually
- *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param ctx       Entropy context
- * \param data      Data to add
- * \param len       Length of data
- *
- * \return          0 if successful
- */
-int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
-                           const unsigned char *data, size_t len );
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-/**
- * \brief           Trigger an update of the seed file in NV by using the
- *                  current entropy pool.
- *
- * \param ctx       Entropy context
- *
- * \return          0 if successful
- */
-int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx );
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief               Write a seed file
- *
- * \param ctx           Entropy context
- * \param path          Name of the file
- *
- * \return              0 if successful,
- *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
- *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path );
-
-/**
- * \brief               Read and update a seed file. Seed is added to this
- *                      instance. No more than MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes are
- *                      read from the seed file. The rest is ignored.
- *
- * \param ctx           Entropy context
- * \param path          Name of the file
- *
- * \return              0 if successful,
- *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
- *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
- */
-int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief          Checkup routine
- *
- *                 This module self-test also calls the entropy self-test,
- *                 mbedtls_entropy_source_self_test();
- *
- * \return         0 if successful, or 1 if a test failed
- */
-int mbedtls_entropy_self_test( int verbose );
-
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-/**
- * \brief          Checkup routine
- *
- *                 Verifies the integrity of the hardware entropy source
- *                 provided by the function 'mbedtls_hardware_poll()'.
- *
- *                 Note this is the only hardware entropy source that is known
- *                 at link time, and other entropy sources configured
- *                 dynamically at runtime by the function
- *                 mbedtls_entropy_add_source() will not be tested.
- *
- * \return         0 if successful, or 1 if a test failed
- */
-int mbedtls_entropy_source_self_test( int verbose );
-#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* entropy.h */
diff --git a/Sources/mbedtls/include/mbedtls/entropy_poll.h b/Sources/mbedtls/include/mbedtls/entropy_poll.h
deleted file mode 100644
index e1d7491..0000000
--- a/Sources/mbedtls/include/mbedtls/entropy_poll.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- * \file entropy_poll.h
- *
- * \brief Platform-specific and custom entropy polling functions
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_ENTROPY_POLL_H
-#define MBEDTLS_ENTROPY_POLL_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Default thresholds for built-in sources, in bytes
- */
-#define MBEDTLS_ENTROPY_MIN_PLATFORM     32     /**< Minimum for platform source    */
-#define MBEDTLS_ENTROPY_MIN_HAVEGE       32     /**< Minimum for HAVEGE             */
-#define MBEDTLS_ENTROPY_MIN_HARDCLOCK     4     /**< Minimum for mbedtls_timing_hardclock()        */
-#if !defined(MBEDTLS_ENTROPY_MIN_HARDWARE)
-#define MBEDTLS_ENTROPY_MIN_HARDWARE     32     /**< Minimum for the hardware source */
-#endif
-
-/**
- * \brief           Entropy poll callback that provides 0 entropy.
- */
-#if defined(MBEDTLS_TEST_NULL_ENTROPY)
-    int mbedtls_null_entropy_poll( void *data,
-                                unsigned char *output, size_t len, size_t *olen );
-#endif
-
-#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
-/**
- * \brief           Platform-specific entropy poll callback
- */
-int mbedtls_platform_entropy_poll( void *data,
-                           unsigned char *output, size_t len, size_t *olen );
-#endif
-
-#if defined(MBEDTLS_HAVEGE_C)
-/**
- * \brief           HAVEGE based entropy poll callback
- *
- * Requires an HAVEGE state as its data pointer.
- */
-int mbedtls_havege_poll( void *data,
-                 unsigned char *output, size_t len, size_t *olen );
-#endif
-
-#if defined(MBEDTLS_TIMING_C)
-/**
- * \brief           mbedtls_timing_hardclock-based entropy poll callback
- */
-int mbedtls_hardclock_poll( void *data,
-                    unsigned char *output, size_t len, size_t *olen );
-#endif
-
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-/**
- * \brief           Entropy poll callback for a hardware source
- *
- * \warning         This is not provided by mbed TLS!
- *                  See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h.
- *
- * \note            This must accept NULL as its first argument.
- */
-int mbedtls_hardware_poll( void *data,
-                           unsigned char *output, size_t len, size_t *olen );
-#endif
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-/**
- * \brief           Entropy poll callback for a non-volatile seed file
- *
- * \note            This must accept NULL as its first argument.
- */
-int mbedtls_nv_seed_poll( void *data,
-                          unsigned char *output, size_t len, size_t *olen );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* entropy_poll.h */
diff --git a/Sources/mbedtls/include/mbedtls/error.h b/Sources/mbedtls/include/mbedtls/error.h
deleted file mode 100644
index 50f2538..0000000
--- a/Sources/mbedtls/include/mbedtls/error.h
+++ /dev/null
@@ -1,217 +0,0 @@
-/**
- * \file error.h
- *
- * \brief Error to string translation
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_ERROR_H
-#define MBEDTLS_ERROR_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-/**
- * Error code layout.
- *
- * Currently we try to keep all error codes within the negative space of 16
- * bits signed integers to support all platforms (-0x0001 - -0x7FFF). In
- * addition we'd like to give two layers of information on the error if
- * possible.
- *
- * For that purpose the error codes are segmented in the following manner:
- *
- * 16 bit error code bit-segmentation
- *
- * 1 bit  - Unused (sign bit)
- * 3 bits - High level module ID
- * 5 bits - Module-dependent error code
- * 7 bits - Low level module errors
- *
- * For historical reasons, low-level error codes are divided in even and odd,
- * even codes were assigned first, and -1 is reserved for other errors.
- *
- * Low-level module errors (0x0002-0x007E, 0x0001-0x007F)
- *
- * Module   Nr  Codes assigned
- * ERROR     2  0x006E          0x0001
- * MPI       7  0x0002-0x0010
- * GCM       3  0x0012-0x0014   0x0013-0x0013
- * BLOWFISH  3  0x0016-0x0018   0x0017-0x0017
- * THREADING 3  0x001A-0x001E
- * AES       5  0x0020-0x0022   0x0021-0x0025
- * CAMELLIA  3  0x0024-0x0026   0x0027-0x0027
- * XTEA      2  0x0028-0x0028   0x0029-0x0029
- * BASE64    2  0x002A-0x002C
- * OID       1  0x002E-0x002E   0x000B-0x000B
- * PADLOCK   1  0x0030-0x0030
- * DES       2  0x0032-0x0032   0x0033-0x0033
- * CTR_DBRG  4  0x0034-0x003A
- * ENTROPY   3  0x003C-0x0040   0x003D-0x003F
- * NET      13  0x0042-0x0052   0x0043-0x0049
- * ARIA      4  0x0058-0x005E
- * ASN1      7  0x0060-0x006C
- * CMAC      1  0x007A-0x007A
- * PBKDF2    1  0x007C-0x007C
- * HMAC_DRBG 4                  0x0003-0x0009
- * CCM       3                  0x000D-0x0011
- * ARC4      1                  0x0019-0x0019
- * MD2       1                  0x002B-0x002B
- * MD4       1                  0x002D-0x002D
- * MD5       1                  0x002F-0x002F
- * RIPEMD160 1                  0x0031-0x0031
- * SHA1      1                  0x0035-0x0035 0x0073-0x0073
- * SHA256    1                  0x0037-0x0037 0x0074-0x0074
- * SHA512    1                  0x0039-0x0039 0x0075-0x0075
- * CHACHA20  3                  0x0051-0x0055
- * POLY1305  3                  0x0057-0x005B
- * CHACHAPOLY 2 0x0054-0x0056
- * PLATFORM  2  0x0070-0x0072
- *
- * High-level module nr (3 bits - 0x0...-0x7...)
- * Name      ID  Nr of Errors
- * PEM       1   9
- * PKCS#12   1   4 (Started from top)
- * X509      2   20
- * PKCS5     2   4 (Started from top)
- * DHM       3   11
- * PK        3   15 (Started from top)
- * RSA       4   11
- * ECP       4   10 (Started from top)
- * MD        5   5
- * HKDF      5   1 (Started from top)
- * SSL       5   2 (Started from 0x5F00)
- * CIPHER    6   8 (Started from 0x6080)
- * SSL       6   24 (Started from top, plus 0x6000)
- * SSL       7   32
- *
- * Module dependent error code (5 bits 0x.00.-0x.F8.)
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/** Generic error */
-#define MBEDTLS_ERR_ERROR_GENERIC_ERROR       -0x0001
-/** This is a bug in the library */
-#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E
-
-/**
- * \brief Combines a high-level and low-level error code together.
- *
- *        Wrapper macro for mbedtls_error_add(). See that function for
- *        more details.
- */
-#define MBEDTLS_ERROR_ADD( high, low ) \
-        mbedtls_error_add( high, low, __FILE__, __LINE__ )
-
-#if defined(MBEDTLS_TEST_HOOKS)
-/**
- * \brief Testing hook called before adding/combining two error codes together.
- *        Only used when invasive testing is enabled via MBEDTLS_TEST_HOOKS.
- */
-extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int );
-#endif
-
-/**
- * \brief Combines a high-level and low-level error code together.
- *
- *        This function can be called directly however it is usually
- *        called via the #MBEDTLS_ERROR_ADD macro.
- *
- *        While a value of zero is not a negative error code, it is still an
- *        error code (that denotes success) and can be combined with both a
- *        negative error code or another value of zero.
- *
- * \note  When invasive testing is enabled via #MBEDTLS_TEST_HOOKS, also try to
- *        call \link mbedtls_test_hook_error_add \endlink.
- *
- * \param high      high-level error code. See error.h for more details.
- * \param low       low-level error code. See error.h for more details.
- * \param file      file where this error code addition occurred.
- * \param line      line where this error code addition occurred.
- */
-static inline int mbedtls_error_add( int high, int low,
-                                     const char *file, int line )
-{
-#if defined(MBEDTLS_TEST_HOOKS)
-    if( *mbedtls_test_hook_error_add != NULL )
-        ( *mbedtls_test_hook_error_add )( high, low, file, line );
-#endif
-    (void)file;
-    (void)line;
-
-    return( high + low );
-}
-
-/**
- * \brief Translate a mbed TLS error code into a string representation,
- *        Result is truncated if necessary and always includes a terminating
- *        null byte.
- *
- * \param errnum    error code
- * \param buffer    buffer to place representation in
- * \param buflen    length of the buffer
- */
-void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
-
-/**
- * \brief Translate the high-level part of an Mbed TLS error code into a string
- *        representation.
- *
- * This function returns a const pointer to an un-modifiable string. The caller
- * must not try to modify the string. It is intended to be used mostly for
- * logging purposes.
- *
- * \param error_code    error code
- *
- * \return The string representation of the error code, or \c NULL if the error
- *         code is unknown.
- */
-const char * mbedtls_high_level_strerr( int error_code );
-
-/**
- * \brief Translate the low-level part of an Mbed TLS error code into a string
- *        representation.
- *
- * This function returns a const pointer to an un-modifiable string. The caller
- * must not try to modify the string. It is intended to be used mostly for
- * logging purposes.
- *
- * \param error_code    error code
- *
- * \return The string representation of the error code, or \c NULL if the error
- *         code is unknown.
- */
-const char * mbedtls_low_level_strerr( int error_code );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* error.h */
diff --git a/Sources/mbedtls/include/mbedtls/gcm.h b/Sources/mbedtls/include/mbedtls/gcm.h
deleted file mode 100644
index 9723a17..0000000
--- a/Sources/mbedtls/include/mbedtls/gcm.h
+++ /dev/null
@@ -1,327 +0,0 @@
-/**
- * \file gcm.h
- *
- * \brief This file contains GCM definitions and functions.
- *
- * The Galois/Counter Mode (GCM) for 128-bit block ciphers is defined
- * in <em>D. McGrew, J. Viega, The Galois/Counter Mode of Operation
- * (GCM), Natl. Inst. Stand. Technol.</em>
- *
- * For more information on GCM, see <em>NIST SP 800-38D: Recommendation for
- * Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</em>.
- *
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_GCM_H
-#define MBEDTLS_GCM_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/cipher.h"
-
-#include <stdint.h>
-
-#define MBEDTLS_GCM_ENCRYPT     1
-#define MBEDTLS_GCM_DECRYPT     0
-
-/** Authenticated decryption failed. */
-#define MBEDTLS_ERR_GCM_AUTH_FAILED                       -0x0012
-
-/* MBEDTLS_ERR_GCM_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** GCM hardware accelerator failed. */
-#define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED                   -0x0013
-
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_GCM_BAD_INPUT                         -0x0014
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_GCM_ALT)
-
-/**
- * \brief          The GCM context structure.
- */
-typedef struct mbedtls_gcm_context
-{
-    mbedtls_cipher_context_t cipher_ctx;  /*!< The cipher context used. */
-    uint64_t HL[16];                      /*!< Precalculated HTable low. */
-    uint64_t HH[16];                      /*!< Precalculated HTable high. */
-    uint64_t len;                         /*!< The total length of the encrypted data. */
-    uint64_t add_len;                     /*!< The total length of the additional data. */
-    unsigned char base_ectr[16];          /*!< The first ECTR for tag. */
-    unsigned char y[16];                  /*!< The Y working value. */
-    unsigned char buf[16];                /*!< The buf working value. */
-    int mode;                             /*!< The operation to perform:
-                                               #MBEDTLS_GCM_ENCRYPT or
-                                               #MBEDTLS_GCM_DECRYPT. */
-}
-mbedtls_gcm_context;
-
-#else  /* !MBEDTLS_GCM_ALT */
-#include "gcm_alt.h"
-#endif /* !MBEDTLS_GCM_ALT */
-
-/**
- * \brief           This function initializes the specified GCM context,
- *                  to make references valid, and prepares the context
- *                  for mbedtls_gcm_setkey() or mbedtls_gcm_free().
- *
- *                  The function does not bind the GCM context to a particular
- *                  cipher, nor set the key. For this purpose, use
- *                  mbedtls_gcm_setkey().
- *
- * \param ctx       The GCM context to initialize. This must not be \c NULL.
- */
-void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
-
-/**
- * \brief           This function associates a GCM context with a
- *                  cipher algorithm and a key.
- *
- * \param ctx       The GCM context. This must be initialized.
- * \param cipher    The 128-bit block cipher to use.
- * \param key       The encryption key. This must be a readable buffer of at
- *                  least \p keybits bits.
- * \param keybits   The key size in bits. Valid options are:
- *                  <ul><li>128 bits</li>
- *                  <li>192 bits</li>
- *                  <li>256 bits</li></ul>
- *
- * \return          \c 0 on success.
- * \return          A cipher-specific error code on failure.
- */
-int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
-                        mbedtls_cipher_id_t cipher,
-                        const unsigned char *key,
-                        unsigned int keybits );
-
-/**
- * \brief           This function performs GCM encryption or decryption of a buffer.
- *
- * \note            For encryption, the output buffer can be the same as the
- *                  input buffer. For decryption, the output buffer cannot be
- *                  the same as input buffer. If the buffers overlap, the output
- *                  buffer must trail at least 8 Bytes behind the input buffer.
- *
- * \warning         When this function performs a decryption, it outputs the
- *                  authentication tag and does not verify that the data is
- *                  authentic. You should use this function to perform encryption
- *                  only. For decryption, use mbedtls_gcm_auth_decrypt() instead.
- *
- * \param ctx       The GCM context to use for encryption or decryption. This
- *                  must be initialized.
- * \param mode      The operation to perform:
- *                  - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
- *                    The ciphertext is written to \p output and the
- *                    authentication tag is written to \p tag.
- *                  - #MBEDTLS_GCM_DECRYPT to perform decryption.
- *                    The plaintext is written to \p output and the
- *                    authentication tag is written to \p tag.
- *                    Note that this mode is not recommended, because it does
- *                    not verify the authenticity of the data. For this reason,
- *                    you should use mbedtls_gcm_auth_decrypt() instead of
- *                    calling this function in decryption mode.
- * \param length    The length of the input data, which is equal to the length
- *                  of the output data.
- * \param iv        The initialization vector. This must be a readable buffer of
- *                  at least \p iv_len Bytes.
- * \param iv_len    The length of the IV.
- * \param add       The buffer holding the additional data. This must be of at
- *                  least that size in Bytes.
- * \param add_len   The length of the additional data.
- * \param input     The buffer holding the input data. If \p length is greater
- *                  than zero, this must be a readable buffer of at least that
- *                  size in Bytes.
- * \param output    The buffer for holding the output data. If \p length is greater
- *                  than zero, this must be a writable buffer of at least that
- *                  size in Bytes.
- * \param tag_len   The length of the tag to generate.
- * \param tag       The buffer for holding the tag. This must be a writable
- *                  buffer of at least \p tag_len Bytes.
- *
- * \return          \c 0 if the encryption or decryption was performed
- *                  successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
- *                  this does not indicate that the data is authentic.
- * \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
- *                  not valid or a cipher-specific error code if the encryption
- *                  or decryption failed.
- */
-int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
-                       int mode,
-                       size_t length,
-                       const unsigned char *iv,
-                       size_t iv_len,
-                       const unsigned char *add,
-                       size_t add_len,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t tag_len,
-                       unsigned char *tag );
-
-/**
- * \brief           This function performs a GCM authenticated decryption of a
- *                  buffer.
- *
- * \note            For decryption, the output buffer cannot be the same as
- *                  input buffer. If the buffers overlap, the output buffer
- *                  must trail at least 8 Bytes behind the input buffer.
- *
- * \param ctx       The GCM context. This must be initialized.
- * \param length    The length of the ciphertext to decrypt, which is also
- *                  the length of the decrypted plaintext.
- * \param iv        The initialization vector. This must be a readable buffer
- *                  of at least \p iv_len Bytes.
- * \param iv_len    The length of the IV.
- * \param add       The buffer holding the additional data. This must be of at
- *                  least that size in Bytes.
- * \param add_len   The length of the additional data.
- * \param tag       The buffer holding the tag to verify. This must be a
- *                  readable buffer of at least \p tag_len Bytes.
- * \param tag_len   The length of the tag to verify.
- * \param input     The buffer holding the ciphertext. If \p length is greater
- *                  than zero, this must be a readable buffer of at least that
- *                  size.
- * \param output    The buffer for holding the decrypted plaintext. If \p length
- *                  is greater than zero, this must be a writable buffer of at
- *                  least that size.
- *
- * \return          \c 0 if successful and authenticated.
- * \return          #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
- * \return          #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
- *                  not valid or a cipher-specific error code if the decryption
- *                  failed.
- */
-int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
-                      size_t length,
-                      const unsigned char *iv,
-                      size_t iv_len,
-                      const unsigned char *add,
-                      size_t add_len,
-                      const unsigned char *tag,
-                      size_t tag_len,
-                      const unsigned char *input,
-                      unsigned char *output );
-
-/**
- * \brief           This function starts a GCM encryption or decryption
- *                  operation.
- *
- * \param ctx       The GCM context. This must be initialized.
- * \param mode      The operation to perform: #MBEDTLS_GCM_ENCRYPT or
- *                  #MBEDTLS_GCM_DECRYPT.
- * \param iv        The initialization vector. This must be a readable buffer of
- *                  at least \p iv_len Bytes.
- * \param iv_len    The length of the IV.
- * \param add       The buffer holding the additional data, or \c NULL
- *                  if \p add_len is \c 0.
- * \param add_len   The length of the additional data. If \c 0,
- *                  \p add may be \c NULL.
- *
- * \return          \c 0 on success.
- */
-int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
-                int mode,
-                const unsigned char *iv,
-                size_t iv_len,
-                const unsigned char *add,
-                size_t add_len );
-
-/**
- * \brief           This function feeds an input buffer into an ongoing GCM
- *                  encryption or decryption operation.
- *
- *    `             The function expects input to be a multiple of 16
- *                  Bytes. Only the last call before calling
- *                  mbedtls_gcm_finish() can be less than 16 Bytes.
- *
- * \note            For decryption, the output buffer cannot be the same as
- *                  input buffer. If the buffers overlap, the output buffer
- *                  must trail at least 8 Bytes behind the input buffer.
- *
- * \param ctx       The GCM context. This must be initialized.
- * \param length    The length of the input data. This must be a multiple of
- *                  16 except in the last call before mbedtls_gcm_finish().
- * \param input     The buffer holding the input data. If \p length is greater
- *                  than zero, this must be a readable buffer of at least that
- *                  size in Bytes.
- * \param output    The buffer for holding the output data. If \p length is
- *                  greater than zero, this must be a writable buffer of at
- *                  least that size in Bytes.
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
- */
-int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
-                size_t length,
-                const unsigned char *input,
-                unsigned char *output );
-
-/**
- * \brief           This function finishes the GCM operation and generates
- *                  the authentication tag.
- *
- *                  It wraps up the GCM stream, and generates the
- *                  tag. The tag can have a maximum length of 16 Bytes.
- *
- * \param ctx       The GCM context. This must be initialized.
- * \param tag       The buffer for holding the tag. This must be a writable
- *                  buffer of at least \p tag_len Bytes.
- * \param tag_len   The length of the tag to generate. This must be at least
- *                  four.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
- */
-int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
-                unsigned char *tag,
-                size_t tag_len );
-
-/**
- * \brief           This function clears a GCM context and the underlying
- *                  cipher sub-context.
- *
- * \param ctx       The GCM context to clear. If this is \c NULL, the call has
- *                  no effect. Otherwise, this must be initialized.
- */
-void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          The GCM checkup routine.
- *
- * \return         \c 0 on success.
- * \return         \c 1 on failure.
- */
-int mbedtls_gcm_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#endif /* gcm.h */
diff --git a/Sources/mbedtls/include/mbedtls/havege.h b/Sources/mbedtls/include/mbedtls/havege.h
deleted file mode 100644
index 7d27039..0000000
--- a/Sources/mbedtls/include/mbedtls/havege.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/**
- * \file havege.h
- *
- * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_HAVEGE_H
-#define MBEDTLS_HAVEGE_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          HAVEGE state structure
- */
-typedef struct mbedtls_havege_state
-{
-    uint32_t PT1, PT2, offset[2];
-    uint32_t pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
-    uint32_t WALK[8192];
-}
-mbedtls_havege_state;
-
-/**
- * \brief          HAVEGE initialization
- *
- * \param hs       HAVEGE state to be initialized
- */
-void mbedtls_havege_init( mbedtls_havege_state *hs );
-
-/**
- * \brief          Clear HAVEGE state
- *
- * \param hs       HAVEGE state to be cleared
- */
-void mbedtls_havege_free( mbedtls_havege_state *hs );
-
-/**
- * \brief          HAVEGE rand function
- *
- * \param p_rng    A HAVEGE state
- * \param output   Buffer to fill
- * \param len      Length of buffer
- *
- * \return         0
- */
-int mbedtls_havege_random( void *p_rng, unsigned char *output, size_t len );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* havege.h */
diff --git a/Sources/mbedtls/include/mbedtls/hkdf.h b/Sources/mbedtls/include/mbedtls/hkdf.h
deleted file mode 100644
index 111d960..0000000
--- a/Sources/mbedtls/include/mbedtls/hkdf.h
+++ /dev/null
@@ -1,140 +0,0 @@
-/**
- * \file hkdf.h
- *
- * \brief   This file contains the HKDF interface.
- *
- *          The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is
- *          specified by RFC 5869.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_HKDF_H
-#define MBEDTLS_HKDF_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/md.h"
-
-/**
- *  \name HKDF Error codes
- *  \{
- */
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA  -0x5F80
-/** \} name */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- *  \brief  This is the HMAC-based Extract-and-Expand Key Derivation Function
- *          (HKDF).
- *
- *  \param  md        A hash function; md.size denotes the length of the hash
- *                    function output in bytes.
- *  \param  salt      An optional salt value (a non-secret random value);
- *                    if the salt is not provided, a string of all zeros of
- *                    md.size length is used as the salt.
- *  \param  salt_len  The length in bytes of the optional \p salt.
- *  \param  ikm       The input keying material.
- *  \param  ikm_len   The length in bytes of \p ikm.
- *  \param  info      An optional context and application specific information
- *                    string. This can be a zero-length string.
- *  \param  info_len  The length of \p info in bytes.
- *  \param  okm       The output keying material of \p okm_len bytes.
- *  \param  okm_len   The length of the output keying material in bytes. This
- *                    must be less than or equal to 255 * md.size bytes.
- *
- *  \return 0 on success.
- *  \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
- *  \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
- *          MD layer.
- */
-int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
-                  size_t salt_len, const unsigned char *ikm, size_t ikm_len,
-                  const unsigned char *info, size_t info_len,
-                  unsigned char *okm, size_t okm_len );
-
-/**
- *  \brief  Take the input keying material \p ikm and extract from it a
- *          fixed-length pseudorandom key \p prk.
- *
- *  \warning    This function should only be used if the security of it has been
- *              studied and established in that particular context (eg. TLS 1.3
- *              key schedule). For standard HKDF security guarantees use
- *              \c mbedtls_hkdf instead.
- *
- *  \param       md        A hash function; md.size denotes the length of the
- *                         hash function output in bytes.
- *  \param       salt      An optional salt value (a non-secret random value);
- *                         if the salt is not provided, a string of all zeros
- *                         of md.size length is used as the salt.
- *  \param       salt_len  The length in bytes of the optional \p salt.
- *  \param       ikm       The input keying material.
- *  \param       ikm_len   The length in bytes of \p ikm.
- *  \param[out]  prk       A pseudorandom key of at least md.size bytes.
- *
- *  \return 0 on success.
- *  \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
- *  \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
- *          MD layer.
- */
-int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
-                          const unsigned char *salt, size_t salt_len,
-                          const unsigned char *ikm, size_t ikm_len,
-                          unsigned char *prk );
-
-/**
- *  \brief  Expand the supplied \p prk into several additional pseudorandom
- *          keys, which is the output of the HKDF.
- *
- *  \warning    This function should only be used if the security of it has been
- *              studied and established in that particular context (eg. TLS 1.3
- *              key schedule). For standard HKDF security guarantees use
- *              \c mbedtls_hkdf instead.
- *
- *  \param  md        A hash function; md.size denotes the length of the hash
- *                    function output in bytes.
- *  \param  prk       A pseudorandom key of at least md.size bytes. \p prk is
- *                    usually the output from the HKDF extract step.
- *  \param  prk_len   The length in bytes of \p prk.
- *  \param  info      An optional context and application specific information
- *                    string. This can be a zero-length string.
- *  \param  info_len  The length of \p info in bytes.
- *  \param  okm       The output keying material of \p okm_len bytes.
- *  \param  okm_len   The length of the output keying material in bytes. This
- *                    must be less than or equal to 255 * md.size bytes.
- *
- *  \return 0 on success.
- *  \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
- *  \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
- *          MD layer.
- */
-int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
-                         size_t prk_len, const unsigned char *info,
-                         size_t info_len, unsigned char *okm, size_t okm_len );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* hkdf.h */
diff --git a/Sources/mbedtls/include/mbedtls/hmac_drbg.h b/Sources/mbedtls/include/mbedtls/hmac_drbg.h
deleted file mode 100644
index 6d372b9..0000000
--- a/Sources/mbedtls/include/mbedtls/hmac_drbg.h
+++ /dev/null
@@ -1,474 +0,0 @@
-/**
- * \file hmac_drbg.h
- *
- * \brief The HMAC_DRBG pseudorandom generator.
- *
- * This module implements the HMAC_DRBG pseudorandom generator described
- * in <em>NIST SP 800-90A: Recommendation for Random Number Generation Using
- * Deterministic Random Bit Generators</em>.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_HMAC_DRBG_H
-#define MBEDTLS_HMAC_DRBG_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/md.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/*
- * Error codes
- */
-/** Too many random requested in single call. */
-#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG              -0x0003
-/** Input too large (Entropy + additional). */
-#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG                -0x0005
-/** Read/write error in file. */
-#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR                -0x0007
-/** The entropy source failed. */
-#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED        -0x0009
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
-#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000   /**< Interval before reseed is performed by default */
-#endif
-
-#if !defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
-#define MBEDTLS_HMAC_DRBG_MAX_INPUT         256     /**< Maximum number of additional input bytes */
-#endif
-
-#if !defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
-#define MBEDTLS_HMAC_DRBG_MAX_REQUEST       1024    /**< Maximum number of requested bytes per call */
-#endif
-
-#if !defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
-#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT    384     /**< Maximum size of (re)seed buffer */
-#endif
-
-/** \} name SECTION: Module settings */
-
-#define MBEDTLS_HMAC_DRBG_PR_OFF   0   /**< No prediction resistance       */
-#define MBEDTLS_HMAC_DRBG_PR_ON    1   /**< Prediction resistance enabled  */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * HMAC_DRBG context.
- */
-typedef struct mbedtls_hmac_drbg_context
-{
-    /* Working state: the key K is not stored explicitly,
-     * but is implied by the HMAC context */
-    mbedtls_md_context_t md_ctx;                    /*!< HMAC context (inc. K)  */
-    unsigned char V[MBEDTLS_MD_MAX_SIZE];  /*!< V in the spec          */
-    int reseed_counter;                     /*!< reseed counter         */
-
-    /* Administrative state */
-    size_t entropy_len;         /*!< entropy bytes grabbed on each (re)seed */
-    int prediction_resistance;  /*!< enable prediction resistance (Automatic
-                                     reseed before every random generation) */
-    int reseed_interval;        /*!< reseed interval   */
-
-    /* Callbacks */
-    int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */
-    void *p_entropy;            /*!< context for the entropy function        */
-
-#if defined(MBEDTLS_THREADING_C)
-    /* Invariant: the mutex is initialized if and only if
-     * md_ctx->md_info != NULL. This means that the mutex is initialized
-     * during the initial seeding in mbedtls_hmac_drbg_seed() or
-     * mbedtls_hmac_drbg_seed_buf() and freed in mbedtls_ctr_drbg_free().
-     *
-     * Note that this invariant may change without notice. Do not rely on it
-     * and do not access the mutex directly in application code.
-     */
-    mbedtls_threading_mutex_t mutex;
-#endif
-} mbedtls_hmac_drbg_context;
-
-/**
- * \brief               HMAC_DRBG context initialization.
- *
- * This function makes the context ready for mbedtls_hmac_drbg_seed(),
- * mbedtls_hmac_drbg_seed_buf() or mbedtls_hmac_drbg_free().
- *
- * \note                The reseed interval is #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
- *                      by default. Override this value by calling
- *                      mbedtls_hmac_drbg_set_reseed_interval().
- *
- * \param ctx           HMAC_DRBG context to be initialized.
- */
-void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
-
-/**
- * \brief               HMAC_DRBG initial seeding.
- *
- * Set the initial seed and set up the entropy source for future reseeds.
- *
- * A typical choice for the \p f_entropy and \p p_entropy parameters is
- * to use the entropy module:
- * - \p f_entropy is mbedtls_entropy_func();
- * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized
- *   with mbedtls_entropy_init() (which registers the platform's default
- *   entropy sources).
- *
- * You can provide a personalization string in addition to the
- * entropy source, to make this instantiation as unique as possible.
- *
- * \note                By default, the security strength as defined by NIST is:
- *                      - 128 bits if \p md_info is SHA-1;
- *                      - 192 bits if \p md_info is SHA-224;
- *                      - 256 bits if \p md_info is SHA-256, SHA-384 or SHA-512.
- *                      Note that SHA-256 is just as efficient as SHA-224.
- *                      The security strength can be reduced if a smaller
- *                      entropy length is set with
- *                      mbedtls_hmac_drbg_set_entropy_len().
- *
- * \note                The default entropy length is the security strength
- *                      (converted from bits to bytes). You can override
- *                      it by calling mbedtls_hmac_drbg_set_entropy_len().
- *
- * \note                During the initial seeding, this function calls
- *                      the entropy source to obtain a nonce
- *                      whose length is half the entropy length.
- */
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note                When Mbed TLS is built with threading support,
- *                      after this function returns successfully,
- *                      it is safe to call mbedtls_hmac_drbg_random()
- *                      from multiple threads. Other operations, including
- *                      reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
- * \param ctx           HMAC_DRBG context to be seeded.
- * \param md_info       MD algorithm to use for HMAC_DRBG.
- * \param f_entropy     The entropy callback, taking as arguments the
- *                      \p p_entropy context, the buffer to fill, and the
- *                      length of the buffer.
- *                      \p f_entropy is always called with a length that is
- *                      less than or equal to the entropy length.
- * \param p_entropy     The entropy context to pass to \p f_entropy.
- * \param custom        The personalization string.
- *                      This can be \c NULL, in which case the personalization
- *                      string is empty regardless of the value of \p len.
- * \param len           The length of the personalization string.
- *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
- *                      and also at most
- *                      #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len * 3 / 2
- *                      where \p entropy_len is the entropy length
- *                      described above.
- *
- * \return              \c 0 if successful.
- * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info is
- *                      invalid.
- * \return              #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough
- *                      memory to allocate context data.
- * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
- *                      if the call to \p f_entropy failed.
- */
-int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
-                    const mbedtls_md_info_t * md_info,
-                    int (*f_entropy)(void *, unsigned char *, size_t),
-                    void *p_entropy,
-                    const unsigned char *custom,
-                    size_t len );
-
-/**
- * \brief               Initialisation of simplified HMAC_DRBG (never reseeds).
- *
- * This function is meant for use in algorithms that need a pseudorandom
- * input such as deterministic ECDSA.
- */
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note                When Mbed TLS is built with threading support,
- *                      after this function returns successfully,
- *                      it is safe to call mbedtls_hmac_drbg_random()
- *                      from multiple threads. Other operations, including
- *                      reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
- * \param ctx           HMAC_DRBG context to be initialised.
- * \param md_info       MD algorithm to use for HMAC_DRBG.
- * \param data          Concatenation of the initial entropy string and
- *                      the additional data.
- * \param data_len      Length of \p data in bytes.
- *
- * \return              \c 0 if successful. or
- * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info is
- *                      invalid.
- * \return              #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough
- *                      memory to allocate context data.
- */
-int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
-                        const mbedtls_md_info_t * md_info,
-                        const unsigned char *data, size_t data_len );
-
-/**
- * \brief               This function turns prediction resistance on or off.
- *                      The default value is off.
- *
- * \note                If enabled, entropy is gathered at the beginning of
- *                      every call to mbedtls_hmac_drbg_random_with_add()
- *                      or mbedtls_hmac_drbg_random().
- *                      Only use this if your entropy source has sufficient
- *                      throughput.
- *
- * \param ctx           The HMAC_DRBG context.
- * \param resistance    #MBEDTLS_HMAC_DRBG_PR_ON or #MBEDTLS_HMAC_DRBG_PR_OFF.
- */
-void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
-                                          int resistance );
-
-/**
- * \brief               This function sets the amount of entropy grabbed on each
- *                      seed or reseed.
- *
- * See the documentation of mbedtls_hmac_drbg_seed() for the default value.
- *
- * \param ctx           The HMAC_DRBG context.
- * \param len           The amount of entropy to grab, in bytes.
- */
-void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
-                                size_t len );
-
-/**
- * \brief               Set the reseed interval.
- *
- * The reseed interval is the number of calls to mbedtls_hmac_drbg_random()
- * or mbedtls_hmac_drbg_random_with_add() after which the entropy function
- * is called again.
- *
- * The default value is #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL.
- *
- * \param ctx           The HMAC_DRBG context.
- * \param interval      The reseed interval.
- */
-void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
-                                    int interval );
-
-/**
- * \brief               This function updates the state of the HMAC_DRBG context.
- *
- * \note                This function is not thread-safe. It is not safe
- *                      to call this function if another thread might be
- *                      concurrently obtaining random numbers from the same
- *                      context or updating or reseeding the same context.
- *
- * \param ctx           The HMAC_DRBG context.
- * \param additional    The data to update the state with.
- *                      If this is \c NULL, there is no additional data.
- * \param add_len       Length of \p additional in bytes.
- *                      Unused if \p additional is \c NULL.
- *
- * \return              \c 0 on success, or an error from the underlying
- *                      hash calculation.
- */
-int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
-                       const unsigned char *additional, size_t add_len );
-
-/**
- * \brief               This function reseeds the HMAC_DRBG context, that is
- *                      extracts data from the entropy source.
- *
- * \note                This function is not thread-safe. It is not safe
- *                      to call this function if another thread might be
- *                      concurrently obtaining random numbers from the same
- *                      context or updating or reseeding the same context.
- *
- * \param ctx           The HMAC_DRBG context.
- * \param additional    Additional data to add to the state.
- *                      If this is \c NULL, there is no additional data
- *                      and \p len should be \c 0.
- * \param len           The length of the additional data.
- *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
- *                      and also at most
- *                      #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len
- *                      where \p entropy_len is the entropy length
- *                      (see mbedtls_hmac_drbg_set_entropy_len()).
- *
- * \return              \c 0 if successful.
- * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
- *                      if a call to the entropy function failed.
- */
-int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
-                      const unsigned char *additional, size_t len );
-
-/**
- * \brief   This function updates an HMAC_DRBG instance with additional
- *          data and uses it to generate random data.
- *
- * This function automatically reseeds if the reseed counter is exceeded
- * or prediction resistance is enabled.
- *
- * \note                This function is not thread-safe. It is not safe
- *                      to call this function if another thread might be
- *                      concurrently obtaining random numbers from the same
- *                      context or updating or reseeding the same context.
- *
- * \param p_rng         The HMAC_DRBG context. This must be a pointer to a
- *                      #mbedtls_hmac_drbg_context structure.
- * \param output        The buffer to fill.
- * \param output_len    The length of the buffer in bytes.
- *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
- * \param additional    Additional data to update with.
- *                      If this is \c NULL, there is no additional data
- *                      and \p add_len should be \c 0.
- * \param add_len       The length of the additional data.
- *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT.
- *
- * \return              \c 0 if successful.
- * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
- *                      if a call to the entropy source failed.
- * \return              #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if
- *                      \p output_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
- * \return              #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if
- *                      \p add_len > #MBEDTLS_HMAC_DRBG_MAX_INPUT.
- */
-int mbedtls_hmac_drbg_random_with_add( void *p_rng,
-                               unsigned char *output, size_t output_len,
-                               const unsigned char *additional,
-                               size_t add_len );
-
-/**
- * \brief   This function uses HMAC_DRBG to generate random data.
- *
- * This function automatically reseeds if the reseed counter is exceeded
- * or prediction resistance is enabled.
- */
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note                When Mbed TLS is built with threading support,
- *                      it is safe to call mbedtls_ctr_drbg_random()
- *                      from multiple threads. Other operations, including
- *                      reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
- * \param p_rng         The HMAC_DRBG context. This must be a pointer to a
- *                      #mbedtls_hmac_drbg_context structure.
- * \param output        The buffer to fill.
- * \param out_len       The length of the buffer in bytes.
- *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
- *
- * \return              \c 0 if successful.
- * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
- *                      if a call to the entropy source failed.
- * \return              #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if
- *                      \p out_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
- */
-int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
-
-/**
- * \brief               This function resets HMAC_DRBG context to the state immediately
- *                      after initial call of mbedtls_hmac_drbg_init().
- *
- * \param ctx           The HMAC_DRBG context to free.
- */
-void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
-
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief               This function updates the state of the HMAC_DRBG context.
- *
- * \deprecated          Superseded by mbedtls_hmac_drbg_update_ret()
- *                      in 2.16.0.
- *
- * \param ctx           The HMAC_DRBG context.
- * \param additional    The data to update the state with.
- *                      If this is \c NULL, there is no additional data.
- * \param add_len       Length of \p additional in bytes.
- *                      Unused if \p additional is \c NULL.
- */
-MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update(
-    mbedtls_hmac_drbg_context *ctx,
-    const unsigned char *additional, size_t add_len );
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief               This function writes a seed file.
- *
- * \param ctx           The HMAC_DRBG context.
- * \param path          The name of the file.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR on file error.
- * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on reseed
- *                      failure.
- */
-int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
-
-/**
- * \brief               This function reads and updates a seed file. The seed
- *                      is added to this instance.
- *
- * \param ctx           The HMAC_DRBG context.
- * \param path          The name of the file.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR on file error.
- * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on
- *                      reseed failure.
- * \return              #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if the existing
- *                      seed file is too large.
- */
-int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief               The HMAC_DRBG Checkup routine.
- *
- * \return              \c 0 if successful.
- * \return              \c 1 if the test failed.
- */
-int mbedtls_hmac_drbg_self_test( int verbose );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* hmac_drbg.h */
diff --git a/Sources/mbedtls/include/mbedtls/md.h b/Sources/mbedtls/include/mbedtls/md.h
deleted file mode 100644
index 9cea40a..0000000
--- a/Sources/mbedtls/include/mbedtls/md.h
+++ /dev/null
@@ -1,493 +0,0 @@
- /**
- * \file md.h
- *
- * \brief This file contains the generic message-digest wrapper.
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_MD_H
-#define MBEDTLS_MD_H
-
-#include <stddef.h>
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-#include "mbedtls/platform_util.h"
-
-/** The selected feature is not available. */
-#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE                -0x5080
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_MD_BAD_INPUT_DATA                     -0x5100
-/** Failed to allocate memory. */
-#define MBEDTLS_ERR_MD_ALLOC_FAILED                       -0x5180
-/** Opening or reading of file failed. */
-#define MBEDTLS_ERR_MD_FILE_IO_ERROR                      -0x5200
-
-/* MBEDTLS_ERR_MD_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** MD hardware accelerator failed. */
-#define MBEDTLS_ERR_MD_HW_ACCEL_FAILED                    -0x5280
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief     Supported message digests.
- *
- * \warning   MD2, MD4, MD5 and SHA-1 are considered weak message digests and
- *            their use constitutes a security risk. We recommend considering
- *            stronger message digests instead.
- *
- */
-typedef enum {
-    MBEDTLS_MD_NONE=0,    /**< None. */
-    MBEDTLS_MD_MD2,       /**< The MD2 message digest. */
-    MBEDTLS_MD_MD4,       /**< The MD4 message digest. */
-    MBEDTLS_MD_MD5,       /**< The MD5 message digest. */
-    MBEDTLS_MD_SHA1,      /**< The SHA-1 message digest. */
-    MBEDTLS_MD_SHA224,    /**< The SHA-224 message digest. */
-    MBEDTLS_MD_SHA256,    /**< The SHA-256 message digest. */
-    MBEDTLS_MD_SHA384,    /**< The SHA-384 message digest. */
-    MBEDTLS_MD_SHA512,    /**< The SHA-512 message digest. */
-    MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
-} mbedtls_md_type_t;
-
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_MAX_SIZE         64  /* longest known is SHA512 */
-#else
-#define MBEDTLS_MD_MAX_SIZE         32  /* longest known is SHA256 or less */
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_MAX_BLOCK_SIZE         128
-#else
-#define MBEDTLS_MD_MAX_BLOCK_SIZE         64
-#endif
-
-/**
- * Opaque struct defined in md_internal.h.
- */
-typedef struct mbedtls_md_info_t mbedtls_md_info_t;
-
-/**
- * The generic message-digest context.
- */
-typedef struct mbedtls_md_context_t
-{
-    /** Information about the associated message digest. */
-    const mbedtls_md_info_t *md_info;
-
-    /** The digest-specific context. */
-    void *md_ctx;
-
-    /** The HMAC part of the context. */
-    void *hmac_ctx;
-} mbedtls_md_context_t;
-
-/**
- * \brief           This function returns the list of digests supported by the
- *                  generic digest module.
- *
- * \note            The list starts with the strongest available hashes.
- *
- * \return          A statically allocated array of digests. Each element
- *                  in the returned list is an integer belonging to the
- *                  message-digest enumeration #mbedtls_md_type_t.
- *                  The last entry is 0.
- */
-const int *mbedtls_md_list( void );
-
-/**
- * \brief           This function returns the message-digest information
- *                  associated with the given digest name.
- *
- * \param md_name   The name of the digest to search for.
- *
- * \return          The message-digest information associated with \p md_name.
- * \return          NULL if the associated message-digest information is not found.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
-
-/**
- * \brief           This function returns the message-digest information
- *                  associated with the given digest type.
- *
- * \param md_type   The type of digest to search for.
- *
- * \return          The message-digest information associated with \p md_type.
- * \return          NULL if the associated message-digest information is not found.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
-
-/**
- * \brief           This function initializes a message-digest context without
- *                  binding it to a particular message-digest algorithm.
- *
- *                  This function should always be called first. It prepares the
- *                  context for mbedtls_md_setup() for binding it to a
- *                  message-digest algorithm.
- */
-void mbedtls_md_init( mbedtls_md_context_t *ctx );
-
-/**
- * \brief           This function clears the internal structure of \p ctx and
- *                  frees any embedded internal structure, but does not free
- *                  \p ctx itself.
- *
- *                  If you have called mbedtls_md_setup() on \p ctx, you must
- *                  call mbedtls_md_free() when you are no longer using the
- *                  context.
- *                  Calling this function if you have previously
- *                  called mbedtls_md_init() and nothing else is optional.
- *                  You must not call this function if you have not called
- *                  mbedtls_md_init().
- */
-void mbedtls_md_free( mbedtls_md_context_t *ctx );
-
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief           This function selects the message digest algorithm to use,
- *                  and allocates internal structures.
- *
- *                  It should be called after mbedtls_md_init() or mbedtls_md_free().
- *                  Makes it necessary to call mbedtls_md_free() later.
- *
- * \deprecated      Superseded by mbedtls_md_setup() in 2.0.0
- *
- * \param ctx       The context to set up.
- * \param md_info   The information structure of the message-digest algorithm
- *                  to use.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- *                  failure.
- * \return          #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
- */
-int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
-#undef MBEDTLS_DEPRECATED
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief           This function selects the message digest algorithm to use,
- *                  and allocates internal structures.
- *
- *                  It should be called after mbedtls_md_init() or
- *                  mbedtls_md_free(). Makes it necessary to call
- *                  mbedtls_md_free() later.
- *
- * \param ctx       The context to set up.
- * \param md_info   The information structure of the message-digest algorithm
- *                  to use.
- * \param hmac      Defines if HMAC is used. 0: HMAC is not used (saves some memory),
- *                  or non-zero: HMAC is used with this context.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- *                  failure.
- * \return          #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
-
-/**
- * \brief           This function clones the state of a message-digest
- *                  context.
- *
- * \note            You must call mbedtls_md_setup() on \c dst before calling
- *                  this function.
- *
- * \note            The two contexts must have the same type,
- *                  for example, both are SHA-256.
- *
- * \warning         This function clones the message-digest state, not the
- *                  HMAC state.
- *
- * \param dst       The destination context.
- * \param src       The context to be cloned.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_clone( mbedtls_md_context_t *dst,
-                      const mbedtls_md_context_t *src );
-
-/**
- * \brief           This function extracts the message-digest size from the
- *                  message-digest information structure.
- *
- * \param md_info   The information structure of the message-digest algorithm
- *                  to use.
- *
- * \return          The size of the message-digest output in Bytes.
- */
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief           This function extracts the message-digest type from the
- *                  message-digest information structure.
- *
- * \param md_info   The information structure of the message-digest algorithm
- *                  to use.
- *
- * \return          The type of the message digest.
- */
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief           This function extracts the message-digest name from the
- *                  message-digest information structure.
- *
- * \param md_info   The information structure of the message-digest algorithm
- *                  to use.
- *
- * \return          The name of the message digest.
- */
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
-
-/**
- * \brief           This function starts a message-digest computation.
- *
- *                  You must call this function after setting up the context
- *                  with mbedtls_md_setup(), and before passing data with
- *                  mbedtls_md_update().
- *
- * \param ctx       The generic message-digest context.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- *                  failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_starts( mbedtls_md_context_t *ctx );
-
-/**
- * \brief           This function feeds an input buffer into an ongoing
- *                  message-digest computation.
- *
- *                  You must call mbedtls_md_starts() before calling this
- *                  function. You may call this function multiple times.
- *                  Afterwards, call mbedtls_md_finish().
- *
- * \param ctx       The generic message-digest context.
- * \param input     The buffer holding the input data.
- * \param ilen      The length of the input data.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- *                  failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
-
-/**
- * \brief           This function finishes the digest operation,
- *                  and writes the result to the output buffer.
- *
- *                  Call this function after a call to mbedtls_md_starts(),
- *                  followed by any number of calls to mbedtls_md_update().
- *                  Afterwards, you may either clear the context with
- *                  mbedtls_md_free(), or call mbedtls_md_starts() to reuse
- *                  the context for another digest operation with the same
- *                  algorithm.
- *
- * \param ctx       The generic message-digest context.
- * \param output    The buffer for the generic message-digest checksum result.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- *                  failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
-
-/**
- * \brief          This function calculates the message-digest of a buffer,
- *                 with respect to a configurable message-digest algorithm
- *                 in a single call.
- *
- *                 The result is calculated as
- *                 Output = message_digest(input buffer).
- *
- * \param md_info  The information structure of the message-digest algorithm
- *                 to use.
- * \param input    The buffer holding the data.
- * \param ilen     The length of the input data.
- * \param output   The generic message-digest checksum result.
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- *                 failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
-        unsigned char *output );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief          This function calculates the message-digest checksum
- *                 result of the contents of the provided file.
- *
- *                 The result is calculated as
- *                 Output = message_digest(file contents).
- *
- * \param md_info  The information structure of the message-digest algorithm
- *                 to use.
- * \param path     The input file name.
- * \param output   The generic message-digest checksum result.
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_MD_FILE_IO_ERROR on an I/O error accessing
- *                 the file pointed by \p path.
- * \return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
-                     unsigned char *output );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief           This function sets the HMAC key and prepares to
- *                  authenticate a new message.
- *
- *                  Call this function after mbedtls_md_setup(), to use
- *                  the MD context for an HMAC calculation, then call
- *                  mbedtls_md_hmac_update() to provide the input data, and
- *                  mbedtls_md_hmac_finish() to get the HMAC value.
- *
- * \param ctx       The message digest context containing an embedded HMAC
- *                  context.
- * \param key       The HMAC secret key.
- * \param keylen    The length of the HMAC key in Bytes.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- *                  failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
-                    size_t keylen );
-
-/**
- * \brief           This function feeds an input buffer into an ongoing HMAC
- *                  computation.
- *
- *                  Call mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
- *                  before calling this function.
- *                  You may call this function multiple times to pass the
- *                  input piecewise.
- *                  Afterwards, call mbedtls_md_hmac_finish().
- *
- * \param ctx       The message digest context containing an embedded HMAC
- *                  context.
- * \param input     The buffer holding the input data.
- * \param ilen      The length of the input data.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- *                  failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
-                    size_t ilen );
-
-/**
- * \brief           This function finishes the HMAC operation, and writes
- *                  the result to the output buffer.
- *
- *                  Call this function after mbedtls_md_hmac_starts() and
- *                  mbedtls_md_hmac_update() to get the HMAC value. Afterwards
- *                  you may either call mbedtls_md_free() to clear the context,
- *                  or call mbedtls_md_hmac_reset() to reuse the context with
- *                  the same HMAC key.
- *
- * \param ctx       The message digest context containing an embedded HMAC
- *                  context.
- * \param output    The generic HMAC checksum result.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- *                  failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
-
-/**
- * \brief           This function prepares to authenticate a new message with
- *                  the same key as the previous HMAC operation.
- *
- *                  You may call this function after mbedtls_md_hmac_finish().
- *                  Afterwards call mbedtls_md_hmac_update() to pass the new
- *                  input.
- *
- * \param ctx       The message digest context containing an embedded HMAC
- *                  context.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- *                  failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
-
-/**
- * \brief          This function calculates the full generic HMAC
- *                 on the input buffer with the provided key.
- *
- *                 The function allocates the context, performs the
- *                 calculation, and frees the context.
- *
- *                 The HMAC result is calculated as
- *                 output = generic HMAC(hmac key, input buffer).
- *
- * \param md_info  The information structure of the message-digest algorithm
- *                 to use.
- * \param key      The HMAC secret key.
- * \param keylen   The length of the HMAC secret key in Bytes.
- * \param input    The buffer holding the input data.
- * \param ilen     The length of the input data.
- * \param output   The generic HMAC result.
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
- *                 failure.
- */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output );
-
-/* Internal use */
-MBEDTLS_CHECK_RETURN_TYPICAL
-int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_MD_H */
diff --git a/Sources/mbedtls/include/mbedtls/md2.h b/Sources/mbedtls/include/mbedtls/md2.h
deleted file mode 100644
index 7f3d5cf..0000000
--- a/Sources/mbedtls/include/mbedtls/md2.h
+++ /dev/null
@@ -1,305 +0,0 @@
-/**
- * \file md2.h
- *
- * \brief MD2 message digest algorithm (hash function)
- *
- * \warning MD2 is considered a weak message digest and its use constitutes a
- *          security risk. We recommend considering stronger message digests
- *          instead.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-#ifndef MBEDTLS_MD2_H
-#define MBEDTLS_MD2_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-/* MBEDTLS_ERR_MD2_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** MD2 hardware accelerator failed */
-#define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED                   -0x002B
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_MD2_ALT)
-// Regular implementation
-//
-
-/**
- * \brief          MD2 context structure
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-typedef struct mbedtls_md2_context
-{
-    unsigned char cksum[16];    /*!< checksum of the data block */
-    unsigned char state[48];    /*!< intermediate digest state  */
-    unsigned char buffer[16];   /*!< data block being processed */
-    size_t left;                /*!< amount of data in buffer   */
-}
-mbedtls_md2_context;
-
-#else  /* MBEDTLS_MD2_ALT */
-#include "md2_alt.h"
-#endif /* MBEDTLS_MD2_ALT */
-
-/**
- * \brief          Initialize MD2 context
- *
- * \param ctx      MD2 context to be initialized
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md2_init( mbedtls_md2_context *ctx );
-
-/**
- * \brief          Clear MD2 context
- *
- * \param ctx      MD2 context to be cleared
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md2_free( mbedtls_md2_context *ctx );
-
-/**
- * \brief          Clone (the state of) an MD2 context
- *
- * \param dst      The destination context
- * \param src      The context to be cloned
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md2_clone( mbedtls_md2_context *dst,
-                        const mbedtls_md2_context *src );
-
-/**
- * \brief          MD2 context setup
- *
- * \param ctx      context to be initialized
- *
- * \return         0 if successful
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx );
-
-/**
- * \brief          MD2 process buffer
- *
- * \param ctx      MD2 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \return         0 if successful
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen );
-
-/**
- * \brief          MD2 final digest
- *
- * \param ctx      MD2 context
- * \param output   MD2 checksum result
- *
- * \return         0 if successful
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
-                            unsigned char output[16] );
-
-/**
- * \brief          MD2 process data block (internal use only)
- *
- * \param ctx      MD2 context
- *
- * \return         0 if successful
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_internal_md2_process( mbedtls_md2_context *ctx );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          MD2 context setup
- *
- * \deprecated     Superseded by mbedtls_md2_starts_ret() in 2.7.0
- *
- * \param ctx      context to be initialized
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx );
-
-/**
- * \brief          MD2 process buffer
- *
- * \deprecated     Superseded by mbedtls_md2_update_ret() in 2.7.0
- *
- * \param ctx      MD2 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx,
-                                            const unsigned char *input,
-                                            size_t ilen );
-
-/**
- * \brief          MD2 final digest
- *
- * \deprecated     Superseded by mbedtls_md2_finish_ret() in 2.7.0
- *
- * \param ctx      MD2 context
- * \param output   MD2 checksum result
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx,
-                                            unsigned char output[16] );
-
-/**
- * \brief          MD2 process data block (internal use only)
- *
- * \deprecated     Superseded by mbedtls_internal_md2_process() in 2.7.0
- *
- * \param ctx      MD2 context
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          Output = MD2( input buffer )
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   MD2 checksum result
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md2_ret( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[16] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          Output = MD2( input buffer )
- *
- * \deprecated     Superseded by mbedtls_md2_ret() in 2.7.0
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   MD2 checksum result
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input,
-                                     size_t ilen,
-                                     unsigned char output[16] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- *
- * \warning        MD2 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md2_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_md2.h */
diff --git a/Sources/mbedtls/include/mbedtls/md4.h b/Sources/mbedtls/include/mbedtls/md4.h
deleted file mode 100644
index 0238c67..0000000
--- a/Sources/mbedtls/include/mbedtls/md4.h
+++ /dev/null
@@ -1,310 +0,0 @@
-/**
- * \file md4.h
- *
- * \brief MD4 message digest algorithm (hash function)
- *
- * \warning MD4 is considered a weak message digest and its use constitutes a
- *          security risk. We recommend considering stronger message digests
- *          instead.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-#ifndef MBEDTLS_MD4_H
-#define MBEDTLS_MD4_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-/* MBEDTLS_ERR_MD4_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** MD4 hardware accelerator failed */
-#define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED                   -0x002D
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_MD4_ALT)
-// Regular implementation
-//
-
-/**
- * \brief          MD4 context structure
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-typedef struct mbedtls_md4_context
-{
-    uint32_t total[2];          /*!< number of bytes processed  */
-    uint32_t state[4];          /*!< intermediate digest state  */
-    unsigned char buffer[64];   /*!< data block being processed */
-}
-mbedtls_md4_context;
-
-#else  /* MBEDTLS_MD4_ALT */
-#include "md4_alt.h"
-#endif /* MBEDTLS_MD4_ALT */
-
-/**
- * \brief          Initialize MD4 context
- *
- * \param ctx      MD4 context to be initialized
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md4_init( mbedtls_md4_context *ctx );
-
-/**
- * \brief          Clear MD4 context
- *
- * \param ctx      MD4 context to be cleared
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md4_free( mbedtls_md4_context *ctx );
-
-/**
- * \brief          Clone (the state of) an MD4 context
- *
- * \param dst      The destination context
- * \param src      The context to be cloned
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md4_clone( mbedtls_md4_context *dst,
-                        const mbedtls_md4_context *src );
-
-/**
- * \brief          MD4 context setup
- *
- * \param ctx      context to be initialized
- *
- * \return         0 if successful
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- */
-int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx );
-
-/**
- * \brief          MD4 process buffer
- *
- * \param ctx      MD4 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \return         0 if successful
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen );
-
-/**
- * \brief          MD4 final digest
- *
- * \param ctx      MD4 context
- * \param output   MD4 checksum result
- *
- * \return         0 if successful
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
-                            unsigned char output[16] );
-
-/**
- * \brief          MD4 process data block (internal use only)
- *
- * \param ctx      MD4 context
- * \param data     buffer holding one block of data
- *
- * \return         0 if successful
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
-                                  const unsigned char data[64] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          MD4 context setup
- *
- * \deprecated     Superseded by mbedtls_md4_starts_ret() in 2.7.0
- *
- * \param ctx      context to be initialized
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx );
-
-/**
- * \brief          MD4 process buffer
- *
- * \deprecated     Superseded by mbedtls_md4_update_ret() in 2.7.0
- *
- * \param ctx      MD4 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx,
-                                            const unsigned char *input,
-                                            size_t ilen );
-
-/**
- * \brief          MD4 final digest
- *
- * \deprecated     Superseded by mbedtls_md4_finish_ret() in 2.7.0
- *
- * \param ctx      MD4 context
- * \param output   MD4 checksum result
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx,
-                                            unsigned char output[16] );
-
-/**
- * \brief          MD4 process data block (internal use only)
- *
- * \deprecated     Superseded by mbedtls_internal_md4_process() in 2.7.0
- *
- * \param ctx      MD4 context
- * \param data     buffer holding one block of data
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx,
-                                             const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          Output = MD4( input buffer )
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   MD4 checksum result
- *
- * \return         0 if successful
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md4_ret( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[16] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          Output = MD4( input buffer )
- *
- * \deprecated     Superseded by mbedtls_md4_ret() in 2.7.0
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   MD4 checksum result
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input,
-                                     size_t ilen,
-                                     unsigned char output[16] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- *
- * \warning        MD4 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md4_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_md4.h */
diff --git a/Sources/mbedtls/include/mbedtls/md5.h b/Sources/mbedtls/include/mbedtls/md5.h
deleted file mode 100644
index 73e4dd2..0000000
--- a/Sources/mbedtls/include/mbedtls/md5.h
+++ /dev/null
@@ -1,310 +0,0 @@
-/**
- * \file md5.h
- *
- * \brief MD5 message digest algorithm (hash function)
- *
- * \warning   MD5 is considered a weak message digest and its use constitutes a
- *            security risk. We recommend considering stronger message
- *            digests instead.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_MD5_H
-#define MBEDTLS_MD5_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-/* MBEDTLS_ERR_MD5_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** MD5 hardware accelerator failed */
-#define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED                   -0x002F
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_MD5_ALT)
-// Regular implementation
-//
-
-/**
- * \brief          MD5 context structure
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-typedef struct mbedtls_md5_context
-{
-    uint32_t total[2];          /*!< number of bytes processed  */
-    uint32_t state[4];          /*!< intermediate digest state  */
-    unsigned char buffer[64];   /*!< data block being processed */
-}
-mbedtls_md5_context;
-
-#else  /* MBEDTLS_MD5_ALT */
-#include "md5_alt.h"
-#endif /* MBEDTLS_MD5_ALT */
-
-/**
- * \brief          Initialize MD5 context
- *
- * \param ctx      MD5 context to be initialized
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md5_init( mbedtls_md5_context *ctx );
-
-/**
- * \brief          Clear MD5 context
- *
- * \param ctx      MD5 context to be cleared
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md5_free( mbedtls_md5_context *ctx );
-
-/**
- * \brief          Clone (the state of) an MD5 context
- *
- * \param dst      The destination context
- * \param src      The context to be cloned
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-void mbedtls_md5_clone( mbedtls_md5_context *dst,
-                        const mbedtls_md5_context *src );
-
-/**
- * \brief          MD5 context setup
- *
- * \param ctx      context to be initialized
- *
- * \return         0 if successful
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx );
-
-/**
- * \brief          MD5 process buffer
- *
- * \param ctx      MD5 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \return         0 if successful
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen );
-
-/**
- * \brief          MD5 final digest
- *
- * \param ctx      MD5 context
- * \param output   MD5 checksum result
- *
- * \return         0 if successful
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
-                            unsigned char output[16] );
-
-/**
- * \brief          MD5 process data block (internal use only)
- *
- * \param ctx      MD5 context
- * \param data     buffer holding one block of data
- *
- * \return         0 if successful
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
-                                  const unsigned char data[64] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          MD5 context setup
- *
- * \deprecated     Superseded by mbedtls_md5_starts_ret() in 2.7.0
- *
- * \param ctx      context to be initialized
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx );
-
-/**
- * \brief          MD5 process buffer
- *
- * \deprecated     Superseded by mbedtls_md5_update_ret() in 2.7.0
- *
- * \param ctx      MD5 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx,
-                                            const unsigned char *input,
-                                            size_t ilen );
-
-/**
- * \brief          MD5 final digest
- *
- * \deprecated     Superseded by mbedtls_md5_finish_ret() in 2.7.0
- *
- * \param ctx      MD5 context
- * \param output   MD5 checksum result
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx,
-                                            unsigned char output[16] );
-
-/**
- * \brief          MD5 process data block (internal use only)
- *
- * \deprecated     Superseded by mbedtls_internal_md5_process() in 2.7.0
- *
- * \param ctx      MD5 context
- * \param data     buffer holding one block of data
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx,
-                                             const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          Output = MD5( input buffer )
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   MD5 checksum result
- *
- * \return         0 if successful
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md5_ret( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[16] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          Output = MD5( input buffer )
- *
- * \deprecated     Superseded by mbedtls_md5_ret() in 2.7.0
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   MD5 checksum result
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input,
-                                     size_t ilen,
-                                     unsigned char output[16] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- *
- * \warning        MD5 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-int mbedtls_md5_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_md5.h */
diff --git a/Sources/mbedtls/include/mbedtls/md_internal.h b/Sources/mbedtls/include/mbedtls/md_internal.h
deleted file mode 100644
index f33cdf6..0000000
--- a/Sources/mbedtls/include/mbedtls/md_internal.h
+++ /dev/null
@@ -1,90 +0,0 @@
-/**
- * \file md_internal.h
- *
- * \brief Message digest wrappers.
- *
- * \warning This in an internal header. Do not include directly.
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_MD_WRAP_H
-#define MBEDTLS_MD_WRAP_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/md.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Message digest information.
- * Allows message digest functions to be called in a generic way.
- */
-struct mbedtls_md_info_t
-{
-    /** Name of the message digest */
-    const char * name;
-
-    /** Digest identifier */
-    mbedtls_md_type_t type;
-
-    /** Output length of the digest function in bytes */
-    unsigned char size;
-
-    /** Block length of the digest function in bytes */
-    unsigned char block_size;
-};
-
-#if defined(MBEDTLS_MD2_C)
-extern const mbedtls_md_info_t mbedtls_md2_info;
-#endif
-#if defined(MBEDTLS_MD4_C)
-extern const mbedtls_md_info_t mbedtls_md4_info;
-#endif
-#if defined(MBEDTLS_MD5_C)
-extern const mbedtls_md_info_t mbedtls_md5_info;
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-extern const mbedtls_md_info_t mbedtls_ripemd160_info;
-#endif
-#if defined(MBEDTLS_SHA1_C)
-extern const mbedtls_md_info_t mbedtls_sha1_info;
-#endif
-#if defined(MBEDTLS_SHA256_C)
-extern const mbedtls_md_info_t mbedtls_sha224_info;
-extern const mbedtls_md_info_t mbedtls_sha256_info;
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-extern const mbedtls_md_info_t mbedtls_sha384_info;
-#endif
-extern const mbedtls_md_info_t mbedtls_sha512_info;
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_MD_WRAP_H */
diff --git a/Sources/mbedtls/include/mbedtls/memory_buffer_alloc.h b/Sources/mbedtls/include/mbedtls/memory_buffer_alloc.h
deleted file mode 100644
index 3954b36..0000000
--- a/Sources/mbedtls/include/mbedtls/memory_buffer_alloc.h
+++ /dev/null
@@ -1,149 +0,0 @@
-/**
- * \file memory_buffer_alloc.h
- *
- * \brief Buffer-based memory allocator
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
-#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
-#define MBEDTLS_MEMORY_ALIGN_MULTIPLE       4 /**< Align on multiples of this value */
-#endif
-
-/** \} name SECTION: Module settings */
-
-#define MBEDTLS_MEMORY_VERIFY_NONE         0
-#define MBEDTLS_MEMORY_VERIFY_ALLOC        (1 << 0)
-#define MBEDTLS_MEMORY_VERIFY_FREE         (1 << 1)
-#define MBEDTLS_MEMORY_VERIFY_ALWAYS       (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief   Initialize use of stack-based memory allocator.
- *          The stack-based allocator does memory management inside the
- *          presented buffer and does not call calloc() and free().
- *          It sets the global mbedtls_calloc() and mbedtls_free() pointers
- *          to its own functions.
- *          (Provided mbedtls_calloc() and mbedtls_free() are thread-safe if
- *           MBEDTLS_THREADING_C is defined)
- *
- * \note    This code is not optimized and provides a straight-forward
- *          implementation of a stack-based memory allocator.
- *
- * \param buf   buffer to use as heap
- * \param len   size of the buffer
- */
-void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len );
-
-/**
- * \brief   Free the mutex for thread-safety and clear remaining memory
- */
-void mbedtls_memory_buffer_alloc_free( void );
-
-/**
- * \brief   Determine when the allocator should automatically verify the state
- *          of the entire chain of headers / meta-data.
- *          (Default: MBEDTLS_MEMORY_VERIFY_NONE)
- *
- * \param verify    One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
- *                  MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
- */
-void mbedtls_memory_buffer_set_verify( int verify );
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-/**
- * \brief   Print out the status of the allocated memory (primarily for use
- *          after a program should have de-allocated all memory)
- *          Prints out a list of 'still allocated' blocks and their stack
- *          trace if MBEDTLS_MEMORY_BACKTRACE is defined.
- */
-void mbedtls_memory_buffer_alloc_status( void );
-
-/**
- * \brief   Get the peak heap usage so far
- *
- * \param max_used      Peak number of bytes in use or committed. This
- *                      includes bytes in allocated blocks too small to split
- *                      into smaller blocks but larger than the requested size.
- * \param max_blocks    Peak number of blocks in use, including free and used
- */
-void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
-
-/**
- * \brief   Reset peak statistics
- */
-void mbedtls_memory_buffer_alloc_max_reset( void );
-
-/**
- * \brief   Get the current heap usage
- *
- * \param cur_used      Current number of bytes in use or committed. This
- *                      includes bytes in allocated blocks too small to split
- *                      into smaller blocks but larger than the requested size.
- * \param cur_blocks    Current number of blocks in use, including free and used
- */
-void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
-#endif /* MBEDTLS_MEMORY_DEBUG */
-
-/**
- * \brief   Verifies that all headers in the memory buffer are correct
- *          and contain sane values. Helps debug buffer-overflow errors.
- *
- *          Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined.
- *          Prints out full header information if MBEDTLS_MEMORY_DEBUG
- *          is defined. (Includes stack trace information for each block if
- *          MBEDTLS_MEMORY_BACKTRACE is defined as well).
- *
- * \return             0 if verified, 1 otherwise
- */
-int mbedtls_memory_buffer_alloc_verify( void );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if a test failed
- */
-int mbedtls_memory_buffer_alloc_self_test( int verbose );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* memory_buffer_alloc.h */
diff --git a/Sources/mbedtls/include/mbedtls/net.h b/Sources/mbedtls/include/mbedtls/net.h
deleted file mode 100644
index 6692188..0000000
--- a/Sources/mbedtls/include/mbedtls/net.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- * \file net.h
- *
- * \brief Deprecated header file that includes net_sockets.h
- *
- * \deprecated Superseded by mbedtls/net_sockets.h
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#include "mbedtls/net_sockets.h"
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "Deprecated header file: Superseded by mbedtls/net_sockets.h"
-#endif /* MBEDTLS_DEPRECATED_WARNING */
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
diff --git a/Sources/mbedtls/include/mbedtls/net_sockets.h b/Sources/mbedtls/include/mbedtls/net_sockets.h
deleted file mode 100644
index ceb7d5f..0000000
--- a/Sources/mbedtls/include/mbedtls/net_sockets.h
+++ /dev/null
@@ -1,301 +0,0 @@
-/**
- * \file net_sockets.h
- *
- * \brief   Network sockets abstraction layer to integrate Mbed TLS into a
- *          BSD-style sockets API.
- *
- *          The network sockets module provides an example integration of the
- *          Mbed TLS library into a BSD sockets implementation. The module is
- *          intended to be an example of how Mbed TLS can be integrated into a
- *          networking stack, as well as to be Mbed TLS's network integration
- *          for its supported platforms.
- *
- *          The module is intended only to be used with the Mbed TLS library and
- *          is not intended to be used by third party application software
- *          directly.
- *
- *          The supported platforms are as follows:
- *              * Microsoft Windows and Windows CE
- *              * POSIX/Unix platforms including Linux, OS X
- *
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_NET_SOCKETS_H
-#define MBEDTLS_NET_SOCKETS_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/ssl.h"
-
-#include <stddef.h>
-#include <stdint.h>
-
-/** Failed to open a socket. */
-#define MBEDTLS_ERR_NET_SOCKET_FAILED                     -0x0042
-/** The connection to the given server / port failed. */
-#define MBEDTLS_ERR_NET_CONNECT_FAILED                    -0x0044
-/** Binding of the socket failed. */
-#define MBEDTLS_ERR_NET_BIND_FAILED                       -0x0046
-/** Could not listen on the socket. */
-#define MBEDTLS_ERR_NET_LISTEN_FAILED                     -0x0048
-/** Could not accept the incoming connection. */
-#define MBEDTLS_ERR_NET_ACCEPT_FAILED                     -0x004A
-/** Reading information from the socket failed. */
-#define MBEDTLS_ERR_NET_RECV_FAILED                       -0x004C
-/** Sending information through the socket failed. */
-#define MBEDTLS_ERR_NET_SEND_FAILED                       -0x004E
-/** Connection was reset by peer. */
-#define MBEDTLS_ERR_NET_CONN_RESET                        -0x0050
-/** Failed to get an IP address for the given hostname. */
-#define MBEDTLS_ERR_NET_UNKNOWN_HOST                      -0x0052
-/** Buffer is too small to hold the data. */
-#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL                  -0x0043
-/** The context is invalid, eg because it was free()ed. */
-#define MBEDTLS_ERR_NET_INVALID_CONTEXT                   -0x0045
-/** Polling the net context failed. */
-#define MBEDTLS_ERR_NET_POLL_FAILED                       -0x0047
-/** Input invalid. */
-#define MBEDTLS_ERR_NET_BAD_INPUT_DATA                    -0x0049
-
-#define MBEDTLS_NET_LISTEN_BACKLOG         10 /**< The backlog that listen() should use. */
-
-#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
-#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
-
-#define MBEDTLS_NET_POLL_READ  1 /**< Used in \c mbedtls_net_poll to check for pending data  */
-#define MBEDTLS_NET_POLL_WRITE 2 /**< Used in \c mbedtls_net_poll to check if write possible */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Wrapper type for sockets.
- *
- * Currently backed by just a file descriptor, but might be more in the future
- * (eg two file descriptors for combined IPv4 + IPv6 support, or additional
- * structures for hand-made UDP demultiplexing).
- */
-typedef struct mbedtls_net_context
-{
-    int fd;             /**< The underlying file descriptor                 */
-}
-mbedtls_net_context;
-
-/**
- * \brief          Initialize a context
- *                 Just makes the context ready to be used or freed safely.
- *
- * \param ctx      Context to initialize
- */
-void mbedtls_net_init( mbedtls_net_context *ctx );
-
-/**
- * \brief          Initiate a connection with host:port in the given protocol
- *
- * \param ctx      Socket to use
- * \param host     Host to connect to
- * \param port     Port to connect to
- * \param proto    Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
- *
- * \return         0 if successful, or one of:
- *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
- *                      MBEDTLS_ERR_NET_UNKNOWN_HOST,
- *                      MBEDTLS_ERR_NET_CONNECT_FAILED
- *
- * \note           Sets the socket in connected mode even with UDP.
- */
-int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto );
-
-/**
- * \brief          Create a receiving socket on bind_ip:port in the chosen
- *                 protocol. If bind_ip == NULL, all interfaces are bound.
- *
- * \param ctx      Socket to use
- * \param bind_ip  IP to bind to, can be NULL
- * \param port     Port number to use
- * \param proto    Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
- *
- * \return         0 if successful, or one of:
- *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
- *                      MBEDTLS_ERR_NET_UNKNOWN_HOST,
- *                      MBEDTLS_ERR_NET_BIND_FAILED,
- *                      MBEDTLS_ERR_NET_LISTEN_FAILED
- *
- * \note           Regardless of the protocol, opens the sockets and binds it.
- *                 In addition, make the socket listening if protocol is TCP.
- */
-int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto );
-
-/**
- * \brief           Accept a connection from a remote client
- *
- * \param bind_ctx  Relevant socket
- * \param client_ctx Will contain the connected client socket
- * \param client_ip Will contain the client IP address, can be NULL
- * \param buf_size  Size of the client_ip buffer
- * \param ip_len    Will receive the size of the client IP written,
- *                  can be NULL if client_ip is null
- *
- * \return          0 if successful, or
- *                  MBEDTLS_ERR_NET_SOCKET_FAILED,
- *                  MBEDTLS_ERR_NET_BIND_FAILED,
- *                  MBEDTLS_ERR_NET_ACCEPT_FAILED, or
- *                  MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
- *                  MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
- *                  non-blocking and accept() would block.
- */
-int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
-                        mbedtls_net_context *client_ctx,
-                        void *client_ip, size_t buf_size, size_t *ip_len );
-
-/**
- * \brief          Check and wait for the context to be ready for read/write
- *
- * \note           The current implementation of this function uses
- *                 select() and returns an error if the file descriptor
- *                 is \c FD_SETSIZE or greater.
- *
- * \param ctx      Socket to check
- * \param rw       Bitflag composed of MBEDTLS_NET_POLL_READ and
- *                 MBEDTLS_NET_POLL_WRITE specifying the events
- *                 to wait for:
- *                 - If MBEDTLS_NET_POLL_READ is set, the function
- *                   will return as soon as the net context is available
- *                   for reading.
- *                 - If MBEDTLS_NET_POLL_WRITE is set, the function
- *                   will return as soon as the net context is available
- *                   for writing.
- * \param timeout  Maximal amount of time to wait before returning,
- *                 in milliseconds. If \c timeout is zero, the
- *                 function returns immediately. If \c timeout is
- *                 -1u, the function blocks potentially indefinitely.
- *
- * \return         Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE
- *                 on success or timeout, or a negative return code otherwise.
- */
-int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout );
-
-/**
- * \brief          Set the socket blocking
- *
- * \param ctx      Socket to set
- *
- * \return         0 if successful, or a non-zero error code
- */
-int mbedtls_net_set_block( mbedtls_net_context *ctx );
-
-/**
- * \brief          Set the socket non-blocking
- *
- * \param ctx      Socket to set
- *
- * \return         0 if successful, or a non-zero error code
- */
-int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
-
-/**
- * \brief          Portable usleep helper
- *
- * \param usec     Amount of microseconds to sleep
- *
- * \note           Real amount of time slept will not be less than
- *                 select()'s timeout granularity (typically, 10ms).
- */
-void mbedtls_net_usleep( unsigned long usec );
-
-/**
- * \brief          Read at most 'len' characters. If no error occurs,
- *                 the actual amount read is returned.
- *
- * \param ctx      Socket
- * \param buf      The buffer to write to
- * \param len      Maximum length of the buffer
- *
- * \return         the number of bytes received,
- *                 or a non-zero error code; with a non-blocking socket,
- *                 MBEDTLS_ERR_SSL_WANT_READ indicates read() would block.
- */
-int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
-
-/**
- * \brief          Write at most 'len' characters. If no error occurs,
- *                 the actual amount read is returned.
- *
- * \param ctx      Socket
- * \param buf      The buffer to read from
- * \param len      The length of the buffer
- *
- * \return         the number of bytes sent,
- *                 or a non-zero error code; with a non-blocking socket,
- *                 MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block.
- */
-int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
-
-/**
- * \brief          Read at most 'len' characters, blocking for at most
- *                 'timeout' seconds. If no error occurs, the actual amount
- *                 read is returned.
- *
- * \note           The current implementation of this function uses
- *                 select() and returns an error if the file descriptor
- *                 is \c FD_SETSIZE or greater.
- *
- * \param ctx      Socket
- * \param buf      The buffer to write to
- * \param len      Maximum length of the buffer
- * \param timeout  Maximum number of milliseconds to wait for data
- *                 0 means no timeout (wait forever)
- *
- * \return         The number of bytes received if successful.
- *                 MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out.
- *                 MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
- *                 Another negative error code (MBEDTLS_ERR_NET_xxx)
- *                 for other failures.
- *
- * \note           This function will block (until data becomes available or
- *                 timeout is reached) even if the socket is set to
- *                 non-blocking. Handling timeouts with non-blocking reads
- *                 requires a different strategy.
- */
-int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
-                      uint32_t timeout );
-
-/**
- * \brief          Closes down the connection and free associated data
- *
- * \param ctx      The context to close
- */
-void mbedtls_net_close( mbedtls_net_context *ctx );
-
-/**
- * \brief          Gracefully shutdown the connection and free associated data
- *
- * \param ctx      The context to free
- */
-void mbedtls_net_free( mbedtls_net_context *ctx );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* net_sockets.h */
diff --git a/Sources/mbedtls/include/mbedtls/nist_kw.h b/Sources/mbedtls/include/mbedtls/nist_kw.h
deleted file mode 100644
index 7f3e64a..0000000
--- a/Sources/mbedtls/include/mbedtls/nist_kw.h
+++ /dev/null
@@ -1,182 +0,0 @@
-/**
- * \file nist_kw.h
- *
- * \brief This file provides an API for key wrapping (KW) and key wrapping with
- *        padding (KWP) as defined in NIST SP 800-38F.
- *        https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
- *
- *        Key wrapping specifies a deterministic authenticated-encryption mode
- *        of operation, according to <em>NIST SP 800-38F: Recommendation for
- *        Block Cipher Modes of Operation: Methods for Key Wrapping</em>. Its
- *        purpose is to protect cryptographic keys.
- *
- *        Its equivalent is RFC 3394 for KW, and RFC 5649 for KWP.
- *        https://tools.ietf.org/html/rfc3394
- *        https://tools.ietf.org/html/rfc5649
- *
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_NIST_KW_H
-#define MBEDTLS_NIST_KW_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/cipher.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef enum
-{
-    MBEDTLS_KW_MODE_KW = 0,
-    MBEDTLS_KW_MODE_KWP = 1
-} mbedtls_nist_kw_mode_t;
-
-#if !defined(MBEDTLS_NIST_KW_ALT)
-// Regular implementation
-//
-
-/**
- * \brief    The key wrapping context-type definition. The key wrapping context is passed
- *           to the APIs called.
- *
- * \note     The definition of this type may change in future library versions.
- *           Don't make any assumptions on this context!
- */
-typedef struct {
-    mbedtls_cipher_context_t cipher_ctx;    /*!< The cipher context used. */
-} mbedtls_nist_kw_context;
-
-#else  /* MBEDTLS_NIST_key wrapping_ALT */
-#include "nist_kw_alt.h"
-#endif /* MBEDTLS_NIST_KW_ALT */
-
-/**
- * \brief           This function initializes the specified key wrapping context
- *                  to make references valid and prepare the context
- *                  for mbedtls_nist_kw_setkey() or mbedtls_nist_kw_free().
- *
- * \param ctx       The key wrapping context to initialize.
- *
- */
-void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx );
-
-/**
- * \brief           This function initializes the key wrapping context set in the
- *                  \p ctx parameter and sets the encryption key.
- *
- * \param ctx       The key wrapping context.
- * \param cipher    The 128-bit block cipher to use. Only AES is supported.
- * \param key       The Key Encryption Key (KEK).
- * \param keybits   The KEK size in bits. This must be acceptable by the cipher.
- * \param is_wrap   Specify whether the operation within the context is wrapping or unwrapping
- *
- * \return          \c 0 on success.
- * \return          \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for any invalid input.
- * \return          \c MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE for 128-bit block ciphers
- *                  which are not supported.
- * \return          cipher-specific error code on failure of the underlying cipher.
- */
-int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
-                            mbedtls_cipher_id_t cipher,
-                            const unsigned char *key,
-                            unsigned int keybits,
-                            const int is_wrap );
-
-/**
- * \brief   This function releases and clears the specified key wrapping context
- *          and underlying cipher sub-context.
- *
- * \param ctx       The key wrapping context to clear.
- */
-void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx );
-
-/**
- * \brief           This function encrypts a buffer using key wrapping.
- *
- * \param ctx       The key wrapping context to use for encryption.
- * \param mode      The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP)
- * \param input     The buffer holding the input data.
- * \param in_len    The length of the input data in Bytes.
- *                  The input uses units of 8 Bytes called semiblocks.
- *                  <ul><li>For KW mode: a multiple of 8 bytes between 16 and 2^57-8 inclusive. </li>
- *                  <li>For KWP mode: any length between 1 and 2^32-1 inclusive.</li></ul>
- * \param[out] output    The buffer holding the output data.
- *                  <ul><li>For KW mode: Must be at least 8 bytes larger than \p in_len.</li>
- *                  <li>For KWP mode: Must be at least 8 bytes larger rounded up to a multiple of
- *                  8 bytes for KWP (15 bytes at most).</li></ul>
- * \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure.
- * \param[in] out_size The capacity of the output buffer.
- *
- * \return          \c 0 on success.
- * \return          \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
- * \return          cipher-specific error code on failure of the underlying cipher.
- */
-int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
-                          const unsigned char *input, size_t in_len,
-                          unsigned char *output, size_t* out_len, size_t out_size );
-
-/**
- * \brief           This function decrypts a buffer using key wrapping.
- *
- * \param ctx       The key wrapping context to use for decryption.
- * \param mode      The key wrapping mode to use (MBEDTLS_KW_MODE_KW or MBEDTLS_KW_MODE_KWP)
- * \param input     The buffer holding the input data.
- * \param in_len    The length of the input data in Bytes.
- *                  The input uses units of 8 Bytes called semiblocks.
- *                  The input must be a multiple of semiblocks.
- *                  <ul><li>For KW mode: a multiple of 8 bytes between 24 and 2^57 inclusive. </li>
- *                  <li>For KWP mode: a multiple of 8 bytes between 16 and 2^32 inclusive.</li></ul>
- * \param[out] output    The buffer holding the output data.
- *                  The output buffer's minimal length is 8 bytes shorter than \p in_len.
- * \param[out] out_len The number of bytes written to the output buffer. \c 0 on failure.
- *                  For KWP mode, the length could be up to 15 bytes shorter than \p in_len,
- *                  depending on how much padding was added to the data.
- * \param[in] out_size The capacity of the output buffer.
- *
- * \return          \c 0 on success.
- * \return          \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
- * \return          \c MBEDTLS_ERR_CIPHER_AUTH_FAILED for verification failure of the ciphertext.
- * \return          cipher-specific error code on failure of the underlying cipher.
- */
-int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
-                            const unsigned char *input, size_t in_len,
-                            unsigned char *output, size_t* out_len, size_t out_size);
-
-
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
-/**
- * \brief          The key wrapping checkup routine.
- *
- * \return         \c 0 on success.
- * \return         \c 1 on failure.
- */
-int mbedtls_nist_kw_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_NIST_KW_H */
diff --git a/Sources/mbedtls/include/mbedtls/oid.h b/Sources/mbedtls/include/mbedtls/oid.h
deleted file mode 100644
index 0186217..0000000
--- a/Sources/mbedtls/include/mbedtls/oid.h
+++ /dev/null
@@ -1,649 +0,0 @@
-/**
- * \file oid.h
- *
- * \brief Object Identifier (OID) database
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_OID_H
-#define MBEDTLS_OID_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/asn1.h"
-#include "mbedtls/pk.h"
-
-#include <stddef.h>
-
-#if defined(MBEDTLS_CIPHER_C)
-#include "mbedtls/cipher.h"
-#endif
-
-#if defined(MBEDTLS_MD_C)
-#include "mbedtls/md.h"
-#endif
-
-/** OID is not found. */
-#define MBEDTLS_ERR_OID_NOT_FOUND                         -0x002E
-/** output buffer is too small */
-#define MBEDTLS_ERR_OID_BUF_TOO_SMALL                     -0x000B
-
-/* This is for the benefit of X.509, but defined here in order to avoid
- * having a "backwards" include of x.509.h here */
-/*
- * X.509 extension types (internal, arbitrary values for bitsets)
- */
-#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER    (1 << 0)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER      (1 << 1)
-#define MBEDTLS_OID_X509_EXT_KEY_USAGE                   (1 << 2)
-#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES        (1 << 3)
-#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS             (1 << 4)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME            (1 << 5)
-#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME             (1 << 6)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS     (1 << 7)
-#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS           (1 << 8)
-#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS            (1 << 9)
-#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS          (1 << 10)
-#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE          (1 << 11)
-#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS     (1 << 12)
-#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY          (1 << 13)
-#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL                (1 << 14)
-#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE                (1 << 16)
-
-/*
- * Top level OID tuples
- */
-#define MBEDTLS_OID_ISO_MEMBER_BODIES           "\x2a"          /* {iso(1) member-body(2)} */
-#define MBEDTLS_OID_ISO_IDENTIFIED_ORG          "\x2b"          /* {iso(1) identified-organization(3)} */
-#define MBEDTLS_OID_ISO_CCITT_DS                "\x55"          /* {joint-iso-ccitt(2) ds(5)} */
-#define MBEDTLS_OID_ISO_ITU_COUNTRY             "\x60"          /* {joint-iso-itu-t(2) country(16)} */
-
-/*
- * ISO Member bodies OID parts
- */
-#define MBEDTLS_OID_COUNTRY_US                  "\x86\x48"      /* {us(840)} */
-#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY       "\x86\xf7\x0d"  /* {rsadsi(113549)} */
-#define MBEDTLS_OID_RSA_COMPANY                 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
-                                        MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
-#define MBEDTLS_OID_ORG_ANSI_X9_62              "\xce\x3d" /* ansi-X9-62(10045) */
-#define MBEDTLS_OID_ANSI_X9_62                  MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
-                                        MBEDTLS_OID_ORG_ANSI_X9_62
-
-/*
- * ISO Identified organization OID parts
- */
-#define MBEDTLS_OID_ORG_DOD                     "\x06"          /* {dod(6)} */
-#define MBEDTLS_OID_ORG_OIW                     "\x0e"
-#define MBEDTLS_OID_OIW_SECSIG                  MBEDTLS_OID_ORG_OIW "\x03"
-#define MBEDTLS_OID_OIW_SECSIG_ALG              MBEDTLS_OID_OIW_SECSIG "\x02"
-#define MBEDTLS_OID_OIW_SECSIG_SHA1             MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
-#define MBEDTLS_OID_ORG_CERTICOM                "\x81\x04"  /* certicom(132) */
-#define MBEDTLS_OID_CERTICOM                    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
-#define MBEDTLS_OID_ORG_TELETRUST               "\x24" /* teletrust(36) */
-#define MBEDTLS_OID_TELETRUST                   MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
-
-/*
- * ISO ITU OID parts
- */
-#define MBEDTLS_OID_ORGANIZATION                "\x01"          /* {organization(1)} */
-#define MBEDTLS_OID_ISO_ITU_US_ORG              MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
-
-#define MBEDTLS_OID_ORG_GOV                     "\x65"          /* {gov(101)} */
-#define MBEDTLS_OID_GOV                         MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
-
-#define MBEDTLS_OID_ORG_NETSCAPE                "\x86\xF8\x42"  /* {netscape(113730)} */
-#define MBEDTLS_OID_NETSCAPE                    MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
-
-/* ISO arc for standard certificate and CRL extensions */
-#define MBEDTLS_OID_ID_CE                       MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29} */
-
-#define MBEDTLS_OID_NIST_ALG                    MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */
-
-/**
- * Private Internet Extensions
- * { iso(1) identified-organization(3) dod(6) internet(1)
- *                      security(5) mechanisms(5) pkix(7) }
- */
-#define MBEDTLS_OID_INTERNET                    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
-#define MBEDTLS_OID_PKIX                        MBEDTLS_OID_INTERNET "\x05\x05\x07"
-
-/*
- * Arc for standard naming attributes
- */
-#define MBEDTLS_OID_AT                          MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
-#define MBEDTLS_OID_AT_CN                       MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
-#define MBEDTLS_OID_AT_SUR_NAME                 MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
-#define MBEDTLS_OID_AT_SERIAL_NUMBER            MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
-#define MBEDTLS_OID_AT_COUNTRY                  MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
-#define MBEDTLS_OID_AT_LOCALITY                 MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
-#define MBEDTLS_OID_AT_STATE                    MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
-#define MBEDTLS_OID_AT_ORGANIZATION             MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
-#define MBEDTLS_OID_AT_ORG_UNIT                 MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
-#define MBEDTLS_OID_AT_TITLE                    MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
-#define MBEDTLS_OID_AT_POSTAL_ADDRESS           MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
-#define MBEDTLS_OID_AT_POSTAL_CODE              MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
-#define MBEDTLS_OID_AT_GIVEN_NAME               MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
-#define MBEDTLS_OID_AT_INITIALS                 MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
-#define MBEDTLS_OID_AT_GENERATION_QUALIFIER     MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
-#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributeType:= {id-at 45} */
-#define MBEDTLS_OID_AT_DN_QUALIFIER             MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
-#define MBEDTLS_OID_AT_PSEUDONYM                MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
-
-#define MBEDTLS_OID_DOMAIN_COMPONENT            "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
-
-/*
- * OIDs for standard certificate extensions
- */
-#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER    MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 } */
-#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER      MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 } */
-#define MBEDTLS_OID_KEY_USAGE                   MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 } */
-#define MBEDTLS_OID_CERTIFICATE_POLICIES        MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 } */
-#define MBEDTLS_OID_POLICY_MAPPINGS             MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 } */
-#define MBEDTLS_OID_SUBJECT_ALT_NAME            MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 } */
-#define MBEDTLS_OID_ISSUER_ALT_NAME             MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 } */
-#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS     MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 } */
-#define MBEDTLS_OID_BASIC_CONSTRAINTS           MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 } */
-#define MBEDTLS_OID_NAME_CONSTRAINTS            MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 } */
-#define MBEDTLS_OID_POLICY_CONSTRAINTS          MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 } */
-#define MBEDTLS_OID_EXTENDED_KEY_USAGE          MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
-#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS     MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 } */
-#define MBEDTLS_OID_INIHIBIT_ANYPOLICY          MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 } */
-#define MBEDTLS_OID_FRESHEST_CRL                MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 } */
-
-/*
- * Certificate policies
- */
-#define MBEDTLS_OID_ANY_POLICY              MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
-
-/*
- * Netscape certificate extensions
- */
-#define MBEDTLS_OID_NS_CERT                 MBEDTLS_OID_NETSCAPE "\x01"
-#define MBEDTLS_OID_NS_CERT_TYPE            MBEDTLS_OID_NS_CERT  "\x01"
-#define MBEDTLS_OID_NS_BASE_URL             MBEDTLS_OID_NS_CERT  "\x02"
-#define MBEDTLS_OID_NS_REVOCATION_URL       MBEDTLS_OID_NS_CERT  "\x03"
-#define MBEDTLS_OID_NS_CA_REVOCATION_URL    MBEDTLS_OID_NS_CERT  "\x04"
-#define MBEDTLS_OID_NS_RENEWAL_URL          MBEDTLS_OID_NS_CERT  "\x07"
-#define MBEDTLS_OID_NS_CA_POLICY_URL        MBEDTLS_OID_NS_CERT  "\x08"
-#define MBEDTLS_OID_NS_SSL_SERVER_NAME      MBEDTLS_OID_NS_CERT  "\x0C"
-#define MBEDTLS_OID_NS_COMMENT              MBEDTLS_OID_NS_CERT  "\x0D"
-#define MBEDTLS_OID_NS_DATA_TYPE            MBEDTLS_OID_NETSCAPE "\x02"
-#define MBEDTLS_OID_NS_CERT_SEQUENCE        MBEDTLS_OID_NS_DATA_TYPE "\x05"
-
-/*
- * OIDs for CRL extensions
- */
-#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD    MBEDTLS_OID_ID_CE "\x10"
-#define MBEDTLS_OID_CRL_NUMBER                  MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
-
-/*
- * X.509 v3 Extended key usage OIDs
- */
-#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE      MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
-
-#define MBEDTLS_OID_KP                          MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
-#define MBEDTLS_OID_SERVER_AUTH                 MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
-#define MBEDTLS_OID_CLIENT_AUTH                 MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
-#define MBEDTLS_OID_CODE_SIGNING                MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
-#define MBEDTLS_OID_EMAIL_PROTECTION            MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
-#define MBEDTLS_OID_TIME_STAMPING               MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
-#define MBEDTLS_OID_OCSP_SIGNING                MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
-
-/**
- * Wi-SUN Alliance Field Area Network
- * { iso(1) identified-organization(3) dod(6) internet(1)
- *                      private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) }
- */
-#define MBEDTLS_OID_WISUN_FAN                   MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01"
-
-#define MBEDTLS_OID_ON                          MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */
-#define MBEDTLS_OID_ON_HW_MODULE_NAME           MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */
-
-/*
- * PKCS definition OIDs
- */
-
-#define MBEDTLS_OID_PKCS                MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
-#define MBEDTLS_OID_PKCS1               MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
-#define MBEDTLS_OID_PKCS5               MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
-#define MBEDTLS_OID_PKCS9               MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
-#define MBEDTLS_OID_PKCS12              MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
-
-/*
- * PKCS#1 OIDs
- */
-#define MBEDTLS_OID_PKCS1_RSA           MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
-#define MBEDTLS_OID_PKCS1_MD2           MBEDTLS_OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
-#define MBEDTLS_OID_PKCS1_MD4           MBEDTLS_OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
-#define MBEDTLS_OID_PKCS1_MD5           MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
-#define MBEDTLS_OID_PKCS1_SHA1          MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
-#define MBEDTLS_OID_PKCS1_SHA224        MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
-#define MBEDTLS_OID_PKCS1_SHA256        MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
-#define MBEDTLS_OID_PKCS1_SHA384        MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
-#define MBEDTLS_OID_PKCS1_SHA512        MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
-
-#define MBEDTLS_OID_RSA_SHA_OBS         "\x2B\x0E\x03\x02\x1D"
-
-#define MBEDTLS_OID_PKCS9_EMAIL         MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
-
-/* RFC 4055 */
-#define MBEDTLS_OID_RSASSA_PSS          MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
-#define MBEDTLS_OID_MGF1                MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
-
-/*
- * Digest algorithms
- */
-#define MBEDTLS_OID_DIGEST_ALG_MD2              MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
-#define MBEDTLS_OID_DIGEST_ALG_MD4              MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
-#define MBEDTLS_OID_DIGEST_ALG_MD5              MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA1             MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA224           MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA256           MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA384           MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_SHA512           MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
-
-#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160        MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
-
-#define MBEDTLS_OID_HMAC_SHA1                   MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
-
-#define MBEDTLS_OID_HMAC_SHA224                 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
-
-#define MBEDTLS_OID_HMAC_SHA256                 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
-
-#define MBEDTLS_OID_HMAC_SHA384                 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
-
-#define MBEDTLS_OID_HMAC_SHA512                 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
-
-/*
- * Encryption algorithms
- */
-#define MBEDTLS_OID_DES_CBC                     MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
-#define MBEDTLS_OID_DES_EDE3_CBC                MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
-#define MBEDTLS_OID_AES                         MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
-
-/*
- * Key Wrapping algorithms
- */
-/*
- * RFC 5649
- */
-#define MBEDTLS_OID_AES128_KW                   MBEDTLS_OID_AES "\x05" /** id-aes128-wrap     OBJECT IDENTIFIER ::= { aes 5 } */
-#define MBEDTLS_OID_AES128_KWP                  MBEDTLS_OID_AES "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */
-#define MBEDTLS_OID_AES192_KW                   MBEDTLS_OID_AES "\x19" /** id-aes192-wrap     OBJECT IDENTIFIER ::= { aes 25 } */
-#define MBEDTLS_OID_AES192_KWP                  MBEDTLS_OID_AES "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */
-#define MBEDTLS_OID_AES256_KW                   MBEDTLS_OID_AES "\x2d" /** id-aes256-wrap     OBJECT IDENTIFIER ::= { aes 45 } */
-#define MBEDTLS_OID_AES256_KWP                  MBEDTLS_OID_AES "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */
-/*
- * PKCS#5 OIDs
- */
-#define MBEDTLS_OID_PKCS5_PBKDF2                MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
-#define MBEDTLS_OID_PKCS5_PBES2                 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
-#define MBEDTLS_OID_PKCS5_PBMAC1                MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
-
-/*
- * PKCS#5 PBES1 algorithms
- */
-#define MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC       MBEDTLS_OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */
-#define MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC       MBEDTLS_OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC       MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC       MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC      MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC      MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
-
-/*
- * PKCS#8 OIDs
- */
-#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ           MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
-
-/*
- * PKCS#12 PBE OIDs
- */
-#define MBEDTLS_OID_PKCS12_PBE                      MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
-
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128         MBEDTLS_OID_PKCS12_PBE "\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40          MBEDTLS_OID_PKCS12_PBE "\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC     MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC      MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
-
-/*
- * EC key algorithms from RFC 5480
- */
-
-/* id-ecPublicKey OBJECT IDENTIFIER ::= {
- *       iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
-#define MBEDTLS_OID_EC_ALG_UNRESTRICTED         MBEDTLS_OID_ANSI_X9_62 "\x02\01"
-
-/*   id-ecDH OBJECT IDENTIFIER ::= {
- *     iso(1) identified-organization(3) certicom(132)
- *     schemes(1) ecdh(12) } */
-#define MBEDTLS_OID_EC_ALG_ECDH                 MBEDTLS_OID_CERTICOM "\x01\x0c"
-
-/*
- * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
- */
-
-/* secp192r1 OBJECT IDENTIFIER ::= {
- *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
-#define MBEDTLS_OID_EC_GRP_SECP192R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
-
-/* secp224r1 OBJECT IDENTIFIER ::= {
- *   iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
-#define MBEDTLS_OID_EC_GRP_SECP224R1        MBEDTLS_OID_CERTICOM "\x00\x21"
-
-/* secp256r1 OBJECT IDENTIFIER ::= {
- *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
-#define MBEDTLS_OID_EC_GRP_SECP256R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
-
-/* secp384r1 OBJECT IDENTIFIER ::= {
- *   iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
-#define MBEDTLS_OID_EC_GRP_SECP384R1        MBEDTLS_OID_CERTICOM "\x00\x22"
-
-/* secp521r1 OBJECT IDENTIFIER ::= {
- *   iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
-#define MBEDTLS_OID_EC_GRP_SECP521R1        MBEDTLS_OID_CERTICOM "\x00\x23"
-
-/* secp192k1 OBJECT IDENTIFIER ::= {
- *   iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
-#define MBEDTLS_OID_EC_GRP_SECP192K1        MBEDTLS_OID_CERTICOM "\x00\x1f"
-
-/* secp224k1 OBJECT IDENTIFIER ::= {
- *   iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
-#define MBEDTLS_OID_EC_GRP_SECP224K1        MBEDTLS_OID_CERTICOM "\x00\x20"
-
-/* secp256k1 OBJECT IDENTIFIER ::= {
- *   iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
-#define MBEDTLS_OID_EC_GRP_SECP256K1        MBEDTLS_OID_CERTICOM "\x00\x0a"
-
-/* RFC 5639 4.1
- * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
- * identified-organization(3) teletrust(36) algorithm(3) signature-
- * algorithm(3) ecSign(2) 8}
- * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
- * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
-#define MBEDTLS_OID_EC_BRAINPOOL_V1         MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
-
-/* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
-#define MBEDTLS_OID_EC_GRP_BP256R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
-
-/* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
-#define MBEDTLS_OID_EC_GRP_BP384R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
-
-/* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
-#define MBEDTLS_OID_EC_GRP_BP512R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
-
-/*
- * SEC1 C.1
- *
- * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
- * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
- */
-#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE   MBEDTLS_OID_ANSI_X9_62 "\x01"
-#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD  MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
-
-/*
- * ECDSA signature identifiers, from RFC 5480
- */
-#define MBEDTLS_OID_ANSI_X9_62_SIG          MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
-#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2     MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
-
-/* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
- *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA1              MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
-
-/* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
- *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- *   ecdsa-with-SHA2(3) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA224            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
-
-/* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
- *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- *   ecdsa-with-SHA2(3) 2 } */
-#define MBEDTLS_OID_ECDSA_SHA256            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
-
-/* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
- *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- *   ecdsa-with-SHA2(3) 3 } */
-#define MBEDTLS_OID_ECDSA_SHA384            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
-
-/* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
- *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
- *   ecdsa-with-SHA2(3) 4 } */
-#define MBEDTLS_OID_ECDSA_SHA512            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Base OID descriptor structure
- */
-typedef struct mbedtls_oid_descriptor_t
-{
-    const char *asn1;               /*!< OID ASN.1 representation       */
-    size_t asn1_len;                /*!< length of asn1                 */
-    const char *name;               /*!< official name (e.g. from RFC)  */
-    const char *description;        /*!< human friendly description     */
-} mbedtls_oid_descriptor_t;
-
-/**
- * \brief           Translate an ASN.1 OID into its numeric representation
- *                  (e.g. "\x2A\x86\x48\x86\xF7\x0D" into "1.2.840.113549")
- *
- * \param buf       buffer to put representation in
- * \param size      size of the buffer
- * \param oid       OID to translate
- *
- * \return          Length of the string written (excluding final NULL) or
- *                  MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
- */
-int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
-
-/**
- * \brief          Translate an X.509 extension OID into local values
- *
- * \param oid      OID to use
- * \param ext_type place to store the extension type
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
-
-/**
- * \brief          Translate an X.509 attribute type OID into the short name
- *                 (e.g. the OID for an X520 Common Name into "CN")
- *
- * \param oid      OID to use
- * \param short_name    place to store the string pointer
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
-
-/**
- * \brief          Translate PublicKeyAlgorithm OID into pk_type
- *
- * \param oid      OID to use
- * \param pk_alg   place to store public key algorithm
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
-
-/**
- * \brief          Translate pk_type into PublicKeyAlgorithm OID
- *
- * \param pk_alg   Public key type to look for
- * \param oid      place to store ASN.1 OID string pointer
- * \param olen     length of the OID
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
-                           const char **oid, size_t *olen );
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * \brief          Translate NamedCurve OID into an EC group identifier
- *
- * \param oid      OID to use
- * \param grp_id   place to store group id
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
-
-/**
- * \brief          Translate EC group identifier into NamedCurve OID
- *
- * \param grp_id   EC group identifier
- * \param oid      place to store ASN.1 OID string pointer
- * \param olen     length of the OID
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
-                           const char **oid, size_t *olen );
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_MD_C)
-/**
- * \brief          Translate SignatureAlgorithm OID into md_type and pk_type
- *
- * \param oid      OID to use
- * \param md_alg   place to store message digest algorithm
- * \param pk_alg   place to store public key algorithm
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
-                     mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
-
-/**
- * \brief          Translate SignatureAlgorithm OID into description
- *
- * \param oid      OID to use
- * \param desc     place to store string pointer
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
-
-/**
- * \brief          Translate md_type and pk_type into SignatureAlgorithm OID
- *
- * \param md_alg   message digest algorithm
- * \param pk_alg   public key algorithm
- * \param oid      place to store ASN.1 OID string pointer
- * \param olen     length of the OID
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
-                            const char **oid, size_t *olen );
-
-/**
- * \brief          Translate hash algorithm OID into md_type
- *
- * \param oid      OID to use
- * \param md_alg   place to store message digest algorithm
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
-
-/**
- * \brief          Translate hmac algorithm OID into md_type
- *
- * \param oid      OID to use
- * \param md_hmac  place to store message hmac algorithm
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
-#endif /* MBEDTLS_MD_C */
-
-/**
- * \brief          Translate Extended Key Usage OID into description
- *
- * \param oid      OID to use
- * \param desc     place to store string pointer
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
-
-/**
- * \brief          Translate certificate policies OID into description
- *
- * \param oid      OID to use
- * \param desc     place to store string pointer
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc );
-
-/**
- * \brief          Translate md_type into hash algorithm OID
- *
- * \param md_alg   message digest algorithm
- * \param oid      place to store ASN.1 OID string pointer
- * \param olen     length of the OID
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
-
-#if defined(MBEDTLS_CIPHER_C)
-/**
- * \brief          Translate encryption algorithm OID into cipher_type
- *
- * \param oid           OID to use
- * \param cipher_alg    place to store cipher algorithm
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
-#endif /* MBEDTLS_CIPHER_C */
-
-#if defined(MBEDTLS_PKCS12_C)
-/**
- * \brief          Translate PKCS#12 PBE algorithm OID into md_type and
- *                 cipher_type
- *
- * \param oid           OID to use
- * \param md_alg        place to store message digest algorithm
- * \param cipher_alg    place to store cipher algorithm
- *
- * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
- */
-int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
-                            mbedtls_cipher_type_t *cipher_alg );
-#endif /* MBEDTLS_PKCS12_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* oid.h */
diff --git a/Sources/mbedtls/include/mbedtls/padlock.h b/Sources/mbedtls/include/mbedtls/padlock.h
deleted file mode 100644
index 624d02d..0000000
--- a/Sources/mbedtls/include/mbedtls/padlock.h
+++ /dev/null
@@ -1,125 +0,0 @@
-/**
- * \file padlock.h
- *
- * \brief VIA PadLock ACE for HW encryption/decryption supported by some
- *        processors
- *
- * \warning These functions are only for internal use by other library
- *          functions; you must not call them directly.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_PADLOCK_H
-#define MBEDTLS_PADLOCK_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/aes.h"
-
-/** Input data should be aligned. */
-#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED               -0x0030
-
-#if defined(__has_feature)
-#if __has_feature(address_sanitizer)
-#define MBEDTLS_HAVE_ASAN
-#endif
-#endif
-
-/* Some versions of ASan result in errors about not enough registers */
-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \
-    !defined(MBEDTLS_HAVE_ASAN)
-
-#ifndef MBEDTLS_HAVE_X86
-#define MBEDTLS_HAVE_X86
-#endif
-
-#include <stdint.h>
-
-#define MBEDTLS_PADLOCK_RNG 0x000C
-#define MBEDTLS_PADLOCK_ACE 0x00C0
-#define MBEDTLS_PADLOCK_PHE 0x0C00
-#define MBEDTLS_PADLOCK_PMM 0x3000
-
-#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) (x) & ~15))
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Internal PadLock detection routine
- *
- * \note           This function is only for internal use by other library
- *                 functions; you must not call it directly.
- *
- * \param feature  The feature to detect
- *
- * \return         non-zero if CPU has support for the feature, 0 otherwise
- */
-int mbedtls_padlock_has_support( int feature );
-
-/**
- * \brief          Internal PadLock AES-ECB block en(de)cryption
- *
- * \note           This function is only for internal use by other library
- *                 functions; you must not call it directly.
- *
- * \param ctx      AES context
- * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
- * \param input    16-byte input block
- * \param output   16-byte output block
- *
- * \return         0 if success, 1 if operation failed
- */
-int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
-                               int mode,
-                               const unsigned char input[16],
-                               unsigned char output[16] );
-
-/**
- * \brief          Internal PadLock AES-CBC buffer en(de)cryption
- *
- * \note           This function is only for internal use by other library
- *                 functions; you must not call it directly.
- *
- * \param ctx      AES context
- * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
- * \param length   length of the input data
- * \param iv       initialization vector (updated after use)
- * \param input    buffer holding the input data
- * \param output   buffer holding the output data
- *
- * \return         0 if success, 1 if operation failed
- */
-int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
-                               int mode,
-                               size_t length,
-                               unsigned char iv[16],
-                               const unsigned char *input,
-                               unsigned char *output );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* HAVE_X86  */
-
-#endif /* padlock.h */
diff --git a/Sources/mbedtls/include/mbedtls/pem.h b/Sources/mbedtls/include/mbedtls/pem.h
deleted file mode 100644
index daa71c8..0000000
--- a/Sources/mbedtls/include/mbedtls/pem.h
+++ /dev/null
@@ -1,153 +0,0 @@
-/**
- * \file pem.h
- *
- * \brief Privacy Enhanced Mail (PEM) decoding
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_PEM_H
-#define MBEDTLS_PEM_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-
-/**
- * \name PEM Error codes
- * These error codes are returned in case of errors reading the
- * PEM data.
- * \{
- */
-/** No PEM header or footer found. */
-#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT          -0x1080
-/** PEM string is not as expected. */
-#define MBEDTLS_ERR_PEM_INVALID_DATA                      -0x1100
-/** Failed to allocate memory. */
-#define MBEDTLS_ERR_PEM_ALLOC_FAILED                      -0x1180
-/** RSA IV is not in hex-format. */
-#define MBEDTLS_ERR_PEM_INVALID_ENC_IV                    -0x1200
-/** Unsupported key encryption algorithm. */
-#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG                   -0x1280
-/** Private key password can't be empty. */
-#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED                 -0x1300
-/** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH                 -0x1380
-/** Unavailable feature, e.g. hashing/encryption combination. */
-#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE               -0x1400
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA                    -0x1480
-/** \} name PEM Error codes */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-/**
- * \brief       PEM context structure
- */
-typedef struct mbedtls_pem_context
-{
-    unsigned char *buf;     /*!< buffer for decoded data             */
-    size_t buflen;          /*!< length of the buffer                */
-    unsigned char *info;    /*!< buffer for extra header information */
-}
-mbedtls_pem_context;
-
-/**
- * \brief       PEM context setup
- *
- * \param ctx   context to be initialized
- */
-void mbedtls_pem_init( mbedtls_pem_context *ctx );
-
-/**
- * \brief       Read a buffer for PEM information and store the resulting
- *              data into the specified context buffers.
- *
- * \param ctx       context to use
- * \param header    header string to seek and expect
- * \param footer    footer string to seek and expect
- * \param data      source data to look in (must be nul-terminated)
- * \param pwd       password for decryption (can be NULL)
- * \param pwdlen    length of password
- * \param use_len   destination for total length used (set after header is
- *                  correctly read, so unless you get
- *                  MBEDTLS_ERR_PEM_BAD_INPUT_DATA or
- *                  MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
- *                  the length to skip)
- *
- * \note            Attempts to check password correctness by verifying if
- *                  the decrypted text starts with an ASN.1 sequence of
- *                  appropriate length
- *
- * \return          0 on success, or a specific PEM error code
- */
-int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
-                     const unsigned char *data,
-                     const unsigned char *pwd,
-                     size_t pwdlen, size_t *use_len );
-
-/**
- * \brief       PEM context memory freeing
- *
- * \param ctx   context to be freed
- */
-void mbedtls_pem_free( mbedtls_pem_context *ctx );
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief           Write a buffer of PEM information from a DER encoded
- *                  buffer.
- *
- * \param header    The header string to write.
- * \param footer    The footer string to write.
- * \param der_data  The DER data to encode.
- * \param der_len   The length of the DER data \p der_data in Bytes.
- * \param buf       The buffer to write to.
- * \param buf_len   The length of the output buffer \p buf in Bytes.
- * \param olen      The address at which to store the total length written
- *                  or required (if \p buf_len is not enough).
- *
- * \note            You may pass \c NULL for \p buf and \c 0 for \p buf_len
- *                  to request the length of the resulting PEM buffer in
- *                  `*olen`.
- *
- * \note            This function may be called with overlapping \p der_data
- *                  and \p buf buffers.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large
- *                  enough to hold the PEM buffer. In  this case, `*olen` holds
- *                  the required minimum size of \p buf.
- * \return          Another PEM or BASE64 error code on other kinds of failure.
- */
-int mbedtls_pem_write_buffer( const char *header, const char *footer,
-                      const unsigned char *der_data, size_t der_len,
-                      unsigned char *buf, size_t buf_len, size_t *olen );
-#endif /* MBEDTLS_PEM_WRITE_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* pem.h */
diff --git a/Sources/mbedtls/include/mbedtls/pk.h b/Sources/mbedtls/include/mbedtls/pk.h
deleted file mode 100644
index c9a13f4..0000000
--- a/Sources/mbedtls/include/mbedtls/pk.h
+++ /dev/null
@@ -1,918 +0,0 @@
-/**
- * \file pk.h
- *
- * \brief Public Key abstraction layer
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_PK_H
-#define MBEDTLS_PK_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/md.h"
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-
-#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#endif
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-/** Memory allocation failed. */
-#define MBEDTLS_ERR_PK_ALLOC_FAILED        -0x3F80
-/** Type mismatch, eg attempt to encrypt with an ECDSA key */
-#define MBEDTLS_ERR_PK_TYPE_MISMATCH       -0x3F00
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_PK_BAD_INPUT_DATA      -0x3E80
-/** Read/write of file failed. */
-#define MBEDTLS_ERR_PK_FILE_IO_ERROR       -0x3E00
-/** Unsupported key version */
-#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80
-/** Invalid key tag or value. */
-#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT  -0x3D00
-/** Key algorithm is unsupported (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG      -0x3C80
-/** Private key password can't be empty. */
-#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED   -0x3C00
-/** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH   -0x3B80
-/** The pubkey tag or value is invalid (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_INVALID_PUBKEY      -0x3B00
-/** The algorithm tag or value is invalid. */
-#define MBEDTLS_ERR_PK_INVALID_ALG         -0x3A80
-/** Elliptic curve is unsupported (only NIST curves are supported). */
-#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00
-/** Unavailable feature, e.g. RSA disabled for RSA key. */
-#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980
-/** The buffer contains a valid signature followed by more data. */
-#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH    -0x3900
-
-/* MBEDTLS_ERR_PK_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** PK hardware accelerator failed. */
-#define MBEDTLS_ERR_PK_HW_ACCEL_FAILED     -0x3880
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Public key types
- */
-typedef enum {
-    MBEDTLS_PK_NONE=0,
-    MBEDTLS_PK_RSA,
-    MBEDTLS_PK_ECKEY,
-    MBEDTLS_PK_ECKEY_DH,
-    MBEDTLS_PK_ECDSA,
-    MBEDTLS_PK_RSA_ALT,
-    MBEDTLS_PK_RSASSA_PSS,
-    MBEDTLS_PK_OPAQUE,
-} mbedtls_pk_type_t;
-
-/**
- * \brief           Options for RSASSA-PSS signature verification.
- *                  See \c mbedtls_rsa_rsassa_pss_verify_ext()
- */
-typedef struct mbedtls_pk_rsassa_pss_options
-{
-    mbedtls_md_type_t mgf1_hash_id;
-    int expected_salt_len;
-
-} mbedtls_pk_rsassa_pss_options;
-
-/**
- * \brief           Maximum size of a signature made by mbedtls_pk_sign().
- */
-/* We need to set MBEDTLS_PK_SIGNATURE_MAX_SIZE to the maximum signature
- * size among the supported signature types. Do it by starting at 0,
- * then incrementally increasing to be large enough for each supported
- * signature mechanism.
- *
- * The resulting value can be 0, for example if MBEDTLS_ECDH_C is enabled
- * (which allows the pk module to be included) but neither MBEDTLS_ECDSA_C
- * nor MBEDTLS_RSA_C nor any opaque signature mechanism (PSA or RSA_ALT).
- */
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE 0
-
-#if ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT) ) && \
-    MBEDTLS_MPI_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* For RSA, the signature can be as large as the bignum module allows.
- * For RSA_ALT, the signature size is not necessarily tied to what the
- * bignum module can do, but in the absence of any specific setting,
- * we use that (rsa_alt_sign_wrap in pk_wrap will check). */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
-#endif
-
-#if defined(MBEDTLS_ECDSA_C) &&                                 \
-    MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* For ECDSA, the ecdsa module exports a constant for the maximum
- * signature size. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if PSA_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* PSA_SIGNATURE_MAX_SIZE is the maximum size of a signature made
- * through the PSA API in the PSA representation. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_SIGNATURE_MAX_SIZE
-#endif
-
-#if PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 > MBEDTLS_PK_SIGNATURE_MAX_SIZE
-/* The Mbed TLS representation is different for ECDSA signatures:
- * PSA uses the raw concatenation of r and s,
- * whereas Mbed TLS uses the ASN.1 representation (SEQUENCE of two INTEGERs).
- * Add the overhead of ASN.1: up to (1+2) + 2 * (1+2+1) for the
- * types, lengths (represented by up to 2 bytes), and potential leading
- * zeros of the INTEGERs and the SEQUENCE. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE ( PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 )
-#endif
-#endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */
-
-/**
- * \brief           Types for interfacing with the debug module
- */
-typedef enum
-{
-    MBEDTLS_PK_DEBUG_NONE = 0,
-    MBEDTLS_PK_DEBUG_MPI,
-    MBEDTLS_PK_DEBUG_ECP,
-} mbedtls_pk_debug_type;
-
-/**
- * \brief           Item to send to the debug module
- */
-typedef struct mbedtls_pk_debug_item
-{
-    mbedtls_pk_debug_type type;
-    const char *name;
-    void *value;
-} mbedtls_pk_debug_item;
-
-/** Maximum number of item send for debugging, plus 1 */
-#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
-
-/**
- * \brief           Public key information and operations
- */
-typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
-
-/**
- * \brief           Public key container
- */
-typedef struct mbedtls_pk_context
-{
-    const mbedtls_pk_info_t *   pk_info; /**< Public key information         */
-    void *                      pk_ctx;  /**< Underlying public key context  */
-} mbedtls_pk_context;
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief           Context for resuming operations
- */
-typedef struct
-{
-    const mbedtls_pk_info_t *   pk_info; /**< Public key information         */
-    void *                      rs_ctx;  /**< Underlying restart context     */
-} mbedtls_pk_restart_ctx;
-#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-/* Now we can declare functions that take a pointer to that */
-typedef void mbedtls_pk_restart_ctx;
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/**
- * \brief           Types for RSA-alt abstraction
- */
-typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
-                    const unsigned char *input, unsigned char *output,
-                    size_t output_max_len );
-typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                    int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
-                    const unsigned char *hash, unsigned char *sig );
-typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-/**
- * \brief           Return information associated with the given PK type
- *
- * \param pk_type   PK type to search for.
- *
- * \return          The PK info associated with the type or NULL if not found.
- */
-const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
-
-/**
- * \brief           Initialize a #mbedtls_pk_context (as NONE).
- *
- * \param ctx       The context to initialize.
- *                  This must not be \c NULL.
- */
-void mbedtls_pk_init( mbedtls_pk_context *ctx );
-
-/**
- * \brief           Free the components of a #mbedtls_pk_context.
- *
- * \param ctx       The context to clear. It must have been initialized.
- *                  If this is \c NULL, this function does nothing.
- *
- * \note            For contexts that have been set up with
- *                  mbedtls_pk_setup_opaque(), this does not free the underlying
- *                  PSA key and you still need to call psa_destroy_key()
- *                  independently if you want to destroy that key.
- */
-void mbedtls_pk_free( mbedtls_pk_context *ctx );
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief           Initialize a restart context
- *
- * \param ctx       The context to initialize.
- *                  This must not be \c NULL.
- */
-void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
-
-/**
- * \brief           Free the components of a restart context
- *
- * \param ctx       The context to clear. It must have been initialized.
- *                  If this is \c NULL, this function does nothing.
- */
-void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-/**
- * \brief           Initialize a PK context with the information given
- *                  and allocates the type-specific PK subcontext.
- *
- * \param ctx       Context to initialize. It must not have been set
- *                  up yet (type #MBEDTLS_PK_NONE).
- * \param info      Information to use
- *
- * \return          0 on success,
- *                  MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
- *                  MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
- *
- * \note            For contexts holding an RSA-alt key, use
- *                  \c mbedtls_pk_setup_rsa_alt() instead.
- */
-int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief           Initialize a PK context to wrap a PSA key.
- *
- * \note            This function replaces mbedtls_pk_setup() for contexts
- *                  that wrap a (possibly opaque) PSA key instead of
- *                  storing and manipulating the key material directly.
- *
- * \param ctx       The context to initialize. It must be empty (type NONE).
- * \param key       The PSA key to wrap, which must hold an ECC key pair
- *                  (see notes below).
- *
- * \note            The wrapped key must remain valid as long as the
- *                  wrapping PK context is in use, that is at least between
- *                  the point this function is called and the point
- *                  mbedtls_pk_free() is called on this context. The wrapped
- *                  key might then be independently used or destroyed.
- *
- * \note            This function is currently only available for ECC key
- *                  pairs (that is, ECC keys containing private key material).
- *                  Support for other key types may be added later.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input
- *                  (context already used, invalid key identifier).
- * \return          #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an
- *                  ECC key pair.
- * \return          #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
- */
-int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
-                             const psa_key_id_t key );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/**
- * \brief           Initialize an RSA-alt context
- *
- * \param ctx       Context to initialize. It must not have been set
- *                  up yet (type #MBEDTLS_PK_NONE).
- * \param key       RSA key pointer
- * \param decrypt_func  Decryption function
- * \param sign_func     Signing function
- * \param key_len_func  Function returning key length in bytes
- *
- * \return          0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
- *                  context wasn't already initialized as RSA_ALT.
- *
- * \note            This function replaces \c mbedtls_pk_setup() for RSA-alt.
- */
-int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
-                         mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
-                         mbedtls_pk_rsa_alt_sign_func sign_func,
-                         mbedtls_pk_rsa_alt_key_len_func key_len_func );
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-/**
- * \brief           Get the size in bits of the underlying key
- *
- * \param ctx       The context to query. It must have been initialized.
- *
- * \return          Key size in bits, or 0 on error
- */
-size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
-
-/**
- * \brief           Get the length in bytes of the underlying key
- *
- * \param ctx       The context to query. It must have been initialized.
- *
- * \return          Key length in bytes, or 0 on error
- */
-static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
-{
-    return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
-}
-
-/**
- * \brief           Tell if a context can do the operation given by type
- *
- * \param ctx       The context to query. It must have been initialized.
- * \param type      The desired type.
- *
- * \return          1 if the context can do operations on the given type.
- * \return          0 if the context cannot do the operations on the given
- *                  type. This is always the case for a context that has
- *                  been initialized but not set up, or that has been
- *                  cleared with mbedtls_pk_free().
- */
-int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
-
-/**
- * \brief           Verify signature (including padding if relevant).
- *
- * \param ctx       The PK context to use. It must have been set up.
- * \param md_alg    Hash algorithm used (see notes)
- * \param hash      Hash of the message to sign
- * \param hash_len  Hash length or 0 (see notes)
- * \param sig       Signature to verify
- * \param sig_len   Signature length
- *
- * \return          0 on success (signature is valid),
- *                  #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
- *                  signature in sig but its length is less than \p siglen,
- *                  or a specific error code.
- *
- * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
- *                  Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
- *                  to verify RSASSA_PSS signatures.
- *
- * \note            If hash_len is 0, then the length associated with md_alg
- *                  is used instead, or an error returned if it is invalid.
- *
- * \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
- */
-int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-               const unsigned char *hash, size_t hash_len,
-               const unsigned char *sig, size_t sig_len );
-
-/**
- * \brief           Restartable version of \c mbedtls_pk_verify()
- *
- * \note            Performs the same job as \c mbedtls_pk_verify(), but can
- *                  return early and restart according to the limit set with
- *                  \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
- *                  operations. For RSA, same as \c mbedtls_pk_verify().
- *
- * \param ctx       The PK context to use. It must have been set up.
- * \param md_alg    Hash algorithm used (see notes)
- * \param hash      Hash of the message to sign
- * \param hash_len  Hash length or 0 (see notes)
- * \param sig       Signature to verify
- * \param sig_len   Signature length
- * \param rs_ctx    Restart context (NULL to disable restart)
- *
- * \return          See \c mbedtls_pk_verify(), or
- * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
- */
-int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
-               mbedtls_md_type_t md_alg,
-               const unsigned char *hash, size_t hash_len,
-               const unsigned char *sig, size_t sig_len,
-               mbedtls_pk_restart_ctx *rs_ctx );
-
-/**
- * \brief           Verify signature, with options.
- *                  (Includes verification of the padding depending on type.)
- *
- * \param type      Signature type (inc. possible padding type) to verify
- * \param options   Pointer to type-specific options, or NULL
- * \param ctx       The PK context to use. It must have been set up.
- * \param md_alg    Hash algorithm used (see notes)
- * \param hash      Hash of the message to sign
- * \param hash_len  Hash length or 0 (see notes)
- * \param sig       Signature to verify
- * \param sig_len   Signature length
- *
- * \return          0 on success (signature is valid),
- *                  #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
- *                  used for this type of signatures,
- *                  #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
- *                  signature in sig but its length is less than \p siglen,
- *                  or a specific error code.
- *
- * \note            If hash_len is 0, then the length associated with md_alg
- *                  is used instead, or an error returned if it is invalid.
- *
- * \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
- *
- * \note            If type is MBEDTLS_PK_RSASSA_PSS, then options must point
- *                  to a mbedtls_pk_rsassa_pss_options structure,
- *                  otherwise it must be NULL.
- */
-int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
-                   mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   const unsigned char *sig, size_t sig_len );
-
-/**
- * \brief           Make signature, including padding if relevant.
- *
- * \param ctx       The PK context to use. It must have been set up
- *                  with a private key.
- * \param md_alg    Hash algorithm used (see notes)
- * \param hash      Hash of the message to sign
- * \param hash_len  Hash length or 0 (see notes)
- * \param sig       Place to write the signature.
- *                  It must have enough room for the signature.
- *                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
- *                  You may use a smaller buffer if it is large enough
- *                  given the key type.
- * \param sig_len   On successful return,
- *                  the number of bytes written to \p sig.
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
- *
- * \return          0 on success, or a specific error code.
- *
- * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
- *                  There is no interface in the PK module to make RSASSA-PSS
- *                  signatures yet.
- *
- * \note            If hash_len is 0, then the length associated with md_alg
- *                  is used instead, or an error returned if it is invalid.
- *
- * \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
- *                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
- */
-int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-             const unsigned char *hash, size_t hash_len,
-             unsigned char *sig, size_t *sig_len,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief           Restartable version of \c mbedtls_pk_sign()
- *
- * \note            Performs the same job as \c mbedtls_pk_sign(), but can
- *                  return early and restart according to the limit set with
- *                  \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
- *                  operations. For RSA, same as \c mbedtls_pk_sign().
- *
- * \param ctx       The PK context to use. It must have been set up
- *                  with a private key.
- * \param md_alg    Hash algorithm used (see notes for mbedtls_pk_sign())
- * \param hash      Hash of the message to sign
- * \param hash_len  Hash length or 0 (see notes for mbedtls_pk_sign())
- * \param sig       Place to write the signature.
- *                  It must have enough room for the signature.
- *                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
- *                  You may use a smaller buffer if it is large enough
- *                  given the key type.
- * \param sig_len   On successful return,
- *                  the number of bytes written to \p sig.
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
- * \param rs_ctx    Restart context (NULL to disable restart)
- *
- * \return          See \c mbedtls_pk_sign().
- * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
- */
-int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
-             mbedtls_md_type_t md_alg,
-             const unsigned char *hash, size_t hash_len,
-             unsigned char *sig, size_t *sig_len,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-             mbedtls_pk_restart_ctx *rs_ctx );
-
-/**
- * \brief           Decrypt message (including padding if relevant).
- *
- * \param ctx       The PK context to use. It must have been set up
- *                  with a private key.
- * \param input     Input to decrypt
- * \param ilen      Input size
- * \param output    Decrypted output
- * \param olen      Decrypted message length
- * \param osize     Size of the output buffer
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
- *
- * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
- *
- * \return          0 on success, or a specific error code.
- */
-int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output, size_t *olen, size_t osize,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief           Encrypt message (including padding if relevant).
- *
- * \param ctx       The PK context to use. It must have been set up.
- * \param input     Message to encrypt
- * \param ilen      Message size
- * \param output    Encrypted output
- * \param olen      Encrypted output length
- * \param osize     Size of the output buffer
- * \param f_rng     RNG function
- * \param p_rng     RNG parameter
- *
- * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
- *
- * \return          0 on success, or a specific error code.
- */
-int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output, size_t *olen, size_t osize,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-/**
- * \brief           Check if a public-private pair of keys matches.
- *
- * \param pub       Context holding a public key.
- * \param prv       Context holding a private (and public) key.
- *
- * \return          \c 0 on success (keys were checked and match each other).
- * \return          #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not
- *                  be checked - in that case they may or may not match.
- * \return          #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
- * \return          Another non-zero value if the keys do not match.
- */
-int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
-
-/**
- * \brief           Export debug information
- *
- * \param ctx       The PK context to use. It must have been initialized.
- * \param items     Place to write debug items
- *
- * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
- */
-int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
-
-/**
- * \brief           Access the type name
- *
- * \param ctx       The PK context to use. It must have been initialized.
- *
- * \return          Type name on success, or "invalid PK"
- */
-const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
-
-/**
- * \brief           Get the key type
- *
- * \param ctx       The PK context to use. It must have been initialized.
- *
- * \return          Type on success.
- * \return          #MBEDTLS_PK_NONE for a context that has not been set up.
- */
-mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
-
-#if defined(MBEDTLS_RSA_C)
-/**
- * Quick access to an RSA context inside a PK context.
- *
- * \warning This function can only be used when the type of the context, as
- * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_RSA.
- * Ensuring that is the caller's responsibility.
- * Alternatively, you can check whether this function returns NULL.
- *
- * \return The internal RSA context held by the PK context, or NULL.
- */
-static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
-{
-    switch( mbedtls_pk_get_type( &pk ) )
-    {
-        case MBEDTLS_PK_RSA:
-            return( (mbedtls_rsa_context *) (pk).pk_ctx );
-        default:
-            return( NULL );
-    }
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * Quick access to an EC context inside a PK context.
- *
- * \warning This function can only be used when the type of the context, as
- * returned by mbedtls_pk_get_type(), is #MBEDTLS_PK_ECKEY,
- * #MBEDTLS_PK_ECKEY_DH, or #MBEDTLS_PK_ECDSA.
- * Ensuring that is the caller's responsibility.
- * Alternatively, you can check whether this function returns NULL.
- *
- * \return The internal EC context held by the PK context, or NULL.
- */
-static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
-{
-    switch( mbedtls_pk_get_type( &pk ) )
-    {
-        case MBEDTLS_PK_ECKEY:
-        case MBEDTLS_PK_ECKEY_DH:
-        case MBEDTLS_PK_ECDSA:
-            return( (mbedtls_ecp_keypair *) (pk).pk_ctx );
-        default:
-            return( NULL );
-    }
-}
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_PK_PARSE_C)
-/** \ingroup pk_module */
-/**
- * \brief           Parse a private key in PEM or DER format
- *
- * \param ctx       The PK context to fill. It must have been initialized
- *                  but not set up.
- * \param key       Input buffer to parse.
- *                  The buffer must contain the input exactly, with no
- *                  extra trailing material. For PEM, the buffer must
- *                  contain a null-terminated string.
- * \param keylen    Size of \b key in bytes.
- *                  For PEM data, this includes the terminating null byte,
- *                  so \p keylen must be equal to `strlen(key) + 1`.
- * \param pwd       Optional password for decryption.
- *                  Pass \c NULL if expecting a non-encrypted key.
- *                  Pass a string of \p pwdlen bytes if expecting an encrypted
- *                  key; a non-encrypted key will also be accepted.
- *                  The empty password is not supported.
- * \param pwdlen    Size of the password in bytes.
- *                  Ignored if \p pwd is \c NULL.
- *
- * \note            On entry, ctx must be empty, either freshly initialised
- *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- *                  specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note            The key is also checked for correctness.
- *
- * \return          0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
-                  const unsigned char *key, size_t keylen,
-                  const unsigned char *pwd, size_t pwdlen );
-
-/** \ingroup pk_module */
-/**
- * \brief           Parse a public key in PEM or DER format
- *
- * \param ctx       The PK context to fill. It must have been initialized
- *                  but not set up.
- * \param key       Input buffer to parse.
- *                  The buffer must contain the input exactly, with no
- *                  extra trailing material. For PEM, the buffer must
- *                  contain a null-terminated string.
- * \param keylen    Size of \b key in bytes.
- *                  For PEM data, this includes the terminating null byte,
- *                  so \p keylen must be equal to `strlen(key) + 1`.
- *
- * \note            On entry, ctx must be empty, either freshly initialised
- *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- *                  specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note            The key is also checked for correctness.
- *
- * \return          0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
-                         const unsigned char *key, size_t keylen );
-
-#if defined(MBEDTLS_FS_IO)
-/** \ingroup pk_module */
-/**
- * \brief           Load and parse a private key
- *
- * \param ctx       The PK context to fill. It must have been initialized
- *                  but not set up.
- * \param path      filename to read the private key from
- * \param password  Optional password to decrypt the file.
- *                  Pass \c NULL if expecting a non-encrypted key.
- *                  Pass a null-terminated string if expecting an encrypted
- *                  key; a non-encrypted key will also be accepted.
- *                  The empty password is not supported.
- *
- * \note            On entry, ctx must be empty, either freshly initialised
- *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
- *                  specific key type, check the result with mbedtls_pk_can_do().
- *
- * \note            The key is also checked for correctness.
- *
- * \return          0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
-                      const char *path, const char *password );
-
-/** \ingroup pk_module */
-/**
- * \brief           Load and parse a public key
- *
- * \param ctx       The PK context to fill. It must have been initialized
- *                  but not set up.
- * \param path      filename to read the public key from
- *
- * \note            On entry, ctx must be empty, either freshly initialised
- *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If
- *                  you need a specific key type, check the result with
- *                  mbedtls_pk_can_do().
- *
- * \note            The key is also checked for correctness.
- *
- * \return          0 if successful, or a specific PK or PEM error code
- */
-int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_PK_PARSE_C */
-
-#if defined(MBEDTLS_PK_WRITE_C)
-/**
- * \brief           Write a private key to a PKCS#1 or SEC1 DER structure
- *                  Note: data is written at the end of the buffer! Use the
- *                        return value to determine where you should start
- *                        using the buffer
- *
- * \param ctx       PK context which must contain a valid private key.
- * \param buf       buffer to write to
- * \param size      size of the buffer
- *
- * \return          length of data written if successful, or a specific
- *                  error code
- */
-int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-/**
- * \brief           Write a public key to a SubjectPublicKeyInfo DER structure
- *                  Note: data is written at the end of the buffer! Use the
- *                        return value to determine where you should start
- *                        using the buffer
- *
- * \param ctx       PK context which must contain a valid public or private key.
- * \param buf       buffer to write to
- * \param size      size of the buffer
- *
- * \return          length of data written if successful, or a specific
- *                  error code
- */
-int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief           Write a public key to a PEM string
- *
- * \param ctx       PK context which must contain a valid public or private key.
- * \param buf       Buffer to write to. The output includes a
- *                  terminating null byte.
- * \param size      Size of the buffer in bytes.
- *
- * \return          0 if successful, or a specific error code
- */
-int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-
-/**
- * \brief           Write a private key to a PKCS#1 or SEC1 PEM string
- *
- * \param ctx       PK context which must contain a valid private key.
- * \param buf       Buffer to write to. The output includes a
- *                  terminating null byte.
- * \param size      Size of the buffer in bytes.
- *
- * \return          0 if successful, or a specific error code
- */
-int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-#endif /* MBEDTLS_PEM_WRITE_C */
-#endif /* MBEDTLS_PK_WRITE_C */
-
-/*
- * WARNING: Low-level functions. You probably do not want to use these unless
- *          you are certain you do ;)
- */
-
-#if defined(MBEDTLS_PK_PARSE_C)
-/**
- * \brief           Parse a SubjectPublicKeyInfo DER structure
- *
- * \param p         the position in the ASN.1 data
- * \param end       end of the buffer
- * \param pk        The PK context to fill. It must have been initialized
- *                  but not set up.
- *
- * \return          0 if successful, or a specific PK error code
- */
-int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
-                        mbedtls_pk_context *pk );
-#endif /* MBEDTLS_PK_PARSE_C */
-
-#if defined(MBEDTLS_PK_WRITE_C)
-/**
- * \brief           Write a subjectPublicKey to ASN.1 data
- *                  Note: function works backwards in data buffer
- *
- * \param p         reference to current position pointer
- * \param start     start of the buffer (for bounds-checking)
- * \param key       PK context which must contain a valid public or private key.
- *
- * \return          the length written or a negative error code
- */
-int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
-                     const mbedtls_pk_context *key );
-#endif /* MBEDTLS_PK_WRITE_C */
-
-/*
- * Internal module functions. You probably do not want to use these unless you
- * know you do.
- */
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief           Turn an EC key into an opaque one.
- *
- * \warning         This is a temporary utility function for tests. It might
- *                  change or be removed at any time without notice.
- *
- * \note            Only ECDSA keys are supported so far. Signing with the
- *                  specified hash is the only allowed use of that key.
- *
- * \param pk        Input: the EC key to import to a PSA key.
- *                  Output: a PK context wrapping that PSA key.
- * \param key       Output: a PSA key identifier.
- *                  It's the caller's responsibility to call
- *                  psa_destroy_key() on that key identifier after calling
- *                  mbedtls_pk_free() on the PK context.
- * \param hash_alg  The hash algorithm to allow for use with that key.
- *
- * \return          \c 0 if successful.
- * \return          An Mbed TLS error code otherwise.
- */
-int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
-                               psa_key_id_t *key,
-                               psa_algorithm_t hash_alg );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_PK_H */
diff --git a/Sources/mbedtls/include/mbedtls/pk_internal.h b/Sources/mbedtls/include/mbedtls/pk_internal.h
deleted file mode 100644
index 47f7767..0000000
--- a/Sources/mbedtls/include/mbedtls/pk_internal.h
+++ /dev/null
@@ -1,140 +0,0 @@
-/**
- * \file pk_internal.h
- *
- * \brief Public Key abstraction layer: wrapper functions
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_PK_WRAP_H
-#define MBEDTLS_PK_WRAP_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/pk.h"
-
-struct mbedtls_pk_info_t
-{
-    /** Public key type */
-    mbedtls_pk_type_t type;
-
-    /** Type name */
-    const char *name;
-
-    /** Get key size in bits */
-    size_t (*get_bitlen)( const void * );
-
-    /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
-    int (*can_do)( mbedtls_pk_type_t type );
-
-    /** Verify signature */
-    int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg,
-                        const unsigned char *hash, size_t hash_len,
-                        const unsigned char *sig, size_t sig_len );
-
-    /** Make signature */
-    int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg,
-                      const unsigned char *hash, size_t hash_len,
-                      unsigned char *sig, size_t *sig_len,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    /** Verify signature (restartable) */
-    int (*verify_rs_func)( void *ctx, mbedtls_md_type_t md_alg,
-                           const unsigned char *hash, size_t hash_len,
-                           const unsigned char *sig, size_t sig_len,
-                           void *rs_ctx );
-
-    /** Make signature (restartable) */
-    int (*sign_rs_func)( void *ctx, mbedtls_md_type_t md_alg,
-                         const unsigned char *hash, size_t hash_len,
-                         unsigned char *sig, size_t *sig_len,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng, void *rs_ctx );
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-    /** Decrypt message */
-    int (*decrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen, size_t osize,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng );
-
-    /** Encrypt message */
-    int (*encrypt_func)( void *ctx, const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen, size_t osize,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng );
-
-    /** Check public-private key pair */
-    int (*check_pair_func)( const void *pub, const void *prv );
-
-    /** Allocate a new context */
-    void * (*ctx_alloc_func)( void );
-
-    /** Free the given context */
-    void (*ctx_free_func)( void *ctx );
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    /** Allocate the restart context */
-    void * (*rs_alloc_func)( void );
-
-    /** Free the restart context */
-    void (*rs_free_func)( void *rs_ctx );
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-    /** Interface with the debug module */
-    void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
-
-};
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/* Container for RSA-alt */
-typedef struct
-{
-    void *key;
-    mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
-    mbedtls_pk_rsa_alt_sign_func sign_func;
-    mbedtls_pk_rsa_alt_key_len_func key_len_func;
-} mbedtls_rsa_alt_context;
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-extern const mbedtls_pk_info_t mbedtls_rsa_info;
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-extern const mbedtls_pk_info_t mbedtls_eckey_info;
-extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
-#endif
-
-#if defined(MBEDTLS_ECDSA_C)
-extern const mbedtls_pk_info_t mbedtls_ecdsa_info;
-#endif
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-extern const mbedtls_pk_info_t mbedtls_pk_opaque_info;
-#endif
-
-#endif /* MBEDTLS_PK_WRAP_H */
diff --git a/Sources/mbedtls/include/mbedtls/pkcs11.h b/Sources/mbedtls/include/mbedtls/pkcs11.h
deleted file mode 100644
index 3530ee1..0000000
--- a/Sources/mbedtls/include/mbedtls/pkcs11.h
+++ /dev/null
@@ -1,246 +0,0 @@
-/**
- * \file pkcs11.h
- *
- * \brief Wrapper for PKCS#11 library libpkcs11-helper
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_PKCS11_H
-#define MBEDTLS_PKCS11_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PKCS11_C)
-
-#include "mbedtls/x509_crt.h"
-
-#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-
-/**
- * Context for PKCS #11 private keys.
- */
-typedef struct mbedtls_pkcs11_context
-{
-        pkcs11h_certificate_t pkcs11h_cert;
-        int len;
-} mbedtls_pkcs11_context;
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-
-/**
- * Initialize a mbedtls_pkcs11_context.
- * (Just making memory references valid.)
- *
- * \deprecated          This function is deprecated and will be removed in a
- *                      future version of the library.
- */
-MBEDTLS_DEPRECATED void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
-
-/**
- * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
- *
- * \deprecated          This function is deprecated and will be removed in a
- *                      future version of the library.
- *
- * \param cert          X.509 certificate to fill
- * \param pkcs11h_cert  PKCS #11 helper certificate
- *
- * \return              0 on success.
- */
-MBEDTLS_DEPRECATED int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert,
-                                        pkcs11h_certificate_t pkcs11h_cert );
-
-/**
- * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the
- * mbedtls_pkcs11_context will take over control of the certificate, freeing it when
- * done.
- *
- * \deprecated          This function is deprecated and will be removed in a
- *                      future version of the library.
- *
- * \param priv_key      Private key structure to fill.
- * \param pkcs11_cert   PKCS #11 helper certificate
- *
- * \return              0 on success
- */
-MBEDTLS_DEPRECATED int mbedtls_pkcs11_priv_key_bind(
-                                        mbedtls_pkcs11_context *priv_key,
-                                        pkcs11h_certificate_t pkcs11_cert );
-
-/**
- * Free the contents of the given private key context. Note that the structure
- * itself is not freed.
- *
- * \deprecated          This function is deprecated and will be removed in a
- *                      future version of the library.
- *
- * \param priv_key      Private key structure to cleanup
- */
-MBEDTLS_DEPRECATED void mbedtls_pkcs11_priv_key_free(
-                                            mbedtls_pkcs11_context *priv_key );
-
-/**
- * \brief          Do an RSA private key decrypt, then remove the message
- *                 padding
- *
- * \deprecated     This function is deprecated and will be removed in a future
- *                 version of the library.
- *
- * \param ctx      PKCS #11 context
- * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
- * \param input    buffer holding the encrypted data
- * \param output   buffer that will hold the plaintext
- * \param olen     will contain the plaintext length
- * \param output_max_len    maximum length of the output buffer
- *
- * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note           The output buffer must be as large as the size
- *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
- *                 an error is thrown.
- */
-MBEDTLS_DEPRECATED int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
-                                               int mode, size_t *olen,
-                                               const unsigned char *input,
-                                               unsigned char *output,
-                                               size_t output_max_len );
-
-/**
- * \brief          Do a private RSA to sign a message digest
- *
- * \deprecated     This function is deprecated and will be removed in a future
- *                 version of the library.
- *
- * \param ctx      PKCS #11 context
- * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
- * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
- * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
- * \param hash     buffer holding the message digest
- * \param sig      buffer that will hold the ciphertext
- *
- * \return         0 if the signing operation was successful,
- *                 or an MBEDTLS_ERR_RSA_XXX error code
- *
- * \note           The "sig" buffer must be as large as the size
- *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
- */
-MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
-                                            int mode,
-                                            mbedtls_md_type_t md_alg,
-                                            unsigned int hashlen,
-                                            const unsigned char *hash,
-                                            unsigned char *sig );
-
-/**
- * SSL/TLS wrappers for PKCS#11 functions
- *
- * \deprecated     This function is deprecated and will be removed in a future
- *                 version of the library.
- */
-MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx,
-                            int mode, size_t *olen,
-                            const unsigned char *input, unsigned char *output,
-                            size_t output_max_len )
-{
-    return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
-                           output_max_len );
-}
-
-/**
- * \brief          This function signs a message digest using RSA.
- *
- * \deprecated     This function is deprecated and will be removed in a future
- *                 version of the library.
- *
- * \param ctx      The PKCS #11 context.
- * \param f_rng    The RNG function. This parameter is unused.
- * \param p_rng    The RNG context. This parameter is unused.
- * \param mode     The operation to run. This must be set to
- *                 MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's
- *                 signature.
- * \param md_alg   The message digest algorithm. One of the MBEDTLS_MD_XXX
- *                 must be passed to this function and MBEDTLS_MD_NONE can be
- *                 used for signing raw data.
- * \param hashlen  The message digest length (for MBEDTLS_MD_NONE only).
- * \param hash     The buffer holding the message digest.
- * \param sig      The buffer that will hold the ciphertext.
- *
- * \return         \c 0 if the signing operation was successful.
- * \return         A non-zero error code on failure.
- *
- * \note           The \p sig buffer must be as large as the size of
- *                 <code>ctx->N</code>. For example, 128 bytes if RSA-1024 is
- *                 used.
- */
-MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                    int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
-                    const unsigned char *hash, unsigned char *sig )
-{
-    ((void) f_rng);
-    ((void) p_rng);
-    return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg,
-                        hashlen, hash, sig );
-}
-
-/**
- * This function gets the length of the private key.
- *
- * \deprecated     This function is deprecated and will be removed in a future
- *                 version of the library.
- *
- * \param ctx      The PKCS #11 context.
- *
- * \return         The length of the private key.
- */
-MBEDTLS_DEPRECATED static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )
-{
-    return ( (mbedtls_pkcs11_context *) ctx )->len;
-}
-
-#undef MBEDTLS_DEPRECATED
-
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_PKCS11_C */
-
-#endif /* MBEDTLS_PKCS11_H */
diff --git a/Sources/mbedtls/include/mbedtls/pkcs12.h b/Sources/mbedtls/include/mbedtls/pkcs12.h
deleted file mode 100644
index d9e85b1..0000000
--- a/Sources/mbedtls/include/mbedtls/pkcs12.h
+++ /dev/null
@@ -1,140 +0,0 @@
-/**
- * \file pkcs12.h
- *
- * \brief PKCS#12 Personal Information Exchange Syntax
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_PKCS12_H
-#define MBEDTLS_PKCS12_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/md.h"
-#include "mbedtls/cipher.h"
-#include "mbedtls/asn1.h"
-
-#include <stddef.h>
-
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA                 -0x1F80
-/** Feature not available, e.g. unsupported encryption scheme. */
-#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE            -0x1F00
-/** PBE ASN.1 data not as expected. */
-#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT             -0x1E80
-/** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH              -0x1E00
-
-#define MBEDTLS_PKCS12_DERIVE_KEY       1   /**< encryption/decryption key */
-#define MBEDTLS_PKCS12_DERIVE_IV        2   /**< initialization vector     */
-#define MBEDTLS_PKCS12_DERIVE_MAC_KEY   3   /**< integrity / MAC key       */
-
-#define MBEDTLS_PKCS12_PBE_DECRYPT      0
-#define MBEDTLS_PKCS12_PBE_ENCRYPT      1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-
-/**
- * \brief            PKCS12 Password Based function (encryption / decryption)
- *                   for pbeWithSHAAnd128BitRC4
- *
- * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
- * \param mode       either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
- * \param pwd        the password used (may be NULL if no password is used)
- * \param pwdlen     length of the password (may be 0)
- * \param input      the input data
- * \param len        data length
- * \param output     the output buffer
- *
- * \return           0 if successful, or a MBEDTLS_ERR_XXX code
- */
-int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
-                             const unsigned char *pwd,  size_t pwdlen,
-                             const unsigned char *input, size_t len,
-                             unsigned char *output );
-
-/**
- * \brief            PKCS12 Password Based function (encryption / decryption)
- *                   for cipher-based and mbedtls_md-based PBE's
- *
- * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure
- * \param mode       either #MBEDTLS_PKCS12_PBE_ENCRYPT or
- *                   #MBEDTLS_PKCS12_PBE_DECRYPT
- * \param cipher_type the cipher used
- * \param md_type    the mbedtls_md used
- * \param pwd        Latin1-encoded password used. This may only be \c NULL when
- *                   \p pwdlen is 0. No null terminator should be used.
- * \param pwdlen     length of the password (may be 0)
- * \param input      the input data
- * \param len        data length
- * \param output     the output buffer
- *
- * \return           0 if successful, or a MBEDTLS_ERR_XXX code
- */
-int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
-                mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
-                const unsigned char *pwd,  size_t pwdlen,
-                const unsigned char *input, size_t len,
-                unsigned char *output );
-
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-/**
- * \brief            The PKCS#12 derivation function uses a password and a salt
- *                   to produce pseudo-random bits for a particular "purpose".
- *
- *                   Depending on the given id, this function can produce an
- *                   encryption/decryption key, an initialization vector or an
- *                   integrity key.
- *
- * \param data       buffer to store the derived data in
- * \param datalen    length of buffer to fill
- * \param pwd        The password to use. For compliance with PKCS#12 §B.1, this
- *                   should be a BMPString, i.e. a Unicode string where each
- *                   character is encoded as 2 bytes in big-endian order, with
- *                   no byte order mark and with a null terminator (i.e. the
- *                   last two bytes should be 0x00 0x00).
- * \param pwdlen     length of the password (may be 0).
- * \param salt       Salt buffer to use This may only be \c NULL when
- *                   \p saltlen is 0.
- * \param saltlen    length of the salt (may be zero)
- * \param mbedtls_md mbedtls_md type to use during the derivation
- * \param id         id that describes the purpose (can be
- *                   #MBEDTLS_PKCS12_DERIVE_KEY, #MBEDTLS_PKCS12_DERIVE_IV or
- *                   #MBEDTLS_PKCS12_DERIVE_MAC_KEY)
- * \param iterations number of iterations
- *
- * \return          0 if successful, or a MD, BIGNUM type error.
- */
-int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
-                       const unsigned char *pwd, size_t pwdlen,
-                       const unsigned char *salt, size_t saltlen,
-                       mbedtls_md_type_t mbedtls_md, int id, int iterations );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* pkcs12.h */
diff --git a/Sources/mbedtls/include/mbedtls/pkcs5.h b/Sources/mbedtls/include/mbedtls/pkcs5.h
deleted file mode 100644
index 696930f..0000000
--- a/Sources/mbedtls/include/mbedtls/pkcs5.h
+++ /dev/null
@@ -1,111 +0,0 @@
-/**
- * \file pkcs5.h
- *
- * \brief PKCS#5 functions
- *
- * \author Mathias Olsson <mathias@kompetensum.com>
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_PKCS5_H
-#define MBEDTLS_PKCS5_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/asn1.h"
-#include "mbedtls/md.h"
-
-#include <stddef.h>
-#include <stdint.h>
-
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA                  -0x2f80
-/** Unexpected ASN.1 data. */
-#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT                  -0x2f00
-/** Requested encryption or digest alg not available. */
-#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE             -0x2e80
-/** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH               -0x2e00
-
-#define MBEDTLS_PKCS5_DECRYPT      0
-#define MBEDTLS_PKCS5_ENCRYPT      1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-
-/**
- * \brief          PKCS#5 PBES2 function
- *
- * \param pbe_params the ASN.1 algorithm parameters
- * \param mode       either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
- * \param pwd        password to use when generating key
- * \param pwdlen     length of password
- * \param data       data to process
- * \param datalen    length of data
- * \param output     output buffer
- *
- * \returns        0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
- */
-int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
-                 const unsigned char *pwd,  size_t pwdlen,
-                 const unsigned char *data, size_t datalen,
-                 unsigned char *output );
-
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-/**
- * \brief          PKCS#5 PBKDF2 using HMAC
- *
- * \param ctx      Generic HMAC context
- * \param password Password to use when generating key
- * \param plen     Length of password
- * \param salt     Salt to use when generating key
- * \param slen     Length of salt
- * \param iteration_count       Iteration count
- * \param key_length            Length of generated key in bytes
- * \param output   Generated key. Must be at least as big as key_length
- *
- * \returns        0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
- */
-int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
-                       size_t plen, const unsigned char *salt, size_t slen,
-                       unsigned int iteration_count,
-                       uint32_t key_length, unsigned char *output );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_pkcs5_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* pkcs5.h */
diff --git a/Sources/mbedtls/include/mbedtls/platform.h b/Sources/mbedtls/include/mbedtls/platform.h
deleted file mode 100644
index eaf5122..0000000
--- a/Sources/mbedtls/include/mbedtls/platform.h
+++ /dev/null
@@ -1,428 +0,0 @@
-/**
- * \file platform.h
- *
- * \brief This file contains the definitions and functions of the
- *        Mbed TLS platform abstraction layer.
- *
- *        The platform abstraction layer removes the need for the library
- *        to directly link to standard C library functions or operating
- *        system services, making the library easier to port and embed.
- *        Application developers and users of the library can provide their own
- *        implementations of these functions, or implementations specific to
- *        their platform, which can be statically linked to the library or
- *        dynamically configured at runtime.
- *
- *        When all compilation options related to platform abstraction are
- *        disabled, this header just defines `mbedtls_xxx` function names
- *        as aliases to the standard `xxx` function.
- *
- *        Most modules in the library and example programs are expected to
- *        include this header.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_PLATFORM_H
-#define MBEDTLS_PLATFORM_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
-#endif
-
-/** Hardware accelerator failed */
-#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED     -0x0070
-/** The requested feature is not supported by the platform */
-#define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
-/* The older Microsoft Windows common runtime provides non-conforming
- * implementations of some standard library functions, including snprintf
- * and vsnprintf. This affects MSVC and MinGW builds.
- */
-#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
-#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF
-#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF
-#endif
-
-#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-#include <stdio.h>
-#include <stdlib.h>
-#if defined(MBEDTLS_HAVE_TIME)
-#include <time.h>
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
-#define MBEDTLS_PLATFORM_STD_SNPRINTF   mbedtls_platform_win32_snprintf /**< The default \c snprintf function to use.  */
-#else
-#define MBEDTLS_PLATFORM_STD_SNPRINTF   snprintf /**< The default \c snprintf function to use.  */
-#endif
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
-#define MBEDTLS_PLATFORM_STD_VSNPRINTF   mbedtls_platform_win32_vsnprintf /**< The default \c vsnprintf function to use.  */
-#else
-#define MBEDTLS_PLATFORM_STD_VSNPRINTF   vsnprintf /**< The default \c vsnprintf function to use.  */
-#endif
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
-#define MBEDTLS_PLATFORM_STD_PRINTF   printf /**< The default \c printf function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
-#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< The default \c fprintf function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
-#define MBEDTLS_PLATFORM_STD_CALLOC   calloc /**< The default \c calloc function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_FREE)
-#define MBEDTLS_PLATFORM_STD_FREE       free /**< The default \c free function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
-#define MBEDTLS_PLATFORM_STD_EXIT      exit /**< The default \c exit function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_TIME)
-#define MBEDTLS_PLATFORM_STD_TIME       time    /**< The default \c time function to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
-#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS  EXIT_SUCCESS /**< The default exit value to use. */
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
-#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE  EXIT_FAILURE /**< The default exit value to use. */
-#endif
-#if defined(MBEDTLS_FS_IO)
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   mbedtls_platform_std_nv_seed_read
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE  mbedtls_platform_std_nv_seed_write
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE   "seedfile"
-#endif
-#endif /* MBEDTLS_FS_IO */
-#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
-#include MBEDTLS_PLATFORM_STD_MEM_HDR
-#endif
-#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-
-
-/** \} name SECTION: Module settings */
-
-/*
- * The function pointers for calloc and free.
- */
-#if defined(MBEDTLS_PLATFORM_MEMORY)
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
-    defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
-#define mbedtls_free       MBEDTLS_PLATFORM_FREE_MACRO
-#define mbedtls_calloc     MBEDTLS_PLATFORM_CALLOC_MACRO
-#else
-/* For size_t */
-#include <stddef.h>
-extern void *mbedtls_calloc( size_t n, size_t size );
-extern void mbedtls_free( void *ptr );
-
-/**
- * \brief               This function dynamically sets the memory-management
- *                      functions used by the library, during runtime.
- *
- * \param calloc_func   The \c calloc function implementation.
- * \param free_func     The \c free function implementation.
- *
- * \return              \c 0.
- */
-int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
-                              void (*free_func)( void * ) );
-#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
-#else /* !MBEDTLS_PLATFORM_MEMORY */
-#define mbedtls_free       free
-#define mbedtls_calloc     calloc
-#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
-
-/*
- * The function pointers for fprintf
- */
-#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-/* We need FILE * */
-#include <stdio.h>
-extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
-
-/**
- * \brief                This function dynamically configures the fprintf
- *                       function that is called when the
- *                       mbedtls_fprintf() function is invoked by the library.
- *
- * \param fprintf_func   The \c fprintf function implementation.
- *
- * \return               \c 0.
- */
-int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
-                                               ... ) );
-#else
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
-#define mbedtls_fprintf    MBEDTLS_PLATFORM_FPRINTF_MACRO
-#else
-#define mbedtls_fprintf    fprintf
-#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
-
-/*
- * The function pointers for printf
- */
-#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-extern int (*mbedtls_printf)( const char *format, ... );
-
-/**
- * \brief               This function dynamically configures the snprintf
- *                      function that is called when the mbedtls_snprintf()
- *                      function is invoked by the library.
- *
- * \param printf_func   The \c printf function implementation.
- *
- * \return              \c 0 on success.
- */
-int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
-#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
-#define mbedtls_printf     MBEDTLS_PLATFORM_PRINTF_MACRO
-#else
-#define mbedtls_printf     printf
-#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
-
-/*
- * The function pointers for snprintf
- *
- * The snprintf implementation should conform to C99:
- * - it *must* always correctly zero-terminate the buffer
- *   (except when n == 0, then it must leave the buffer untouched)
- * - however it is acceptable to return -1 instead of the required length when
- *   the destination buffer is too short.
- */
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
-/* For Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
-
-/**
- * \brief                 This function allows configuring a custom
- *                        \c snprintf function pointer.
- *
- * \param snprintf_func   The \c snprintf function implementation.
- *
- * \return                \c 0 on success.
- */
-int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
-                                                 const char * format, ... ) );
-#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
-#define mbedtls_snprintf   MBEDTLS_PLATFORM_SNPRINTF_MACRO
-#else
-#define mbedtls_snprintf   MBEDTLS_PLATFORM_STD_SNPRINTF
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-
-/*
- * The function pointers for vsnprintf
- *
- * The vsnprintf implementation should conform to C99:
- * - it *must* always correctly zero-terminate the buffer
- *   (except when n == 0, then it must leave the buffer untouched)
- * - however it is acceptable to return -1 instead of the required length when
- *   the destination buffer is too short.
- */
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
-#include <stdarg.h>
-/* For Older Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg );
-#endif
-
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
-#include <stdarg.h>
-extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_list arg );
-
-/**
- * \brief   Set your own snprintf function pointer
- *
- * \param   vsnprintf_func   The \c vsnprintf function implementation
- *
- * \return  \c 0
- */
-int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
-                                                 const char * format, va_list arg ) );
-#else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
-#define mbedtls_vsnprintf   MBEDTLS_PLATFORM_VSNPRINTF_MACRO
-#else
-#define mbedtls_vsnprintf   vsnprintf
-#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
-#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
-
-/*
- * The function pointers for exit
- */
-#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
-extern void (*mbedtls_exit)( int status );
-
-/**
- * \brief             This function dynamically configures the exit
- *                    function that is called when the mbedtls_exit()
- *                    function is invoked by the library.
- *
- * \param exit_func   The \c exit function implementation.
- *
- * \return            \c 0 on success.
- */
-int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
-#else
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
-#define mbedtls_exit   MBEDTLS_PLATFORM_EXIT_MACRO
-#else
-#define mbedtls_exit   exit
-#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
-#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
-
-/*
- * The default exit values
- */
-#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
-#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
-#else
-#define MBEDTLS_EXIT_SUCCESS 0
-#endif
-#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
-#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
-#else
-#define MBEDTLS_EXIT_FAILURE 1
-#endif
-
-/*
- * The function pointers for reading from and writing a seed file to
- * Non-Volatile storage (NV) in a platform-independent way
- *
- * Only enabled when the NV seed entropy source is enabled
- */
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
-/* Internal standard platform definitions */
-int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len );
-int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len );
-#endif
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
-extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
-
-/**
- * \brief   This function allows configuring custom seed file writing and
- *          reading functions.
- *
- * \param   nv_seed_read_func   The seed reading function implementation.
- * \param   nv_seed_write_func  The seed writing function implementation.
- *
- * \return  \c 0 on success.
- */
-int mbedtls_platform_set_nv_seed(
-            int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
-            int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len )
-            );
-#else
-#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
-    defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
-#define mbedtls_nv_seed_read    MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
-#define mbedtls_nv_seed_write   MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
-#else
-#define mbedtls_nv_seed_read    mbedtls_platform_std_nv_seed_read
-#define mbedtls_nv_seed_write   mbedtls_platform_std_nv_seed_write
-#endif
-#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
-
-/**
- * \brief   The platform context structure.
- *
- * \note    This structure may be used to assist platform-specific
- *          setup or teardown operations.
- */
-typedef struct mbedtls_platform_context
-{
-    char dummy; /**< A placeholder member, as empty structs are not portable. */
-}
-mbedtls_platform_context;
-
-#else
-#include "platform_alt.h"
-#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
-
-/**
- * \brief   This function performs any platform-specific initialization
- *          operations.
- *
- * \note    This function should be called before any other library functions.
- *
- *          Its implementation is platform-specific, and unless
- *          platform-specific code is provided, it does nothing.
- *
- * \note    The usage and necessity of this function is dependent on the platform.
- *
- * \param   ctx     The platform context.
- *
- * \return  \c 0 on success.
- */
-int mbedtls_platform_setup( mbedtls_platform_context *ctx );
-/**
- * \brief   This function performs any platform teardown operations.
- *
- * \note    This function should be called after every other Mbed TLS module
- *          has been correctly freed using the appropriate free function.
- *
- *          Its implementation is platform-specific, and unless
- *          platform-specific code is provided, it does nothing.
- *
- * \note    The usage and necessity of this function is dependent on the platform.
- *
- * \param   ctx     The platform context.
- *
- */
-void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* platform.h */
diff --git a/Sources/mbedtls/include/mbedtls/platform_time.h b/Sources/mbedtls/include/mbedtls/platform_time.h
deleted file mode 100644
index 9405571..0000000
--- a/Sources/mbedtls/include/mbedtls/platform_time.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/**
- * \file platform_time.h
- *
- * \brief mbed TLS Platform time abstraction
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_PLATFORM_TIME_H
-#define MBEDTLS_PLATFORM_TIME_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * The time_t datatype
- */
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
-typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
-#else
-/* For time_t */
-#include <time.h>
-typedef time_t mbedtls_time_t;
-#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
-
-/*
- * The function pointers for time
- */
-#if defined(MBEDTLS_PLATFORM_TIME_ALT)
-extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
-
-/**
- * \brief   Set your own time function pointer
- *
- * \param   time_func   the time function implementation
- *
- * \return              0
- */
-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
-#else
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
-#define mbedtls_time    MBEDTLS_PLATFORM_TIME_MACRO
-#else
-#define mbedtls_time   time
-#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
-#endif /* MBEDTLS_PLATFORM_TIME_ALT */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* platform_time.h */
diff --git a/Sources/mbedtls/include/mbedtls/platform_util.h b/Sources/mbedtls/include/mbedtls/platform_util.h
deleted file mode 100644
index cd112ab..0000000
--- a/Sources/mbedtls/include/mbedtls/platform_util.h
+++ /dev/null
@@ -1,283 +0,0 @@
-/**
- * \file platform_util.h
- *
- * \brief Common and shared functions used by multiple modules in the Mbed TLS
- *        library.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_PLATFORM_UTIL_H
-#define MBEDTLS_PLATFORM_UTIL_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-#include "mbedtls/platform_time.h"
-#include <time.h>
-#endif /* MBEDTLS_HAVE_TIME_DATE */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_CHECK_PARAMS)
-
-#if defined(MBEDTLS_CHECK_PARAMS_ASSERT)
-/* Allow the user to define MBEDTLS_PARAM_FAILED to something like assert
- * (which is what our config.h suggests). */
-#include <assert.h>
-#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */
-
-#if defined(MBEDTLS_PARAM_FAILED)
-/** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h.
- *
- * This flag can be used to check whether it is safe to assume that
- * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed().
- */
-#define MBEDTLS_PARAM_FAILED_ALT
-
-#elif defined(MBEDTLS_CHECK_PARAMS_ASSERT)
-#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
-#define MBEDTLS_PARAM_FAILED_ALT
-
-#else /* MBEDTLS_PARAM_FAILED */
-#define MBEDTLS_PARAM_FAILED( cond ) \
-    mbedtls_param_failed( #cond, __FILE__, __LINE__ )
-
-/**
- * \brief       User supplied callback function for parameter validation failure.
- *              See #MBEDTLS_CHECK_PARAMS for context.
- *
- *              This function will be called unless an alternative treatment
- *              is defined through the #MBEDTLS_PARAM_FAILED macro.
- *
- *              This function can return, and the operation will be aborted, or
- *              alternatively, through use of setjmp()/longjmp() can resume
- *              execution in the application code.
- *
- * \param failure_condition The assertion that didn't hold.
- * \param file  The file where the assertion failed.
- * \param line  The line in the file where the assertion failed.
- */
-void mbedtls_param_failed( const char *failure_condition,
-                           const char *file,
-                           int line );
-#endif /* MBEDTLS_PARAM_FAILED */
-
-/* Internal macro meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret )  \
-    do {                                            \
-        if( !(cond) )                               \
-        {                                           \
-            MBEDTLS_PARAM_FAILED( cond );           \
-            return( ret );                          \
-        }                                           \
-    } while( 0 )
-
-/* Internal macro meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE( cond )           \
-    do {                                            \
-        if( !(cond) )                               \
-        {                                           \
-            MBEDTLS_PARAM_FAILED( cond );           \
-            return;                                 \
-        }                                           \
-    } while( 0 )
-
-#else /* MBEDTLS_CHECK_PARAMS */
-
-/* Internal macros meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret )  do { } while( 0 )
-#define MBEDTLS_INTERNAL_VALIDATE( cond )           do { } while( 0 )
-
-#endif /* MBEDTLS_CHECK_PARAMS */
-
-/* Internal helper macros for deprecating API constants. */
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
- * to avoid conflict with other headers which define and use
- * it, too. We might want to move all these definitions here at
- * some point for uniformity. */
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL )       \
-    ( (mbedtls_deprecated_string_constant_t) ( VAL ) )
-MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
-#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL )       \
-    ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
-#undef MBEDTLS_DEPRECATED
-#else /* MBEDTLS_DEPRECATED_WARNING */
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
-#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
-#endif /* MBEDTLS_DEPRECATED_WARNING */
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/* Implementation of the check-return facility.
- * See the user documentation in config.h.
- *
- * Do not use this macro directly to annotate function: instead,
- * use one of MBEDTLS_CHECK_RETURN_CRITICAL or MBEDTLS_CHECK_RETURN_TYPICAL
- * depending on how important it is to check the return value.
- */
-#if !defined(MBEDTLS_CHECK_RETURN)
-#if defined(__GNUC__)
-#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
-#elif defined(_MSC_VER) && _MSC_VER >= 1700
-#include <sal.h>
-#define MBEDTLS_CHECK_RETURN _Check_return_
-#else
-#define MBEDTLS_CHECK_RETURN
-#endif
-#endif
-
-/** Critical-failure function
- *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that its return value should be checked in all applications.
- * Omitting the check is very likely to indicate a bug in the application
- * and will result in a compile-time warning if #MBEDTLS_CHECK_RETURN
- * is implemented for the compiler in use.
- *
- * \note  The use of this macro is a work in progress.
- *        This macro may be added to more functions in the future.
- *        Such an extension is not considered an API break, provided that
- *        there are near-unavoidable circumstances under which the function
- *        can fail. For example, signature/MAC/AEAD verification functions,
- *        and functions that require a random generator, are considered
- *        return-check-critical.
- */
-#define MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN
-
-/** Ordinary-failure function
- *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that its return value should be generally be checked in portable
- * applications. Omitting the check will result in a compile-time warning if
- * #MBEDTLS_CHECK_RETURN is implemented for the compiler in use and
- * #MBEDTLS_CHECK_RETURN_WARNING is enabled in the compile-time configuration.
- *
- * You can use #MBEDTLS_IGNORE_RETURN to explicitly ignore the return value
- * of a function that is annotated with #MBEDTLS_CHECK_RETURN.
- *
- * \note  The use of this macro is a work in progress.
- *        This macro will be added to more functions in the future.
- *        Eventually this should appear before most functions returning
- *        an error code (as \c int in the \c mbedtls_xxx API or
- *        as ::psa_status_t in the \c psa_xxx API).
- */
-#if defined(MBEDTLS_CHECK_RETURN_WARNING)
-#define MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN
-#else
-#define MBEDTLS_CHECK_RETURN_TYPICAL
-#endif
-
-/** Benign-failure function
- *
- * This macro appearing at the beginning of the declaration of a function
- * indicates that it is rarely useful to check its return value.
- *
- * This macro has an empty expansion. It exists for documentation purposes:
- * a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function
- * has been analyzed for return-check usefulness, whereas the lack of
- * an annotation indicates that the function has not been analyzed and its
- * return-check usefulness is unknown.
- */
-#define MBEDTLS_CHECK_RETURN_OPTIONAL
-
-/** \def MBEDTLS_IGNORE_RETURN
- *
- * Call this macro with one argument, a function call, to suppress a warning
- * from #MBEDTLS_CHECK_RETURN due to that function call.
- */
-#if !defined(MBEDTLS_IGNORE_RETURN)
-/* GCC doesn't silence the warning with just (void)(result).
- * (void)!(result) is known to work up at least up to GCC 10, as well
- * as with Clang and MSVC.
- *
- * https://gcc.gnu.org/onlinedocs/gcc-3.4.6/gcc/Non_002dbugs.html
- * https://stackoverflow.com/questions/40576003/ignoring-warning-wunused-result
- * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425#c34
- */
-#define MBEDTLS_IGNORE_RETURN(result) ( (void) !( result ) )
-#endif
-
-/**
- * \brief       Securely zeroize a buffer
- *
- *              The function is meant to wipe the data contained in a buffer so
- *              that it can no longer be recovered even if the program memory
- *              is later compromised. Call this function on sensitive data
- *              stored on the stack before returning from a function, and on
- *              sensitive data stored on the heap before freeing the heap
- *              object.
- *
- *              It is extremely difficult to guarantee that calls to
- *              mbedtls_platform_zeroize() are not removed by aggressive
- *              compiler optimizations in a portable way. For this reason, Mbed
- *              TLS provides the configuration option
- *              MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
- *              mbedtls_platform_zeroize() to use a suitable implementation for
- *              their platform and needs
- *
- * \param buf   Buffer to be zeroized
- * \param len   Length of the buffer in bytes
- *
- */
-void mbedtls_platform_zeroize( void *buf, size_t len );
-
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-/**
- * \brief      Platform-specific implementation of gmtime_r()
- *
- *             The function is a thread-safe abstraction that behaves
- *             similarly to the gmtime_r() function from Unix/POSIX.
- *
- *             Mbed TLS will try to identify the underlying platform and
- *             make use of an appropriate underlying implementation (e.g.
- *             gmtime_r() for POSIX and gmtime_s() for Windows). If this is
- *             not possible, then gmtime() will be used. In this case, calls
- *             from the library to gmtime() will be guarded by the mutex
- *             mbedtls_threading_gmtime_mutex if MBEDTLS_THREADING_C is
- *             enabled. It is recommended that calls from outside the library
- *             are also guarded by this mutex.
- *
- *             If MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, then Mbed TLS will
- *             unconditionally use the alternative implementation for
- *             mbedtls_platform_gmtime_r() supplied by the user at compile time.
- *
- * \param tt     Pointer to an object containing time (in seconds) since the
- *               epoch to be converted
- * \param tm_buf Pointer to an object where the results will be stored
- *
- * \return      Pointer to an object of type struct tm on success, otherwise
- *              NULL
- */
-struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
-                                      struct tm *tm_buf );
-#endif /* MBEDTLS_HAVE_TIME_DATE */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_PLATFORM_UTIL_H */
diff --git a/Sources/mbedtls/include/mbedtls/poly1305.h b/Sources/mbedtls/include/mbedtls/poly1305.h
deleted file mode 100644
index a69ede9..0000000
--- a/Sources/mbedtls/include/mbedtls/poly1305.h
+++ /dev/null
@@ -1,194 +0,0 @@
-/**
- * \file poly1305.h
- *
- * \brief   This file contains Poly1305 definitions and functions.
- *
- *          Poly1305 is a one-time message authenticator that can be used to
- *          authenticate messages. Poly1305-AES was created by Daniel
- *          Bernstein https://cr.yp.to/mac/poly1305-20050329.pdf The generic
- *          Poly1305 algorithm (not tied to AES) was also standardized in RFC
- *          7539.
- *
- * \author Daniel King <damaki.gh@gmail.com>
- */
-
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_POLY1305_H
-#define MBEDTLS_POLY1305_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stdint.h>
-#include <stddef.h>
-
-/** Invalid input parameter(s). */
-#define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA         -0x0057
-
-/* MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE is deprecated and should not be
- * used. */
-/** Feature not available. For example, s part of the API is not implemented. */
-#define MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE    -0x0059
-
-/* MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED is deprecated and should not be used.
- */
-/** Poly1305 hardware accelerator failed. */
-#define MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED        -0x005B
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_POLY1305_ALT)
-
-typedef struct mbedtls_poly1305_context
-{
-    uint32_t r[4];      /** The value for 'r' (low 128 bits of the key). */
-    uint32_t s[4];      /** The value for 's' (high 128 bits of the key). */
-    uint32_t acc[5];    /** The accumulator number. */
-    uint8_t queue[16];  /** The current partial block of data. */
-    size_t queue_len;   /** The number of bytes stored in 'queue'. */
-}
-mbedtls_poly1305_context;
-
-#else  /* MBEDTLS_POLY1305_ALT */
-#include "poly1305_alt.h"
-#endif /* MBEDTLS_POLY1305_ALT */
-
-/**
- * \brief           This function initializes the specified Poly1305 context.
- *
- *                  It must be the first API called before using
- *                  the context.
- *
- *                  It is usually followed by a call to
- *                  \c mbedtls_poly1305_starts(), then one or more calls to
- *                  \c mbedtls_poly1305_update(), then one call to
- *                  \c mbedtls_poly1305_finish(), then finally
- *                  \c mbedtls_poly1305_free().
- *
- * \param ctx       The Poly1305 context to initialize. This must
- *                  not be \c NULL.
- */
-void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
-
-/**
- * \brief           This function releases and clears the specified
- *                  Poly1305 context.
- *
- * \param ctx       The Poly1305 context to clear. This may be \c NULL, in which
- *                  case this function is a no-op. If it is not \c NULL, it must
- *                  point to an initialized Poly1305 context.
- */
-void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
-
-/**
- * \brief           This function sets the one-time authentication key.
- *
- * \warning         The key must be unique and unpredictable for each
- *                  invocation of Poly1305.
- *
- * \param ctx       The Poly1305 context to which the key should be bound.
- *                  This must be initialized.
- * \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
- *
- * \return          \c 0 on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
-                             const unsigned char key[32] );
-
-/**
- * \brief           This functions feeds an input buffer into an ongoing
- *                  Poly1305 computation.
- *
- *                  It is called between \c mbedtls_cipher_poly1305_starts() and
- *                  \c mbedtls_cipher_poly1305_finish().
- *                  It can be called repeatedly to process a stream of data.
- *
- * \param ctx       The Poly1305 context to use for the Poly1305 operation.
- *                  This must be initialized and bound to a key.
- * \param ilen      The length of the input data in Bytes.
- *                  Any value is accepted.
- * \param input     The buffer holding the input data.
- *                  This pointer can be \c NULL if `ilen == 0`.
- *
- * \return          \c 0 on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
-                             const unsigned char *input,
-                             size_t ilen );
-
-/**
- * \brief           This function generates the Poly1305 Message
- *                  Authentication Code (MAC).
- *
- * \param ctx       The Poly1305 context to use for the Poly1305 operation.
- *                  This must be initialized and bound to a key.
- * \param mac       The buffer to where the MAC is written. This must
- *                  be a writable buffer of length \c 16 Bytes.
- *
- * \return          \c 0 on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
-                             unsigned char mac[16] );
-
-/**
- * \brief           This function calculates the Poly1305 MAC of the input
- *                  buffer with the provided key.
- *
- * \warning         The key must be unique and unpredictable for each
- *                  invocation of Poly1305.
- *
- * \param key       The buffer containing the \c 32 Byte (\c 256 Bit) key.
- * \param ilen      The length of the input data in Bytes.
- *                  Any value is accepted.
- * \param input     The buffer holding the input data.
- *                  This pointer can be \c NULL if `ilen == 0`.
- * \param mac       The buffer to where the MAC is written. This must be
- *                  a writable buffer of length \c 16 Bytes.
- *
- * \return          \c 0 on success.
- * \return          A negative error code on failure.
- */
-int mbedtls_poly1305_mac( const unsigned char key[32],
-                          const unsigned char *input,
-                          size_t ilen,
-                          unsigned char mac[16] );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief           The Poly1305 checkup routine.
- *
- * \return          \c 0 on success.
- * \return          \c 1 on failure.
- */
-int mbedtls_poly1305_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_POLY1305_H */
diff --git a/Sources/mbedtls/include/mbedtls/psa_util.h b/Sources/mbedtls/include/mbedtls/psa_util.h
deleted file mode 100644
index af7a809..0000000
--- a/Sources/mbedtls/include/mbedtls/psa_util.h
+++ /dev/null
@@ -1,512 +0,0 @@
-/**
- * \file psa_util.h
- *
- * \brief Utility functions for the use of the PSA Crypto library.
- *
- * \warning This function is not part of the public API and may
- *          change at any time.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_PSA_UTIL_H
-#define MBEDTLS_PSA_UTIL_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-
-#include "psa/crypto.h"
-
-#include "mbedtls/ecp.h"
-#include "mbedtls/md.h"
-#include "mbedtls/pk.h"
-#include "mbedtls/oid.h"
-
-#include <string.h>
-
-/* Translations for symmetric crypto. */
-
-static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
-    mbedtls_cipher_type_t cipher )
-{
-    switch( cipher )
-    {
-        case MBEDTLS_CIPHER_AES_128_CCM:
-        case MBEDTLS_CIPHER_AES_192_CCM:
-        case MBEDTLS_CIPHER_AES_256_CCM:
-        case MBEDTLS_CIPHER_AES_128_GCM:
-        case MBEDTLS_CIPHER_AES_192_GCM:
-        case MBEDTLS_CIPHER_AES_256_GCM:
-        case MBEDTLS_CIPHER_AES_128_CBC:
-        case MBEDTLS_CIPHER_AES_192_CBC:
-        case MBEDTLS_CIPHER_AES_256_CBC:
-        case MBEDTLS_CIPHER_AES_128_ECB:
-        case MBEDTLS_CIPHER_AES_192_ECB:
-        case MBEDTLS_CIPHER_AES_256_ECB:
-            return( PSA_KEY_TYPE_AES );
-
-        /* ARIA not yet supported in PSA. */
-        /* case MBEDTLS_CIPHER_ARIA_128_CCM:
-           case MBEDTLS_CIPHER_ARIA_192_CCM:
-           case MBEDTLS_CIPHER_ARIA_256_CCM:
-           case MBEDTLS_CIPHER_ARIA_128_GCM:
-           case MBEDTLS_CIPHER_ARIA_192_GCM:
-           case MBEDTLS_CIPHER_ARIA_256_GCM:
-           case MBEDTLS_CIPHER_ARIA_128_CBC:
-           case MBEDTLS_CIPHER_ARIA_192_CBC:
-           case MBEDTLS_CIPHER_ARIA_256_CBC:
-               return( PSA_KEY_TYPE_ARIA ); */
-
-        default:
-            return( 0 );
-    }
-}
-
-static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
-    mbedtls_cipher_mode_t mode, size_t taglen )
-{
-    switch( mode )
-    {
-        case MBEDTLS_MODE_ECB:
-            return( PSA_ALG_ECB_NO_PADDING );
-        case MBEDTLS_MODE_GCM:
-            return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) );
-        case MBEDTLS_MODE_CCM:
-            return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) );
-        case MBEDTLS_MODE_CBC:
-            if( taglen == 0 )
-                return( PSA_ALG_CBC_NO_PADDING );
-            else
-                return( 0 );
-        default:
-            return( 0 );
-    }
-}
-
-static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
-    mbedtls_operation_t op )
-{
-    switch( op )
-    {
-        case MBEDTLS_ENCRYPT:
-            return( PSA_KEY_USAGE_ENCRYPT );
-        case MBEDTLS_DECRYPT:
-            return( PSA_KEY_USAGE_DECRYPT );
-        default:
-            return( 0 );
-    }
-}
-
-/* Translations for hashing. */
-
-static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg )
-{
-    switch( md_alg )
-    {
-#if defined(MBEDTLS_MD2_C)
-    case MBEDTLS_MD_MD2:
-        return( PSA_ALG_MD2 );
-#endif
-#if defined(MBEDTLS_MD4_C)
-    case MBEDTLS_MD_MD4:
-        return( PSA_ALG_MD4 );
-#endif
-#if defined(MBEDTLS_MD5_C)
-    case MBEDTLS_MD_MD5:
-        return( PSA_ALG_MD5 );
-#endif
-#if defined(MBEDTLS_SHA1_C)
-    case MBEDTLS_MD_SHA1:
-        return( PSA_ALG_SHA_1 );
-#endif
-#if defined(MBEDTLS_SHA256_C)
-    case MBEDTLS_MD_SHA224:
-        return( PSA_ALG_SHA_224 );
-    case MBEDTLS_MD_SHA256:
-        return( PSA_ALG_SHA_256 );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-    case MBEDTLS_MD_SHA384:
-        return( PSA_ALG_SHA_384 );
-    case MBEDTLS_MD_SHA512:
-        return( PSA_ALG_SHA_512 );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-    case MBEDTLS_MD_RIPEMD160:
-        return( PSA_ALG_RIPEMD160 );
-#endif
-    case MBEDTLS_MD_NONE:
-        return( 0 );
-    default:
-        return( 0 );
-    }
-}
-
-/* Translations for ECC. */
-
-static inline int mbedtls_psa_get_ecc_oid_from_id(
-    psa_ecc_family_t curve, size_t bits,
-    char const **oid, size_t *oid_len )
-{
-    switch( curve )
-    {
-        case PSA_ECC_FAMILY_SECP_R1:
-            switch( bits )
-            {
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-                case 192:
-                    *oid = MBEDTLS_OID_EC_GRP_SECP192R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
-                    return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-                case 224:
-                    *oid = MBEDTLS_OID_EC_GRP_SECP224R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
-                    return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-                case 256:
-                    *oid = MBEDTLS_OID_EC_GRP_SECP256R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
-                    return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-                case 384:
-                    *oid = MBEDTLS_OID_EC_GRP_SECP384R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
-                    return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-                case 521:
-                    *oid = MBEDTLS_OID_EC_GRP_SECP521R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
-                    return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-            }
-            break;
-        case PSA_ECC_FAMILY_SECP_K1:
-            switch( bits )
-            {
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-                case 192:
-                    *oid = MBEDTLS_OID_EC_GRP_SECP192K1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
-                    return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-                case 224:
-                    *oid = MBEDTLS_OID_EC_GRP_SECP224K1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
-                    return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-                case 256:
-                    *oid = MBEDTLS_OID_EC_GRP_SECP256K1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
-                    return( 0 );
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-            }
-            break;
-        case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
-            switch( bits )
-            {
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-                case 256:
-                    *oid = MBEDTLS_OID_EC_GRP_BP256R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
-                    return( 0 );
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-                case 384:
-                    *oid = MBEDTLS_OID_EC_GRP_BP384R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
-                    return( 0 );
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-                case 512:
-                    *oid = MBEDTLS_OID_EC_GRP_BP512R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
-                    return( 0 );
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-            }
-            break;
-    }
-    (void) oid;
-    (void) oid_len;
-    return( -1 );
-}
-
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
-
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-
-
-/* Translations for PK layer */
-
-static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
-{
-    switch( status )
-    {
-        case PSA_SUCCESS:
-            return( 0 );
-        case PSA_ERROR_NOT_SUPPORTED:
-            return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-        case PSA_ERROR_INSUFFICIENT_MEMORY:
-            return( MBEDTLS_ERR_PK_ALLOC_FAILED );
-        case PSA_ERROR_INSUFFICIENT_ENTROPY:
-            return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
-        case PSA_ERROR_BAD_STATE:
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-        /* All other failures */
-        case PSA_ERROR_COMMUNICATION_FAILURE:
-        case PSA_ERROR_HARDWARE_FAILURE:
-        case PSA_ERROR_CORRUPTION_DETECTED:
-            return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
-        default: /* We return the same as for the 'other failures',
-                  * but list them separately nonetheless to indicate
-                  * which failure conditions we have considered. */
-            return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
-    }
-}
-
-/* Translations for ECC */
-
-/* This function transforms an ECC group identifier from
- * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
- * into a PSA ECC group identifier. */
-#if defined(MBEDTLS_ECP_C)
-static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
-    uint16_t tls_ecc_grp_reg_id, size_t *bits )
-{
-    const mbedtls_ecp_curve_info *curve_info =
-        mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id );
-    if( curve_info == NULL )
-        return( 0 );
-    return( PSA_KEY_TYPE_ECC_KEY_PAIR(
-                mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
-}
-#endif /* MBEDTLS_ECP_C */
-
-/* This function takes a buffer holding an EC public key
- * exported through psa_export_public_key(), and converts
- * it into an ECPoint structure to be put into a ClientKeyExchange
- * message in an ECDHE exchange.
- *
- * Both the present and the foreseeable future format of EC public keys
- * used by PSA have the ECPoint structure contained in the exported key
- * as a subbuffer, and the function merely selects this subbuffer instead
- * of making a copy.
- */
-static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
-                                                     size_t srclen,
-                                                     unsigned char **dst,
-                                                     size_t *dstlen )
-{
-    *dst = src;
-    *dstlen = srclen;
-    return( 0 );
-}
-
-/* This function takes a buffer holding an ECPoint structure
- * (as contained in a TLS ServerKeyExchange message for ECDHE
- * exchanges) and converts it into a format that the PSA key
- * agreement API understands.
- */
-static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src,
-                                                     size_t srclen,
-                                                     unsigned char *dst,
-                                                     size_t dstlen,
-                                                     size_t *olen )
-{
-    if( srclen > dstlen )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    memcpy( dst, src, srclen );
-    *olen = srclen;
-    return( 0 );
-}
-
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/* Expose whatever RNG the PSA subsystem uses to applications using the
- * mbedtls_xxx API. The declarations and definitions here need to be
- * consistent with the implementation in library/psa_crypto_random_impl.h.
- * See that file for implementation documentation. */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-/* The type of a `f_rng` random generator function that many library functions
- * take.
- *
- * This type name is not part of the Mbed TLS stable API. It may be renamed
- * or moved without warning.
- */
-typedef int mbedtls_f_rng_t( void *p_rng, unsigned char *output, size_t output_size );
-
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-
-/** The random generator function for the PSA subsystem.
- *
- * This function is suitable as the `f_rng` random generator function
- * parameter of many `mbedtls_xxx` functions. Use #MBEDTLS_PSA_RANDOM_STATE
- * to obtain the \p p_rng parameter.
- *
- * The implementation of this function depends on the configuration of the
- * library.
- *
- * \note Depending on the configuration, this may be a function or
- *       a pointer to a function.
- *
- * \note This function may only be used if the PSA crypto subsystem is active.
- *       This means that you must call psa_crypto_init() before any call to
- *       this function, and you must not call this function after calling
- *       mbedtls_psa_crypto_free().
- *
- * \param p_rng         The random generator context. This must be
- *                      #MBEDTLS_PSA_RANDOM_STATE. No other state is
- *                      supported.
- * \param output        The buffer to fill. It must have room for
- *                      \c output_size bytes.
- * \param output_size   The number of bytes to write to \p output.
- *                      This function may fail if \p output_size is too
- *                      large. It is guaranteed to accept any output size
- *                      requested by Mbed TLS library functions. The
- *                      maximum request size depends on the library
- *                      configuration.
- *
- * \return              \c 0 on success.
- * \return              An `MBEDTLS_ERR_ENTROPY_xxx`,
- *                      `MBEDTLS_ERR_PLATFORM_xxx,
- *                      `MBEDTLS_ERR_CTR_DRBG_xxx` or
- *                      `MBEDTLS_ERR_HMAC_DRBG_xxx` on error.
- */
-int mbedtls_psa_get_random( void *p_rng,
-                            unsigned char *output,
-                            size_t output_size );
-
-/** The random generator state for the PSA subsystem.
- *
- * This macro expands to an expression which is suitable as the `p_rng`
- * random generator state parameter of many `mbedtls_xxx` functions.
- * It must be used in combination with the random generator function
- * mbedtls_psa_get_random().
- *
- * The implementation of this macro depends on the configuration of the
- * library. Do not make any assumption on its nature.
- */
-#define MBEDTLS_PSA_RANDOM_STATE NULL
-
-#else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/ctr_drbg.h"
-typedef mbedtls_ctr_drbg_context mbedtls_psa_drbg_context_t;
-static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_ctr_drbg_random;
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-#include "mbedtls/hmac_drbg.h"
-typedef mbedtls_hmac_drbg_context mbedtls_psa_drbg_context_t;
-static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_hmac_drbg_random;
-#endif
-extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
-
-#define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
-
-#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-#endif /* MBEDTLS_PSA_UTIL_H */
diff --git a/Sources/mbedtls/include/mbedtls/ripemd160.h b/Sources/mbedtls/include/mbedtls/ripemd160.h
deleted file mode 100644
index f890aef..0000000
--- a/Sources/mbedtls/include/mbedtls/ripemd160.h
+++ /dev/null
@@ -1,236 +0,0 @@
-/**
- * \file ripemd160.h
- *
- * \brief RIPE MD-160 message digest
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_RIPEMD160_H
-#define MBEDTLS_RIPEMD160_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-/* MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED is deprecated and should not be used.
- */
-/** RIPEMD160 hardware accelerator failed */
-#define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED             -0x0031
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_RIPEMD160_ALT)
-// Regular implementation
-//
-
-/**
- * \brief          RIPEMD-160 context structure
- */
-typedef struct mbedtls_ripemd160_context
-{
-    uint32_t total[2];          /*!< number of bytes processed  */
-    uint32_t state[5];          /*!< intermediate digest state  */
-    unsigned char buffer[64];   /*!< data block being processed */
-}
-mbedtls_ripemd160_context;
-
-#else  /* MBEDTLS_RIPEMD160_ALT */
-#include "ripemd160_alt.h"
-#endif /* MBEDTLS_RIPEMD160_ALT */
-
-/**
- * \brief          Initialize RIPEMD-160 context
- *
- * \param ctx      RIPEMD-160 context to be initialized
- */
-void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx );
-
-/**
- * \brief          Clear RIPEMD-160 context
- *
- * \param ctx      RIPEMD-160 context to be cleared
- */
-void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx );
-
-/**
- * \brief          Clone (the state of) a RIPEMD-160 context
- *
- * \param dst      The destination context
- * \param src      The context to be cloned
- */
-void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
-                        const mbedtls_ripemd160_context *src );
-
-/**
- * \brief          RIPEMD-160 context setup
- *
- * \param ctx      context to be initialized
- *
- * \return         0 if successful
- */
-int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx );
-
-/**
- * \brief          RIPEMD-160 process buffer
- *
- * \param ctx      RIPEMD-160 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- *
- * \return         0 if successful
- */
-int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
-                                  const unsigned char *input,
-                                  size_t ilen );
-
-/**
- * \brief          RIPEMD-160 final digest
- *
- * \param ctx      RIPEMD-160 context
- * \param output   RIPEMD-160 checksum result
- *
- * \return         0 if successful
- */
-int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
-                                  unsigned char output[20] );
-
-/**
- * \brief          RIPEMD-160 process data block (internal use only)
- *
- * \param ctx      RIPEMD-160 context
- * \param data     buffer holding one block of data
- *
- * \return         0 if successful
- */
-int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
-                                        const unsigned char data[64] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          RIPEMD-160 context setup
- *
- * \deprecated     Superseded by mbedtls_ripemd160_starts_ret() in 2.7.0
- *
- * \param ctx      context to be initialized
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts(
-                                            mbedtls_ripemd160_context *ctx );
-
-/**
- * \brief          RIPEMD-160 process buffer
- *
- * \deprecated     Superseded by mbedtls_ripemd160_update_ret() in 2.7.0
- *
- * \param ctx      RIPEMD-160 context
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160_update(
-                                                mbedtls_ripemd160_context *ctx,
-                                                const unsigned char *input,
-                                                size_t ilen );
-
-/**
- * \brief          RIPEMD-160 final digest
- *
- * \deprecated     Superseded by mbedtls_ripemd160_finish_ret() in 2.7.0
- *
- * \param ctx      RIPEMD-160 context
- * \param output   RIPEMD-160 checksum result
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish(
-                                                mbedtls_ripemd160_context *ctx,
-                                                unsigned char output[20] );
-
-/**
- * \brief          RIPEMD-160 process data block (internal use only)
- *
- * \deprecated     Superseded by mbedtls_internal_ripemd160_process() in 2.7.0
- *
- * \param ctx      RIPEMD-160 context
- * \param data     buffer holding one block of data
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160_process(
-                                            mbedtls_ripemd160_context *ctx,
-                                            const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          Output = RIPEMD-160( input buffer )
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   RIPEMD-160 checksum result
- *
- * \return         0 if successful
- */
-int mbedtls_ripemd160_ret( const unsigned char *input,
-                           size_t ilen,
-                           unsigned char output[20] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          Output = RIPEMD-160( input buffer )
- *
- * \deprecated     Superseded by mbedtls_ripemd160_ret() in 2.7.0
- *
- * \param input    buffer holding the data
- * \param ilen     length of the input data
- * \param output   RIPEMD-160 checksum result
- */
-MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input,
-                                           size_t ilen,
-                                           unsigned char output[20] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_ripemd160_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_ripemd160.h */
diff --git a/Sources/mbedtls/include/mbedtls/rsa.h b/Sources/mbedtls/include/mbedtls/rsa.h
deleted file mode 100644
index 8559f67..0000000
--- a/Sources/mbedtls/include/mbedtls/rsa.h
+++ /dev/null
@@ -1,1351 +0,0 @@
-/**
- * \file rsa.h
- *
- * \brief This file provides an API for the RSA public-key cryptosystem.
- *
- * The RSA public-key cryptosystem is defined in <em>Public-Key
- * Cryptography Standards (PKCS) #1 v1.5: RSA Encryption</em>
- * and <em>Public-Key Cryptography Standards (PKCS) #1 v2.1:
- * RSA Cryptography Specifications</em>.
- *
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_RSA_H
-#define MBEDTLS_RSA_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/bignum.h"
-#include "mbedtls/md.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/*
- * RSA Error codes
- */
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA                    -0x4080
-/** Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_RSA_INVALID_PADDING                   -0x4100
-/** Something failed during generation of a key. */
-#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED                    -0x4180
-/** Key failed to pass the validity check of the library. */
-#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED                  -0x4200
-/** The public key operation failed. */
-#define MBEDTLS_ERR_RSA_PUBLIC_FAILED                     -0x4280
-/** The private key operation failed. */
-#define MBEDTLS_ERR_RSA_PRIVATE_FAILED                    -0x4300
-/** The PKCS#1 verification failed. */
-#define MBEDTLS_ERR_RSA_VERIFY_FAILED                     -0x4380
-/** The output buffer for decryption is not large enough. */
-#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE                  -0x4400
-/** The random generator failed to generate non-zeros. */
-#define MBEDTLS_ERR_RSA_RNG_FAILED                        -0x4480
-
-/* MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is deprecated and should not be used.
- */
-/** The implementation does not offer the requested operation, for example, because of security violations or lack of functionality. */
-#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION             -0x4500
-
-/* MBEDTLS_ERR_RSA_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** RSA hardware accelerator failed. */
-#define MBEDTLS_ERR_RSA_HW_ACCEL_FAILED                   -0x4580
-
-/*
- * RSA constants
- */
-#define MBEDTLS_RSA_PUBLIC      0 /**< Request private key operation. */
-#define MBEDTLS_RSA_PRIVATE     1 /**< Request public key operation. */
-
-#define MBEDTLS_RSA_PKCS_V15    0 /**< Use PKCS#1 v1.5 encoding. */
-#define MBEDTLS_RSA_PKCS_V21    1 /**< Use PKCS#1 v2.1 encoding. */
-
-#define MBEDTLS_RSA_SIGN        1 /**< Identifier for RSA signature operations. */
-#define MBEDTLS_RSA_CRYPT       2 /**< Identifier for RSA encryption and decryption operations. */
-
-#define MBEDTLS_RSA_SALT_LEN_ANY    -1
-
-/*
- * The above constants may be used even if the RSA module is compile out,
- * eg for alternative (PKCS#11) RSA implementations in the PK layers.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_RSA_ALT)
-// Regular implementation
-//
-
-/**
- * \brief   The RSA context structure.
- *
- * \note    Direct manipulation of the members of this structure
- *          is deprecated. All manipulation should instead be done through
- *          the public interface functions.
- */
-typedef struct mbedtls_rsa_context
-{
-    int ver;                    /*!<  Reserved for internal purposes.
-                                 *    Do not set this field in application
-                                 *    code. Its meaning might change without
-                                 *    notice. */
-    size_t len;                 /*!<  The size of \p N in Bytes. */
-
-    mbedtls_mpi N;              /*!<  The public modulus. */
-    mbedtls_mpi E;              /*!<  The public exponent. */
-
-    mbedtls_mpi D;              /*!<  The private exponent. */
-    mbedtls_mpi P;              /*!<  The first prime factor. */
-    mbedtls_mpi Q;              /*!<  The second prime factor. */
-
-    mbedtls_mpi DP;             /*!<  <code>D % (P - 1)</code>. */
-    mbedtls_mpi DQ;             /*!<  <code>D % (Q - 1)</code>. */
-    mbedtls_mpi QP;             /*!<  <code>1 / (Q % P)</code>. */
-
-    mbedtls_mpi RN;             /*!<  cached <code>R^2 mod N</code>. */
-
-    mbedtls_mpi RP;             /*!<  cached <code>R^2 mod P</code>. */
-    mbedtls_mpi RQ;             /*!<  cached <code>R^2 mod Q</code>. */
-
-    mbedtls_mpi Vi;             /*!<  The cached blinding value. */
-    mbedtls_mpi Vf;             /*!<  The cached un-blinding value. */
-
-    int padding;                /*!< Selects padding mode:
-                                     #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
-                                     #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
-    int hash_id;                /*!< Hash identifier of mbedtls_md_type_t type,
-                                     as specified in md.h for use in the MGF
-                                     mask generating function used in the
-                                     EME-OAEP and EMSA-PSS encodings. */
-#if defined(MBEDTLS_THREADING_C)
-    /* Invariant: the mutex is initialized iff ver != 0. */
-    mbedtls_threading_mutex_t mutex;    /*!<  Thread-safety mutex. */
-#endif
-}
-mbedtls_rsa_context;
-
-#else  /* MBEDTLS_RSA_ALT */
-#include "rsa_alt.h"
-#endif /* MBEDTLS_RSA_ALT */
-
-/**
- * \brief          This function initializes an RSA context.
- *
- * \note           Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP
- *                 encryption scheme and the RSASSA-PSS signature scheme.
- *
- * \note           The \p hash_id parameter is ignored when using
- *                 #MBEDTLS_RSA_PKCS_V15 padding.
- *
- * \note           The choice of padding mode is strictly enforced for private key
- *                 operations, since there might be security concerns in
- *                 mixing padding modes. For public key operations it is
- *                 a default value, which can be overridden by calling specific
- *                 \c rsa_rsaes_xxx or \c rsa_rsassa_xxx functions.
- *
- * \note           The hash selected in \p hash_id is always used for OEAP
- *                 encryption. For PSS signatures, it is always used for
- *                 making signatures, but can be overridden for verifying them.
- *                 If set to #MBEDTLS_MD_NONE, it is always overridden.
- *
- * \param ctx      The RSA context to initialize. This must not be \c NULL.
- * \param padding  The padding mode to use. This must be either
- *                 #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id  The hash identifier of ::mbedtls_md_type_t type, if
- *                 \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused
- *                 otherwise.
- */
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
-                       int padding,
-                       int hash_id );
-
-/**
- * \brief          This function imports a set of core parameters into an
- *                 RSA context.
- *
- * \note           This function can be called multiple times for successive
- *                 imports, if the parameters are not simultaneously present.
- *
- *                 Any sequence of calls to this function should be followed
- *                 by a call to mbedtls_rsa_complete(), which checks and
- *                 completes the provided information to a ready-for-use
- *                 public or private RSA key.
- *
- * \note           See mbedtls_rsa_complete() for more information on which
- *                 parameters are necessary to set up a private or public
- *                 RSA key.
- *
- * \note           The imported parameters are copied and need not be preserved
- *                 for the lifetime of the RSA context being set up.
- *
- * \param ctx      The initialized RSA context to store the parameters in.
- * \param N        The RSA modulus. This may be \c NULL.
- * \param P        The first prime factor of \p N. This may be \c NULL.
- * \param Q        The second prime factor of \p N. This may be \c NULL.
- * \param D        The private exponent. This may be \c NULL.
- * \param E        The public exponent. This may be \c NULL.
- *
- * \return         \c 0 on success.
- * \return         A non-zero error code on failure.
- */
-int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
-                        const mbedtls_mpi *N,
-                        const mbedtls_mpi *P, const mbedtls_mpi *Q,
-                        const mbedtls_mpi *D, const mbedtls_mpi *E );
-
-/**
- * \brief          This function imports core RSA parameters, in raw big-endian
- *                 binary format, into an RSA context.
- *
- * \note           This function can be called multiple times for successive
- *                 imports, if the parameters are not simultaneously present.
- *
- *                 Any sequence of calls to this function should be followed
- *                 by a call to mbedtls_rsa_complete(), which checks and
- *                 completes the provided information to a ready-for-use
- *                 public or private RSA key.
- *
- * \note           See mbedtls_rsa_complete() for more information on which
- *                 parameters are necessary to set up a private or public
- *                 RSA key.
- *
- * \note           The imported parameters are copied and need not be preserved
- *                 for the lifetime of the RSA context being set up.
- *
- * \param ctx      The initialized RSA context to store the parameters in.
- * \param N        The RSA modulus. This may be \c NULL.
- * \param N_len    The Byte length of \p N; it is ignored if \p N == NULL.
- * \param P        The first prime factor of \p N. This may be \c NULL.
- * \param P_len    The Byte length of \p P; it ns ignored if \p P == NULL.
- * \param Q        The second prime factor of \p N. This may be \c NULL.
- * \param Q_len    The Byte length of \p Q; it is ignored if \p Q == NULL.
- * \param D        The private exponent. This may be \c NULL.
- * \param D_len    The Byte length of \p D; it is ignored if \p D == NULL.
- * \param E        The public exponent. This may be \c NULL.
- * \param E_len    The Byte length of \p E; it is ignored if \p E == NULL.
- *
- * \return         \c 0 on success.
- * \return         A non-zero error code on failure.
- */
-int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
-                            unsigned char const *N, size_t N_len,
-                            unsigned char const *P, size_t P_len,
-                            unsigned char const *Q, size_t Q_len,
-                            unsigned char const *D, size_t D_len,
-                            unsigned char const *E, size_t E_len );
-
-/**
- * \brief          This function completes an RSA context from
- *                 a set of imported core parameters.
- *
- *                 To setup an RSA public key, precisely \p N and \p E
- *                 must have been imported.
- *
- *                 To setup an RSA private key, sufficient information must
- *                 be present for the other parameters to be derivable.
- *
- *                 The default implementation supports the following:
- *                 <ul><li>Derive \p P, \p Q from \p N, \p D, \p E.</li>
- *                 <li>Derive \p N, \p D from \p P, \p Q, \p E.</li></ul>
- *                 Alternative implementations need not support these.
- *
- *                 If this function runs successfully, it guarantees that
- *                 the RSA context can be used for RSA operations without
- *                 the risk of failure or crash.
- *
- * \warning        This function need not perform consistency checks
- *                 for the imported parameters. In particular, parameters that
- *                 are not needed by the implementation might be silently
- *                 discarded and left unchecked. To check the consistency
- *                 of the key material, see mbedtls_rsa_check_privkey().
- *
- * \param ctx      The initialized RSA context holding imported parameters.
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted derivations
- *                 failed.
- *
- */
-int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
-
-/**
- * \brief          This function exports the core parameters of an RSA key.
- *
- *                 If this function runs successfully, the non-NULL buffers
- *                 pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
- *                 written, with additional unused space filled leading by
- *                 zero Bytes.
- *
- *                 Possible reasons for returning
- *                 #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>
- *                 <li>An alternative RSA implementation is in use, which
- *                 stores the key externally, and either cannot or should
- *                 not export it into RAM.</li>
- *                 <li>A SW or HW implementation might not support a certain
- *                 deduction. For example, \p P, \p Q from \p N, \p D,
- *                 and \p E if the former are not part of the
- *                 implementation.</li></ul>
- *
- *                 If the function fails due to an unsupported operation,
- *                 the RSA context stays intact and remains usable.
- *
- * \param ctx      The initialized RSA context.
- * \param N        The MPI to hold the RSA modulus.
- *                 This may be \c NULL if this field need not be exported.
- * \param P        The MPI to hold the first prime factor of \p N.
- *                 This may be \c NULL if this field need not be exported.
- * \param Q        The MPI to hold the second prime factor of \p N.
- *                 This may be \c NULL if this field need not be exported.
- * \param D        The MPI to hold the private exponent.
- *                 This may be \c NULL if this field need not be exported.
- * \param E        The MPI to hold the public exponent.
- *                 This may be \c NULL if this field need not be exported.
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
- *                 requested parameters cannot be done due to missing
- *                 functionality or because of security policies.
- * \return         A non-zero return code on any other failure.
- *
- */
-int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
-                        mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
-                        mbedtls_mpi *D, mbedtls_mpi *E );
-
-/**
- * \brief          This function exports core parameters of an RSA key
- *                 in raw big-endian binary format.
- *
- *                 If this function runs successfully, the non-NULL buffers
- *                 pointed to by \p N, \p P, \p Q, \p D, and \p E are fully
- *                 written, with additional unused space filled leading by
- *                 zero Bytes.
- *
- *                 Possible reasons for returning
- *                 #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:<ul>
- *                 <li>An alternative RSA implementation is in use, which
- *                 stores the key externally, and either cannot or should
- *                 not export it into RAM.</li>
- *                 <li>A SW or HW implementation might not support a certain
- *                 deduction. For example, \p P, \p Q from \p N, \p D,
- *                 and \p E if the former are not part of the
- *                 implementation.</li></ul>
- *                 If the function fails due to an unsupported operation,
- *                 the RSA context stays intact and remains usable.
- *
- * \note           The length parameters are ignored if the corresponding
- *                 buffer pointers are NULL.
- *
- * \param ctx      The initialized RSA context.
- * \param N        The Byte array to store the RSA modulus,
- *                 or \c NULL if this field need not be exported.
- * \param N_len    The size of the buffer for the modulus.
- * \param P        The Byte array to hold the first prime factor of \p N,
- *                 or \c NULL if this field need not be exported.
- * \param P_len    The size of the buffer for the first prime factor.
- * \param Q        The Byte array to hold the second prime factor of \p N,
- *                 or \c NULL if this field need not be exported.
- * \param Q_len    The size of the buffer for the second prime factor.
- * \param D        The Byte array to hold the private exponent,
- *                 or \c NULL if this field need not be exported.
- * \param D_len    The size of the buffer for the private exponent.
- * \param E        The Byte array to hold the public exponent,
- *                 or \c NULL if this field need not be exported.
- * \param E_len    The size of the buffer for the public exponent.
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED if exporting the
- *                 requested parameters cannot be done due to missing
- *                 functionality or because of security policies.
- * \return         A non-zero return code on any other failure.
- */
-int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
-                            unsigned char *N, size_t N_len,
-                            unsigned char *P, size_t P_len,
-                            unsigned char *Q, size_t Q_len,
-                            unsigned char *D, size_t D_len,
-                            unsigned char *E, size_t E_len );
-
-/**
- * \brief          This function exports CRT parameters of a private RSA key.
- *
- * \note           Alternative RSA implementations not using CRT-parameters
- *                 internally can implement this function based on
- *                 mbedtls_rsa_deduce_opt().
- *
- * \param ctx      The initialized RSA context.
- * \param DP       The MPI to hold \c D modulo `P-1`,
- *                 or \c NULL if it need not be exported.
- * \param DQ       The MPI to hold \c D modulo `Q-1`,
- *                 or \c NULL if it need not be exported.
- * \param QP       The MPI to hold modular inverse of \c Q modulo \c P,
- *                 or \c NULL if it need not be exported.
- *
- * \return         \c 0 on success.
- * \return         A non-zero error code on failure.
- *
- */
-int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
-                            mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP );
-
-/**
- * \brief          This function sets padding for an already initialized RSA
- *                 context. See mbedtls_rsa_init() for details.
- *
- * \param ctx      The initialized RSA context to be configured.
- * \param padding  The padding mode to use. This must be either
- *                 #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21.
- * \param hash_id  The #MBEDTLS_RSA_PKCS_V21 hash identifier.
- */
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
-                              int hash_id );
-
-/**
- * \brief          This function retrieves the length of RSA modulus in Bytes.
- *
- * \param ctx      The initialized RSA context.
- *
- * \return         The length of the RSA modulus in Bytes.
- *
- */
-size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx );
-
-/**
- * \brief          This function generates an RSA keypair.
- *
- * \note           mbedtls_rsa_init() must be called before this function,
- *                 to set up the RSA context.
- *
- * \param ctx      The initialized RSA context used to hold the key.
- * \param f_rng    The RNG function to be used for key generation.
- *                 This must not be \c NULL.
- * \param p_rng    The RNG context to be passed to \p f_rng.
- *                 This may be \c NULL if \p f_rng doesn't need a context.
- * \param nbits    The size of the public key in bits.
- * \param exponent The public exponent to use. For example, \c 65537.
- *                 This must be odd and greater than \c 1.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         unsigned int nbits, int exponent );
-
-/**
- * \brief          This function checks if a context contains at least an RSA
- *                 public key.
- *
- *                 If the function runs successfully, it is guaranteed that
- *                 enough information is present to perform an RSA public key
- *                 operation using mbedtls_rsa_public().
- *
- * \param ctx      The initialized RSA context to check.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- *
- */
-int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
-
-/**
- * \brief      This function checks if a context contains an RSA private key
- *             and perform basic consistency checks.
- *
- * \note       The consistency checks performed by this function not only
- *             ensure that mbedtls_rsa_private() can be called successfully
- *             on the given context, but that the various parameters are
- *             mutually consistent with high probability, in the sense that
- *             mbedtls_rsa_public() and mbedtls_rsa_private() are inverses.
- *
- * \warning    This function should catch accidental misconfigurations
- *             like swapping of parameters, but it cannot establish full
- *             trust in neither the quality nor the consistency of the key
- *             material that was used to setup the given RSA context:
- *             <ul><li>Consistency: Imported parameters that are irrelevant
- *             for the implementation might be silently dropped. If dropped,
- *             the current function does not have access to them,
- *             and therefore cannot check them. See mbedtls_rsa_complete().
- *             If you want to check the consistency of the entire
- *             content of a PKCS1-encoded RSA private key, for example, you
- *             should use mbedtls_rsa_validate_params() before setting
- *             up the RSA context.
- *             Additionally, if the implementation performs empirical checks,
- *             these checks substantiate but do not guarantee consistency.</li>
- *             <li>Quality: This function is not expected to perform
- *             extended quality assessments like checking that the prime
- *             factors are safe. Additionally, it is the responsibility of the
- *             user to ensure the trustworthiness of the source of his RSA
- *             parameters, which goes beyond what is effectively checkable
- *             by the library.</li></ul>
- *
- * \param ctx  The initialized RSA context to check.
- *
- * \return     \c 0 on success.
- * \return     An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
-
-/**
- * \brief          This function checks a public-private RSA key pair.
- *
- *                 It checks each of the contexts, and makes sure they match.
- *
- * \param pub      The initialized RSA context holding the public key.
- * \param prv      The initialized RSA context holding the private key.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
-                                const mbedtls_rsa_context *prv );
-
-/**
- * \brief          This function performs an RSA public key operation.
- *
- * \param ctx      The initialized RSA context to use.
- * \param input    The input buffer. This must be a readable buffer
- *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
- * \param output   The output buffer. This must be a writable buffer
- *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
- *
- * \note           This function does not handle message padding.
- *
- * \note           Make sure to set \p input[0] = 0 or ensure that
- *                 input is smaller than \p N.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
-                const unsigned char *input,
-                unsigned char *output );
-
-/**
- * \brief          This function performs an RSA private key operation.
- *
- * \note           Blinding is used if and only if a PRNG is provided.
- *
- * \note           If blinding is used, both the base of exponentiation
- *                 and the exponent are blinded, providing protection
- *                 against some side-channel attacks.
- *
- * \warning        It is deprecated and a security risk to not provide
- *                 a PRNG here and thereby prevent the use of blinding.
- *                 Future versions of the library may enforce the presence
- *                 of a PRNG.
- *
- * \param ctx      The initialized RSA context to use.
- * \param f_rng    The RNG function, used for blinding. It is discouraged
- *                 and deprecated to pass \c NULL here, in which case
- *                 blinding will be omitted.
- * \param p_rng    The RNG context to pass to \p f_rng. This may be \c NULL
- *                 if \p f_rng is \c NULL or if \p f_rng doesn't need a context.
- * \param input    The input buffer. This must be a readable buffer
- *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
- * \param output   The output buffer. This must be a writable buffer
- *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- *
- */
-int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
-                 int (*f_rng)(void *, unsigned char *, size_t),
-                 void *p_rng,
-                 const unsigned char *input,
-                 unsigned char *output );
-
-/**
- * \brief          This function adds the message padding, then performs an RSA
- *                 operation.
- *
- *                 It is the generic wrapper for performing a PKCS#1 encryption
- *                 operation using the \p mode from the context.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
- * \param ctx      The initialized RSA context to use.
- * \param f_rng    The RNG to use. It is mandatory for PKCS#1 v2.1 padding
- *                 encoding, and for PKCS#1 v1.5 padding encoding when used
- *                 with \p mode set to #MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5
- *                 padding encoding and \p mode set to #MBEDTLS_RSA_PRIVATE,
- *                 it is used for blinding and should be provided in this
- *                 case; see mbedtls_rsa_private() for more.
- * \param p_rng    The RNG context to be passed to \p f_rng. May be
- *                 \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't
- *                 need a context argument.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
- * \param ilen     The length of the plaintext in Bytes.
- * \param input    The input data to encrypt. This must be a readable
- *                 buffer of size \p ilen Bytes. It may be \c NULL if
- *                 `ilen == 0`.
- * \param output   The output buffer. This must be a writable buffer
- *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng,
-                       int mode, size_t ilen,
-                       const unsigned char *input,
-                       unsigned char *output );
-
-/**
- * \brief          This function performs a PKCS#1 v1.5 encryption operation
- *                 (RSAES-PKCS1-v1_5-ENCRYPT).
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
- * \param ctx      The initialized RSA context to use.
- * \param f_rng    The RNG function to use. It is needed for padding generation
- *                 if \p mode is #MBEDTLS_RSA_PUBLIC. If \p mode is
- *                 #MBEDTLS_RSA_PRIVATE (discouraged), it is used for
- *                 blinding and should be provided; see mbedtls_rsa_private().
- * \param p_rng    The RNG context to be passed to \p f_rng. This may
- *                 be \c NULL if \p f_rng is \c NULL or if \p f_rng
- *                 doesn't need a context argument.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
- * \param ilen     The length of the plaintext in Bytes.
- * \param input    The input data to encrypt. This must be a readable
- *                 buffer of size \p ilen Bytes. It may be \c NULL if
- *                 `ilen == 0`.
- * \param output   The output buffer. This must be a writable buffer
- *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 int mode, size_t ilen,
-                                 const unsigned char *input,
-                                 unsigned char *output );
-
-/**
- * \brief            This function performs a PKCS#1 v2.1 OAEP encryption
- *                   operation (RSAES-OAEP-ENCRYPT).
- *
- * \note             The output buffer must be as large as the size
- *                   of ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \deprecated       It is deprecated and discouraged to call this function
- *                   in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- *                   are likely to remove the \p mode argument and have it
- *                   implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note             Alternative implementations of RSA need not support
- *                   mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- *                   return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
- * \param ctx        The initialized RSA context to use.
- * \param f_rng      The RNG function to use. This is needed for padding
- *                   generation and must be provided.
- * \param p_rng      The RNG context to be passed to \p f_rng. This may
- *                   be \c NULL if \p f_rng doesn't need a context argument.
- * \param mode       The mode of operation. This must be either
- *                   #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
- * \param label      The buffer holding the custom label to use.
- *                   This must be a readable buffer of length \p label_len
- *                   Bytes. It may be \c NULL if \p label_len is \c 0.
- * \param label_len  The length of the label in Bytes.
- * \param ilen       The length of the plaintext buffer \p input in Bytes.
- * \param input      The input data to encrypt. This must be a readable
- *                   buffer of size \p ilen Bytes. It may be \c NULL if
- *                   `ilen == 0`.
- * \param output     The output buffer. This must be a writable buffer
- *                   of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                   for an 2048-bit RSA modulus.
- *
- * \return           \c 0 on success.
- * \return           An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng,
-                            int mode,
-                            const unsigned char *label, size_t label_len,
-                            size_t ilen,
-                            const unsigned char *input,
-                            unsigned char *output );
-
-/**
- * \brief          This function performs an RSA operation, then removes the
- *                 message padding.
- *
- *                 It is the generic wrapper for performing a PKCS#1 decryption
- *                 operation using the \p mode from the context.
- *
- * \note           The output buffer length \c output_max_len should be
- *                 as large as the size \p ctx->len of \p ctx->N (for example,
- *                 128 Bytes if RSA-1024 is used) to be able to hold an
- *                 arbitrary decrypted message. If it is not large enough to
- *                 hold the decryption of the particular ciphertext provided,
- *                 the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
- * \param ctx      The initialized RSA context to use.
- * \param f_rng    The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
- *                 this is used for blinding and should be provided; see
- *                 mbedtls_rsa_private() for more. If \p mode is
- *                 #MBEDTLS_RSA_PUBLIC, it is ignored.
- * \param p_rng    The RNG context to be passed to \p f_rng. This may be
- *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
- * \param olen     The address at which to store the length of
- *                 the plaintext. This must not be \c NULL.
- * \param input    The ciphertext buffer. This must be a readable buffer
- *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
- * \param output   The buffer used to hold the plaintext. This must
- *                 be a writable buffer of length \p output_max_len Bytes.
- * \param output_max_len The length in Bytes of the output buffer \p output.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng,
-                       int mode, size_t *olen,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t output_max_len );
-
-/**
- * \brief          This function performs a PKCS#1 v1.5 decryption
- *                 operation (RSAES-PKCS1-v1_5-DECRYPT).
- *
- * \note           The output buffer length \c output_max_len should be
- *                 as large as the size \p ctx->len of \p ctx->N, for example,
- *                 128 Bytes if RSA-1024 is used, to be able to hold an
- *                 arbitrary decrypted message. If it is not large enough to
- *                 hold the decryption of the particular ciphertext provided,
- *                 the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
- * \param ctx      The initialized RSA context to use.
- * \param f_rng    The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
- *                 this is used for blinding and should be provided; see
- *                 mbedtls_rsa_private() for more. If \p mode is
- *                 #MBEDTLS_RSA_PUBLIC, it is ignored.
- * \param p_rng    The RNG context to be passed to \p f_rng. This may be
- *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
- * \param olen     The address at which to store the length of
- *                 the plaintext. This must not be \c NULL.
- * \param input    The ciphertext buffer. This must be a readable buffer
- *                 of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
- * \param output   The buffer used to hold the plaintext. This must
- *                 be a writable buffer of length \p output_max_len Bytes.
- * \param output_max_len The length in Bytes of the output buffer \p output.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- *
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 int mode, size_t *olen,
-                                 const unsigned char *input,
-                                 unsigned char *output,
-                                 size_t output_max_len );
-
-/**
- * \brief            This function performs a PKCS#1 v2.1 OAEP decryption
- *                   operation (RSAES-OAEP-DECRYPT).
- *
- * \note             The output buffer length \c output_max_len should be
- *                   as large as the size \p ctx->len of \p ctx->N, for
- *                   example, 128 Bytes if RSA-1024 is used, to be able to
- *                   hold an arbitrary decrypted message. If it is not
- *                   large enough to hold the decryption of the particular
- *                   ciphertext provided, the function returns
- *                   #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
- *
- * \deprecated       It is deprecated and discouraged to call this function
- *                   in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- *                   are likely to remove the \p mode argument and have it
- *                   implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note             Alternative implementations of RSA need not support
- *                   mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- *                   return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
- * \param ctx        The initialized RSA context to use.
- * \param f_rng      The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
- *                   this is used for blinding and should be provided; see
- *                   mbedtls_rsa_private() for more. If \p mode is
- *                   #MBEDTLS_RSA_PUBLIC, it is ignored.
- * \param p_rng      The RNG context to be passed to \p f_rng. This may be
- *                   \c NULL if \p f_rng is \c NULL or doesn't need a context.
- * \param mode       The mode of operation. This must be either
- *                   #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
- * \param label      The buffer holding the custom label to use.
- *                   This must be a readable buffer of length \p label_len
- *                   Bytes. It may be \c NULL if \p label_len is \c 0.
- * \param label_len  The length of the label in Bytes.
- * \param olen       The address at which to store the length of
- *                   the plaintext. This must not be \c NULL.
- * \param input      The ciphertext buffer. This must be a readable buffer
- *                   of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                   for an 2048-bit RSA modulus.
- * \param output     The buffer used to hold the plaintext. This must
- *                   be a writable buffer of length \p output_max_len Bytes.
- * \param output_max_len The length in Bytes of the output buffer \p output.
- *
- * \return         \c 0 on success.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng,
-                            int mode,
-                            const unsigned char *label, size_t label_len,
-                            size_t *olen,
-                            const unsigned char *input,
-                            unsigned char *output,
-                            size_t output_max_len );
-
-/**
- * \brief          This function performs a private RSA operation to sign
- *                 a message digest using PKCS#1.
- *
- *                 It is the generic wrapper for performing a PKCS#1
- *                 signature using the \p mode from the context.
- *
- * \note           The \p sig buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note           For PKCS#1 v2.1 encoding, see comments on
- *                 mbedtls_rsa_rsassa_pss_sign() for details on
- *                 \p md_alg and \p hash_id.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
- * \param ctx      The initialized RSA context to use.
- * \param f_rng    The RNG function to use. If the padding mode is PKCS#1 v2.1,
- *                 this must be provided. If the padding mode is PKCS#1 v1.5 and
- *                 \p mode is #MBEDTLS_RSA_PRIVATE, it is used for blinding
- *                 and should be provided; see mbedtls_rsa_private() for more
- *                 more. It is ignored otherwise.
- * \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
- *                 if \p f_rng is \c NULL or doesn't need a context argument.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest.
- *                 Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest or raw data.
- *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- *                 buffer of length \p hashlen Bytes. If \p md_alg is not
- *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
- *                 the size of the hash corresponding to \p md_alg.
- * \param sig      The buffer to hold the signature. This must be a writable
- *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus. A buffer length of
- *                 #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return         \c 0 if the signing operation was successful.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
-                    int (*f_rng)(void *, unsigned char *, size_t),
-                    void *p_rng,
-                    int mode,
-                    mbedtls_md_type_t md_alg,
-                    unsigned int hashlen,
-                    const unsigned char *hash,
-                    unsigned char *sig );
-
-/**
- * \brief          This function performs a PKCS#1 v1.5 signature
- *                 operation (RSASSA-PKCS1-v1_5-SIGN).
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
- * \param ctx      The initialized RSA context to use.
- * \param f_rng    The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE,
- *                 this is used for blinding and should be provided; see
- *                 mbedtls_rsa_private() for more. If \p mode is
- *                 #MBEDTLS_RSA_PUBLIC, it is ignored.
- * \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
- *                 if \p f_rng is \c NULL or doesn't need a context argument.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest.
- *                 Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest or raw data.
- *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- *                 buffer of length \p hashlen Bytes. If \p md_alg is not
- *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
- *                 the size of the hash corresponding to \p md_alg.
- * \param sig      The buffer to hold the signature. This must be a writable
- *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus. A buffer length of
- *                 #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return         \c 0 if the signing operation was successful.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng,
-                               int mode,
-                               mbedtls_md_type_t md_alg,
-                               unsigned int hashlen,
-                               const unsigned char *hash,
-                               unsigned char *sig );
-
-/**
- * \brief          This function performs a PKCS#1 v2.1 PSS signature
- *                 operation (RSASSA-PSS-SIGN).
- *
- * \note           The \c hash_id set in \p ctx (when calling
- *                 mbedtls_rsa_init() or by calling mbedtls_rsa_set_padding()
- *                 afterwards) selects the hash used for the
- *                 encoding operation and for the mask generation function
- *                 (MGF1). For more details on the encoding operation and the
- *                 mask generation function, consult <em>RFC-3447: Public-Key
- *                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- *                 Specifications</em>.
- *
- * \note           This function enforces that the provided salt length complies
- *                 with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1
- *                 step 3. The constraint is that the hash length plus the salt
- *                 length plus 2 bytes must be at most the key length. If this
- *                 constraint is not met, this function returns
- *                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
- *
- * \param ctx      The initialized RSA context to use.
- * \param f_rng    The RNG function. It must not be \c NULL.
- * \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
- *                 if \p f_rng doesn't need a context argument.
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest.
- *                 Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest or raw data.
- *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- *                 buffer of length \p hashlen Bytes. If \p md_alg is not
- *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
- *                 the size of the hash corresponding to \p md_alg.
- * \param saltlen  The length of the salt that should be used.
- *                 If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use
- *                 the largest possible salt length up to the hash length,
- *                 which is the largest permitted by some standards including
- *                 FIPS 186-4 §5.5.
- * \param sig      The buffer to hold the signature. This must be a writable
- *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus. A buffer length of
- *                 #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return         \c 0 if the signing operation was successful.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         mbedtls_md_type_t md_alg,
-                         unsigned int hashlen,
-                         const unsigned char *hash,
-                         int saltlen,
-                         unsigned char *sig );
-
-/**
- * \brief          This function performs a PKCS#1 v2.1 PSS signature
- *                 operation (RSASSA-PSS-SIGN).
- *
- * \note           The \c hash_id set in \p ctx (when calling
- *                 mbedtls_rsa_init() or by calling mbedtls_rsa_set_padding()
- *                 afterwards) selects the hash used for the
- *                 encoding operation and for the mask generation function
- *                 (MGF1). For more details on the encoding operation and the
- *                 mask generation function, consult <em>RFC-3447: Public-Key
- *                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- *                 Specifications</em>.
- *
- * \note           This function always uses the maximum possible salt size,
- *                 up to the length of the payload hash. This choice of salt
- *                 size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1
- *                 v2.2) §9.1.1 step 3. Furthermore this function enforces a
- *                 minimum salt size which is the hash size minus 2 bytes. If
- *                 this minimum size is too large given the key size (the salt
- *                 size, plus the hash size, plus 2 bytes must be no more than
- *                 the key size in bytes), this function returns
- *                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
- * \param ctx      The initialized RSA context to use.
- * \param f_rng    The RNG function. It must not be \c NULL.
- * \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
- *                 if \p f_rng doesn't need a context argument.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest.
- *                 This is only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest or raw data.
- *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- *                 buffer of length \p hashlen Bytes. If \p md_alg is not
- *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
- *                 the size of the hash corresponding to \p md_alg.
- * \param sig      The buffer to hold the signature. This must be a writable
- *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus. A buffer length of
- *                 #MBEDTLS_MPI_MAX_SIZE is always safe.
- *
- * \return         \c 0 if the signing operation was successful.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         int mode,
-                         mbedtls_md_type_t md_alg,
-                         unsigned int hashlen,
-                         const unsigned char *hash,
-                         unsigned char *sig );
-
-/**
- * \brief          This function performs a public RSA operation and checks
- *                 the message digest.
- *
- *                 This is the generic wrapper for performing a PKCS#1
- *                 verification using the mode from the context.
- *
- * \note           For PKCS#1 v2.1 encoding, see comments on
- *                 mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
- *                 \p hash_id.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
- * \param ctx      The initialized RSA public key context to use.
- * \param f_rng    The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
- *                 this is used for blinding and should be provided; see
- *                 mbedtls_rsa_private() for more. Otherwise, it is ignored.
- * \param p_rng    The RNG context to be passed to \p f_rng. This may be
- *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest.
- *                 This is only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest or raw data.
- *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- *                 buffer of length \p hashlen Bytes. If \p md_alg is not
- *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
- *                 the size of the hash corresponding to \p md_alg.
- * \param sig      The buffer holding the signature. This must be a readable
- *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
- *
- * \return         \c 0 if the verify operation was successful.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng,
-                      int mode,
-                      mbedtls_md_type_t md_alg,
-                      unsigned int hashlen,
-                      const unsigned char *hash,
-                      const unsigned char *sig );
-
-/**
- * \brief          This function performs a PKCS#1 v1.5 verification
- *                 operation (RSASSA-PKCS1-v1_5-VERIFY).
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
- * \param ctx      The initialized RSA public key context to use.
- * \param f_rng    The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
- *                 this is used for blinding and should be provided; see
- *                 mbedtls_rsa_private() for more. Otherwise, it is ignored.
- * \param p_rng    The RNG context to be passed to \p f_rng. This may be
- *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest.
- *                 This is only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest or raw data.
- *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- *                 buffer of length \p hashlen Bytes. If \p md_alg is not
- *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
- *                 the size of the hash corresponding to \p md_alg.
- * \param sig      The buffer holding the signature. This must be a readable
- *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
- *
- * \return         \c 0 if the verify operation was successful.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 int mode,
-                                 mbedtls_md_type_t md_alg,
-                                 unsigned int hashlen,
-                                 const unsigned char *hash,
-                                 const unsigned char *sig );
-
-/**
- * \brief          This function performs a PKCS#1 v2.1 PSS verification
- *                 operation (RSASSA-PSS-VERIFY).
- *
- * \note           The \c hash_id set in \p ctx (when calling
- *                 mbedtls_rsa_init() or by calling mbedtls_rsa_set_padding()
- *                 afterwards) selects the hash used for the
- *                 encoding operation and for the mask generation function
- *                 (MGF1). For more details on the encoding operation and the
- *                 mask generation function, consult <em>RFC-3447: Public-Key
- *                 Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- *                 Specifications</em>. If the \c hash_id set in \p ctx is
- *                 #MBEDTLS_MD_NONE, the \p md_alg parameter is used.
- *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
- * \param ctx      The initialized RSA public key context to use.
- * \param f_rng    The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
- *                 this is used for blinding and should be provided; see
- *                 mbedtls_rsa_private() for more. Otherwise, it is ignored.
- * \param p_rng    The RNG context to be passed to \p f_rng. This may be
- *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest.
- *                 This is only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest or raw data.
- *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- *                 buffer of length \p hashlen Bytes. If \p md_alg is not
- *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
- *                 the size of the hash corresponding to \p md_alg.
- * \param sig      The buffer holding the signature. This must be a readable
- *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
- *
- * \return         \c 0 if the verify operation was successful.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng,
-                           int mode,
-                           mbedtls_md_type_t md_alg,
-                           unsigned int hashlen,
-                           const unsigned char *hash,
-                           const unsigned char *sig );
-
-/**
- * \brief          This function performs a PKCS#1 v2.1 PSS verification
- *                 operation (RSASSA-PSS-VERIFY).
- *
- * \note           The \p sig buffer must be as large as the size
- *                 of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
- *
- * \note           The \c hash_id set in \p ctx (when calling
- *                 mbedtls_rsa_init() or by calling mbedtls_rsa_set_padding()
- *                 afterwards) is ignored.
- *
- * \param ctx      The initialized RSA public key context to use.
- * \param f_rng    The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
- *                 this is used for blinding and should be provided; see
- *                 mbedtls_rsa_private() for more. Otherwise, it is ignored.
- * \param p_rng    The RNG context to be passed to \p f_rng. This may be
- *                 \c NULL if \p f_rng is \c NULL or doesn't need a context.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE.
- * \param md_alg   The message-digest algorithm used to hash the original data.
- *                 Use #MBEDTLS_MD_NONE for signing raw data.
- * \param hashlen  The length of the message digest.
- *                 This is only used if \p md_alg is #MBEDTLS_MD_NONE.
- * \param hash     The buffer holding the message digest or raw data.
- *                 If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
- *                 buffer of length \p hashlen Bytes. If \p md_alg is not
- *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
- *                 the size of the hash corresponding to \p md_alg.
- * \param mgf1_hash_id      The message digest algorithm used for the
- *                          verification operation and the mask generation
- *                          function (MGF1). For more details on the encoding
- *                          operation and the mask generation function, consult
- *                          <em>RFC-3447: Public-Key Cryptography Standards
- *                          (PKCS) #1 v2.1: RSA Cryptography
- *                          Specifications</em>.
- * \param expected_salt_len The length of the salt used in padding. Use
- *                          #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
- * \param sig      The buffer holding the signature. This must be a readable
- *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
- *
- * \return         \c 0 if the verify operation was successful.
- * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
- */
-int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng,
-                               int mode,
-                               mbedtls_md_type_t md_alg,
-                               unsigned int hashlen,
-                               const unsigned char *hash,
-                               mbedtls_md_type_t mgf1_hash_id,
-                               int expected_salt_len,
-                               const unsigned char *sig );
-
-/**
- * \brief          This function copies the components of an RSA context.
- *
- * \param dst      The destination context. This must be initialized.
- * \param src      The source context. This must be initialized.
- *
- * \return         \c 0 on success.
- * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
- */
-int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
-
-/**
- * \brief          This function frees the components of an RSA key.
- *
- * \param ctx      The RSA context to free. May be \c NULL, in which case
- *                 this function is a no-op. If it is not \c NULL, it must
- *                 point to an initialized RSA context.
- */
-void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          The RSA checkup routine.
- *
- * \return         \c 0 on success.
- * \return         \c 1 on failure.
- */
-int mbedtls_rsa_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* rsa.h */
diff --git a/Sources/mbedtls/include/mbedtls/rsa_internal.h b/Sources/mbedtls/include/mbedtls/rsa_internal.h
deleted file mode 100644
index d55492b..0000000
--- a/Sources/mbedtls/include/mbedtls/rsa_internal.h
+++ /dev/null
@@ -1,224 +0,0 @@
-/**
- * \file rsa_internal.h
- *
- * \brief Context-independent RSA helper functions
- *
- *  This module declares some RSA-related helper functions useful when
- *  implementing the RSA interface. These functions are provided in a separate
- *  compilation unit in order to make it easy for designers of alternative RSA
- *  implementations to use them in their own code, as it is conceived that the
- *  functionality they provide will be necessary for most complete
- *  implementations.
- *
- *  End-users of Mbed TLS who are not providing their own alternative RSA
- *  implementations should not use these functions directly, and should instead
- *  use only the functions declared in rsa.h.
- *
- *  The interface provided by this module will be maintained through LTS (Long
- *  Term Support) branches of Mbed TLS, but may otherwise be subject to change,
- *  and must be considered an internal interface of the library.
- *
- *  There are two classes of helper functions:
- *
- *  (1) Parameter-generating helpers. These are:
- *      - mbedtls_rsa_deduce_primes
- *      - mbedtls_rsa_deduce_private_exponent
- *      - mbedtls_rsa_deduce_crt
- *       Each of these functions takes a set of core RSA parameters and
- *       generates some other, or CRT related parameters.
- *
- *  (2) Parameter-checking helpers. These are:
- *      - mbedtls_rsa_validate_params
- *      - mbedtls_rsa_validate_crt
- *      They take a set of core or CRT related RSA parameters and check their
- *      validity.
- *
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-#ifndef MBEDTLS_RSA_INTERNAL_H
-#define MBEDTLS_RSA_INTERNAL_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/bignum.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-/**
- * \brief          Compute RSA prime moduli P, Q from public modulus N=PQ
- *                 and a pair of private and public key.
- *
- * \note           This is a 'static' helper function not operating on
- *                 an RSA context. Alternative implementations need not
- *                 overwrite it.
- *
- * \param N        RSA modulus N = PQ, with P, Q to be found
- * \param E        RSA public exponent
- * \param D        RSA private exponent
- * \param P        Pointer to MPI holding first prime factor of N on success
- * \param Q        Pointer to MPI holding second prime factor of N on success
- *
- * \return
- *                 - 0 if successful. In this case, P and Q constitute a
- *                   factorization of N.
- *                 - A non-zero error code otherwise.
- *
- * \note           It is neither checked that P, Q are prime nor that
- *                 D, E are modular inverses wrt. P-1 and Q-1. For that,
- *                 use the helper function \c mbedtls_rsa_validate_params.
- *
- */
-int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *E,
-                               mbedtls_mpi const *D,
-                               mbedtls_mpi *P, mbedtls_mpi *Q );
-
-/**
- * \brief          Compute RSA private exponent from
- *                 prime moduli and public key.
- *
- * \note           This is a 'static' helper function not operating on
- *                 an RSA context. Alternative implementations need not
- *                 overwrite it.
- *
- * \param P        First prime factor of RSA modulus
- * \param Q        Second prime factor of RSA modulus
- * \param E        RSA public exponent
- * \param D        Pointer to MPI holding the private exponent on success.
- *
- * \return
- *                 - 0 if successful. In this case, D is set to a simultaneous
- *                   modular inverse of E modulo both P-1 and Q-1.
- *                 - A non-zero error code otherwise.
- *
- * \note           This function does not check whether P and Q are primes.
- *
- */
-int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P,
-                                         mbedtls_mpi const *Q,
-                                         mbedtls_mpi const *E,
-                                         mbedtls_mpi *D );
-
-
-/**
- * \brief          Generate RSA-CRT parameters
- *
- * \note           This is a 'static' helper function not operating on
- *                 an RSA context. Alternative implementations need not
- *                 overwrite it.
- *
- * \param P        First prime factor of N
- * \param Q        Second prime factor of N
- * \param D        RSA private exponent
- * \param DP       Output variable for D modulo P-1
- * \param DQ       Output variable for D modulo Q-1
- * \param QP       Output variable for the modular inverse of Q modulo P.
- *
- * \return         0 on success, non-zero error code otherwise.
- *
- * \note           This function does not check whether P, Q are
- *                 prime and whether D is a valid private exponent.
- *
- */
-int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
-                            const mbedtls_mpi *D, mbedtls_mpi *DP,
-                            mbedtls_mpi *DQ, mbedtls_mpi *QP );
-
-
-/**
- * \brief          Check validity of core RSA parameters
- *
- * \note           This is a 'static' helper function not operating on
- *                 an RSA context. Alternative implementations need not
- *                 overwrite it.
- *
- * \param N        RSA modulus N = PQ
- * \param P        First prime factor of N
- * \param Q        Second prime factor of N
- * \param D        RSA private exponent
- * \param E        RSA public exponent
- * \param f_rng    PRNG to be used for primality check, or NULL
- * \param p_rng    PRNG context for f_rng, or NULL
- *
- * \return
- *                 - 0 if the following conditions are satisfied
- *                   if all relevant parameters are provided:
- *                    - P prime if f_rng != NULL (%)
- *                    - Q prime if f_rng != NULL (%)
- *                    - 1 < N = P * Q
- *                    - 1 < D, E < N
- *                    - D and E are modular inverses modulo P-1 and Q-1
- *                   (%) This is only done if MBEDTLS_GENPRIME is defined.
- *                 - A non-zero error code otherwise.
- *
- * \note           The function can be used with a restricted set of arguments
- *                 to perform specific checks only. E.g., calling it with
- *                 (-,P,-,-,-) and a PRNG amounts to a primality check for P.
- */
-int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P,
-                                 const mbedtls_mpi *Q, const mbedtls_mpi *D,
-                                 const mbedtls_mpi *E,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng );
-
-/**
- * \brief          Check validity of RSA CRT parameters
- *
- * \note           This is a 'static' helper function not operating on
- *                 an RSA context. Alternative implementations need not
- *                 overwrite it.
- *
- * \param P        First prime factor of RSA modulus
- * \param Q        Second prime factor of RSA modulus
- * \param D        RSA private exponent
- * \param DP       MPI to check for D modulo P-1
- * \param DQ       MPI to check for D modulo P-1
- * \param QP       MPI to check for the modular inverse of Q modulo P.
- *
- * \return
- *                 - 0 if the following conditions are satisfied:
- *                    - D = DP mod P-1 if P, D, DP != NULL
- *                    - Q = DQ mod P-1 if P, D, DQ != NULL
- *                    - QP = Q^-1 mod P if P, Q, QP != NULL
- *                 - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed,
- *                   potentially including \c MBEDTLS_ERR_MPI_XXX if some
- *                   MPI calculations failed.
- *                 - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient
- *                   data was provided to check DP, DQ or QP.
- *
- * \note           The function can be used with a restricted set of arguments
- *                 to perform specific checks only. E.g., calling it with the
- *                 parameters (P, -, D, DP, -, -) will check DP = D mod P-1.
- */
-int mbedtls_rsa_validate_crt( const mbedtls_mpi *P,  const mbedtls_mpi *Q,
-                              const mbedtls_mpi *D,  const mbedtls_mpi *DP,
-                              const mbedtls_mpi *DQ, const mbedtls_mpi *QP );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* rsa_internal.h */
diff --git a/Sources/mbedtls/include/mbedtls/sha1.h b/Sources/mbedtls/include/mbedtls/sha1.h
deleted file mode 100644
index 4c3251b..0000000
--- a/Sources/mbedtls/include/mbedtls/sha1.h
+++ /dev/null
@@ -1,352 +0,0 @@
-/**
- * \file sha1.h
- *
- * \brief This file contains SHA-1 definitions and functions.
- *
- * The Secure Hash Algorithm 1 (SHA-1) cryptographic hash function is defined in
- * <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
- *
- * \warning   SHA-1 is considered a weak message digest and its use constitutes
- *            a security risk. We recommend considering stronger message
- *            digests instead.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_SHA1_H
-#define MBEDTLS_SHA1_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-/* MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** SHA-1 hardware accelerator failed */
-#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED                  -0x0035
-/** SHA-1 input data was malformed. */
-#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA                   -0x0073
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_SHA1_ALT)
-// Regular implementation
-//
-
-/**
- * \brief          The SHA-1 context structure.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- */
-typedef struct mbedtls_sha1_context
-{
-    uint32_t total[2];          /*!< The number of Bytes processed.  */
-    uint32_t state[5];          /*!< The intermediate digest state.  */
-    unsigned char buffer[64];   /*!< The data block being processed. */
-}
-mbedtls_sha1_context;
-
-#else  /* MBEDTLS_SHA1_ALT */
-#include "sha1_alt.h"
-#endif /* MBEDTLS_SHA1_ALT */
-
-/**
- * \brief          This function initializes a SHA-1 context.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- * \param ctx      The SHA-1 context to initialize.
- *                 This must not be \c NULL.
- *
- */
-void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
-
-/**
- * \brief          This function clears a SHA-1 context.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- * \param ctx      The SHA-1 context to clear. This may be \c NULL,
- *                 in which case this function does nothing. If it is
- *                 not \c NULL, it must point to an initialized
- *                 SHA-1 context.
- *
- */
-void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
-
-/**
- * \brief          This function clones the state of a SHA-1 context.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- * \param dst      The SHA-1 context to clone to. This must be initialized.
- * \param src      The SHA-1 context to clone from. This must be initialized.
- *
- */
-void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
-                         const mbedtls_sha1_context *src );
-
-/**
- * \brief          This function starts a SHA-1 checksum calculation.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- * \param ctx      The SHA-1 context to initialize. This must be initialized.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- *
- */
-int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx );
-
-/**
- * \brief          This function feeds an input buffer into an ongoing SHA-1
- *                 checksum calculation.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- * \param ctx      The SHA-1 context. This must be initialized
- *                 and have a hash operation started.
- * \param input    The buffer holding the input data.
- *                 This must be a readable buffer of length \p ilen Bytes.
- * \param ilen     The length of the input data \p input in Bytes.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
-                             const unsigned char *input,
-                             size_t ilen );
-
-/**
- * \brief          This function finishes the SHA-1 operation, and writes
- *                 the result to the output buffer.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- * \param ctx      The SHA-1 context to use. This must be initialized and
- *                 have a hash operation started.
- * \param output   The SHA-1 checksum result. This must be a writable
- *                 buffer of length \c 20 Bytes.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
-                             unsigned char output[20] );
-
-/**
- * \brief          SHA-1 process data block (internal use only).
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- * \param ctx      The SHA-1 context to use. This must be initialized.
- * \param data     The data block being processed. This must be a
- *                 readable buffer of length \c 64 Bytes.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- *
- */
-int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
-                                   const unsigned char data[64] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          This function starts a SHA-1 checksum calculation.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- * \deprecated     Superseded by mbedtls_sha1_starts_ret() in 2.7.0.
- *
- * \param ctx      The SHA-1 context to initialize. This must be initialized.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
-
-/**
- * \brief          This function feeds an input buffer into an ongoing SHA-1
- *                 checksum calculation.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- * \deprecated     Superseded by mbedtls_sha1_update_ret() in 2.7.0.
- *
- * \param ctx      The SHA-1 context. This must be initialized and
- *                 have a hash operation started.
- * \param input    The buffer holding the input data.
- *                 This must be a readable buffer of length \p ilen Bytes.
- * \param ilen     The length of the input data \p input in Bytes.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
-                                             const unsigned char *input,
-                                             size_t ilen );
-
-/**
- * \brief          This function finishes the SHA-1 operation, and writes
- *                 the result to the output buffer.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- * \deprecated     Superseded by mbedtls_sha1_finish_ret() in 2.7.0.
- *
- * \param ctx      The SHA-1 context. This must be initialized and
- *                 have a hash operation started.
- * \param output   The SHA-1 checksum result.
- *                 This must be a writable buffer of length \c 20 Bytes.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
-                                             unsigned char output[20] );
-
-/**
- * \brief          SHA-1 process data block (internal use only).
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- * \deprecated     Superseded by mbedtls_internal_sha1_process() in 2.7.0.
- *
- * \param ctx      The SHA-1 context. This must be initialized.
- * \param data     The data block being processed.
- *                 This must be a readable buffer of length \c 64 bytes.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
-                                              const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          This function calculates the SHA-1 checksum of a buffer.
- *
- *                 The function allocates the context, performs the
- *                 calculation, and frees the context.
- *
- *                 The SHA-1 result is calculated as
- *                 output = SHA-1(input buffer).
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- * \param input    The buffer holding the input data.
- *                 This must be a readable buffer of length \p ilen Bytes.
- * \param ilen     The length of the input data \p input in Bytes.
- * \param output   The SHA-1 checksum result.
- *                 This must be a writable buffer of length \c 20 Bytes.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- *
- */
-int mbedtls_sha1_ret( const unsigned char *input,
-                      size_t ilen,
-                      unsigned char output[20] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          This function calculates the SHA-1 checksum of a buffer.
- *
- *                 The function allocates the context, performs the
- *                 calculation, and frees the context.
- *
- *                 The SHA-1 result is calculated as
- *                 output = SHA-1(input buffer).
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- * \deprecated     Superseded by mbedtls_sha1_ret() in 2.7.0
- *
- * \param input    The buffer holding the input data.
- *                 This must be a readable buffer of length \p ilen Bytes.
- * \param ilen     The length of the input data \p input in Bytes.
- * \param output   The SHA-1 checksum result. This must be a writable
- *                 buffer of size \c 20 Bytes.
- *
- */
-MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
-                                      size_t ilen,
-                                      unsigned char output[20] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          The SHA-1 checkup routine.
- *
- * \warning        SHA-1 is considered a weak message digest and its use
- *                 constitutes a security risk. We recommend considering
- *                 stronger message digests instead.
- *
- * \return         \c 0 on success.
- * \return         \c 1 on failure.
- *
- */
-int mbedtls_sha1_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha1.h */
diff --git a/Sources/mbedtls/include/mbedtls/sha256.h b/Sources/mbedtls/include/mbedtls/sha256.h
deleted file mode 100644
index 5b54be2..0000000
--- a/Sources/mbedtls/include/mbedtls/sha256.h
+++ /dev/null
@@ -1,300 +0,0 @@
-/**
- * \file sha256.h
- *
- * \brief This file contains SHA-224 and SHA-256 definitions and functions.
- *
- * The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic
- * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_SHA256_H
-#define MBEDTLS_SHA256_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-/* MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** SHA-256 hardware accelerator failed */
-#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED                -0x0037
-/** SHA-256 input data was malformed. */
-#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA                 -0x0074
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_SHA256_ALT)
-// Regular implementation
-//
-
-/**
- * \brief          The SHA-256 context structure.
- *
- *                 The structure is used both for SHA-256 and for SHA-224
- *                 checksum calculations. The choice between these two is
- *                 made in the call to mbedtls_sha256_starts_ret().
- */
-typedef struct mbedtls_sha256_context
-{
-    uint32_t total[2];          /*!< The number of Bytes processed.  */
-    uint32_t state[8];          /*!< The intermediate digest state.  */
-    unsigned char buffer[64];   /*!< The data block being processed. */
-    int is224;                  /*!< Determines which function to use:
-                                     0: Use SHA-256, or 1: Use SHA-224. */
-}
-mbedtls_sha256_context;
-
-#else  /* MBEDTLS_SHA256_ALT */
-#include "sha256_alt.h"
-#endif /* MBEDTLS_SHA256_ALT */
-
-/**
- * \brief          This function initializes a SHA-256 context.
- *
- * \param ctx      The SHA-256 context to initialize. This must not be \c NULL.
- */
-void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
-
-/**
- * \brief          This function clears a SHA-256 context.
- *
- * \param ctx      The SHA-256 context to clear. This may be \c NULL, in which
- *                 case this function returns immediately. If it is not \c NULL,
- *                 it must point to an initialized SHA-256 context.
- */
-void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
-
-/**
- * \brief          This function clones the state of a SHA-256 context.
- *
- * \param dst      The destination context. This must be initialized.
- * \param src      The context to clone. This must be initialized.
- */
-void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
-                           const mbedtls_sha256_context *src );
-
-/**
- * \brief          This function starts a SHA-224 or SHA-256 checksum
- *                 calculation.
- *
- * \param ctx      The context to use. This must be initialized.
- * \param is224    This determines which function to use. This must be
- *                 either \c 0 for SHA-256, or \c 1 for SHA-224.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 );
-
-/**
- * \brief          This function feeds an input buffer into an ongoing
- *                 SHA-256 checksum calculation.
- *
- * \param ctx      The SHA-256 context. This must be initialized
- *                 and have a hash operation started.
- * \param input    The buffer holding the data. This must be a readable
- *                 buffer of length \p ilen Bytes.
- * \param ilen     The length of the input data in Bytes.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
-                               const unsigned char *input,
-                               size_t ilen );
-
-/**
- * \brief          This function finishes the SHA-256 operation, and writes
- *                 the result to the output buffer.
- *
- * \param ctx      The SHA-256 context. This must be initialized
- *                 and have a hash operation started.
- * \param output   The SHA-224 or SHA-256 checksum result.
- *                 This must be a writable buffer of length \c 32 Bytes.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
-                               unsigned char output[32] );
-
-/**
- * \brief          This function processes a single data block within
- *                 the ongoing SHA-256 computation. This function is for
- *                 internal use only.
- *
- * \param ctx      The SHA-256 context. This must be initialized.
- * \param data     The buffer holding one block of data. This must
- *                 be a readable buffer of length \c 64 Bytes.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
-                                     const unsigned char data[64] );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          This function starts a SHA-224 or SHA-256 checksum
- *                 calculation.
- *
- * \deprecated     Superseded by mbedtls_sha256_starts_ret() in 2.7.0.
- *
- * \param ctx      The context to use. This must be initialized.
- * \param is224    Determines which function to use. This must be
- *                 either \c 0 for SHA-256, or \c 1 for SHA-224.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
-                                               int is224 );
-
-/**
- * \brief          This function feeds an input buffer into an ongoing
- *                 SHA-256 checksum calculation.
- *
- * \deprecated     Superseded by mbedtls_sha256_update_ret() in 2.7.0.
- *
- * \param ctx      The SHA-256 context to use. This must be
- *                 initialized and have a hash operation started.
- * \param input    The buffer holding the data. This must be a readable
- *                 buffer of length \p ilen Bytes.
- * \param ilen     The length of the input data in Bytes.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
-                                               const unsigned char *input,
-                                               size_t ilen );
-
-/**
- * \brief          This function finishes the SHA-256 operation, and writes
- *                 the result to the output buffer.
- *
- * \deprecated     Superseded by mbedtls_sha256_finish_ret() in 2.7.0.
- *
- * \param ctx      The SHA-256 context. This must be initialized and
- *                 have a hash operation started.
- * \param output   The SHA-224 or SHA-256 checksum result. This must be
- *                 a writable buffer of length \c 32 Bytes.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
-                                               unsigned char output[32] );
-
-/**
- * \brief          This function processes a single data block within
- *                 the ongoing SHA-256 computation. This function is for
- *                 internal use only.
- *
- * \deprecated     Superseded by mbedtls_internal_sha256_process() in 2.7.0.
- *
- * \param ctx      The SHA-256 context. This must be initialized.
- * \param data     The buffer holding one block of data. This must be
- *                 a readable buffer of size \c 64 Bytes.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
-                                                const unsigned char data[64] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          This function calculates the SHA-224 or SHA-256
- *                 checksum of a buffer.
- *
- *                 The function allocates the context, performs the
- *                 calculation, and frees the context.
- *
- *                 The SHA-256 result is calculated as
- *                 output = SHA-256(input buffer).
- *
- * \param input    The buffer holding the data. This must be a readable
- *                 buffer of length \p ilen Bytes.
- * \param ilen     The length of the input data in Bytes.
- * \param output   The SHA-224 or SHA-256 checksum result. This must
- *                 be a writable buffer of length \c 32 Bytes.
- * \param is224    Determines which function to use. This must be
- *                 either \c 0 for SHA-256, or \c 1 for SHA-224.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_sha256_ret( const unsigned char *input,
-                        size_t ilen,
-                        unsigned char output[32],
-                        int is224 );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-
-/**
- * \brief          This function calculates the SHA-224 or SHA-256 checksum
- *                 of a buffer.
- *
- *                 The function allocates the context, performs the
- *                 calculation, and frees the context.
- *
- *                 The SHA-256 result is calculated as
- *                 output = SHA-256(input buffer).
- *
- * \deprecated     Superseded by mbedtls_sha256_ret() in 2.7.0.
- *
- * \param input    The buffer holding the data. This must be a readable
- *                 buffer of length \p ilen Bytes.
- * \param ilen     The length of the input data in Bytes.
- * \param output   The SHA-224 or SHA-256 checksum result. This must be
- *                 a writable buffer of length \c 32 Bytes.
- * \param is224    Determines which function to use. This must be either
- *                 \c 0 for SHA-256, or \c 1 for SHA-224.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
-                                        size_t ilen,
-                                        unsigned char output[32],
-                                        int is224 );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          The SHA-224 and SHA-256 checkup routine.
- *
- * \return         \c 0 on success.
- * \return         \c 1 on failure.
- */
-int mbedtls_sha256_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha256.h */
diff --git a/Sources/mbedtls/include/mbedtls/sha512.h b/Sources/mbedtls/include/mbedtls/sha512.h
deleted file mode 100644
index cca47c2..0000000
--- a/Sources/mbedtls/include/mbedtls/sha512.h
+++ /dev/null
@@ -1,316 +0,0 @@
-/**
- * \file sha512.h
- * \brief This file contains SHA-384 and SHA-512 definitions and functions.
- *
- * The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic
- * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_SHA512_H
-#define MBEDTLS_SHA512_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-/* MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** SHA-512 hardware accelerator failed */
-#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED                -0x0039
-/** SHA-512 input data was malformed. */
-#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA                 -0x0075
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_SHA512_ALT)
-// Regular implementation
-//
-
-/**
- * \brief          The SHA-512 context structure.
- *
- *                 The structure is used both for SHA-384 and for SHA-512
- *                 checksum calculations. The choice between these two is
- *                 made in the call to mbedtls_sha512_starts_ret().
- */
-typedef struct mbedtls_sha512_context
-{
-    uint64_t total[2];          /*!< The number of Bytes processed. */
-    uint64_t state[8];          /*!< The intermediate digest state. */
-    unsigned char buffer[128];  /*!< The data block being processed. */
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-    int is384;                  /*!< Determines which function to use:
-                                     0: Use SHA-512, or 1: Use SHA-384. */
-#endif
-}
-mbedtls_sha512_context;
-
-#else  /* MBEDTLS_SHA512_ALT */
-#include "sha512_alt.h"
-#endif /* MBEDTLS_SHA512_ALT */
-
-/**
- * \brief          This function initializes a SHA-512 context.
- *
- * \param ctx      The SHA-512 context to initialize. This must
- *                 not be \c NULL.
- */
-void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
-
-/**
- * \brief          This function clears a SHA-512 context.
- *
- * \param ctx      The SHA-512 context to clear. This may be \c NULL,
- *                 in which case this function does nothing. If it
- *                 is not \c NULL, it must point to an initialized
- *                 SHA-512 context.
- */
-void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
-
-/**
- * \brief          This function clones the state of a SHA-512 context.
- *
- * \param dst      The destination context. This must be initialized.
- * \param src      The context to clone. This must be initialized.
- */
-void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
-                           const mbedtls_sha512_context *src );
-
-/**
- * \brief          This function starts a SHA-384 or SHA-512 checksum
- *                 calculation.
- *
- * \param ctx      The SHA-512 context to use. This must be initialized.
- * \param is384    Determines which function to use. This must be
- *                 either \c 0 for SHA-512, or \c 1 for SHA-384.
- *
- * \note           When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
- *                 be \c 0, or the function will return
- *                 #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 );
-
-/**
- * \brief          This function feeds an input buffer into an ongoing
- *                 SHA-512 checksum calculation.
- *
- * \param ctx      The SHA-512 context. This must be initialized
- *                 and have a hash operation started.
- * \param input    The buffer holding the input data. This must
- *                 be a readable buffer of length \p ilen Bytes.
- * \param ilen     The length of the input data in Bytes.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
-                    const unsigned char *input,
-                    size_t ilen );
-
-/**
- * \brief          This function finishes the SHA-512 operation, and writes
- *                 the result to the output buffer.
- *
- * \param ctx      The SHA-512 context. This must be initialized
- *                 and have a hash operation started.
- * \param output   The SHA-384 or SHA-512 checksum result.
- *                 This must be a writable buffer of length \c 64 Bytes.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
-                               unsigned char output[64] );
-
-/**
- * \brief          This function processes a single data block within
- *                 the ongoing SHA-512 computation.
- *                 This function is for internal use only.
- *
- * \param ctx      The SHA-512 context. This must be initialized.
- * \param data     The buffer holding one block of data. This
- *                 must be a readable buffer of length \c 128 Bytes.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
-                                     const unsigned char data[128] );
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-/**
- * \brief          This function starts a SHA-384 or SHA-512 checksum
- *                 calculation.
- *
- * \deprecated     Superseded by mbedtls_sha512_starts_ret() in 2.7.0
- *
- * \param ctx      The SHA-512 context to use. This must be initialized.
- * \param is384    Determines which function to use. This must be either
- *                 \c 0 for SHA-512 or \c 1 for SHA-384.
- *
- * \note           When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
- *                 be \c 0, or the function will fail to work.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
-                                               int is384 );
-
-/**
- * \brief          This function feeds an input buffer into an ongoing
- *                 SHA-512 checksum calculation.
- *
- * \deprecated     Superseded by mbedtls_sha512_update_ret() in 2.7.0.
- *
- * \param ctx      The SHA-512 context. This must be initialized
- *                 and have a hash operation started.
- * \param input    The buffer holding the data. This must be a readable
- *                 buffer of length \p ilen Bytes.
- * \param ilen     The length of the input data in Bytes.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
-                                               const unsigned char *input,
-                                               size_t ilen );
-
-/**
- * \brief          This function finishes the SHA-512 operation, and writes
- *                 the result to the output buffer.
- *
- * \deprecated     Superseded by mbedtls_sha512_finish_ret() in 2.7.0.
- *
- * \param ctx      The SHA-512 context. This must be initialized
- *                 and have a hash operation started.
- * \param output   The SHA-384 or SHA-512 checksum result. This must
- *                 be a writable buffer of size \c 64 Bytes.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
-                                               unsigned char output[64] );
-
-/**
- * \brief          This function processes a single data block within
- *                 the ongoing SHA-512 computation. This function is for
- *                 internal use only.
- *
- * \deprecated     Superseded by mbedtls_internal_sha512_process() in 2.7.0.
- *
- * \param ctx      The SHA-512 context. This must be initialized.
- * \param data     The buffer holding one block of data. This must be
- *                 a readable buffer of length \c 128 Bytes.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512_process(
-                                            mbedtls_sha512_context *ctx,
-                                            const unsigned char data[128] );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          This function calculates the SHA-512 or SHA-384
- *                 checksum of a buffer.
- *
- *                 The function allocates the context, performs the
- *                 calculation, and frees the context.
- *
- *                 The SHA-512 result is calculated as
- *                 output = SHA-512(input buffer).
- *
- * \param input    The buffer holding the input data. This must be
- *                 a readable buffer of length \p ilen Bytes.
- * \param ilen     The length of the input data in Bytes.
- * \param output   The SHA-384 or SHA-512 checksum result.
- *                 This must be a writable buffer of length \c 64 Bytes.
- * \param is384    Determines which function to use. This must be either
- *                 \c 0 for SHA-512, or \c 1 for SHA-384.
- *
- * \note           When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
- *                 be \c 0, or the function will return
- *                 #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-int mbedtls_sha512_ret( const unsigned char *input,
-                        size_t ilen,
-                        unsigned char output[64],
-                        int is384 );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-
-/**
- * \brief          This function calculates the SHA-512 or SHA-384
- *                 checksum of a buffer.
- *
- *                 The function allocates the context, performs the
- *                 calculation, and frees the context.
- *
- *                 The SHA-512 result is calculated as
- *                 output = SHA-512(input buffer).
- *
- * \deprecated     Superseded by mbedtls_sha512_ret() in 2.7.0
- *
- * \param input    The buffer holding the data. This must be a
- *                 readable buffer of length \p ilen Bytes.
- * \param ilen     The length of the input data in Bytes.
- * \param output   The SHA-384 or SHA-512 checksum result. This must
- *                 be a writable buffer of length \c 64 Bytes.
- * \param is384    Determines which function to use. This must be either
- *                 \c 0 for SHA-512, or \c 1 for SHA-384.
- *
- * \note           When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
- *                 be \c 0, or the function will fail to work.
- */
-MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
-                                        size_t ilen,
-                                        unsigned char output[64],
-                                        int is384 );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#if defined(MBEDTLS_SELF_TEST)
-
- /**
- * \brief          The SHA-384 or SHA-512 checkup routine.
- *
- * \return         \c 0 on success.
- * \return         \c 1 on failure.
- */
-int mbedtls_sha512_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_sha512.h */
diff --git a/Sources/mbedtls/include/mbedtls/ssl.h b/Sources/mbedtls/include/mbedtls/ssl.h
deleted file mode 100644
index aecac93..0000000
--- a/Sources/mbedtls/include/mbedtls/ssl.h
+++ /dev/null
@@ -1,4427 +0,0 @@
-/**
- * \file ssl.h
- *
- * \brief SSL/TLS functions.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_SSL_H
-#define MBEDTLS_SSL_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/bignum.h"
-#include "mbedtls/ecp.h"
-
-#include "mbedtls/ssl_ciphersuites.h"
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/x509_crl.h"
-#endif
-
-#if defined(MBEDTLS_DHM_C)
-#include "mbedtls/dhm.h"
-#endif
-
-/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
- * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap
- * in functionality that access to ecdh_ctx structure is needed for
- * MBEDTLS_ECDSA_C which does not seem correct.
- */
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdh.h"
-#endif
-
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
-#endif
-
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
-#endif
-
-#include "zlib.h"
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/*
- * SSL Error codes
- */
-/** The requested feature is not available. */
-#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE               -0x7080
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA                    -0x7100
-/** Verification of the message MAC failed. */
-#define MBEDTLS_ERR_SSL_INVALID_MAC                       -0x7180
-/** An invalid SSL record was received. */
-#define MBEDTLS_ERR_SSL_INVALID_RECORD                    -0x7200
-/** The connection indicated an EOF. */
-#define MBEDTLS_ERR_SSL_CONN_EOF                          -0x7280
-/** An unknown cipher was received. */
-#define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER                    -0x7300
-/** The server has no ciphersuites in common with the client. */
-#define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN                  -0x7380
-/** No RNG was provided to the SSL module. */
-#define MBEDTLS_ERR_SSL_NO_RNG                            -0x7400
-/** No client certification received from the client, but required by the authentication mode. */
-#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE             -0x7480
-/** Our own certificate(s) is/are too large to send in an SSL message. */
-#define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE             -0x7500
-/** The own certificate is not set, but needed by the server. */
-#define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED              -0x7580
-/** The own private key or pre-shared key is not set, but needed. */
-#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED              -0x7600
-/** No CA Chain is set, but required to operate. */
-#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED                 -0x7680
-/** An unexpected message was received from our peer. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE                -0x7700
-/** A fatal alert message was received from our peer. */
-#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE               -0x7780
-/** Verification of our peer failed. */
-#define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED                -0x7800
-/** The peer notified us that the connection is going to be closed. */
-#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY                 -0x7880
-/** Processing of the ClientHello handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO               -0x7900
-/** Processing of the ServerHello handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO               -0x7980
-/** Processing of the Certificate handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE                -0x7A00
-/** Processing of the CertificateRequest handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST        -0x7A80
-/** Processing of the ServerKeyExchange handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE        -0x7B00
-/** Processing of the ServerHelloDone handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE          -0x7B80
-/** Processing of the ClientKeyExchange handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE        -0x7C00
-/** Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP     -0x7C80
-/** Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS     -0x7D00
-/** Processing of the CertificateVerify handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY         -0x7D80
-/** Processing of the ChangeCipherSpec handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC         -0x7E00
-/** Processing of the Finished handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_FINISHED                   -0x7E80
-/** Memory allocation failed */
-#define MBEDTLS_ERR_SSL_ALLOC_FAILED                      -0x7F00
-/** Hardware acceleration function returned with error */
-#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED                   -0x7F80
-/** Hardware acceleration function skipped / left alone data */
-#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH              -0x6F80
-/** Processing of the compression / decompression failed */
-#define MBEDTLS_ERR_SSL_COMPRESSION_FAILED                -0x6F00
-/** Handshake protocol not within min/max boundaries */
-#define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION           -0x6E80
-/** Processing of the NewSessionTicket handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET         -0x6E00
-/** Session ticket has expired. */
-#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED            -0x6D80
-/** Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
-#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH                  -0x6D00
-/** Unknown identity received (eg, PSK identity) */
-#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY                  -0x6C80
-/** Internal error (eg, unexpected failure in lower-level module) */
-#define MBEDTLS_ERR_SSL_INTERNAL_ERROR                    -0x6C00
-/** A counter would wrap (eg, too many messages exchanged). */
-#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING                  -0x6B80
-/** Unexpected message at ServerHello in renegotiation. */
-#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO       -0x6B00
-/** DTLS client must retry for hello verification */
-#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED             -0x6A80
-/** A buffer is too small to receive or write a message */
-#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL                  -0x6A00
-/** None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages). */
-#define MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE             -0x6980
-/** No data of requested type currently available on underlying transport. */
-#define MBEDTLS_ERR_SSL_WANT_READ                         -0x6900
-/** Connection requires a write call. */
-#define MBEDTLS_ERR_SSL_WANT_WRITE                        -0x6880
-/** The operation timed out. */
-#define MBEDTLS_ERR_SSL_TIMEOUT                           -0x6800
-/** The client initiated a reconnect from the same port. */
-#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT                  -0x6780
-/** Record header looks valid but is not expected. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD                 -0x6700
-/** The alert message received indicates a non-fatal error. */
-#define MBEDTLS_ERR_SSL_NON_FATAL                         -0x6680
-/** Couldn't set the hash for verifying CertificateVerify */
-#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH               -0x6600
-/** Internal-only message signaling that further message-processing should be done */
-#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING               -0x6580
-/** The asynchronous operation is not completed yet. */
-#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS                 -0x6500
-/** Internal-only message signaling that a message arrived early. */
-#define MBEDTLS_ERR_SSL_EARLY_MESSAGE                     -0x6480
-/** An encrypted DTLS-frame with an unexpected CID was received. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_CID                    -0x6000
-/** An operation failed due to an unexpected version or configuration. */
-#define MBEDTLS_ERR_SSL_VERSION_MISMATCH                  -0x5F00
-/** A cryptographic operation is in progress. Try again later. */
-#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS                -0x7000
-/** Invalid value in SSL config */
-#define MBEDTLS_ERR_SSL_BAD_CONFIG                        -0x5E80
-
-/*
- * Various constants
- */
-#define MBEDTLS_SSL_MAJOR_VERSION_3             3
-#define MBEDTLS_SSL_MINOR_VERSION_0             0   /*!< SSL v3.0 */
-#define MBEDTLS_SSL_MINOR_VERSION_1             1   /*!< TLS v1.0 */
-#define MBEDTLS_SSL_MINOR_VERSION_2             2   /*!< TLS v1.1 */
-#define MBEDTLS_SSL_MINOR_VERSION_3             3   /*!< TLS v1.2 */
-#define MBEDTLS_SSL_MINOR_VERSION_4             4   /*!< TLS v1.3 (experimental) */
-
-#define MBEDTLS_SSL_TRANSPORT_STREAM            0   /*!< TLS      */
-#define MBEDTLS_SSL_TRANSPORT_DATAGRAM          1   /*!< DTLS     */
-
-#define MBEDTLS_SSL_MAX_HOST_NAME_LEN           255 /*!< Maximum host name defined in RFC 1035 */
-#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN           255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */
-
-#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN           65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301          */
-
-/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
- * NONE must be zero so that memset()ing structure to zero works */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE           0   /*!< don't use this extension   */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_512            1   /*!< MaxFragmentLength 2^9      */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_1024           2   /*!< MaxFragmentLength 2^10     */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_2048           3   /*!< MaxFragmentLength 2^11     */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_4096           4   /*!< MaxFragmentLength 2^12     */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID        5   /*!< first invalid value        */
-
-#define MBEDTLS_SSL_IS_CLIENT                   0
-#define MBEDTLS_SSL_IS_SERVER                   1
-
-#define MBEDTLS_SSL_IS_NOT_FALLBACK             0
-#define MBEDTLS_SSL_IS_FALLBACK                 1
-
-#define MBEDTLS_SSL_EXTENDED_MS_DISABLED        0
-#define MBEDTLS_SSL_EXTENDED_MS_ENABLED         1
-
-#define MBEDTLS_SSL_CID_DISABLED                0
-#define MBEDTLS_SSL_CID_ENABLED                 1
-
-#define MBEDTLS_SSL_ETM_DISABLED                0
-#define MBEDTLS_SSL_ETM_ENABLED                 1
-
-#define MBEDTLS_SSL_COMPRESS_NULL               0
-#define MBEDTLS_SSL_COMPRESS_DEFLATE            1
-
-#define MBEDTLS_SSL_VERIFY_NONE                 0
-#define MBEDTLS_SSL_VERIFY_OPTIONAL             1
-#define MBEDTLS_SSL_VERIFY_REQUIRED             2
-#define MBEDTLS_SSL_VERIFY_UNSET                3 /* Used only for sni_authmode */
-
-#define MBEDTLS_SSL_LEGACY_RENEGOTIATION        0
-#define MBEDTLS_SSL_SECURE_RENEGOTIATION        1
-
-#define MBEDTLS_SSL_RENEGOTIATION_DISABLED      0
-#define MBEDTLS_SSL_RENEGOTIATION_ENABLED       1
-
-#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED        0
-#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED         1
-
-#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED  -1
-#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT  16
-
-#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION     0
-#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION  1
-#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE      2
-
-#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED         0
-#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED          1
-#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN          10  /* 80 bits, rfc 6066 section 7 */
-
-#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED     0
-#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED      1
-
-#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED    0
-#define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED     1
-
-#define MBEDTLS_SSL_ARC4_ENABLED                0
-#define MBEDTLS_SSL_ARC4_DISABLED               1
-
-#define MBEDTLS_SSL_PRESET_DEFAULT              0
-#define MBEDTLS_SSL_PRESET_SUITEB               2
-
-#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED       1
-#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED      0
-
-#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED    0
-#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED      1
-
-/*
- * Default range for DTLS retransmission timer value, in milliseconds.
- * RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
- */
-#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN    1000
-#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX   60000
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
-#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
-#endif
-
-/*
- * Maximum fragment length in bytes,
- * determines the size of each of the two internal I/O buffers.
- *
- * Note: the RFC defines the default size of SSL / TLS messages. If you
- * change the value here, other clients / servers may not be able to
- * communicate with you anymore. Only change this value if you control
- * both sides of the connection and have it reduced at both sides, or
- * if you're using the Max Fragment Length extension and you know all your
- * peers are using it too!
- */
-#if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
-#define MBEDTLS_SSL_MAX_CONTENT_LEN         16384   /**< Size of the input / output buffer */
-#endif
-
-#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
-#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
-#endif
-
-#if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
-#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN
-#endif
-
-/*
- * Maximum number of heap-allocated bytes for the purpose of
- * DTLS handshake message reassembly and future message buffering.
- */
-#if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
-#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
-#endif
-
-/*
- * Maximum length of CIDs for incoming and outgoing messages.
- */
-#if !defined(MBEDTLS_SSL_CID_IN_LEN_MAX)
-#define MBEDTLS_SSL_CID_IN_LEN_MAX          32
-#endif
-
-#if !defined(MBEDTLS_SSL_CID_OUT_LEN_MAX)
-#define MBEDTLS_SSL_CID_OUT_LEN_MAX         32
-#endif
-
-#if !defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY)
-#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16
-#endif
-
-#if !defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY)
-#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1
-#endif
-
-/** \} name SECTION: Module settings */
-
-/*
- * Length of the verify data for secure renegotiation
- */
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
-#else
-#define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
-#endif
-
-/*
- * Signaling ciphersuite values (SCSV)
- */
-#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO    0xFF   /**< renegotiation info ext */
-#define MBEDTLS_SSL_FALLBACK_SCSV_VALUE         0x5600 /**< RFC 7507 section 2 */
-
-/*
- * Supported Signature and Hash algorithms (For TLS 1.2)
- * RFC 5246 section 7.4.1.4.1
- */
-#define MBEDTLS_SSL_HASH_NONE                0
-#define MBEDTLS_SSL_HASH_MD5                 1
-#define MBEDTLS_SSL_HASH_SHA1                2
-#define MBEDTLS_SSL_HASH_SHA224              3
-#define MBEDTLS_SSL_HASH_SHA256              4
-#define MBEDTLS_SSL_HASH_SHA384              5
-#define MBEDTLS_SSL_HASH_SHA512              6
-
-#define MBEDTLS_SSL_SIG_ANON                 0
-#define MBEDTLS_SSL_SIG_RSA                  1
-#define MBEDTLS_SSL_SIG_ECDSA                3
-
-/*
- * Client Certificate Types
- * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
- */
-#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN       1
-#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN    64
-
-/*
- * Message, alert and handshake types
- */
-#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC     20
-#define MBEDTLS_SSL_MSG_ALERT                  21
-#define MBEDTLS_SSL_MSG_HANDSHAKE              22
-#define MBEDTLS_SSL_MSG_APPLICATION_DATA       23
-#define MBEDTLS_SSL_MSG_CID                    25
-
-#define MBEDTLS_SSL_ALERT_LEVEL_WARNING         1
-#define MBEDTLS_SSL_ALERT_LEVEL_FATAL           2
-
-#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY           0  /* 0x00 */
-#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE    10  /* 0x0A */
-#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC        20  /* 0x14 */
-#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED     21  /* 0x15 */
-#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW       22  /* 0x16 */
-#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30  /* 0x1E */
-#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE     40  /* 0x28 */
-#define MBEDTLS_SSL_ALERT_MSG_NO_CERT               41  /* 0x29 */
-#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT              42  /* 0x2A */
-#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT      43  /* 0x2B */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED          44  /* 0x2C */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED          45  /* 0x2D */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN          46  /* 0x2E */
-#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER     47  /* 0x2F */
-#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA            48  /* 0x30 */
-#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED         49  /* 0x31 */
-#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR          50  /* 0x32 */
-#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR         51  /* 0x33 */
-#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION    60  /* 0x3C */
-#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION      70  /* 0x46 */
-#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71  /* 0x47 */
-#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR        80  /* 0x50 */
-#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86  /* 0x56 */
-#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED         90  /* 0x5A */
-#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION     100  /* 0x64 */
-#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT      110  /* 0x6E */
-#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME    112  /* 0x70 */
-#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115  /* 0x73 */
-#define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
-
-#define MBEDTLS_SSL_HS_HELLO_REQUEST            0
-#define MBEDTLS_SSL_HS_CLIENT_HELLO             1
-#define MBEDTLS_SSL_HS_SERVER_HELLO             2
-#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST     3
-#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET       4
-#define MBEDTLS_SSL_HS_CERTIFICATE             11
-#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE     12
-#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST     13
-#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE       14
-#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY      15
-#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE     16
-#define MBEDTLS_SSL_HS_FINISHED                20
-
-/*
- * TLS extensions
- */
-#define MBEDTLS_TLS_EXT_SERVERNAME                   0
-#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME          0
-
-#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH          1
-
-#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC               4
-
-#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10
-#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS     11
-
-#define MBEDTLS_TLS_EXT_SIG_ALG                     13
-
-#define MBEDTLS_TLS_EXT_USE_SRTP                    14
-
-#define MBEDTLS_TLS_EXT_ALPN                        16
-
-#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC            22 /* 0x16 */
-#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET  0x0017 /* 23 */
-
-#define MBEDTLS_TLS_EXT_SESSION_TICKET              35
-
-/* The value of the CID extension is still TBD as of
- * draft-ietf-tls-dtls-connection-id-05
- * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05).
- *
- * A future minor revision of Mbed TLS may change the default value of
- * this option to match evolving standards and usage.
- */
-#if !defined(MBEDTLS_TLS_EXT_CID)
-#define MBEDTLS_TLS_EXT_CID                        254 /* TBD */
-#endif
-
-#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP               256 /* experimental */
-
-#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO      0xFF01
-
-/*
- * Size defines
- */
-#if !defined(MBEDTLS_PSK_MAX_LEN)
-#define MBEDTLS_PSK_MAX_LEN            32 /* 256 bits */
-#endif
-
-/* Dummy type used only for its size */
-union mbedtls_ssl_premaster_secret
-{
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    unsigned char _pms_rsa[48];                         /* RFC 5246 8.1.1 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-    unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE];      /* RFC 5246 8.1.2 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)    || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)  || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];    /* RFC 4492 5.10 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-    unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 2 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-    unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
-                                 + MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 3 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-    unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN];      /* RFC 4279 4 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-    unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
-                                   + MBEDTLS_PSK_MAX_LEN];     /* RFC 5489 2 */
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    unsigned char _pms_ecjpake[32];     /* Thread spec: SHA-256 output */
-#endif
-};
-
-#define MBEDTLS_PREMASTER_SIZE     sizeof( union mbedtls_ssl_premaster_secret )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * SSL state machine
- */
-typedef enum
-{
-    MBEDTLS_SSL_HELLO_REQUEST,
-    MBEDTLS_SSL_CLIENT_HELLO,
-    MBEDTLS_SSL_SERVER_HELLO,
-    MBEDTLS_SSL_SERVER_CERTIFICATE,
-    MBEDTLS_SSL_SERVER_KEY_EXCHANGE,
-    MBEDTLS_SSL_CERTIFICATE_REQUEST,
-    MBEDTLS_SSL_SERVER_HELLO_DONE,
-    MBEDTLS_SSL_CLIENT_CERTIFICATE,
-    MBEDTLS_SSL_CLIENT_KEY_EXCHANGE,
-    MBEDTLS_SSL_CERTIFICATE_VERIFY,
-    MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC,
-    MBEDTLS_SSL_CLIENT_FINISHED,
-    MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC,
-    MBEDTLS_SSL_SERVER_FINISHED,
-    MBEDTLS_SSL_FLUSH_BUFFERS,
-    MBEDTLS_SSL_HANDSHAKE_WRAPUP,
-    MBEDTLS_SSL_HANDSHAKE_OVER,
-    MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
-    MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
-}
-mbedtls_ssl_states;
-
-/*
- * The tls_prf function types.
- */
-typedef enum
-{
-   MBEDTLS_SSL_TLS_PRF_NONE,
-   MBEDTLS_SSL_TLS_PRF_SSL3,
-   MBEDTLS_SSL_TLS_PRF_TLS1,
-   MBEDTLS_SSL_TLS_PRF_SHA384,
-   MBEDTLS_SSL_TLS_PRF_SHA256
-}
-mbedtls_tls_prf_types;
-/**
- * \brief          Callback type: send data on the network.
- *
- * \note           That callback may be either blocking or non-blocking.
- *
- * \param ctx      Context for the send callback (typically a file descriptor)
- * \param buf      Buffer holding the data to send
- * \param len      Length of the data to send
- *
- * \return         The callback must return the number of bytes sent if any,
- *                 or a non-zero error code.
- *                 If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_WRITE
- *                 must be returned when the operation would block.
- *
- * \note           The callback is allowed to send fewer bytes than requested.
- *                 It must always return the number of bytes actually sent.
- */
-typedef int mbedtls_ssl_send_t( void *ctx,
-                                const unsigned char *buf,
-                                size_t len );
-
-/**
- * \brief          Callback type: receive data from the network.
- *
- * \note           That callback may be either blocking or non-blocking.
- *
- * \param ctx      Context for the receive callback (typically a file
- *                 descriptor)
- * \param buf      Buffer to write the received data to
- * \param len      Length of the receive buffer
- *
- * \returns        If data has been received, the positive number of bytes received.
- * \returns        \c 0 if the connection has been closed.
- * \returns        If performing non-blocking I/O, \c MBEDTLS_ERR_SSL_WANT_READ
- *                 must be returned when the operation would block.
- * \returns        Another negative error code on other kinds of failures.
- *
- * \note           The callback may receive fewer bytes than the length of the
- *                 buffer. It must always return the number of bytes actually
- *                 received and written to the buffer.
- */
-typedef int mbedtls_ssl_recv_t( void *ctx,
-                                unsigned char *buf,
-                                size_t len );
-
-/**
- * \brief          Callback type: receive data from the network, with timeout
- *
- * \note           That callback must block until data is received, or the
- *                 timeout delay expires, or the operation is interrupted by a
- *                 signal.
- *
- * \param ctx      Context for the receive callback (typically a file descriptor)
- * \param buf      Buffer to write the received data to
- * \param len      Length of the receive buffer
- * \param timeout  Maximum number of milliseconds to wait for data
- *                 0 means no timeout (potentially waiting forever)
- *
- * \return         The callback must return the number of bytes received,
- *                 or a non-zero error code:
- *                 \c MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
- *                 \c MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
- *
- * \note           The callback may receive fewer bytes than the length of the
- *                 buffer. It must always return the number of bytes actually
- *                 received and written to the buffer.
- */
-typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
-                                        unsigned char *buf,
-                                        size_t len,
-                                        uint32_t timeout );
-/**
- * \brief          Callback type: set a pair of timers/delays to watch
- *
- * \param ctx      Context pointer
- * \param int_ms   Intermediate delay in milliseconds
- * \param fin_ms   Final delay in milliseconds
- *                 0 cancels the current timer.
- *
- * \note           This callback must at least store the necessary information
- *                 for the associated \c mbedtls_ssl_get_timer_t callback to
- *                 return correct information.
- *
- * \note           If using an event-driven style of programming, an event must
- *                 be generated when the final delay is passed. The event must
- *                 cause a call to \c mbedtls_ssl_handshake() with the proper
- *                 SSL context to be scheduled. Care must be taken to ensure
- *                 that at most one such call happens at a time.
- *
- * \note           Only one timer at a time must be running. Calling this
- *                 function while a timer is running must cancel it. Cancelled
- *                 timers must not generate any event.
- */
-typedef void mbedtls_ssl_set_timer_t( void * ctx,
-                                      uint32_t int_ms,
-                                      uint32_t fin_ms );
-
-/**
- * \brief          Callback type: get status of timers/delays
- *
- * \param ctx      Context pointer
- *
- * \return         This callback must return:
- *                 -1 if cancelled (fin_ms == 0),
- *                  0 if none of the delays have passed,
- *                  1 if only the intermediate delay has passed,
- *                  2 if the final delay has passed.
- */
-typedef int mbedtls_ssl_get_timer_t( void * ctx );
-
-/* Defined below */
-typedef struct mbedtls_ssl_session mbedtls_ssl_session;
-typedef struct mbedtls_ssl_context mbedtls_ssl_context;
-typedef struct mbedtls_ssl_config  mbedtls_ssl_config;
-
-/* Defined in ssl_internal.h */
-typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
-typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
-typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t;
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
-#endif
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
-#endif
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief           Callback type: start external signature operation.
- *
- *                  This callback is called during an SSL handshake to start
- *                  a signature decryption operation using an
- *                  external processor. The parameter \p cert contains
- *                  the public key; it is up to the callback function to
- *                  determine how to access the associated private key.
- *
- *                  This function typically sends or enqueues a request, and
- *                  does not wait for the operation to complete. This allows
- *                  the handshake step to be non-blocking.
- *
- *                  The parameters \p ssl and \p cert are guaranteed to remain
- *                  valid throughout the handshake. On the other hand, this
- *                  function must save the contents of \p hash if the value
- *                  is needed for later processing, because the \p hash buffer
- *                  is no longer valid after this function returns.
- *
- *                  This function may call mbedtls_ssl_set_async_operation_data()
- *                  to store an operation context for later retrieval
- *                  by the resume or cancel callback.
- *
- * \note            For RSA signatures, this function must produce output
- *                  that is consistent with PKCS#1 v1.5 in the same way as
- *                  mbedtls_rsa_pkcs1_sign(). Before the private key operation,
- *                  apply the padding steps described in RFC 8017, section 9.2
- *                  "EMSA-PKCS1-v1_5" as follows.
- *                  - If \p md_alg is #MBEDTLS_MD_NONE, apply the PKCS#1 v1.5
- *                    encoding, treating \p hash as the DigestInfo to be
- *                    padded. In other words, apply EMSA-PKCS1-v1_5 starting
- *                    from step 3, with `T = hash` and `tLen = hash_len`.
- *                  - If `md_alg != MBEDTLS_MD_NONE`, apply the PKCS#1 v1.5
- *                    encoding, treating \p hash as the hash to be encoded and
- *                    padded. In other words, apply EMSA-PKCS1-v1_5 starting
- *                    from step 2, with `digestAlgorithm` obtained by calling
- *                    mbedtls_oid_get_oid_by_md() on \p md_alg.
- *
- * \note            For ECDSA signatures, the output format is the DER encoding
- *                  `Ecdsa-Sig-Value` defined in
- *                  [RFC 4492 section 5.4](https://tools.ietf.org/html/rfc4492#section-5.4).
- *
- * \param ssl             The SSL connection instance. It should not be
- *                        modified other than via
- *                        mbedtls_ssl_set_async_operation_data().
- * \param cert            Certificate containing the public key.
- *                        In simple cases, this is one of the pointers passed to
- *                        mbedtls_ssl_conf_own_cert() when configuring the SSL
- *                        connection. However, if other callbacks are used, this
- *                        property may not hold. For example, if an SNI callback
- *                        is registered with mbedtls_ssl_conf_sni(), then
- *                        this callback determines what certificate is used.
- * \param md_alg          Hash algorithm.
- * \param hash            Buffer containing the hash. This buffer is
- *                        no longer valid when the function returns.
- * \param hash_len        Size of the \c hash buffer in bytes.
- *
- * \return          0 if the operation was started successfully and the SSL
- *                  stack should call the resume callback immediately.
- * \return          #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation
- *                  was started successfully and the SSL stack should return
- *                  immediately without calling the resume callback yet.
- * \return          #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external
- *                  processor does not support this key. The SSL stack will
- *                  use the private key object instead.
- * \return          Any other error indicates a fatal failure and is
- *                  propagated up the call chain. The callback should
- *                  use \c MBEDTLS_ERR_PK_xxx error codes, and <b>must not</b>
- *                  use \c MBEDTLS_ERR_SSL_xxx error codes except as
- *                  directed in the documentation of this callback.
- */
-typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl,
-                                      mbedtls_x509_crt *cert,
-                                      mbedtls_md_type_t md_alg,
-                                      const unsigned char *hash,
-                                      size_t hash_len );
-
-/**
- * \brief           Callback type: start external decryption operation.
- *
- *                  This callback is called during an SSL handshake to start
- *                  an RSA decryption operation using an
- *                  external processor. The parameter \p cert contains
- *                  the public key; it is up to the callback function to
- *                  determine how to access the associated private key.
- *
- *                  This function typically sends or enqueues a request, and
- *                  does not wait for the operation to complete. This allows
- *                  the handshake step to be non-blocking.
- *
- *                  The parameters \p ssl and \p cert are guaranteed to remain
- *                  valid throughout the handshake. On the other hand, this
- *                  function must save the contents of \p input if the value
- *                  is needed for later processing, because the \p input buffer
- *                  is no longer valid after this function returns.
- *
- *                  This function may call mbedtls_ssl_set_async_operation_data()
- *                  to store an operation context for later retrieval
- *                  by the resume or cancel callback.
- *
- * \warning         RSA decryption as used in TLS is subject to a potential
- *                  timing side channel attack first discovered by Bleichenbacher
- *                  in 1998. This attack can be remotely exploitable
- *                  in practice. To avoid this attack, you must ensure that
- *                  if the callback performs an RSA decryption, the time it
- *                  takes to execute and return the result does not depend
- *                  on whether the RSA decryption succeeded or reported
- *                  invalid padding.
- *
- * \param ssl             The SSL connection instance. It should not be
- *                        modified other than via
- *                        mbedtls_ssl_set_async_operation_data().
- * \param cert            Certificate containing the public key.
- *                        In simple cases, this is one of the pointers passed to
- *                        mbedtls_ssl_conf_own_cert() when configuring the SSL
- *                        connection. However, if other callbacks are used, this
- *                        property may not hold. For example, if an SNI callback
- *                        is registered with mbedtls_ssl_conf_sni(), then
- *                        this callback determines what certificate is used.
- * \param input           Buffer containing the input ciphertext. This buffer
- *                        is no longer valid when the function returns.
- * \param input_len       Size of the \p input buffer in bytes.
- *
- * \return          0 if the operation was started successfully and the SSL
- *                  stack should call the resume callback immediately.
- * \return          #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation
- *                  was started successfully and the SSL stack should return
- *                  immediately without calling the resume callback yet.
- * \return          #MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH if the external
- *                  processor does not support this key. The SSL stack will
- *                  use the private key object instead.
- * \return          Any other error indicates a fatal failure and is
- *                  propagated up the call chain. The callback should
- *                  use \c MBEDTLS_ERR_PK_xxx error codes, and <b>must not</b>
- *                  use \c MBEDTLS_ERR_SSL_xxx error codes except as
- *                  directed in the documentation of this callback.
- */
-typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl,
-                                         mbedtls_x509_crt *cert,
-                                         const unsigned char *input,
-                                         size_t input_len );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-/**
- * \brief           Callback type: resume external operation.
- *
- *                  This callback is called during an SSL handshake to resume
- *                  an external operation started by the
- *                  ::mbedtls_ssl_async_sign_t or
- *                  ::mbedtls_ssl_async_decrypt_t callback.
- *
- *                  This function typically checks the status of a pending
- *                  request or causes the request queue to make progress, and
- *                  does not wait for the operation to complete. This allows
- *                  the handshake step to be non-blocking.
- *
- *                  This function may call mbedtls_ssl_get_async_operation_data()
- *                  to retrieve an operation context set by the start callback.
- *                  It may call mbedtls_ssl_set_async_operation_data() to modify
- *                  this context.
- *
- *                  Note that when this function returns a status other than
- *                  #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, it must free any
- *                  resources associated with the operation.
- *
- * \param ssl             The SSL connection instance. It should not be
- *                        modified other than via
- *                        mbedtls_ssl_set_async_operation_data().
- * \param output          Buffer containing the output (signature or decrypted
- *                        data) on success.
- * \param output_len      On success, number of bytes written to \p output.
- * \param output_size     Size of the \p output buffer in bytes.
- *
- * \return          0 if output of the operation is available in the
- *                  \p output buffer.
- * \return          #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if the operation
- *                  is still in progress. Subsequent requests for progress
- *                  on the SSL connection will call the resume callback
- *                  again.
- * \return          Any other error means that the operation is aborted.
- *                  The SSL handshake is aborted. The callback should
- *                  use \c MBEDTLS_ERR_PK_xxx error codes, and <b>must not</b>
- *                  use \c MBEDTLS_ERR_SSL_xxx error codes except as
- *                  directed in the documentation of this callback.
- */
-typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl,
-                                        unsigned char *output,
-                                        size_t *output_len,
-                                        size_t output_size );
-
-/**
- * \brief           Callback type: cancel external operation.
- *
- *                  This callback is called if an SSL connection is closed
- *                  while an asynchronous operation is in progress. Note that
- *                  this callback is not called if the
- *                  ::mbedtls_ssl_async_resume_t callback has run and has
- *                  returned a value other than
- *                  #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, since in that case
- *                  the asynchronous operation has already completed.
- *
- *                  This function may call mbedtls_ssl_get_async_operation_data()
- *                  to retrieve an operation context set by the start callback.
- *
- * \param ssl             The SSL connection instance. It should not be
- *                        modified.
- */
-typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) &&        \
-    !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN  48
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN  32
-#elif defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN  48
-#elif defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN  20
-#else
-/* This is already checked in check_config.h, but be sure. */
-#error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED &&
-          !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-
-#define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH             255
-#define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH    4
-/*
- * For code readability use a typedef for DTLS-SRTP profiles
- *
- * Use_srtp extension protection profiles values as defined in
- * http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
- *
- * Reminder: if this list is expanded mbedtls_ssl_check_srtp_profile_value
- * must be updated too.
- */
-#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80     ( (uint16_t) 0x0001)
-#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32     ( (uint16_t) 0x0002)
-#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80          ( (uint16_t) 0x0005)
-#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32          ( (uint16_t) 0x0006)
-/* This one is not iana defined, but for code readability. */
-#define MBEDTLS_TLS_SRTP_UNSET                      ( (uint16_t) 0x0000)
-
-typedef uint16_t mbedtls_ssl_srtp_profile;
-
-typedef struct mbedtls_dtls_srtp_info_t
-{
-    /*! The SRTP profile that was negotiated. */
-    mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile;
-    /*! The length of mki_value. */
-    uint16_t mki_len;
-    /*! The mki_value used, with max size of 256 bytes. */
-    unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
-}
-mbedtls_dtls_srtp_info;
-
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-
-/*
- * This structure is used for storing current session data.
- *
- * Note: when changing this definition, we need to check and update:
- *  - in tests/suites/test_suite_ssl.function:
- *      ssl_populate_session() and ssl_serialize_session_save_load()
- *  - in library/ssl_tls.c:
- *      mbedtls_ssl_session_init() and mbedtls_ssl_session_free()
- *      mbedtls_ssl_session_save() and ssl_session_load()
- *      ssl_session_copy()
- */
-struct mbedtls_ssl_session
-{
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    unsigned char mfl_code;     /*!< MaxFragmentLength negotiated by peer */
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t start;       /*!< starting time      */
-#endif
-    int ciphersuite;            /*!< chosen ciphersuite */
-    int compression;            /*!< chosen compression */
-    size_t id_len;              /*!< session id length  */
-    unsigned char id[32];       /*!< session identifier */
-    unsigned char master[48];   /*!< the master secret  */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    mbedtls_x509_crt *peer_cert;       /*!< peer X.509 cert chain */
-#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    /*! The digest of the peer's end-CRT. This must be kept to detect CRT
-     *  changes during renegotiation, mitigating the triple handshake attack. */
-    unsigned char *peer_cert_digest;
-    size_t peer_cert_digest_len;
-    mbedtls_md_type_t peer_cert_digest_type;
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-    uint32_t verify_result;          /*!<  verification result     */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
-    unsigned char *ticket;      /*!< RFC 5077 session ticket */
-    size_t ticket_len;          /*!< session ticket length   */
-    uint32_t ticket_lifetime;   /*!< ticket lifetime hint    */
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-    int trunc_hmac;             /*!< flag for truncated hmac activation   */
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-    int encrypt_then_mac;       /*!< flag for EtM activation                */
-#endif
-};
-
-/**
- * SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
- */
-struct mbedtls_ssl_config
-{
-    /* Group items by size and reorder them to maximize usage of immediate offset access.    */
-
-    /*
-     * Numerical settings (char)
-     */
-
-    unsigned char max_major_ver;    /*!< max. major version used            */
-    unsigned char max_minor_ver;    /*!< max. minor version used            */
-    unsigned char min_major_ver;    /*!< min. major version used            */
-    unsigned char min_minor_ver;    /*!< min. minor version used            */
-
-    /*
-     * Flags (could be bit-fields to save RAM, but separate bytes make
-     * the code smaller on architectures with an instruction for direct
-     * byte access).
-     */
-
-    uint8_t endpoint /*bool*/;      /*!< 0: client, 1: server               */
-    uint8_t transport /*bool*/;     /*!< stream (TLS) or datagram (DTLS)    */
-    uint8_t authmode /*2 bits*/;    /*!< MBEDTLS_SSL_VERIFY_XXX             */
-    /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE          */
-    uint8_t allow_legacy_renegotiation /*2 bits*/; /*!< MBEDTLS_LEGACY_XXX  */
-#if defined(MBEDTLS_ARC4_C)
-    uint8_t arc4_disabled /*bool*/; /*!< blacklist RC4 ciphersuites?        */
-#endif
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    uint8_t mfl_code /*3 bits*/;    /*!< desired fragment length            */
-#endif
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-    uint8_t encrypt_then_mac /*bool*/;  /*!< negotiate encrypt-then-mac?    */
-#endif
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-    uint8_t extended_ms /*bool*/;   /*!< negotiate extended master secret?  */
-#endif
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-    uint8_t anti_replay /*bool*/;   /*!< detect and prevent replay?         */
-#endif
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-    uint8_t cbc_record_splitting /*bool*/;  /*!< do cbc record splitting    */
-#endif
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    uint8_t disable_renegotiation /*bool*/; /*!< disable renegotiation?     */
-#endif
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-    uint8_t trunc_hmac /*bool*/;    /*!< negotiate truncated hmac?          */
-#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    uint8_t session_tickets /*bool*/;   /*!< use session tickets?           */
-#endif
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
-    uint8_t fallback /*bool*/;      /*!< is this a fallback?                */
-#endif
-#if defined(MBEDTLS_SSL_SRV_C)
-    uint8_t cert_req_ca_list /*bool*/;  /*!< enable sending CA list in
-                                          Certificate Request messages?     */
-#endif
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    uint8_t ignore_unexpected_cid /*bool*/; /*!< Determines whether DTLS
-                                             *   record with unexpected CID
-                                             *   should lead to failure.    */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-    uint8_t dtls_srtp_mki_support /*bool*/; /*!< support having mki_value
-                                                 in the use_srtp extension? */
-#endif
-
-    /*
-     * Numerical settings (int or larger)
-     */
-
-    uint32_t read_timeout;          /*!< timeout for mbedtls_ssl_read (ms)  */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    uint32_t hs_timeout_min;        /*!< initial value of the handshake
-                                         retransmission timeout (ms)        */
-    uint32_t hs_timeout_max;        /*!< maximum value of the handshake
-                                         retransmission timeout (ms)        */
-#endif
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    int renego_max_records;         /*!< grace period for renegotiation     */
-    unsigned char renego_period[8]; /*!< value of the record counters
-                                         that triggers renegotiation        */
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
-    unsigned int badmac_limit;      /*!< limit of records with a bad MAC    */
-#endif
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
-    unsigned int dhm_min_bitlen;    /*!< min. bit length of the DHM prime   */
-#endif
-
-    /*
-     * Pointers
-     */
-
-    const int *ciphersuite_list[4]; /*!< allowed ciphersuites per version   */
-
-    /** Callback for printing debug output                                  */
-    void (*f_dbg)(void *, int, const char *, int, const char *);
-    void *p_dbg;                    /*!< context for the debug function     */
-
-    /** Callback for getting (pseudo-)random numbers                        */
-    int  (*f_rng)(void *, unsigned char *, size_t);
-    void *p_rng;                    /*!< context for the RNG function       */
-
-    /** Callback to retrieve a session from the cache                       */
-    int (*f_get_cache)(void *, mbedtls_ssl_session *);
-    /** Callback to store a session into the cache                          */
-    int (*f_set_cache)(void *, const mbedtls_ssl_session *);
-    void *p_cache;                  /*!< context for cache callbacks        */
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    /** Callback for setting cert according to SNI extension                */
-    int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
-    void *p_sni;                    /*!< context for SNI callback           */
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    /** Callback to customize X.509 certificate chain verification          */
-    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
-    void *p_vrfy;                   /*!< context for X.509 verify calllback */
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-    /** Callback to retrieve PSK key from identity                          */
-    int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
-    void *p_psk;                    /*!< context for PSK callback           */
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-    /** Callback to create & write a cookie for ClientHello verification    */
-    int (*f_cookie_write)( void *, unsigned char **, unsigned char *,
-                           const unsigned char *, size_t );
-    /** Callback to verify validity of a ClientHello cookie                 */
-    int (*f_cookie_check)( void *, const unsigned char *, size_t,
-                           const unsigned char *, size_t );
-    void *p_cookie;                 /*!< context for the cookie callbacks   */
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
-    /** Callback to create & write a session ticket                         */
-    int (*f_ticket_write)( void *, const mbedtls_ssl_session *,
-            unsigned char *, const unsigned char *, size_t *, uint32_t * );
-    /** Callback to parse a session ticket into a session structure         */
-    int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t);
-    void *p_ticket;                 /*!< context for the ticket callbacks   */
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-    /** Callback to export key block and master secret                      */
-    int (*f_export_keys)( void *, const unsigned char *,
-            const unsigned char *, size_t, size_t, size_t );
-    /** Callback to export key block, master secret,
-     *  tls_prf and random bytes. Should replace f_export_keys    */
-    int (*f_export_keys_ext)( void *, const unsigned char *,
-                const unsigned char *, size_t, size_t, size_t,
-                const unsigned char[32], const unsigned char[32],
-                mbedtls_tls_prf_types );
-    void *p_export_keys;            /*!< context for key export callback    */
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    size_t cid_len; /*!< The length of CIDs for incoming DTLS records.      */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */
-    mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s)        */
-    mbedtls_x509_crt *ca_chain;     /*!< trusted CAs                        */
-    mbedtls_x509_crl *ca_crl;       /*!< trusted CAs CRLs                   */
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-    mbedtls_x509_crt_ca_cb_t f_ca_cb;
-    void *p_ca_cb;
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    mbedtls_ssl_async_sign_t *f_async_sign_start; /*!< start asynchronous signature operation */
-    mbedtls_ssl_async_decrypt_t *f_async_decrypt_start; /*!< start asynchronous decryption operation */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-    mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */
-    mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */
-    void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-    const int *sig_hashes;          /*!< allowed signature hashes           */
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-    const mbedtls_ecp_group_id *curve_list; /*!< allowed curves             */
-#endif
-
-#if defined(MBEDTLS_DHM_C)
-    mbedtls_mpi dhm_P;              /*!< prime modulus for DHM              */
-    mbedtls_mpi dhm_G;              /*!< generator for DHM                  */
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_key_id_t psk_opaque; /*!< PSA key slot holding opaque PSK. This field
-                              *   should only be set via
-                              *   mbedtls_ssl_conf_psk_opaque().
-                              *   If either no PSK or a raw PSK have been
-                              *   configured, this has value \c 0.
-                              */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    unsigned char *psk;      /*!< The raw pre-shared key. This field should
-                              *   only be set via mbedtls_ssl_conf_psk().
-                              *   If either no PSK or an opaque PSK
-                              *   have been configured, this has value NULL. */
-    size_t         psk_len;  /*!< The length of the raw pre-shared key.
-                              *   This field should only be set via
-                              *   mbedtls_ssl_conf_psk().
-                              *   Its value is non-zero if and only if
-                              *   \c psk is not \c NULL. */
-
-    unsigned char *psk_identity;    /*!< The PSK identity for PSK negotiation.
-                                     *   This field should only be set via
-                                     *   mbedtls_ssl_conf_psk().
-                                     *   This is set if and only if either
-                                     *   \c psk or \c psk_opaque are set. */
-    size_t         psk_identity_len;/*!< The length of PSK identity.
-                                     *   This field should only be set via
-                                     *   mbedtls_ssl_conf_psk().
-                                     *   Its value is non-zero if and only if
-                                     *   \c psk is not \c NULL or \c psk_opaque
-                                     *   is not \c 0. */
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
-#if defined(MBEDTLS_SSL_ALPN)
-    const char **alpn_list;         /*!< ordered list of protocols          */
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-    /*! ordered list of supported srtp profile */
-    const mbedtls_ssl_srtp_profile *dtls_srtp_profile_list;
-    /*! number of supported profiles */
-    size_t dtls_srtp_profile_list_len;
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-};
-
-struct mbedtls_ssl_context
-{
-    const mbedtls_ssl_config *conf; /*!< configuration information          */
-
-    /*
-     * Miscellaneous
-     */
-    int state;                  /*!< SSL handshake: current state     */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    int renego_status;          /*!< Initial, in progress, pending?   */
-    int renego_records_seen;    /*!< Records since renego request, or with DTLS,
-                                  number of retransmissions of request if
-                                  renego_max_records is < 0           */
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-    int major_ver;              /*!< equal to  MBEDTLS_SSL_MAJOR_VERSION_3    */
-    int minor_ver;              /*!< either 0 (SSL3) or 1 (TLS1.0)    */
-
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
-    unsigned badmac_seen;       /*!< records with a bad MAC received    */
-#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    /** Callback to customize X.509 certificate chain verification          */
-    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
-    void *p_vrfy;                   /*!< context for X.509 verify callback */
-#endif
-
-    mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
-    mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
-    mbedtls_ssl_recv_timeout_t *f_recv_timeout;
-                                /*!< Callback for network receive with timeout */
-
-    void *p_bio;                /*!< context for I/O operations   */
-
-    /*
-     * Session layer
-     */
-    mbedtls_ssl_session *session_in;            /*!<  current session data (in)   */
-    mbedtls_ssl_session *session_out;           /*!<  current session data (out)  */
-    mbedtls_ssl_session *session;               /*!<  negotiated session data     */
-    mbedtls_ssl_session *session_negotiate;     /*!<  session data in negotiation */
-
-    mbedtls_ssl_handshake_params *handshake;    /*!<  params required only during
-                                              the handshake process        */
-
-    /*
-     * Record layer transformations
-     */
-    mbedtls_ssl_transform *transform_in;        /*!<  current transform params (in)   */
-    mbedtls_ssl_transform *transform_out;       /*!<  current transform params (in)   */
-    mbedtls_ssl_transform *transform;           /*!<  negotiated transform params     */
-    mbedtls_ssl_transform *transform_negotiate; /*!<  transform params in negotiation */
-
-    /*
-     * Timers
-     */
-    void *p_timer;              /*!< context for the timer callbacks */
-
-    mbedtls_ssl_set_timer_t *f_set_timer;       /*!< set timer callback */
-    mbedtls_ssl_get_timer_t *f_get_timer;       /*!< get timer callback */
-
-    /*
-     * Record layer (incoming data)
-     */
-    unsigned char *in_buf;      /*!< input buffer                     */
-    unsigned char *in_ctr;      /*!< 64-bit incoming message counter
-                                     TLS: maintained by us
-                                     DTLS: read from peer             */
-    unsigned char *in_hdr;      /*!< start of record header           */
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    unsigned char *in_cid;      /*!< The start of the CID;
-                                 *   (the end is marked by in_len).   */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-    unsigned char *in_len;      /*!< two-bytes message length field   */
-    unsigned char *in_iv;       /*!< ivlen-byte IV                    */
-    unsigned char *in_msg;      /*!< message contents (in_iv+ivlen)   */
-    unsigned char *in_offt;     /*!< read offset in application data  */
-
-    int in_msgtype;             /*!< record header: message type      */
-    size_t in_msglen;           /*!< record header: message length    */
-    size_t in_left;             /*!< amount of data read so far       */
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-    size_t in_buf_len;          /*!< length of input buffer           */
-#endif
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    uint16_t in_epoch;          /*!< DTLS epoch for incoming records  */
-    size_t next_record_offset;  /*!< offset of the next record in datagram
-                                     (equal to in_left if none)       */
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-    uint64_t in_window_top;     /*!< last validated record seq_num    */
-    uint64_t in_window;         /*!< bitmask for replay detection     */
-#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-
-    size_t in_hslen;            /*!< current handshake message length,
-                                     including the handshake header   */
-    int nb_zero;                /*!< # of 0-length encrypted messages */
-
-    int keep_current_message;   /*!< drop or reuse current message
-                                     on next call to record layer? */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    uint8_t disable_datagram_packing;  /*!< Disable packing multiple records
-                                        *   within a single datagram.  */
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-    /*
-     * Record layer (outgoing data)
-     */
-    unsigned char *out_buf;     /*!< output buffer                    */
-    unsigned char *out_ctr;     /*!< 64-bit outgoing message counter  */
-    unsigned char *out_hdr;     /*!< start of record header           */
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    unsigned char *out_cid;     /*!< The start of the CID;
-                                 *   (the end is marked by in_len).   */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-    unsigned char *out_len;     /*!< two-bytes message length field   */
-    unsigned char *out_iv;      /*!< ivlen-byte IV                    */
-    unsigned char *out_msg;     /*!< message contents (out_iv+ivlen)  */
-
-    int out_msgtype;            /*!< record header: message type      */
-    size_t out_msglen;          /*!< record header: message length    */
-    size_t out_left;            /*!< amount of data not yet written   */
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-    size_t out_buf_len;         /*!< length of output buffer          */
-#endif
-
-    unsigned char cur_out_ctr[8]; /*!<  Outgoing record sequence  number. */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    uint16_t mtu;               /*!< path mtu, used to fragment outgoing messages */
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    unsigned char *compress_buf;        /*!<  zlib data buffer        */
-#endif /* MBEDTLS_ZLIB_SUPPORT */
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-    signed char split_done;     /*!< current record already split? */
-#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
-
-    /*
-     * PKI layer
-     */
-    int client_auth;                    /*!<  flag for client auth.   */
-
-    /*
-     * User settings
-     */
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    char *hostname;             /*!< expected peer CN for verification
-                                     (and SNI if available)                 */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_ALPN)
-    const char *alpn_chosen;    /*!<  negotiated protocol                   */
-#endif /* MBEDTLS_SSL_ALPN */
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-    /*
-     * use_srtp extension
-     */
-    mbedtls_dtls_srtp_info dtls_srtp_info;
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-
-    /*
-     * Information for DTLS hello verify
-     */
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-    unsigned char  *cli_id;         /*!<  transport-level ID of the client  */
-    size_t          cli_id_len;     /*!<  length of cli_id                  */
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
-
-    /*
-     * Secure renegotiation
-     */
-    /* needed to know when to send extension on server */
-    int secure_renegotiation;           /*!<  does peer support legacy or
-                                              secure renegotiation           */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    size_t verify_data_len;             /*!<  length of verify data stored   */
-    char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
-    char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    /* CID configuration to use in subsequent handshakes. */
-
-    /*! The next incoming CID, chosen by the user and applying to
-     *  all subsequent handshakes. This may be different from the
-     *  CID currently used in case the user has re-configured the CID
-     *  after an initial handshake. */
-    unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
-    uint8_t own_cid_len;   /*!< The length of \c own_cid. */
-    uint8_t negotiate_cid; /*!< This indicates whether the CID extension should
-                            *   be negotiated in the next handshake or not.
-                            *   Possible values are #MBEDTLS_SSL_CID_ENABLED
-                            *   and #MBEDTLS_SSL_CID_DISABLED. */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-};
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-
-#define MBEDTLS_SSL_CHANNEL_OUTBOUND   MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( 0 )
-#define MBEDTLS_SSL_CHANNEL_INBOUND    MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( 1 )
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED      __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif /* MBEDTLS_DEPRECATED_WARNING */
-
-MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_init)(
-                    mbedtls_ssl_context *ssl,
-                    const unsigned char *key_enc, const unsigned char *key_dec,
-                    size_t keylen,
-                    const unsigned char *iv_enc,  const unsigned char *iv_dec,
-                    size_t ivlen,
-                    const unsigned char *mac_enc, const unsigned char *mac_dec,
-                    size_t maclen);
-MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_activate)(
-                                                    mbedtls_ssl_context *ssl,
-                                                    int direction );
-MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_reset)(
-                                                    mbedtls_ssl_context *ssl );
-MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_write)(
-                                                    mbedtls_ssl_context *ssl );
-MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_read)(
-                                                    mbedtls_ssl_context *ssl );
-MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_finish)(
-                                                    mbedtls_ssl_context *ssl );
-
-#undef MBEDTLS_DEPRECATED
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
-
-/**
- * \brief               Return the name of the ciphersuite associated with the
- *                      given ID
- *
- * \param ciphersuite_id SSL ciphersuite ID
- *
- * \return              a string containing the ciphersuite name
- */
-const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
-
-/**
- * \brief               Return the ID of the ciphersuite associated with the
- *                      given name
- *
- * \param ciphersuite_name SSL ciphersuite name
- *
- * \return              the ID with the ciphersuite or 0 if not found
- */
-int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
-
-/**
- * \brief          Initialize an SSL context
- *                 Just makes the context ready for mbedtls_ssl_setup() or
- *                 mbedtls_ssl_free()
- *
- * \param ssl      SSL context
- */
-void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Set up an SSL context for use
- *
- * \note           No copy of the configuration context is made, it can be
- *                 shared by many mbedtls_ssl_context structures.
- *
- * \warning        The conf structure will be accessed during the session.
- *                 It must not be modified or freed as long as the session
- *                 is active.
- *
- * \warning        This function must be called exactly once per context.
- *                 Calling mbedtls_ssl_setup again is not supported, even
- *                 if no session is active.
- *
- * \param ssl      SSL context
- * \param conf     SSL configuration to use
- *
- * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
- *                 memory allocation failed
- */
-int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
-                       const mbedtls_ssl_config *conf );
-
-/**
- * \brief          Reset an already initialized SSL context for re-use
- *                 while retaining application-set variables, function
- *                 pointers and data.
- *
- * \param ssl      SSL context
- * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED,
-                   MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or
- *                 MBEDTLS_ERR_SSL_COMPRESSION_FAILED
- */
-int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Set the current endpoint type
- *
- * \param conf     SSL configuration
- * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
- */
-void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
-
-/**
- * \brief           Set the transport type (TLS or DTLS).
- *                  Default: TLS
- *
- * \note            For DTLS, you must either provide a recv callback that
- *                  doesn't block, or one that handles timeouts, see
- *                  \c mbedtls_ssl_set_bio(). You also need to provide timer
- *                  callbacks with \c mbedtls_ssl_set_timer_cb().
- *
- * \param conf      SSL configuration
- * \param transport transport type:
- *                  MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
- *                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
- */
-void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
-
-/**
- * \brief          Set the certificate verification mode
- *                 Default: NONE on server, REQUIRED on client
- *
- * \param conf     SSL configuration
- * \param authmode can be:
- *
- *  MBEDTLS_SSL_VERIFY_NONE:      peer certificate is not checked
- *                        (default on server)
- *                        (insecure on client)
- *
- *  MBEDTLS_SSL_VERIFY_OPTIONAL:  peer certificate is checked, however the
- *                        handshake continues even if verification failed;
- *                        mbedtls_ssl_get_verify_result() can be called after the
- *                        handshake is complete.
- *
- *  MBEDTLS_SSL_VERIFY_REQUIRED:  peer *must* present a valid certificate,
- *                        handshake is aborted if verification failed.
- *                        (default on client)
- *
- * \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
- * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
- * the right time(s), which may not be obvious, while REQUIRED always perform
- * the verification as soon as possible. For example, REQUIRED was protecting
- * against the "triple handshake" attack even before it was found.
- */
-void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief          Set the verification callback (Optional).
- *
- *                 If set, the provided verify callback is called for each
- *                 certificate in the peer's CRT chain, including the trusted
- *                 root. For more information, please see the documentation of
- *                 \c mbedtls_x509_crt_verify().
- *
- * \note           For per context callbacks and contexts, please use
- *                 mbedtls_ssl_set_verify() instead.
- *
- * \param conf     The SSL configuration to use.
- * \param f_vrfy   The verification callback to use during CRT verification.
- * \param p_vrfy   The opaque context to be passed to the callback.
- */
-void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-/**
- * \brief          Set the random number generator callback
- *
- * \param conf     SSL configuration
- * \param f_rng    RNG function
- * \param p_rng    RNG parameter
- */
-void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
-                  int (*f_rng)(void *, unsigned char *, size_t),
-                  void *p_rng );
-
-/**
- * \brief          Set the debug callback
- *
- *                 The callback has the following argument:
- *                 void *           opaque context for the callback
- *                 int              debug level
- *                 const char *     file name
- *                 int              line number
- *                 const char *     message
- *
- * \param conf     SSL configuration
- * \param f_dbg    debug function
- * \param p_dbg    debug parameter
- */
-void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
-                  void (*f_dbg)(void *, int, const char *, int, const char *),
-                  void  *p_dbg );
-
-/**
- * \brief          Set the underlying BIO callbacks for write, read and
- *                 read-with-timeout.
- *
- * \param ssl      SSL context
- * \param p_bio    parameter (context) shared by BIO callbacks
- * \param f_send   write callback
- * \param f_recv   read callback
- * \param f_recv_timeout blocking read callback with timeout.
- *
- * \note           One of f_recv or f_recv_timeout can be NULL, in which case
- *                 the other is used. If both are non-NULL, f_recv_timeout is
- *                 used and f_recv is ignored (as if it were NULL).
- *
- * \note           The two most common use cases are:
- *                 - non-blocking I/O, f_recv != NULL, f_recv_timeout == NULL
- *                 - blocking I/O, f_recv == NULL, f_recv_timeout != NULL
- *
- * \note           For DTLS, you need to provide either a non-NULL
- *                 f_recv_timeout callback, or a f_recv that doesn't block.
- *
- * \note           See the documentations of \c mbedtls_ssl_send_t,
- *                 \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for
- *                 the conventions those callbacks must follow.
- *
- * \note           On some platforms, net_sockets.c provides
- *                 \c mbedtls_net_send(), \c mbedtls_net_recv() and
- *                 \c mbedtls_net_recv_timeout() that are suitable to be used
- *                 here.
- */
-void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
-                          void *p_bio,
-                          mbedtls_ssl_send_t *f_send,
-                          mbedtls_ssl_recv_t *f_recv,
-                          mbedtls_ssl_recv_timeout_t *f_recv_timeout );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-
-
-/**
- * \brief             Configure the use of the Connection ID (CID)
- *                    extension in the next handshake.
- *
- *                    Reference: draft-ietf-tls-dtls-connection-id-05
- *                    https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
- *
- *                    The DTLS CID extension allows the reliable association of
- *                    DTLS records to DTLS connections across changes in the
- *                    underlying transport (changed IP and Port metadata) by
- *                    adding explicit connection identifiers (CIDs) to the
- *                    headers of encrypted DTLS records. The desired CIDs are
- *                    configured by the application layer and are exchanged in
- *                    new `ClientHello` / `ServerHello` extensions during the
- *                    handshake, where each side indicates the CID it wants the
- *                    peer to use when writing encrypted messages. The CIDs are
- *                    put to use once records get encrypted: the stack discards
- *                    any incoming records that don't include the configured CID
- *                    in their header, and adds the peer's requested CID to the
- *                    headers of outgoing messages.
- *
- *                    This API enables or disables the use of the CID extension
- *                    in the next handshake and sets the value of the CID to
- *                    be used for incoming messages.
- *
- * \param ssl         The SSL context to configure. This must be initialized.
- * \param enable      This value determines whether the CID extension should
- *                    be used or not. Possible values are:
- *                    - MBEDTLS_SSL_CID_ENABLED to enable the use of the CID.
- *                    - MBEDTLS_SSL_CID_DISABLED (default) to disable the use
- *                      of the CID.
- * \param own_cid     The address of the readable buffer holding the CID we want
- *                    the peer to use when sending encrypted messages to us.
- *                    This may be \c NULL if \p own_cid_len is \c 0.
- *                    This parameter is unused if \p enabled is set to
- *                    MBEDTLS_SSL_CID_DISABLED.
- * \param own_cid_len The length of \p own_cid.
- *                    This parameter is unused if \p enabled is set to
- *                    MBEDTLS_SSL_CID_DISABLED.
- *
- * \note              The value of \p own_cid_len must match the value of the
- *                    \c len parameter passed to mbedtls_ssl_conf_cid()
- *                    when configuring the ::mbedtls_ssl_config that \p ssl
- *                    is bound to.
- *
- * \note              This CID configuration applies to subsequent handshakes
- *                    performed on the SSL context \p ssl, but does not trigger
- *                    one. You still have to call `mbedtls_ssl_handshake()`
- *                    (for the initial handshake) or `mbedtls_ssl_renegotiate()`
- *                    (for a renegotiation handshake) explicitly after a
- *                    successful call to this function to run the handshake.
- *
- * \note              This call cannot guarantee that the use of the CID
- *                    will be successfully negotiated in the next handshake,
- *                    because the peer might not support it. Specifically:
- *                    - On the Client, enabling the use of the CID through
- *                      this call implies that the `ClientHello` in the next
- *                      handshake will include the CID extension, thereby
- *                      offering the use of the CID to the server. Only if
- *                      the `ServerHello` contains the CID extension, too,
- *                      the CID extension will actually be put to use.
- *                    - On the Server, enabling the use of the CID through
- *                      this call implies that that the server will look for
- *                      the CID extension in a `ClientHello` from the client,
- *                      and, if present, reply with a CID extension in its
- *                      `ServerHello`.
- *
- * \note              To check whether the use of the CID was negotiated
- *                    after the subsequent handshake has completed, please
- *                    use the API mbedtls_ssl_get_peer_cid().
- *
- * \warning           If the use of the CID extension is enabled in this call
- *                    and the subsequent handshake negotiates its use, Mbed TLS
- *                    will silently drop every packet whose CID does not match
- *                    the CID configured in \p own_cid. It is the responsibility
- *                    of the user to adapt the underlying transport to take care
- *                    of CID-based demultiplexing before handing datagrams to
- *                    Mbed TLS.
- *
- * \return            \c 0 on success. In this case, the CID configuration
- *                    applies to the next handshake.
- * \return            A negative error code on failure.
- */
-int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
-                         int enable,
-                         unsigned char const *own_cid,
-                         size_t own_cid_len );
-
-/**
- * \brief              Get information about the use of the CID extension
- *                     in the current connection.
- *
- * \param ssl          The SSL context to query.
- * \param enabled      The address at which to store whether the CID extension
- *                     is currently in use or not. If the CID is in use,
- *                     `*enabled` is set to MBEDTLS_SSL_CID_ENABLED;
- *                     otherwise, it is set to MBEDTLS_SSL_CID_DISABLED.
- * \param peer_cid     The address of the buffer in which to store the CID
- *                     chosen by the peer (if the CID extension is used).
- *                     This may be \c NULL in case the value of peer CID
- *                     isn't needed. If it is not \c NULL, \p peer_cid_len
- *                     must not be \c NULL.
- * \param peer_cid_len The address at which to store the size of the CID
- *                     chosen by the peer (if the CID extension is used).
- *                     This is also the number of Bytes in \p peer_cid that
- *                     have been written.
- *                     This may be \c NULL in case the length of the peer CID
- *                     isn't needed. If it is \c NULL, \p peer_cid must be
- *                     \c NULL, too.
- *
- * \note               This applies to the state of the CID negotiated in
- *                     the last complete handshake. If a handshake is in
- *                     progress, this function will attempt to complete
- *                     the handshake first.
- *
- * \note               If CID extensions have been exchanged but both client
- *                     and server chose to use an empty CID, this function
- *                     sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED
- *                     (the rationale for this is that the resulting
- *                     communication is the same as if the CID extensions
- *                     hadn't been used).
- *
- * \return            \c 0 on success.
- * \return            A negative error code on failure.
- */
-int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
-                     int *enabled,
-                     unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
-                     size_t *peer_cid_len );
-
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-/**
- * \brief          Set the Maximum Transport Unit (MTU).
- *                 Special value: 0 means unset (no limit).
- *                 This represents the maximum size of a datagram payload
- *                 handled by the transport layer (usually UDP) as determined
- *                 by the network link and stack. In practice, this controls
- *                 the maximum size datagram the DTLS layer will pass to the
- *                 \c f_send() callback set using \c mbedtls_ssl_set_bio().
- *
- * \note           The limit on datagram size is converted to a limit on
- *                 record payload by subtracting the current overhead of
- *                 encapsulation and encryption/authentication if any.
- *
- * \note           This can be called at any point during the connection, for
- *                 example when a Path Maximum Transfer Unit (PMTU)
- *                 estimate becomes available from other sources,
- *                 such as lower (or higher) protocol layers.
- *
- * \note           This setting only controls the size of the packets we send,
- *                 and does not restrict the size of the datagrams we're
- *                 willing to receive. Client-side, you can request the
- *                 server to use smaller records with \c
- *                 mbedtls_ssl_conf_max_frag_len().
- *
- * \note           If both a MTU and a maximum fragment length have been
- *                 configured (or negotiated with the peer), the resulting
- *                 lower limit on record payload (see first note) is used.
- *
- * \note           This can only be used to decrease the maximum size
- *                 of datagrams (hence records, see first note) sent. It
- *                 cannot be used to increase the maximum size of records over
- *                 the limit set by #MBEDTLS_SSL_OUT_CONTENT_LEN.
- *
- * \note           Values lower than the current record layer expansion will
- *                 result in an error when trying to send data.
- *
- * \note           Using record compression together with a non-zero MTU value
- *                 will result in an error when trying to send data.
- *
- * \param ssl      SSL context
- * \param mtu      Value of the path MTU in bytes
- */
-void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu );
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief          Set a connection-specific verification callback (optional).
- *
- *                 If set, the provided verify callback is called for each
- *                 certificate in the peer's CRT chain, including the trusted
- *                 root. For more information, please see the documentation of
- *                 \c mbedtls_x509_crt_verify().
- *
- * \note           This call is analogous to mbedtls_ssl_conf_verify() but
- *                 binds the verification callback and context to an SSL context
- *                 as opposed to an SSL configuration.
- *                 If mbedtls_ssl_conf_verify() and mbedtls_ssl_set_verify()
- *                 are both used, mbedtls_ssl_set_verify() takes precedence.
- *
- * \param ssl      The SSL context to use.
- * \param f_vrfy   The verification callback to use during CRT verification.
- * \param p_vrfy   The opaque context to be passed to the callback.
- */
-void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-/**
- * \brief          Set the timeout period for mbedtls_ssl_read()
- *                 (Default: no timeout.)
- *
- * \param conf     SSL configuration context
- * \param timeout  Timeout value in milliseconds.
- *                 Use 0 for no timeout (default).
- *
- * \note           With blocking I/O, this will only work if a non-NULL
- *                 \c f_recv_timeout was set with \c mbedtls_ssl_set_bio().
- *                 With non-blocking I/O, this will only work if timer
- *                 callbacks were set with \c mbedtls_ssl_set_timer_cb().
- *
- * \note           With non-blocking I/O, you may also skip this function
- *                 altogether and handle timeouts at the application layer.
- */
-void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
-
-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
-/**
- * \brief          Check whether a buffer contains a valid and authentic record
- *                 that has not been seen before. (DTLS only).
- *
- *                 This function does not change the user-visible state
- *                 of the SSL context. Its sole purpose is to provide
- *                 an indication of the legitimacy of an incoming record.
- *
- *                 This can be useful e.g. in distributed server environments
- *                 using the DTLS Connection ID feature, in which connections
- *                 might need to be passed between service instances on a change
- *                 of peer address, but where such disruptive operations should
- *                 only happen after the validity of incoming records has been
- *                 confirmed.
- *
- * \param ssl      The SSL context to use.
- * \param buf      The address of the buffer holding the record to be checked.
- *                 This must be a read/write buffer of length \p buflen Bytes.
- * \param buflen   The length of \p buf in Bytes.
- *
- * \note           This routine only checks whether the provided buffer begins
- *                 with a valid and authentic record that has not been seen
- *                 before, but does not check potential data following the
- *                 initial record. In particular, it is possible to pass DTLS
- *                 datagrams containing multiple records, in which case only
- *                 the first record is checked.
- *
- * \note           This function modifies the input buffer \p buf. If you need
- *                 to preserve the original record, you have to maintain a copy.
- *
- * \return         \c 0 if the record is valid and authentic and has not been
- *                 seen before.
- * \return         MBEDTLS_ERR_SSL_INVALID_MAC if the check completed
- *                 successfully but the record was found to be not authentic.
- * \return         MBEDTLS_ERR_SSL_INVALID_RECORD if the check completed
- *                 successfully but the record was found to be invalid for
- *                 a reason different from authenticity checking.
- * \return         MBEDTLS_ERR_SSL_UNEXPECTED_RECORD if the check completed
- *                 successfully but the record was found to be unexpected
- *                 in the state of the SSL context, including replayed records.
- * \return         Another negative error code on different kinds of failure.
- *                 In this case, the SSL context becomes unusable and needs
- *                 to be freed or reset before reuse.
- */
-int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
-                              unsigned char *buf,
-                              size_t buflen );
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */
-
-/**
- * \brief          Set the timer callbacks (Mandatory for DTLS.)
- *
- * \param ssl      SSL context
- * \param p_timer  parameter (context) shared by timer callbacks
- * \param f_set_timer   set timer callback
- * \param f_get_timer   get timer callback. Must return:
- *
- * \note           See the documentation of \c mbedtls_ssl_set_timer_t and
- *                 \c mbedtls_ssl_get_timer_t for the conventions this pair of
- *                 callbacks must follow.
- *
- * \note           On some platforms, timing.c provides
- *                 \c mbedtls_timing_set_delay() and
- *                 \c mbedtls_timing_get_delay() that are suitable for using
- *                 here, except if using an event-driven style.
- *
- * \note           See also the "DTLS tutorial" article in our knowledge base.
- *                 https://mbed-tls.readthedocs.io/en/latest/kb/how-to/dtls-tutorial
- */
-void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
-                               void *p_timer,
-                               mbedtls_ssl_set_timer_t *f_set_timer,
-                               mbedtls_ssl_get_timer_t *f_get_timer );
-
-/**
- * \brief           Callback type: generate and write session ticket
- *
- * \note            This describes what a callback implementation should do.
- *                  This callback should generate an encrypted and
- *                  authenticated ticket for the session and write it to the
- *                  output buffer. Here, ticket means the opaque ticket part
- *                  of the NewSessionTicket structure of RFC 5077.
- *
- * \param p_ticket  Context for the callback
- * \param session   SSL session to be written in the ticket
- * \param start     Start of the output buffer
- * \param end       End of the output buffer
- * \param tlen      On exit, holds the length written
- * \param lifetime  On exit, holds the lifetime of the ticket in seconds
- *
- * \return          0 if successful, or
- *                  a specific MBEDTLS_ERR_XXX code.
- */
-typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
-                                        const mbedtls_ssl_session *session,
-                                        unsigned char *start,
-                                        const unsigned char *end,
-                                        size_t *tlen,
-                                        uint32_t *lifetime );
-
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-/**
- * \brief           Callback type: Export key block and master secret
- *
- * \note            This is required for certain uses of TLS, e.g. EAP-TLS
- *                  (RFC 5216) and Thread. The key pointers are ephemeral and
- *                  therefore must not be stored. The master secret and keys
- *                  should not be used directly except as an input to a key
- *                  derivation function.
- *
- * \param p_expkey  Context for the callback
- * \param ms        Pointer to master secret (fixed length: 48 bytes)
- * \param kb        Pointer to key block, see RFC 5246 section 6.3
- *                  (variable length: 2 * maclen + 2 * keylen + 2 * ivlen).
- * \param maclen    MAC length
- * \param keylen    Key length
- * \param ivlen     IV length
- *
- * \return          0 if successful, or
- *                  a specific MBEDTLS_ERR_XXX code.
- */
-typedef int mbedtls_ssl_export_keys_t( void *p_expkey,
-                                const unsigned char *ms,
-                                const unsigned char *kb,
-                                size_t maclen,
-                                size_t keylen,
-                                size_t ivlen );
-
-/**
- * \brief           Callback type: Export key block, master secret,
- *                                 handshake randbytes and the tls_prf function
- *                                 used to derive keys.
- *
- * \note            This is required for certain uses of TLS, e.g. EAP-TLS
- *                  (RFC 5216) and Thread. The key pointers are ephemeral and
- *                  therefore must not be stored. The master secret and keys
- *                  should not be used directly except as an input to a key
- *                  derivation function.
- *
- * \param p_expkey  Context for the callback.
- * \param ms        Pointer to master secret (fixed length: 48 bytes).
- * \param kb            Pointer to key block, see RFC 5246 section 6.3.
- *                      (variable length: 2 * maclen + 2 * keylen + 2 * ivlen).
- * \param maclen        MAC length.
- * \param keylen        Key length.
- * \param ivlen         IV length.
- * \param client_random The client random bytes.
- * \param server_random The server random bytes.
- * \param tls_prf_type The tls_prf enum type.
- *
- * \return          0 if successful, or
- *                  a specific MBEDTLS_ERR_XXX code.
- */
-typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey,
-                                           const unsigned char *ms,
-                                           const unsigned char *kb,
-                                           size_t maclen,
-                                           size_t keylen,
-                                           size_t ivlen,
-                                           const unsigned char client_random[32],
-                                           const unsigned char server_random[32],
-                                           mbedtls_tls_prf_types tls_prf_type );
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-
-/**
- * \brief           Callback type: parse and load session ticket
- *
- * \note            This describes what a callback implementation should do.
- *                  This callback should parse a session ticket as generated
- *                  by the corresponding mbedtls_ssl_ticket_write_t function,
- *                  and, if the ticket is authentic and valid, load the
- *                  session.
- *
- * \note            The implementation is allowed to modify the first len
- *                  bytes of the input buffer, eg to use it as a temporary
- *                  area for the decrypted ticket contents.
- *
- * \param p_ticket  Context for the callback
- * \param session   SSL session to be loaded
- * \param buf       Start of the buffer containing the ticket
- * \param len       Length of the ticket.
- *
- * \return          0 if successful, or
- *                  MBEDTLS_ERR_SSL_INVALID_MAC if not authentic, or
- *                  MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
- *                  any other non-zero code for other failures.
- */
-typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
-                                        mbedtls_ssl_session *session,
-                                        unsigned char *buf,
-                                        size_t len );
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief           Configure SSL session ticket callbacks (server only).
- *                  (Default: none.)
- *
- * \note            On server, session tickets are enabled by providing
- *                  non-NULL callbacks.
- *
- * \note            On client, use \c mbedtls_ssl_conf_session_tickets().
- *
- * \param conf      SSL configuration context
- * \param f_ticket_write    Callback for writing a ticket
- * \param f_ticket_parse    Callback for parsing a ticket
- * \param p_ticket          Context shared by the two callbacks
- */
-void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
-        mbedtls_ssl_ticket_write_t *f_ticket_write,
-        mbedtls_ssl_ticket_parse_t *f_ticket_parse,
-        void *p_ticket );
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_EXPORT_KEYS)
-/**
- * \brief           Configure key export callback.
- *                  (Default: none.)
- *
- * \note            See \c mbedtls_ssl_export_keys_t.
- *
- * \param conf      SSL configuration context
- * \param f_export_keys     Callback for exporting keys
- * \param p_export_keys     Context for the callback
- */
-void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
-        mbedtls_ssl_export_keys_t *f_export_keys,
-        void *p_export_keys );
-
-/**
- * \brief           Configure extended key export callback.
- *                  (Default: none.)
- *
- * \note            See \c mbedtls_ssl_export_keys_ext_t.
- * \warning         Exported key material must not be used for any purpose
- *                  before the (D)TLS handshake is completed
- *
- * \param conf      SSL configuration context
- * \param f_export_keys_ext Callback for exporting keys
- * \param p_export_keys     Context for the callback
- */
-void mbedtls_ssl_conf_export_keys_ext_cb( mbedtls_ssl_config *conf,
-        mbedtls_ssl_export_keys_ext_t *f_export_keys_ext,
-        void *p_export_keys );
-#endif /* MBEDTLS_SSL_EXPORT_KEYS */
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-/**
- * \brief           Configure asynchronous private key operation callbacks.
- *
- * \param conf              SSL configuration context
- * \param f_async_sign      Callback to start a signature operation. See
- *                          the description of ::mbedtls_ssl_async_sign_t
- *                          for more information. This may be \c NULL if the
- *                          external processor does not support any signature
- *                          operation; in this case the private key object
- *                          associated with the certificate will be used.
- * \param f_async_decrypt   Callback to start a decryption operation. See
- *                          the description of ::mbedtls_ssl_async_decrypt_t
- *                          for more information. This may be \c NULL if the
- *                          external processor does not support any decryption
- *                          operation; in this case the private key object
- *                          associated with the certificate will be used.
- * \param f_async_resume    Callback to resume an asynchronous operation. See
- *                          the description of ::mbedtls_ssl_async_resume_t
- *                          for more information. This may not be \c NULL unless
- *                          \p f_async_sign and \p f_async_decrypt are both
- *                          \c NULL.
- * \param f_async_cancel    Callback to cancel an asynchronous operation. See
- *                          the description of ::mbedtls_ssl_async_cancel_t
- *                          for more information. This may be \c NULL if
- *                          no cleanup is needed.
- * \param config_data       A pointer to configuration data which can be
- *                          retrieved with
- *                          mbedtls_ssl_conf_get_async_config_data(). The
- *                          library stores this value without dereferencing it.
- */
-void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
-                                        mbedtls_ssl_async_sign_t *f_async_sign,
-                                        mbedtls_ssl_async_decrypt_t *f_async_decrypt,
-                                        mbedtls_ssl_async_resume_t *f_async_resume,
-                                        mbedtls_ssl_async_cancel_t *f_async_cancel,
-                                        void *config_data );
-
-/**
- * \brief           Retrieve the configuration data set by
- *                  mbedtls_ssl_conf_async_private_cb().
- *
- * \param conf      SSL configuration context
- * \return          The configuration data set by
- *                  mbedtls_ssl_conf_async_private_cb().
- */
-void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf );
-
-/**
- * \brief           Retrieve the asynchronous operation user context.
- *
- * \note            This function may only be called while a handshake
- *                  is in progress.
- *
- * \param ssl       The SSL context to access.
- *
- * \return          The asynchronous operation user context that was last
- *                  set during the current handshake. If
- *                  mbedtls_ssl_set_async_operation_data() has not yet been
- *                  called during the current handshake, this function returns
- *                  \c NULL.
- */
-void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief           Retrieve the asynchronous operation user context.
- *
- * \note            This function may only be called while a handshake
- *                  is in progress.
- *
- * \param ssl       The SSL context to access.
- * \param ctx       The new value of the asynchronous operation user context.
- *                  Call mbedtls_ssl_get_async_operation_data() later during the
- *                  same handshake to retrieve this value.
- */
-void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl,
-                                 void *ctx );
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-/**
- * \brief          Callback type: generate a cookie
- *
- * \param ctx      Context for the callback
- * \param p        Buffer to write to,
- *                 must be updated to point right after the cookie
- * \param end      Pointer to one past the end of the output buffer
- * \param info     Client ID info that was passed to
- *                 \c mbedtls_ssl_set_client_transport_id()
- * \param ilen     Length of info in bytes
- *
- * \return         The callback must return 0 on success,
- *                 or a negative error code.
- */
-typedef int mbedtls_ssl_cookie_write_t( void *ctx,
-                                unsigned char **p, unsigned char *end,
-                                const unsigned char *info, size_t ilen );
-
-/**
- * \brief          Callback type: verify a cookie
- *
- * \param ctx      Context for the callback
- * \param cookie   Cookie to verify
- * \param clen     Length of cookie
- * \param info     Client ID info that was passed to
- *                 \c mbedtls_ssl_set_client_transport_id()
- * \param ilen     Length of info in bytes
- *
- * \return         The callback must return 0 if cookie is valid,
- *                 or a negative error code.
- */
-typedef int mbedtls_ssl_cookie_check_t( void *ctx,
-                                const unsigned char *cookie, size_t clen,
-                                const unsigned char *info, size_t ilen );
-
-#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief           Register callbacks for DTLS cookies
- *                  (Server only. DTLS only.)
- *
- *                  Default: dummy callbacks that fail, in order to force you to
- *                  register working callbacks (and initialize their context).
- *
- *                  To disable HelloVerifyRequest, register NULL callbacks.
- *
- * \warning         Disabling hello verification allows your server to be used
- *                  for amplification in DoS attacks against other hosts.
- *                  Only disable if you known this can't happen in your
- *                  particular environment.
- *
- * \note            See comments on \c mbedtls_ssl_handshake() about handling
- *                  the MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED that is expected
- *                  on the first handshake attempt when this is enabled.
- *
- * \note            This is also necessary to handle client reconnection from
- *                  the same port as described in RFC 6347 section 4.2.8 (only
- *                  the variant with cookies is supported currently). See
- *                  comments on \c mbedtls_ssl_read() for details.
- *
- * \param conf              SSL configuration
- * \param f_cookie_write    Cookie write callback
- * \param f_cookie_check    Cookie check callback
- * \param p_cookie          Context for both callbacks
- */
-void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
-                           mbedtls_ssl_cookie_write_t *f_cookie_write,
-                           mbedtls_ssl_cookie_check_t *f_cookie_check,
-                           void *p_cookie );
-
-/**
- * \brief          Set client's transport-level identification info.
- *                 (Server only. DTLS only.)
- *
- *                 This is usually the IP address (and port), but could be
- *                 anything identify the client depending on the underlying
- *                 network stack. Used for HelloVerifyRequest with DTLS.
- *                 This is *not* used to route the actual packets.
- *
- * \param ssl      SSL context
- * \param info     Transport-level info identifying the client (eg IP + port)
- * \param ilen     Length of info in bytes
- *
- * \note           An internal copy is made, so the info buffer can be reused.
- *
- * \return         0 on success,
- *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
- *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
- */
-int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
-                                 const unsigned char *info,
-                                 size_t ilen );
-
-#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-/**
- * \brief          Enable or disable anti-replay protection for DTLS.
- *                 (DTLS only, no effect on TLS.)
- *                 Default: enabled.
- *
- * \param conf     SSL configuration
- * \param mode     MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
- *
- * \warning        Disabling this is a security risk unless the application
- *                 protocol handles duplicated packets in a safe way. You
- *                 should not disable this without careful consideration.
- *                 However, if your application already detects duplicated
- *                 packets and needs information about them to adjust its
- *                 transmission strategy, then you'll want to disable this.
- */
-void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
-#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
-
-#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
-/**
- * \brief          Set a limit on the number of records with a bad MAC
- *                 before terminating the connection.
- *                 (DTLS only, no effect on TLS.)
- *                 Default: 0 (disabled).
- *
- * \param conf     SSL configuration
- * \param limit    Limit, or 0 to disable.
- *
- * \note           If the limit is N, then the connection is terminated when
- *                 the Nth non-authentic record is seen.
- *
- * \note           Records with an invalid header are not counted, only the
- *                 ones going through the authentication-decryption phase.
- *
- * \note           This is a security trade-off related to the fact that it's
- *                 often relatively easy for an active attacker to inject UDP
- *                 datagrams. On one hand, setting a low limit here makes it
- *                 easier for such an attacker to forcibly terminated a
- *                 connection. On the other hand, a high limit or no limit
- *                 might make us waste resources checking authentication on
- *                 many bogus packets.
- */
-void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
-#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-
-/**
- * \brief          Allow or disallow packing of multiple handshake records
- *                 within a single datagram.
- *
- * \param ssl           The SSL context to configure.
- * \param allow_packing This determines whether datagram packing may
- *                      be used or not. A value of \c 0 means that every
- *                      record will be sent in a separate datagram; a
- *                      value of \c 1 means that, if space permits,
- *                      multiple handshake messages (including CCS) belonging to
- *                      a single flight may be packed within a single datagram.
- *
- * \note           This is enabled by default and should only be disabled
- *                 for test purposes, or if datagram packing causes
- *                 interoperability issues with peers that don't support it.
- *
- * \note           Allowing datagram packing reduces the network load since
- *                 there's less overhead if multiple messages share the same
- *                 datagram. Also, it increases the handshake efficiency
- *                 since messages belonging to a single datagram will not
- *                 be reordered in transit, and so future message buffering
- *                 or flight retransmission (if no buffering is used) as
- *                 means to deal with reordering are needed less frequently.
- *
- * \note           Application records are not affected by this option and
- *                 are currently always sent in separate datagrams.
- *
- */
-void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
-                                       unsigned allow_packing );
-
-/**
- * \brief          Set retransmit timeout values for the DTLS handshake.
- *                 (DTLS only, no effect on TLS.)
- *
- * \param conf     SSL configuration
- * \param min      Initial timeout value in milliseconds.
- *                 Default: 1000 (1 second).
- * \param max      Maximum timeout value in milliseconds.
- *                 Default: 60000 (60 seconds).
- *
- * \note           Default values are from RFC 6347 section 4.2.4.1.
- *
- * \note           The 'min' value should typically be slightly above the
- *                 expected round-trip time to your peer, plus whatever time
- *                 it takes for the peer to process the message. For example,
- *                 if your RTT is about 600ms and you peer needs up to 1s to
- *                 do the cryptographic operations in the handshake, then you
- *                 should set 'min' slightly above 1600. Lower values of 'min'
- *                 might cause spurious resends which waste network resources,
- *                 while larger value of 'min' will increase overall latency
- *                 on unreliable network links.
- *
- * \note           The more unreliable your network connection is, the larger
- *                 your max / min ratio needs to be in order to achieve
- *                 reliable handshakes.
- *
- * \note           Messages are retransmitted up to log2(ceil(max/min)) times.
- *                 For example, if min = 1s and max = 5s, the retransmit plan
- *                 goes: send ... 1s -> resend ... 2s -> resend ... 4s ->
- *                 resend ... 5s -> give up and return a timeout error.
- */
-void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-#if defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief          Set the session cache callbacks (server-side only)
- *                 If not set, no session resuming is done (except if session
- *                 tickets are enabled too).
- *
- *                 The session cache has the responsibility to check for stale
- *                 entries based on timeout. See RFC 5246 for recommendations.
- *
- *                 Warning: session.peer_cert is cleared by the SSL/TLS layer on
- *                 connection shutdown, so do not cache the pointer! Either set
- *                 it to NULL or make a full copy of the certificate.
- *
- *                 The get callback is called once during the initial handshake
- *                 to enable session resuming. The get function has the
- *                 following parameters: (void *parameter, mbedtls_ssl_session *session)
- *                 If a valid entry is found, it should fill the master of
- *                 the session object with the cached values and return 0,
- *                 return 1 otherwise. Optionally peer_cert can be set as well
- *                 if it is properly present in cache entry.
- *
- *                 The set callback is called once during the initial handshake
- *                 to enable session resuming after the entire handshake has
- *                 been finished. The set function has the following parameters:
- *                 (void *parameter, const mbedtls_ssl_session *session). The function
- *                 should create a cache entry for future retrieval based on
- *                 the data in the session structure and should keep in mind
- *                 that the mbedtls_ssl_session object presented (and all its referenced
- *                 data) is cleared by the SSL/TLS layer when the connection is
- *                 terminated. It is recommended to add metadata to determine if
- *                 an entry is still valid in the future. Return 0 if
- *                 successfully cached, return 1 otherwise.
- *
- * \param conf           SSL configuration
- * \param p_cache        parameter (context) for both callbacks
- * \param f_get_cache    session get callback
- * \param f_set_cache    session set callback
- */
-void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
-        void *p_cache,
-        int (*f_get_cache)(void *, mbedtls_ssl_session *),
-        int (*f_set_cache)(void *, const mbedtls_ssl_session *) );
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief          Request resumption of session (client-side only)
- *                 Session data is copied from presented session structure.
- *
- * \param ssl      SSL context
- * \param session  session context
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
- *                 arguments are otherwise invalid
- *
- * \sa             mbedtls_ssl_get_session()
- */
-int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
-#endif /* MBEDTLS_SSL_CLI_C */
-
-/**
- * \brief          Load serialized session data into a session structure.
- *                 On client, this can be used for loading saved sessions
- *                 before resuming them with mbedtls_ssl_set_session().
- *                 On server, this can be used for alternative implementations
- *                 of session cache or session tickets.
- *
- * \warning        If a peer certificate chain is associated with the session,
- *                 the serialized state will only contain the peer's
- *                 end-entity certificate and the result of the chain
- *                 verification (unless verification was disabled), but not
- *                 the rest of the chain.
- *
- * \see            mbedtls_ssl_session_save()
- * \see            mbedtls_ssl_set_session()
- *
- * \param session  The session structure to be populated. It must have been
- *                 initialised with mbedtls_ssl_session_init() but not
- *                 populated yet.
- * \param buf      The buffer holding the serialized session data. It must be a
- *                 readable buffer of at least \p len bytes.
- * \param len      The size of the serialized data in bytes.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
- * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
- * \return         #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
- *                 was generated in a different version or configuration of
- *                 Mbed TLS.
- * \return         Another negative value for other kinds of errors (for
- *                 example, unsupported features in the embedded certificate).
- */
-int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
-                              const unsigned char *buf,
-                              size_t len );
-
-/**
- * \brief          Save session structure as serialized data in a buffer.
- *                 On client, this can be used for saving session data,
- *                 potentially in non-volatile storage, for resuming later.
- *                 On server, this can be used for alternative implementations
- *                 of session cache or session tickets.
- *
- * \see            mbedtls_ssl_session_load()
- * \see            mbedtls_ssl_get_session_pointer()
- *
- * \param session  The session structure to be saved.
- * \param buf      The buffer to write the serialized data to. It must be a
- *                 writeable buffer of at least \p len bytes, or may be \c
- *                 NULL if \p len is \c 0.
- * \param buf_len  The number of bytes available for writing in \p buf.
- * \param olen     The size in bytes of the data that has been or would have
- *                 been written. It must point to a valid \c size_t.
- *
- * \note           \p olen is updated to the correct value regardless of
- *                 whether \p buf_len was large enough. This makes it possible
- *                 to determine the necessary size by calling this function
- *                 with \p buf set to \c NULL and \p buf_len to \c 0.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
- */
-int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
-                              unsigned char *buf,
-                              size_t buf_len,
-                              size_t *olen );
-
-/**
- * \brief          Get a pointer to the current session structure, for example
- *                 to serialize it.
- *
- * \warning        Ownership of the session remains with the SSL context, and
- *                 the returned pointer is only guaranteed to be valid until
- *                 the next API call operating on the same \p ssl context.
- *
- * \see            mbedtls_ssl_session_save()
- *
- * \param ssl      The SSL context.
- *
- * \return         A pointer to the current session if successful.
- * \return         \c NULL if no session is active.
- */
-const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief               Set the list of allowed ciphersuites and the preference
- *                      order. First in the list has the highest preference.
- *                      (Overrides all version-specific lists)
- *
- *                      The ciphersuites array is not copied, and must remain
- *                      valid for the lifetime of the ssl_config.
- *
- *                      Note: The server uses its own preferences
- *                      over the preference of the client unless
- *                      MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
- *
- * \param conf          SSL configuration
- * \param ciphersuites  0-terminated list of allowed ciphersuites
- */
-void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
-                                   const int *ciphersuites );
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
-#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL   1
-/**
- * \brief               Specify the length of Connection IDs for incoming
- *                      encrypted DTLS records, as well as the behaviour
- *                      on unexpected CIDs.
- *
- *                      By default, the CID length is set to \c 0,
- *                      and unexpected CIDs are silently ignored.
- *
- * \param conf          The SSL configuration to modify.
- * \param len           The length in Bytes of the CID fields in encrypted
- *                      DTLS records using the CID mechanism. This must
- *                      not be larger than #MBEDTLS_SSL_CID_OUT_LEN_MAX.
- * \param ignore_other_cids This determines the stack's behaviour when
- *                          receiving a record with an unexpected CID.
- *                          Possible values are:
- *                          - #MBEDTLS_SSL_UNEXPECTED_CID_IGNORE
- *                            In this case, the record is silently ignored.
- *                          - #MBEDTLS_SSL_UNEXPECTED_CID_FAIL
- *                            In this case, the stack fails with the specific
- *                            error code #MBEDTLS_ERR_SSL_UNEXPECTED_CID.
- *
- * \note                The CID specification allows implementations to either
- *                      use a common length for all incoming connection IDs or
- *                      allow variable-length incoming IDs. Mbed TLS currently
- *                      requires a common length for all connections sharing the
- *                      same SSL configuration; this allows simpler parsing of
- *                      record headers.
- *
- * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
- *                      is too large.
- */
-int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len,
-                          int ignore_other_cids );
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-/**
- * \brief               Set the list of allowed ciphersuites and the
- *                      preference order for a specific version of the protocol.
- *                      (Only useful on the server side)
- *
- *                      The ciphersuites array is not copied, and must remain
- *                      valid for the lifetime of the ssl_config.
- *
- * \param conf          SSL configuration
- * \param ciphersuites  0-terminated list of allowed ciphersuites
- * \param major         Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
- *                      supported)
- * \param minor         Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
- *                      MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
- *                      MBEDTLS_SSL_MINOR_VERSION_3 supported)
- *
- * \note                With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
- *                      and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
- */
-void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf,
-                                       const int *ciphersuites,
-                                       int major, int minor );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief          Set the X.509 security profile used for verification
- *
- * \note           The restrictions are enforced for all certificates in the
- *                 chain. However, signatures in the handshake are not covered
- *                 by this setting but by \b mbedtls_ssl_conf_sig_hashes().
- *
- * \param conf     SSL configuration
- * \param profile  Profile to use
- */
-void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
-                                    const mbedtls_x509_crt_profile *profile );
-
-/**
- * \brief          Set the data required to verify peer certificate
- *
- * \note           See \c mbedtls_x509_crt_verify() for notes regarding the
- *                 parameters ca_chain (maps to trust_ca for that function)
- *                 and ca_crl.
- *
- * \param conf     SSL configuration
- * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
- * \param ca_crl   trusted CA CRLs
- */
-void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
-                               mbedtls_x509_crt *ca_chain,
-                               mbedtls_x509_crl *ca_crl );
-
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-/**
- * \brief          Set the trusted certificate callback.
- *
- *                 This API allows to register the set of trusted certificates
- *                 through a callback, instead of a linked list as configured
- *                 by mbedtls_ssl_conf_ca_chain().
- *
- *                 This is useful for example in contexts where a large number
- *                 of CAs are used, and the inefficiency of maintaining them
- *                 in a linked list cannot be tolerated. It is also useful when
- *                 the set of trusted CAs needs to be modified frequently.
- *
- *                 See the documentation of `mbedtls_x509_crt_ca_cb_t` for
- *                 more information.
- *
- * \param conf     The SSL configuration to register the callback with.
- * \param f_ca_cb  The trusted certificate callback to use when verifying
- *                 certificate chains.
- * \param p_ca_cb  The context to be passed to \p f_ca_cb (for example,
- *                 a reference to a trusted CA database).
- *
- * \note           This API is incompatible with mbedtls_ssl_conf_ca_chain():
- *                 Any call to this function overwrites the values set through
- *                 earlier calls to mbedtls_ssl_conf_ca_chain() or
- *                 mbedtls_ssl_conf_ca_cb().
- *
- * \note           This API is incompatible with CA indication in
- *                 CertificateRequest messages: A server-side SSL context which
- *                 is bound to an SSL configuration that uses a CA callback
- *                 configured via mbedtls_ssl_conf_ca_cb(), and which requires
- *                 client authentication, will send an empty CA list in the
- *                 corresponding CertificateRequest message.
- *
- * \note           This API is incompatible with mbedtls_ssl_set_hs_ca_chain():
- *                 If an SSL context is bound to an SSL configuration which uses
- *                 CA callbacks configured via mbedtls_ssl_conf_ca_cb(), then
- *                 calls to mbedtls_ssl_set_hs_ca_chain() have no effect.
- *
- * \note           The use of this API disables the use of restartable ECC
- *                 during X.509 CRT signature verification (but doesn't affect
- *                 other uses).
- *
- * \warning        This API is incompatible with the use of CRLs. Any call to
- *                 mbedtls_ssl_conf_ca_cb() unsets CRLs configured through
- *                 earlier calls to mbedtls_ssl_conf_ca_chain().
- *
- * \warning        In multi-threaded environments, the callback \p f_ca_cb
- *                 must be thread-safe, and it is the user's responsibility
- *                 to guarantee this (for example through a mutex
- *                 contained in the callback context pointed to by \p p_ca_cb).
- */
-void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
-                             mbedtls_x509_crt_ca_cb_t f_ca_cb,
-                             void *p_ca_cb );
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-
-/**
- * \brief          Set own certificate chain and private key
- *
- * \note           own_cert should contain in order from the bottom up your
- *                 certificate chain. The top certificate (self-signed)
- *                 can be omitted.
- *
- * \note           On server, this function can be called multiple times to
- *                 provision more than one cert/key pair (eg one ECDSA, one
- *                 RSA with SHA-256, one RSA with SHA-1). An adequate
- *                 certificate will be selected according to the client's
- *                 advertised capabilities. In case multiple certificates are
- *                 adequate, preference is given to the one set by the first
- *                 call to this function, then second, etc.
- *
- * \note           On client, only the first call has any effect. That is,
- *                 only one client certificate can be provisioned. The
- *                 server's preferences in its CertificateRequest message will
- *                 be ignored and our only cert will be sent regardless of
- *                 whether it matches those preferences - the server can then
- *                 decide what it wants to do with it.
- *
- * \note           The provided \p pk_key needs to match the public key in the
- *                 first certificate in \p own_cert, or all handshakes using
- *                 that certificate will fail. It is your responsibility
- *                 to ensure that; this function will not perform any check.
- *                 You may use mbedtls_pk_check_pair() in order to perform
- *                 this check yourself, but be aware that this function can
- *                 be computationally expensive on some key types.
- *
- * \param conf     SSL configuration
- * \param own_cert own public certificate chain
- * \param pk_key   own private key
- *
- * \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
- */
-int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
-                              mbedtls_x509_crt *own_cert,
-                              mbedtls_pk_context *pk_key );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-/**
- * \brief          Configure a pre-shared key (PSK) and identity
- *                 to be used in PSK-based ciphersuites.
- *
- * \note           This is mainly useful for clients. Servers will usually
- *                 want to use \c mbedtls_ssl_conf_psk_cb() instead.
- *
- * \note           A PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
- *                 takes precedence over a PSK configured by this function.
- *
- * \warning        Currently, clients can only register a single pre-shared key.
- *                 Calling this function or mbedtls_ssl_conf_psk_opaque() more
- *                 than once will overwrite values configured in previous calls.
- *                 Support for setting multiple PSKs on clients and selecting
- *                 one based on the identity hint is not a planned feature,
- *                 but feedback is welcomed.
- *
- * \param conf     The SSL configuration to register the PSK with.
- * \param psk      The pointer to the pre-shared key to use.
- * \param psk_len  The length of the pre-shared key in bytes.
- * \param psk_identity      The pointer to the pre-shared key identity.
- * \param psk_identity_len  The length of the pre-shared key identity
- *                          in bytes.
- *
- * \note           The PSK and its identity are copied internally and
- *                 hence need not be preserved by the caller for the lifetime
- *                 of the SSL configuration.
- *
- * \return         \c 0 if successful.
- * \return         An \c MBEDTLS_ERR_SSL_XXX error code on failure.
- */
-int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
-                const unsigned char *psk, size_t psk_len,
-                const unsigned char *psk_identity, size_t psk_identity_len );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief          Configure an opaque pre-shared key (PSK) and identity
- *                 to be used in PSK-based ciphersuites.
- *
- * \note           This is mainly useful for clients. Servers will usually
- *                 want to use \c mbedtls_ssl_conf_psk_cb() instead.
- *
- * \note           An opaque PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in
- *                 the PSK callback takes precedence over an opaque PSK
- *                 configured by this function.
- *
- * \warning        Currently, clients can only register a single pre-shared key.
- *                 Calling this function or mbedtls_ssl_conf_psk() more than
- *                 once will overwrite values configured in previous calls.
- *                 Support for setting multiple PSKs on clients and selecting
- *                 one based on the identity hint is not a planned feature,
- *                 but feedback is welcomed.
- *
- * \param conf     The SSL configuration to register the PSK with.
- * \param psk      The identifier of the key slot holding the PSK.
- *                 Until \p conf is destroyed or this function is successfully
- *                 called again, the key slot \p psk must be populated with a
- *                 key of type PSA_ALG_CATEGORY_KEY_DERIVATION whose policy
- *                 allows its use for the key derivation algorithm applied
- *                 in the handshake.
- * \param psk_identity      The pointer to the pre-shared key identity.
- * \param psk_identity_len  The length of the pre-shared key identity
- *                          in bytes.
- *
- * \note           The PSK identity hint is copied internally and hence need
- *                 not be preserved by the caller for the lifetime of the
- *                 SSL configuration.
- *
- * \return         \c 0 if successful.
- * \return         An \c MBEDTLS_ERR_SSL_XXX error code on failure.
- */
-int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
-                                 psa_key_id_t psk,
-                                 const unsigned char *psk_identity,
-                                 size_t psk_identity_len );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/**
- * \brief          Set the pre-shared Key (PSK) for the current handshake.
- *
- * \note           This should only be called inside the PSK callback,
- *                 i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
- *
- * \note           A PSK set by this function takes precedence over a PSK
- *                 configured by \c mbedtls_ssl_conf_psk().
- *
- * \param ssl      The SSL context to configure a PSK for.
- * \param psk      The pointer to the pre-shared key.
- * \param psk_len  The length of the pre-shared key in bytes.
- *
- * \return         \c 0 if successful.
- * \return         An \c MBEDTLS_ERR_SSL_XXX error code on failure.
- */
-int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
-                            const unsigned char *psk, size_t psk_len );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * \brief          Set an opaque pre-shared Key (PSK) for the current handshake.
- *
- * \note           This should only be called inside the PSK callback,
- *                 i.e. the function passed to \c mbedtls_ssl_conf_psk_cb().
- *
- * \note           An opaque PSK set by this function takes precedence over an
- *                 opaque PSK configured by \c mbedtls_ssl_conf_psk_opaque().
- *
- * \param ssl      The SSL context to configure a PSK for.
- * \param psk      The identifier of the key slot holding the PSK.
- *                 For the duration of the current handshake, the key slot
- *                 must be populated with a key of type
- *                 PSA_ALG_CATEGORY_KEY_DERIVATION whose policy allows its
- *                 use for the key derivation algorithm
- *                 applied in the handshake.
-  *
- * \return         \c 0 if successful.
- * \return         An \c MBEDTLS_ERR_SSL_XXX error code on failure.
- */
-int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
-                                   psa_key_id_t psk );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-/**
- * \brief          Set the PSK callback (server-side only).
- *
- *                 If set, the PSK callback is called for each
- *                 handshake where a PSK-based ciphersuite was negotiated.
- *                 The caller provides the identity received and wants to
- *                 receive the actual PSK data and length.
- *
- *                 The callback has the following parameters:
- *                 - \c void*: The opaque pointer \p p_psk.
- *                 - \c mbedtls_ssl_context*: The SSL context to which
- *                                            the operation applies.
- *                 - \c const unsigned char*: The PSK identity
- *                                            selected by the client.
- *                 - \c size_t: The length of the PSK identity
- *                              selected by the client.
- *
- *                 If a valid PSK identity is found, the callback should use
- *                 \c mbedtls_ssl_set_hs_psk() or
- *                 \c mbedtls_ssl_set_hs_psk_opaque()
- *                 on the SSL context to set the correct PSK and return \c 0.
- *                 Any other return value will result in a denied PSK identity.
- *
- * \note           A dynamic PSK (i.e. set by the PSK callback) takes
- *                 precedence over a static PSK (i.e. set by
- *                 \c mbedtls_ssl_conf_psk() or
- *                 \c mbedtls_ssl_conf_psk_opaque()).
- *                 This means that if you set a PSK callback using this
- *                 function, you don't need to set a PSK using
- *                 \c mbedtls_ssl_conf_psk() or
- *                 \c mbedtls_ssl_conf_psk_opaque()).
- *
- * \param conf     The SSL configuration to register the callback with.
- * \param f_psk    The callback for selecting and setting the PSK based
- *                 in the PSK identity chosen by the client.
- * \param p_psk    A pointer to an opaque structure to be passed to
- *                 the callback, for example a PSK store.
- */
-void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
-                     int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
-                                  size_t),
-                     void *p_psk );
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-
-/**
- * \brief          Set the Diffie-Hellman public P and G values,
- *                 read as hexadecimal strings (server-side only)
- *                 (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG])
- *
- * \param conf     SSL configuration
- * \param dhm_P    Diffie-Hellman-Merkle modulus
- * \param dhm_G    Diffie-Hellman-Merkle generator
- *
- * \deprecated     Superseded by \c mbedtls_ssl_conf_dh_param_bin.
- *
- * \return         0 if successful
- */
-MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf,
-                                                  const char *dhm_P,
-                                                  const char *dhm_G );
-
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/**
- * \brief          Set the Diffie-Hellman public P and G values
- *                 from big-endian binary presentations.
- *                 (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]_BIN)
- *
- * \param conf     SSL configuration
- * \param dhm_P    Diffie-Hellman-Merkle modulus in big-endian binary form
- * \param P_len    Length of DHM modulus
- * \param dhm_G    Diffie-Hellman-Merkle generator in big-endian binary form
- * \param G_len    Length of DHM generator
- *
- * \return         0 if successful
- */
-int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
-                                   const unsigned char *dhm_P, size_t P_len,
-                                   const unsigned char *dhm_G,  size_t G_len );
-
-/**
- * \brief          Set the Diffie-Hellman public P and G values,
- *                 read from existing context (server-side only)
- *
- * \param conf     SSL configuration
- * \param dhm_ctx  Diffie-Hellman-Merkle context
- *
- * \return         0 if successful
- */
-int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
-#endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
-
-#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief          Set the minimum length for Diffie-Hellman parameters.
- *                 (Client-side only.)
- *                 (Default: 1024 bits.)
- *
- * \param conf     SSL configuration
- * \param bitlen   Minimum bit length of the DHM prime
- */
-void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
-                                      unsigned int bitlen );
-#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
-
-#if defined(MBEDTLS_ECP_C)
-/**
- * \brief          Set the allowed curves in order of preference.
- *                 (Default: all defined curves in order of decreasing size,
- *                 except that Montgomery curves come last. This order
- *                 is likely to change in a future version.)
- *
- *                 On server: this only affects selection of the ECDHE curve;
- *                 the curves used for ECDH and ECDSA are determined by the
- *                 list of available certificates instead.
- *
- *                 On client: this affects the list of curves offered for any
- *                 use. The server can override our preference order.
- *
- *                 Both sides: limits the set of curves accepted for use in
- *                 ECDHE and in the peer's end-entity certificate.
- *
- * \note           This has no influence on which curves are allowed inside the
- *                 certificate chains, see \c mbedtls_ssl_conf_cert_profile()
- *                 for that. For the end-entity certificate however, the key
- *                 will be accepted only if it is allowed both by this list
- *                 and by the cert profile.
- *
- * \note           This list should be ordered by decreasing preference
- *                 (preferred curve first).
- *
- * \param conf     SSL configuration
- * \param curves   Ordered list of allowed curves,
- *                 terminated by MBEDTLS_ECP_DP_NONE.
- */
-void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
-                              const mbedtls_ecp_group_id *curves );
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-/**
- * \brief          Set the allowed hashes for signatures during the handshake.
- *                 (Default: all SHA-2 hashes, largest first. Also SHA-1 if
- *                 the compile-time option
- *                 `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE` is enabled.)
- *
- * \note           This only affects which hashes are offered and can be used
- *                 for signatures during the handshake. Hashes for message
- *                 authentication and the TLS PRF are controlled by the
- *                 ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
- *                 used for certificate signature are controlled by the
- *                 verification profile, see \c mbedtls_ssl_conf_cert_profile().
- *
- * \note           This list should be ordered by decreasing preference
- *                 (preferred hash first).
- *
- * \param conf     SSL configuration
- * \param hashes   Ordered list of allowed signature hashes,
- *                 terminated by \c MBEDTLS_MD_NONE.
- */
-void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
-                                  const int *hashes );
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief          Set or reset the hostname to check against the received
- *                 server certificate. It sets the ServerName TLS extension,
- *                 too, if that extension is enabled. (client-side only)
- *
- * \param ssl      SSL context
- * \param hostname the server hostname, may be NULL to clear hostname
-
- * \note           Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
- *
- * \return         0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
- *                 allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
- *                 too long input hostname.
- *
- *                 Hostname set to the one provided on success (cleared
- *                 when NULL). On allocation failure hostname is cleared.
- *                 On too long input failure, old hostname is unchanged.
- */
-int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-/**
- * \brief          Set own certificate and key for the current handshake
- *
- * \note           Same as \c mbedtls_ssl_conf_own_cert() but for use within
- *                 the SNI callback.
- *
- * \param ssl      SSL context
- * \param own_cert own public certificate chain
- * \param pk_key   own private key
- *
- * \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
- */
-int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
-                                 mbedtls_x509_crt *own_cert,
-                                 mbedtls_pk_context *pk_key );
-
-/**
- * \brief          Set the data required to verify peer certificate for the
- *                 current handshake
- *
- * \note           Same as \c mbedtls_ssl_conf_ca_chain() but for use within
- *                 the SNI callback.
- *
- * \param ssl      SSL context
- * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
- * \param ca_crl   trusted CA CRLs
- */
-void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
-                                  mbedtls_x509_crt *ca_chain,
-                                  mbedtls_x509_crl *ca_crl );
-
-/**
- * \brief          Set authmode for the current handshake.
- *
- * \note           Same as \c mbedtls_ssl_conf_authmode() but for use within
- *                 the SNI callback.
- *
- * \param ssl      SSL context
- * \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
- *                 MBEDTLS_SSL_VERIFY_REQUIRED
- */
-void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
-                                  int authmode );
-
-/**
- * \brief          Set server side ServerName TLS extension callback
- *                 (optional, server-side only).
- *
- *                 If set, the ServerName callback is called whenever the
- *                 server receives a ServerName TLS extension from the client
- *                 during a handshake. The ServerName callback has the
- *                 following parameters: (void *parameter, mbedtls_ssl_context *ssl,
- *                 const unsigned char *hostname, size_t len). If a suitable
- *                 certificate is found, the callback must set the
- *                 certificate(s) and key(s) to use with \c
- *                 mbedtls_ssl_set_hs_own_cert() (can be called repeatedly),
- *                 and may optionally adjust the CA and associated CRL with \c
- *                 mbedtls_ssl_set_hs_ca_chain() as well as the client
- *                 authentication mode with \c mbedtls_ssl_set_hs_authmode(),
- *                 then must return 0. If no matching name is found, the
- *                 callback must either set a default cert, or
- *                 return non-zero to abort the handshake at this point.
- *
- * \param conf     SSL configuration
- * \param f_sni    verification function
- * \param p_sni    verification parameter
- */
-void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
-                  int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
-                               size_t),
-                  void *p_sni );
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-/**
- * \brief          Set the EC J-PAKE password for current handshake.
- *
- * \note           An internal copy is made, and destroyed as soon as the
- *                 handshake is completed, or when the SSL context is reset or
- *                 freed.
- *
- * \note           The SSL context needs to be already set up. The right place
- *                 to call this function is between \c mbedtls_ssl_setup() or
- *                 \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake().
- *
- * \param ssl      SSL context
- * \param pw       EC J-PAKE password (pre-shared secret)
- * \param pw_len   length of pw in bytes
- *
- * \return         0 on success, or a negative error code.
- */
-int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
-                                         const unsigned char *pw,
-                                         size_t pw_len );
-#endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_SSL_ALPN)
-/**
- * \brief          Set the supported Application Layer Protocols.
- *
- * \param conf     SSL configuration
- * \param protos   Pointer to a NULL-terminated list of supported protocols,
- *                 in decreasing preference order. The pointer to the list is
- *                 recorded by the library for later reference as required, so
- *                 the lifetime of the table must be at least as long as the
- *                 lifetime of the SSL configuration structure.
- *
- * \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
- */
-int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
-
-/**
- * \brief          Get the name of the negotiated Application Layer Protocol.
- *                 This function should be called after the handshake is
- *                 completed.
- *
- * \param ssl      SSL context
- *
- * \return         Protocol name, or NULL if no protocol was negotiated.
- */
-const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_ALPN */
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-#if defined(MBEDTLS_DEBUG_C)
-static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_srtp_profile profile )
-{
-    switch( profile )
-    {
-        case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
-            return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" );
-        case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
-            return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" );
-        case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
-            return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" );
-        case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32:
-            return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" );
-        default: break;
-    }
-    return( "" );
-}
-#endif /* MBEDTLS_DEBUG_C */
-/**
- * \brief                   Manage support for mki(master key id) value
- *                          in use_srtp extension.
- *                          MKI is an optional part of SRTP used for key management
- *                          and re-keying. See RFC3711 section 3.1 for details.
- *                          The default value is
- *                          #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED.
- *
- * \param conf              The SSL configuration to manage mki support.
- * \param support_mki_value Enable or disable mki usage. Values are
- *                          #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED
- *                          or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED.
- */
-void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
-                                                int support_mki_value );
-
-/**
- * \brief                   Set the supported DTLS-SRTP protection profiles.
- *
- * \param conf              SSL configuration
- * \param profiles          Pointer to a List of MBEDTLS_TLS_SRTP_UNSET terminated
- *                          supported protection profiles
- *                          in decreasing preference order.
- *                          The pointer to the list is recorded by the library
- *                          for later reference as required, so the lifetime
- *                          of the table must be at least as long as the lifetime
- *                          of the SSL configuration structure.
- *                          The list must not hold more than
- *                          MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH elements
- *                          (excluding the terminating MBEDTLS_TLS_SRTP_UNSET).
- *
- * \return                  0 on success
- * \return                  #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of
- *                          protection profiles is incorrect.
- */
-int mbedtls_ssl_conf_dtls_srtp_protection_profiles
-                               ( mbedtls_ssl_config *conf,
-                                 const mbedtls_ssl_srtp_profile *profiles );
-
-/**
- * \brief                  Set the mki_value for the current DTLS-SRTP session.
- *
- * \param ssl              SSL context to use.
- * \param mki_value        The MKI value to set.
- * \param mki_len          The length of the MKI value.
- *
- * \note                   This function is relevant on client side only.
- *                         The server discovers the mki value during handshake.
- *                         A mki value set on server side using this function
- *                         is ignored.
- *
- * \return                 0 on success
- * \return                 #MBEDTLS_ERR_SSL_BAD_INPUT_DATA
- * \return                 #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
- */
-int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
-                                         unsigned char *mki_value,
-                                         uint16_t mki_len );
-/**
- * \brief                  Get the negotiated DTLS-SRTP information:
- *                         Protection profile and MKI value.
- *
- * \warning                This function must be called after the handshake is
- *                         completed. The value returned by this function must
- *                         not be trusted or acted upon before the handshake completes.
- *
- * \param ssl              The SSL context to query.
- * \param dtls_srtp_info   The negotiated DTLS-SRTP information:
- *                         - Protection profile in use.
- *                         A direct mapping of the iana defined value for protection
- *                         profile on an uint16_t.
-                   http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
- *                         #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated
- *                         or peer's Hello packet was not parsed yet.
- *                         - mki size and value( if size is > 0 ).
- */
-void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl,
-                                                   mbedtls_dtls_srtp_info *dtls_srtp_info );
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-
-/**
- * \brief          Set the maximum supported version sent from the client side
- *                 and/or accepted at the server side
- *                 (Default: MBEDTLS_SSL_MAX_MAJOR_VERSION, MBEDTLS_SSL_MAX_MINOR_VERSION)
- *
- * \note           This ignores ciphersuites from higher versions.
- *
- * \note           With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
- *                 MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
- *
- * \param conf     SSL configuration
- * \param major    Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
- * \param minor    Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
- *                 MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
- *                 MBEDTLS_SSL_MINOR_VERSION_3 supported)
- */
-void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
-
-/**
- * \brief          Set the minimum accepted SSL/TLS protocol version
- *                 (Default: TLS 1.0)
- *
- * \note           Input outside of the SSL_MAX_XXXXX_VERSION and
- *                 SSL_MIN_XXXXX_VERSION range is ignored.
- *
- * \note           MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
- *
- * \note           With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
- *                 MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
- *
- * \param conf     SSL configuration
- * \param major    Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
- * \param minor    Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
- *                 MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
- *                 MBEDTLS_SSL_MINOR_VERSION_3 supported)
- */
-void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
-
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief          Set the fallback flag (client-side only).
- *                 (Default: MBEDTLS_SSL_IS_NOT_FALLBACK).
- *
- * \note           Set to MBEDTLS_SSL_IS_FALLBACK when preparing a fallback
- *                 connection, that is a connection with max_version set to a
- *                 lower value than the value you're willing to use. Such
- *                 fallback connections are not recommended but are sometimes
- *                 necessary to interoperate with buggy (version-intolerant)
- *                 servers.
- *
- * \warning        You should NOT set this to MBEDTLS_SSL_IS_FALLBACK for
- *                 non-fallback connections! This would appear to work for a
- *                 while, then cause failures when the server is upgraded to
- *                 support a newer TLS version.
- *
- * \param conf     SSL configuration
- * \param fallback MBEDTLS_SSL_IS_NOT_FALLBACK or MBEDTLS_SSL_IS_FALLBACK
- */
-void mbedtls_ssl_conf_fallback( mbedtls_ssl_config *conf, char fallback );
-#endif /* MBEDTLS_SSL_FALLBACK_SCSV && MBEDTLS_SSL_CLI_C */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-/**
- * \brief           Enable or disable Encrypt-then-MAC
- *                  (Default: MBEDTLS_SSL_ETM_ENABLED)
- *
- * \note            This should always be enabled, it is a security
- *                  improvement, and should not cause any interoperability
- *                  issue (used only if the peer supports it too).
- *
- * \param conf      SSL configuration
- * \param etm       MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
- */
-void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-/**
- * \brief           Enable or disable Extended Master Secret negotiation.
- *                  (Default: MBEDTLS_SSL_EXTENDED_MS_ENABLED)
- *
- * \note            This should always be enabled, it is a security fix to the
- *                  protocol, and should not cause any interoperability issue
- *                  (used only if the peer supports it too).
- *
- * \param conf      SSL configuration
- * \param ems       MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
- */
-void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
-#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-
-#if defined(MBEDTLS_ARC4_C)
-/**
- * \brief          Disable or enable support for RC4
- *                 (Default: MBEDTLS_SSL_ARC4_DISABLED)
- *
- * \warning        Use of RC4 in DTLS/TLS has been prohibited by RFC 7465
- *                 for security reasons. Use at your own risk.
- *
- * \note           This function is deprecated and will be removed in
- *                 a future version of the library.
- *                 RC4 is disabled by default at compile time and needs to be
- *                 actively enabled for use with legacy systems.
- *
- * \param conf     SSL configuration
- * \param arc4     MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
- */
-void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
-#endif /* MBEDTLS_ARC4_C */
-
-#if defined(MBEDTLS_SSL_SRV_C)
-/**
- * \brief          Whether to send a list of acceptable CAs in
- *                 CertificateRequest messages.
- *                 (Default: do send)
- *
- * \param conf     SSL configuration
- * \param cert_req_ca_list   MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or
- *                          MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
- */
-void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
-                                          char cert_req_ca_list );
-#endif /* MBEDTLS_SSL_SRV_C */
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-/**
- * \brief          Set the maximum fragment length to emit and/or negotiate.
- *                 (Typical: the smaller of #MBEDTLS_SSL_IN_CONTENT_LEN and
- *                 #MBEDTLS_SSL_OUT_CONTENT_LEN, usually `2^14` bytes)
- *                 (Server: set maximum fragment length to emit,
- *                 usually negotiated by the client during handshake)
- *                 (Client: set maximum fragment length to emit *and*
- *                 negotiate with the server during handshake)
- *                 (Default: #MBEDTLS_SSL_MAX_FRAG_LEN_NONE)
- *
- * \note           On the client side, the maximum fragment length extension
- *                 *will not* be used, unless the maximum fragment length has
- *                 been set via this function to a value different than
- *                 #MBEDTLS_SSL_MAX_FRAG_LEN_NONE.
- *
- * \note           With TLS, this currently only affects ApplicationData (sent
- *                 with \c mbedtls_ssl_read()), not handshake messages.
- *                 With DTLS, this affects both ApplicationData and handshake.
- *
- * \note           This sets the maximum length for a record's payload,
- *                 excluding record overhead that will be added to it, see
- *                 \c mbedtls_ssl_get_record_expansion().
- *
- * \note           For DTLS, it is also possible to set a limit for the total
- *                 size of datagrams passed to the transport layer, including
- *                 record overhead, see \c mbedtls_ssl_set_mtu().
- *
- * \param conf     SSL configuration
- * \param mfl_code Code for maximum fragment length (allowed values:
- *                 MBEDTLS_SSL_MAX_FRAG_LEN_512,  MBEDTLS_SSL_MAX_FRAG_LEN_1024,
- *                 MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
- *
- * \return         0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
- */
-int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-/**
- * \brief          Activate negotiation of truncated HMAC
- *                 (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
- *
- * \param conf     SSL configuration
- * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
- *                                    MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
- */
-void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
-/**
- * \brief          Enable / Disable 1/n-1 record splitting
- *                 (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
- *
- * \note           Only affects SSLv3 and TLS 1.0, not higher versions.
- *                 Does not affect non-CBC ciphersuites in any version.
- *
- * \param conf     SSL configuration
- * \param split    MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED or
- *                 MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED
- */
-void mbedtls_ssl_conf_cbc_record_splitting( mbedtls_ssl_config *conf, char split );
-#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief          Enable / Disable session tickets (client only).
- *                 (Default: MBEDTLS_SSL_SESSION_TICKETS_ENABLED.)
- *
- * \note           On server, use \c mbedtls_ssl_conf_session_tickets_cb().
- *
- * \param conf     SSL configuration
- * \param use_tickets   Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
- *                                         MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
- */
-void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-/**
- * \brief          Enable / Disable renegotiation support for connection when
- *                 initiated by peer
- *                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
- *
- * \warning        It is recommended to always disable renegotiation unless you
- *                 know you need it and you know what you're doing. In the
- *                 past, there have been several issues associated with
- *                 renegotiation or a poor understanding of its properties.
- *
- * \note           Server-side, enabling renegotiation also makes the server
- *                 susceptible to a resource DoS by a malicious client.
- *
- * \param conf    SSL configuration
- * \param renegotiation     Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
- *                                             MBEDTLS_SSL_RENEGOTIATION_DISABLED)
- */
-void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-/**
- * \brief          Prevent or allow legacy renegotiation.
- *                 (Default: MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION)
- *
- *                 MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION allows connections to
- *                 be established even if the peer does not support
- *                 secure renegotiation, but does not allow renegotiation
- *                 to take place if not secure.
- *                 (Interoperable and secure option)
- *
- *                 MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION allows renegotiations
- *                 with non-upgraded peers. Allowing legacy renegotiation
- *                 makes the connection vulnerable to specific man in the
- *                 middle attacks. (See RFC 5746)
- *                 (Most interoperable and least secure option)
- *
- *                 MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE breaks off connections
- *                 if peer does not support secure renegotiation. Results
- *                 in interoperability issues with non-upgraded peers
- *                 that do not support renegotiation altogether.
- *                 (Most secure option, interoperability issues)
- *
- * \param conf     SSL configuration
- * \param allow_legacy  Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
- *                                        SSL_ALLOW_LEGACY_RENEGOTIATION or
- *                                        MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
- */
-void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-/**
- * \brief          Enforce renegotiation requests.
- *                 (Default: enforced, max_records = 16)
- *
- *                 When we request a renegotiation, the peer can comply or
- *                 ignore the request. This function allows us to decide
- *                 whether to enforce our renegotiation requests by closing
- *                 the connection if the peer doesn't comply.
- *
- *                 However, records could already be in transit from the peer
- *                 when the request is emitted. In order to increase
- *                 reliability, we can accept a number of records before the
- *                 expected handshake records.
- *
- *                 The optimal value is highly dependent on the specific usage
- *                 scenario.
- *
- * \note           With DTLS and server-initiated renegotiation, the
- *                 HelloRequest is retransmitted every time mbedtls_ssl_read() times
- *                 out or receives Application Data, until:
- *                 - max_records records have beens seen, if it is >= 0, or
- *                 - the number of retransmits that would happen during an
- *                 actual handshake has been reached.
- *                 Please remember the request might be lost a few times
- *                 if you consider setting max_records to a really low value.
- *
- * \warning        On client, the grace period can only happen during
- *                 mbedtls_ssl_read(), as opposed to mbedtls_ssl_write() and mbedtls_ssl_renegotiate()
- *                 which always behave as if max_record was 0. The reason is,
- *                 if we receive application data from the server, we need a
- *                 place to write it, which only happens during mbedtls_ssl_read().
- *
- * \param conf     SSL configuration
- * \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
- *                 enforce renegotiation, or a non-negative value to enforce
- *                 it but allow for a grace period of max_records records.
- */
-void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
-
-/**
- * \brief          Set record counter threshold for periodic renegotiation.
- *                 (Default: 2^48 - 1)
- *
- *                 Renegotiation is automatically triggered when a record
- *                 counter (outgoing or incoming) crosses the defined
- *                 threshold. The default value is meant to prevent the
- *                 connection from being closed when the counter is about to
- *                 reached its maximal value (it is not allowed to wrap).
- *
- *                 Lower values can be used to enforce policies such as "keys
- *                 must be refreshed every N packets with cipher X".
- *
- *                 The renegotiation period can be disabled by setting
- *                 conf->disable_renegotiation to
- *                 MBEDTLS_SSL_RENEGOTIATION_DISABLED.
- *
- * \note           When the configured transport is
- *                 MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation
- *                 period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM,
- *                 the maximum renegotiation period is 2^64 - 1.
- *
- * \param conf     SSL configuration
- * \param period   The threshold value: a big-endian 64-bit number.
- */
-void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
-                                   const unsigned char period[8] );
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-/**
- * \brief          Check if there is data already read from the
- *                 underlying transport but not yet processed.
- *
- * \param ssl      SSL context
- *
- * \return         0 if nothing's pending, 1 otherwise.
- *
- * \note           This is different in purpose and behaviour from
- *                 \c mbedtls_ssl_get_bytes_avail in that it considers
- *                 any kind of unprocessed data, not only unread
- *                 application data. If \c mbedtls_ssl_get_bytes
- *                 returns a non-zero value, this function will
- *                 also signal pending data, but the converse does
- *                 not hold. For example, in DTLS there might be
- *                 further records waiting to be processed from
- *                 the current underlying transport's datagram.
- *
- * \note           If this function returns 1 (data pending), this
- *                 does not imply that a subsequent call to
- *                 \c mbedtls_ssl_read will provide any data;
- *                 e.g., the unprocessed data might turn out
- *                 to be an alert or a handshake message.
- *
- * \note           This function is useful in the following situation:
- *                 If the SSL/TLS module successfully returns from an
- *                 operation - e.g. a handshake or an application record
- *                 read - and you're awaiting incoming data next, you
- *                 must not immediately idle on the underlying transport
- *                 to have data ready, but you need to check the value
- *                 of this function first. The reason is that the desired
- *                 data might already be read but not yet processed.
- *                 If, in contrast, a previous call to the SSL/TLS module
- *                 returned MBEDTLS_ERR_SSL_WANT_READ, it is not necessary
- *                 to call this function, as the latter error code entails
- *                 that all internal data has been processed.
- *
- */
-int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Return the number of application data bytes
- *                 remaining to be read from the current record.
- *
- * \param ssl      SSL context
- *
- * \return         How many bytes are available in the application
- *                 data record read buffer.
- *
- * \note           When working over a datagram transport, this is
- *                 useful to detect the current datagram's boundary
- *                 in case \c mbedtls_ssl_read has written the maximal
- *                 amount of data fitting into the input buffer.
- *
- */
-size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Return the result of the certificate verification
- *
- * \param ssl      The SSL context to use.
- *
- * \return         \c 0 if the certificate verification was successful.
- * \return         \c -1u if the result is not available. This may happen
- *                 e.g. if the handshake aborts early, or a verification
- *                 callback returned a fatal error.
- * \return         A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX
- *                 and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h.
- */
-uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Return the name of the current ciphersuite
- *
- * \param ssl      SSL context
- *
- * \return         a string containing the ciphersuite name
- */
-const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Return the current SSL version (SSLv3/TLSv1/etc)
- *
- * \param ssl      SSL context
- *
- * \return         a string containing the SSL version
- */
-const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Return the (maximum) number of bytes added by the record
- *                 layer: header + encryption/MAC overhead (inc. padding)
- *
- * \note           This function is not available (always returns an error)
- *                 when record compression is enabled.
- *
- * \param ssl      SSL context
- *
- * \return         Current maximum record expansion in bytes, or
- *                 MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is
- *                 enabled, which makes expansion much less predictable
- */
-int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-/**
- * \brief          Return the maximum fragment length (payload, in bytes) for
- *                 the output buffer. For the client, this is the configured
- *                 value. For the server, it is the minimum of two - the
- *                 configured value and the negotiated one.
- *
- * \sa             mbedtls_ssl_conf_max_frag_len()
- * \sa             mbedtls_ssl_get_max_record_payload()
- *
- * \param ssl      SSL context
- *
- * \return         Current maximum fragment length for the output buffer.
- */
-size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Return the maximum fragment length (payload, in bytes) for
- *                 the input buffer. This is the negotiated maximum fragment
- *                 length, or, if there is none, MBEDTLS_SSL_MAX_CONTENT_LEN.
- *                 If it is not defined either, the value is 2^14. This function
- *                 works as its predecessor, \c mbedtls_ssl_get_max_frag_len().
- *
- * \sa             mbedtls_ssl_conf_max_frag_len()
- * \sa             mbedtls_ssl_get_max_record_payload()
- *
- * \param ssl      SSL context
- *
- * \return         Current maximum fragment length for the output buffer.
- */
-size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl );
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-
-#if defined(MBEDTLS_DEPRECATED_WARNING)
-#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
-#else
-#define MBEDTLS_DEPRECATED
-#endif
-
-/**
- * \brief          This function is a deprecated approach to getting the max
- *                 fragment length. Its an alias for
- *                 \c mbedtls_ssl_get_output_max_frag_len(), as the behaviour
- *                 is the same. See \c mbedtls_ssl_get_output_max_frag_len() for
- *                 more detail.
- *
- * \sa             mbedtls_ssl_get_input_max_frag_len()
- * \sa             mbedtls_ssl_get_output_max_frag_len()
- *
- * \param ssl      SSL context
- *
- * \return         Current maximum fragment length for the output buffer.
- */
-MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len(
-                                        const mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-/**
- * \brief          Return the current maximum outgoing record payload in bytes.
- *                 This takes into account the config.h setting \c
- *                 MBEDTLS_SSL_OUT_CONTENT_LEN, the configured and negotiated
- *                 max fragment length extension if used, and for DTLS the
- *                 path MTU as configured and current record expansion.
- *
- * \note           With DTLS, \c mbedtls_ssl_write() will return an error if
- *                 called with a larger length value.
- *                 With TLS, \c mbedtls_ssl_write() will fragment the input if
- *                 necessary and return the number of bytes written; it is up
- *                 to the caller to call \c mbedtls_ssl_write() again in
- *                 order to send the remaining bytes if any.
- *
- * \note           This function is not available (always returns an error)
- *                 when record compression is enabled.
- *
- * \sa             mbedtls_ssl_set_mtu()
- * \sa             mbedtls_ssl_get_output_max_frag_len()
- * \sa             mbedtls_ssl_get_input_max_frag_len()
- * \sa             mbedtls_ssl_get_record_expansion()
- *
- * \param ssl      SSL context
- *
- * \return         Current maximum payload for an outgoing record,
- *                 or a negative error code.
- */
-int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * \brief          Return the peer certificate from the current connection.
- *
- * \param  ssl     The SSL context to use. This must be initialized and setup.
- *
- * \return         The current peer certificate, if available.
- *                 The returned certificate is owned by the SSL context and
- *                 is valid only until the next call to the SSL API.
- * \return         \c NULL if no peer certificate is available. This might
- *                 be because the chosen ciphersuite doesn't use CRTs
- *                 (PSK-based ciphersuites, for example), or because
- *                 #MBEDTLS_SSL_KEEP_PEER_CERTIFICATE has been disabled,
- *                 allowing the stack to free the peer's CRT to save memory.
- *
- * \note           For one-time inspection of the peer's certificate during
- *                 the handshake, consider registering an X.509 CRT verification
- *                 callback through mbedtls_ssl_conf_verify() instead of calling
- *                 this function. Using mbedtls_ssl_conf_verify() also comes at
- *                 the benefit of allowing you to influence the verification
- *                 process, for example by masking expected and tolerated
- *                 verification failures.
- *
- * \warning        You must not use the pointer returned by this function
- *                 after any further call to the SSL API, including
- *                 mbedtls_ssl_read() and mbedtls_ssl_write(); this is
- *                 because the pointer might change during renegotiation,
- *                 which happens transparently to the user.
- *                 If you want to use the certificate across API calls,
- *                 you must make a copy.
- */
-const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_CLI_C)
-/**
- * \brief          Save session in order to resume it later (client-side only)
- *                 Session data is copied to presented session structure.
- *
- *
- * \param ssl      SSL context
- * \param session  session context
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed,
- *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or
- *                 arguments are otherwise invalid.
- *
- * \note           Only the server certificate is copied, and not the full chain,
- *                 so you should not attempt to validate the certificate again
- *                 by calling \c mbedtls_x509_crt_verify() on it.
- *                 Instead, you should use the results from the verification
- *                 in the original handshake by calling \c mbedtls_ssl_get_verify_result()
- *                 after loading the session again into a new SSL context
- *                 using \c mbedtls_ssl_set_session().
- *
- * \note           Once the session object is not needed anymore, you should
- *                 free it by calling \c mbedtls_ssl_session_free().
- *
- * \sa             mbedtls_ssl_set_session()
- */
-int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session );
-#endif /* MBEDTLS_SSL_CLI_C */
-
-/**
- * \brief          Perform the SSL handshake
- *
- * \param ssl      SSL context
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
- *                 if the handshake is incomplete and waiting for data to
- *                 be available for reading from or writing to the underlying
- *                 transport - in this case you must call this function again
- *                 when the underlying transport is ready for the operation.
- * \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
- *                 operation is in progress (see
- *                 mbedtls_ssl_conf_async_private_cb()) - in this case you
- *                 must call this function again when the operation is ready.
- * \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
- *                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
- *                 in this case you must call this function again to complete
- *                 the handshake when you're done attending other tasks.
- * \return         #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use
- *                 and the client did not demonstrate reachability yet - in
- *                 this case you must stop using the context (see below).
- * \return         Another SSL error code - in this case you must stop using
- *                 the context (see below).
- *
- * \warning        If this function returns something other than
- *                 \c 0,
- *                 #MBEDTLS_ERR_SSL_WANT_READ,
- *                 #MBEDTLS_ERR_SSL_WANT_WRITE,
- *                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
- *                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
- *                 you must stop using the SSL context for reading or writing,
- *                 and either free it or call \c mbedtls_ssl_session_reset()
- *                 on it before re-using it for a new connection; the current
- *                 connection must be closed.
- *
- * \note           If DTLS is in use, then you may choose to handle
- *                 #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED specially for logging
- *                 purposes, as it is an expected return value rather than an
- *                 actual error, but you still need to reset/free the context.
- *
- * \note           Remarks regarding event-driven DTLS:
- *                 If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram
- *                 from the underlying transport layer is currently being processed,
- *                 and it is safe to idle until the timer or the underlying transport
- *                 signal a new event. This is not true for a successful handshake,
- *                 in which case the datagram of the underlying transport that is
- *                 currently being processed might or might not contain further
- *                 DTLS records.
- */
-int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Perform a single step of the SSL handshake
- *
- * \note           The state of the context (ssl->state) will be at
- *                 the next state after this function returns \c 0. Do not
- *                 call this function if state is MBEDTLS_SSL_HANDSHAKE_OVER.
- *
- * \param ssl      SSL context
- *
- * \return         See mbedtls_ssl_handshake().
- *
- * \warning        If this function returns something other than \c 0,
- *                 #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
- *                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
- *                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
- *                 the SSL context for reading or writing, and either free it
- *                 or call \c mbedtls_ssl_session_reset() on it before
- *                 re-using it for a new connection; the current connection
- *                 must be closed.
- */
-int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-/**
- * \brief          Initiate an SSL renegotiation on the running connection.
- *                 Client: perform the renegotiation right now.
- *                 Server: request renegotiation, which will be performed
- *                 during the next call to mbedtls_ssl_read() if honored by
- *                 client.
- *
- * \param ssl      SSL context
- *
- * \return         0 if successful, or any mbedtls_ssl_handshake() return
- *                 value except #MBEDTLS_ERR_SSL_CLIENT_RECONNECT that can't
- *                 happen during a renegotiation.
- *
- * \warning        If this function returns something other than \c 0,
- *                 #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
- *                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
- *                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
- *                 the SSL context for reading or writing, and either free it
- *                 or call \c mbedtls_ssl_session_reset() on it before
- *                 re-using it for a new connection; the current connection
- *                 must be closed.
- *
- */
-int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-/**
- * \brief          Read at most 'len' application data bytes
- *
- * \param ssl      SSL context
- * \param buf      buffer that will hold the data
- * \param len      maximum number of bytes to read
- *
- * \return         The (positive) number of bytes read if successful.
- * \return         \c 0 if the read end of the underlying transport was closed
- *                 without sending a CloseNotify beforehand, which might happen
- *                 because of various reasons (internal error of an underlying
- *                 stack, non-conformant peer not sending a CloseNotify and
- *                 such) - in this case you must stop using the context
- *                 (see below).
- * \return         #MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY if the underlying
- *                 transport is still functional, but the peer has
- *                 acknowledged to not send anything anymore.
- * \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
- *                 if the handshake is incomplete and waiting for data to
- *                 be available for reading from or writing to the underlying
- *                 transport - in this case you must call this function again
- *                 when the underlying transport is ready for the operation.
- * \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
- *                 operation is in progress (see
- *                 mbedtls_ssl_conf_async_private_cb()) - in this case you
- *                 must call this function again when the operation is ready.
- * \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
- *                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
- *                 in this case you must call this function again to complete
- *                 the handshake when you're done attending other tasks.
- * \return         #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server
- *                 side of a DTLS connection and the client is initiating a
- *                 new connection using the same source port. See below.
- * \return         Another SSL error code - in this case you must stop using
- *                 the context (see below).
- *
- * \warning        If this function returns something other than
- *                 a positive value,
- *                 #MBEDTLS_ERR_SSL_WANT_READ,
- *                 #MBEDTLS_ERR_SSL_WANT_WRITE,
- *                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
- *                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
- *                 #MBEDTLS_ERR_SSL_CLIENT_RECONNECT,
- *                 you must stop using the SSL context for reading or writing,
- *                 and either free it or call \c mbedtls_ssl_session_reset()
- *                 on it before re-using it for a new connection; the current
- *                 connection must be closed.
- *
- * \note           When this function returns #MBEDTLS_ERR_SSL_CLIENT_RECONNECT
- *                 (which can only happen server-side), it means that a client
- *                 is initiating a new connection using the same source port.
- *                 You can either treat that as a connection close and wait
- *                 for the client to resend a ClientHello, or directly
- *                 continue with \c mbedtls_ssl_handshake() with the same
- *                 context (as it has been reset internally). Either way, you
- *                 must make sure this is seen by the application as a new
- *                 connection: application state, if any, should be reset, and
- *                 most importantly the identity of the client must be checked
- *                 again. WARNING: not validating the identity of the client
- *                 again, or not transmitting the new identity to the
- *                 application layer, would allow authentication bypass!
- *
- * \note           Remarks regarding event-driven DTLS:
- *                 - If the function returns #MBEDTLS_ERR_SSL_WANT_READ, no datagram
- *                   from the underlying transport layer is currently being processed,
- *                   and it is safe to idle until the timer or the underlying transport
- *                   signal a new event.
- *                 - This function may return MBEDTLS_ERR_SSL_WANT_READ even if data was
- *                   initially available on the underlying transport, as this data may have
- *                   been only e.g. duplicated messages or a renegotiation request.
- *                   Therefore, you must be prepared to receive MBEDTLS_ERR_SSL_WANT_READ even
- *                   when reacting to an incoming-data event from the underlying transport.
- *                 - On success, the datagram of the underlying transport that is currently
- *                   being processed may contain further DTLS records. You should call
- *                   \c mbedtls_ssl_check_pending to check for remaining records.
- *
- */
-int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
-
-/**
- * \brief          Try to write exactly 'len' application data bytes
- *
- * \warning        This function will do partial writes in some cases. If the
- *                 return value is non-negative but less than length, the
- *                 function must be called again with updated arguments:
- *                 buf + ret, len - ret (if ret is the return value) until
- *                 it returns a value equal to the last 'len' argument.
- *
- * \param ssl      SSL context
- * \param buf      buffer holding the data
- * \param len      how many bytes must be written
- *
- * \return         The (non-negative) number of bytes actually written if
- *                 successful (may be less than \p len).
- * \return         #MBEDTLS_ERR_SSL_WANT_READ or #MBEDTLS_ERR_SSL_WANT_WRITE
- *                 if the handshake is incomplete and waiting for data to
- *                 be available for reading from or writing to the underlying
- *                 transport - in this case you must call this function again
- *                 when the underlying transport is ready for the operation.
- * \return         #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS if an asynchronous
- *                 operation is in progress (see
- *                 mbedtls_ssl_conf_async_private_cb()) - in this case you
- *                 must call this function again when the operation is ready.
- * \return         #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS if a cryptographic
- *                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
- *                 in this case you must call this function again to complete
- *                 the handshake when you're done attending other tasks.
- * \return         Another SSL error code - in this case you must stop using
- *                 the context (see below).
- *
- * \warning        If this function returns something other than
- *                 a non-negative value,
- *                 #MBEDTLS_ERR_SSL_WANT_READ,
- *                 #MBEDTLS_ERR_SSL_WANT_WRITE,
- *                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
- *                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
- *                 you must stop using the SSL context for reading or writing,
- *                 and either free it or call \c mbedtls_ssl_session_reset()
- *                 on it before re-using it for a new connection; the current
- *                 connection must be closed.
- *
- * \note           When this function returns #MBEDTLS_ERR_SSL_WANT_WRITE/READ,
- *                 it must be called later with the *same* arguments,
- *                 until it returns a value greater that or equal to 0. When
- *                 the function returns #MBEDTLS_ERR_SSL_WANT_WRITE there may be
- *                 some partial data in the output buffer, however this is not
- *                 yet sent.
- *
- * \note           If the requested length is greater than the maximum
- *                 fragment length (either the built-in limit or the one set
- *                 or negotiated with the peer), then:
- *                 - with TLS, less bytes than requested are written.
- *                 - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
- *                 \c mbedtls_ssl_get_output_max_frag_len() may be used to
- *                 query the active maximum fragment length.
- *
- * \note           Attempting to write 0 bytes will result in an empty TLS
- *                 application record being sent.
- */
-int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
-
-/**
- * \brief           Send an alert message
- *
- * \param ssl       SSL context
- * \param level     The alert level of the message
- *                  (MBEDTLS_SSL_ALERT_LEVEL_WARNING or MBEDTLS_SSL_ALERT_LEVEL_FATAL)
- * \param message   The alert message (SSL_ALERT_MSG_*)
- *
- * \return          0 if successful, or a specific SSL error code.
- *
- * \note           If this function returns something other than 0 or
- *                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
- *                 the SSL context for reading or writing, and either free it or
- *                 call \c mbedtls_ssl_session_reset() on it before re-using it
- *                 for a new connection; the current connection must be closed.
- */
-int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
-                            unsigned char level,
-                            unsigned char message );
-/**
- * \brief          Notify the peer that the connection is being closed
- *
- * \param ssl      SSL context
- *
- * \return          0 if successful, or a specific SSL error code.
- *
- * \note           If this function returns something other than 0 or
- *                 MBEDTLS_ERR_SSL_WANT_READ/WRITE, you must stop using
- *                 the SSL context for reading or writing, and either free it or
- *                 call \c mbedtls_ssl_session_reset() on it before re-using it
- *                 for a new connection; the current connection must be closed.
- */
-int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
-
-/**
- * \brief          Free referenced items in an SSL context and clear memory
- *
- * \param ssl      SSL context
- */
-void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
-
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
-/**
- * \brief          Save an active connection as serialized data in a buffer.
- *                 This allows the freeing or re-using of the SSL context
- *                 while still picking up the connection later in a way that
- *                 it entirely transparent to the peer.
- *
- * \see            mbedtls_ssl_context_load()
- *
- * \note           This feature is currently only available under certain
- *                 conditions, see the documentation of the return value
- *                 #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details.
- *
- * \note           When this function succeeds, it calls
- *                 mbedtls_ssl_session_reset() on \p ssl which as a result is
- *                 no longer associated with the connection that has been
- *                 serialized. This avoids creating copies of the connection
- *                 state. You're then free to either re-use the context
- *                 structure for a different connection, or call
- *                 mbedtls_ssl_free() on it. See the documentation of
- *                 mbedtls_ssl_session_reset() for more details.
- *
- * \param ssl      The SSL context to save. On success, it is no longer
- *                 associated with the connection that has been serialized.
- * \param buf      The buffer to write the serialized data to. It must be a
- *                 writeable buffer of at least \p buf_len bytes, or may be \c
- *                 NULL if \p buf_len is \c 0.
- * \param buf_len  The number of bytes available for writing in \p buf.
- * \param olen     The size in bytes of the data that has been or would have
- *                 been written. It must point to a valid \c size_t.
- *
- * \note           \p olen is updated to the correct value regardless of
- *                 whether \p buf_len was large enough. This makes it possible
- *                 to determine the necessary size by calling this function
- *                 with \p buf set to \c NULL and \p buf_len to \c 0. However,
- *                 the value of \p olen is only guaranteed to be correct when
- *                 the function returns #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or
- *                 \c 0. If the return value is different, then the value of
- *                 \p olen is undefined.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
- * \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
- *                 while resetting the context.
- * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
- *                 progress, or there is pending data for reading or sending,
- *                 or the connection does not use DTLS 1.2 with an AEAD
- *                 ciphersuite, or renegotiation is enabled.
- */
-int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
-                              unsigned char *buf,
-                              size_t buf_len,
-                              size_t *olen );
-
-/**
- * \brief          Load serialized connection data to an SSL context.
- *
- * \see            mbedtls_ssl_context_save()
- *
- * \warning        The same serialized data must never be loaded into more
- *                 that one context. In order to ensure that, after
- *                 successfully loading serialized data to an SSL context, you
- *                 should immediately destroy or invalidate all copies of the
- *                 serialized data that was loaded. Loading the same data in
- *                 more than one context would cause severe security failures
- *                 including but not limited to loss of confidentiality.
- *
- * \note           Before calling this function, the SSL context must be
- *                 prepared in one of the two following ways. The first way is
- *                 to take a context freshly initialised with
- *                 mbedtls_ssl_init() and call mbedtls_ssl_setup() on it with
- *                 the same ::mbedtls_ssl_config structure that was used in
- *                 the original connection. The second way is to
- *                 call mbedtls_ssl_session_reset() on a context that was
- *                 previously prepared as above but used in the meantime.
- *                 Either way, you must not use the context to perform a
- *                 handshake between calling mbedtls_ssl_setup() or
- *                 mbedtls_ssl_session_reset() and calling this function. You
- *                 may however call other setter functions in that time frame
- *                 as indicated in the note below.
- *
- * \note           Before or after calling this function successfully, you
- *                 also need to configure some connection-specific callbacks
- *                 and settings before you can use the connection again
- *                 (unless they were already set before calling
- *                 mbedtls_ssl_session_reset() and the values are suitable for
- *                 the present connection). Specifically, you want to call
- *                 at least mbedtls_ssl_set_bio() and
- *                 mbedtls_ssl_set_timer_cb(). All other SSL setter functions
- *                 are not necessary to call, either because they're only used
- *                 in handshakes, or because the setting is already saved. You
- *                 might choose to call them anyway, for example in order to
- *                 share code between the cases of establishing a new
- *                 connection and the case of loading an already-established
- *                 connection.
- *
- * \note           If you have new information about the path MTU, you want to
- *                 call mbedtls_ssl_set_mtu() after calling this function, as
- *                 otherwise this function would overwrite your
- *                 newly-configured value with the value that was active when
- *                 the context was saved.
- *
- * \note           When this function returns an error code, it calls
- *                 mbedtls_ssl_free() on \p ssl. In this case, you need to
- *                 prepare the context with the usual sequence starting with a
- *                 call to mbedtls_ssl_init() if you want to use it again.
- *
- * \param ssl      The SSL context structure to be populated. It must have
- *                 been prepared as described in the note above.
- * \param buf      The buffer holding the serialized connection data. It must
- *                 be a readable buffer of at least \p len bytes.
- * \param len      The size of the serialized data in bytes.
- *
- * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
- * \return         #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
- *                 comes from a different Mbed TLS version or build.
- * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
- */
-int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl,
-                              const unsigned char *buf,
-                              size_t len );
-#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
-
-/**
- * \brief          Initialize an SSL configuration context
- *                 Just makes the context ready for
- *                 mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
- *
- * \note           You need to call mbedtls_ssl_config_defaults() unless you
- *                 manually set all of the relevant fields yourself.
- *
- * \param conf     SSL configuration context
- */
-void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
-
-/**
- * \brief          Load reasonable default SSL configuration values.
- *                 (You need to call mbedtls_ssl_config_init() first.)
- *
- * \param conf     SSL configuration context
- * \param endpoint MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
- * \param transport MBEDTLS_SSL_TRANSPORT_STREAM for TLS, or
- *                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS
- * \param preset   a MBEDTLS_SSL_PRESET_XXX value
- *
- * \note           See \c mbedtls_ssl_conf_transport() for notes on DTLS.
- *
- * \return         0 if successful, or
- *                 MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
- */
-int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
-                                 int endpoint, int transport, int preset );
-
-/**
- * \brief          Free an SSL configuration context
- *
- * \param conf     SSL configuration context
- */
-void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
-
-/**
- * \brief          Initialize SSL session structure
- *
- * \param session  SSL session
- */
-void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
-
-/**
- * \brief          Free referenced items in an SSL session including the
- *                 peer certificate and clear memory
- *
- * \note           A session object can be freed even if the SSL context
- *                 that was used to retrieve the session is still in use.
- *
- * \param session  SSL session
- */
-void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
-
-/**
- * \brief          TLS-PRF function for key derivation.
- *
- * \param prf      The tls_prf type function type to be used.
- * \param secret   Secret for the key derivation function.
- * \param slen     Length of the secret.
- * \param label    String label for the key derivation function,
- *                 terminated with null character.
- * \param random   Random bytes.
- * \param rlen     Length of the random bytes buffer.
- * \param dstbuf   The buffer holding the derived key.
- * \param dlen     Length of the output buffer.
- *
- * \return         0 on success. An SSL specific error on failure.
- */
-int  mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
-                          const unsigned char *secret, size_t slen,
-                          const char *label,
-                          const unsigned char *random, size_t rlen,
-                          unsigned char *dstbuf, size_t dlen );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl.h */
diff --git a/Sources/mbedtls/include/mbedtls/ssl_cache.h b/Sources/mbedtls/include/mbedtls/ssl_cache.h
deleted file mode 100644
index 02eab96..0000000
--- a/Sources/mbedtls/include/mbedtls/ssl_cache.h
+++ /dev/null
@@ -1,149 +0,0 @@
-/**
- * \file ssl_cache.h
- *
- * \brief SSL session cache implementation
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_SSL_CACHE_H
-#define MBEDTLS_SSL_CACHE_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/ssl.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-
-#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
-#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400   /*!< 1 day  */
-#endif
-
-#if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
-#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50   /*!< Maximum entries in cache */
-#endif
-
-/** \} name SECTION: Module settings */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct mbedtls_ssl_cache_context mbedtls_ssl_cache_context;
-typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
-
-/**
- * \brief   This structure is used for storing cache entries
- */
-struct mbedtls_ssl_cache_entry
-{
-#if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t timestamp;           /*!< entry timestamp    */
-#endif
-    mbedtls_ssl_session session;        /*!< entry session      */
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
-    defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    mbedtls_x509_buf peer_cert;         /*!< entry peer_cert    */
-#endif
-    mbedtls_ssl_cache_entry *next;      /*!< chain pointer      */
-};
-
-/**
- * \brief Cache context
- */
-struct mbedtls_ssl_cache_context
-{
-    mbedtls_ssl_cache_entry *chain;     /*!< start of the chain     */
-    int timeout;                /*!< cache entry timeout    */
-    int max_entries;            /*!< maximum entries        */
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t mutex;    /*!< mutex                  */
-#endif
-};
-
-/**
- * \brief          Initialize an SSL cache context
- *
- * \param cache    SSL cache context
- */
-void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache );
-
-/**
- * \brief          Cache get callback implementation
- *                 (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param data     SSL cache context
- * \param session  session to retrieve entry for
- */
-int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session );
-
-/**
- * \brief          Cache set callback implementation
- *                 (Thread-safe if MBEDTLS_THREADING_C is enabled)
- *
- * \param data     SSL cache context
- * \param session  session to store entry for
- */
-int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session );
-
-#if defined(MBEDTLS_HAVE_TIME)
-/**
- * \brief          Set the cache timeout
- *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT (1 day))
- *
- *                 A timeout of 0 indicates no timeout.
- *
- * \param cache    SSL cache context
- * \param timeout  cache entry timeout in seconds
- */
-void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout );
-#endif /* MBEDTLS_HAVE_TIME */
-
-/**
- * \brief          Set the maximum number of cache entries
- *                 (Default: MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES (50))
- *
- * \param cache    SSL cache context
- * \param max      cache entry maximum
- */
-void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max );
-
-/**
- * \brief          Free referenced items in a cache context and clear memory
- *
- * \param cache    SSL cache context
- */
-void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl_cache.h */
diff --git a/Sources/mbedtls/include/mbedtls/ssl_ciphersuites.h b/Sources/mbedtls/include/mbedtls/ssl_ciphersuites.h
deleted file mode 100644
index 93c32a5..0000000
--- a/Sources/mbedtls/include/mbedtls/ssl_ciphersuites.h
+++ /dev/null
@@ -1,556 +0,0 @@
-/**
- * \file ssl_ciphersuites.h
- *
- * \brief SSL Ciphersuites for mbed TLS
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_SSL_CIPHERSUITES_H
-#define MBEDTLS_SSL_CIPHERSUITES_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/pk.h"
-#include "mbedtls/cipher.h"
-#include "mbedtls/md.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Supported ciphersuites (Official IANA names)
- */
-#define MBEDTLS_TLS_RSA_WITH_NULL_MD5                    0x01   /**< Weak! */
-#define MBEDTLS_TLS_RSA_WITH_NULL_SHA                    0x02   /**< Weak! */
-
-#define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5                 0x04
-#define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA                 0x05
-#define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA                 0x09   /**< Weak! Not in TLS 1.2 */
-
-#define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA            0x0A
-
-#define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA             0x15   /**< Weak! Not in TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA        0x16
-
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA                    0x2C   /**< Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA                0x2D   /**< Weak! */
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA                0x2E   /**< Weak! */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA             0x2F
-
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA         0x33
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA             0x35
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA         0x39
-
-#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256                 0x3B   /**< Weak! */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256          0x3C   /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256          0x3D   /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        0x41
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    0x45
-
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256      0x67   /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256      0x6B   /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        0x84
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    0x88
-
-#define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA                 0x8A
-#define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA            0x8B
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA             0x8C
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA             0x8D
-
-#define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA             0x8E
-#define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA        0x8F
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA         0x90
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA         0x91
-
-#define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA             0x92
-#define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA        0x93
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA         0x94
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA         0x95
-
-#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256          0x9C   /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384          0x9D   /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      0x9E   /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      0x9F   /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256          0xA8   /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384          0xA9   /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256      0xAA   /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384      0xAB   /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256      0xAC   /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384      0xAD   /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256          0xAE
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384          0xAF
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256                 0xB0   /**< Weak! */
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384                 0xB1   /**< Weak! */
-
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256      0xB2
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384      0xB3
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256             0xB4   /**< Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384             0xB5   /**< Weak! */
-
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256      0xB6
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384      0xB7
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256             0xB8   /**< Weak! */
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384             0xB9   /**< Weak! */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     0xBA   /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE   /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     0xC0   /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4   /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA             0xC001 /**< Weak! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA          0xC002 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA     0xC003 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA      0xC004 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA      0xC005 /**< Not in SSL3! */
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA            0xC006 /**< Weak! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA         0xC007 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC008 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     0xC009 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     0xC00A /**< Not in SSL3! */
-
-#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA               0xC00B /**< Weak! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA            0xC00C /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA       0xC00D /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA        0xC00E /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA        0xC00F /**< Not in SSL3! */
-
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA              0xC010 /**< Weak! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA           0xC011 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA      0xC012 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA       0xC013 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA       0xC014 /**< Not in SSL3! */
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  0xC023 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  0xC024 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256   0xC025 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384   0xC026 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256    0xC027 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384    0xC028 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256     0xC029 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384     0xC02A /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  0xC02B /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  0xC02C /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   0xC02D /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   0xC02E /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    0xC02F /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    0xC030 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     0xC031 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     0xC032 /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA           0xC033 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA      0xC034 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA       0xC035 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA       0xC036 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0xC038 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA              0xC039 /**< Weak! No SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256           0xC03A /**< Weak! No SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384           0xC03B /**< Weak! No SSL3! */
-
-#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256         0xC03C /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384         0xC03D /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256     0xC044 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384     0xC045 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256  0xC04A /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384  0xC04B /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256   0xC04C /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384   0xC04D /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256    0xC04E /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384    0xC04F /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256         0xC050 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384         0xC051 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256     0xC052 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384     0xC053 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256  0xC05E /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384  0xC05F /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256   0xC060 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384   0xC061 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256    0xC062 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384    0xC063 /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256         0xC064 /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384         0xC065 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256     0xC066 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384     0xC067 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256     0xC068 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384     0xC069 /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256         0xC06A /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384         0xC06B /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256     0xC06C /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384     0xC06D /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256     0xC06E /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384     0xC06F /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256   0xC070 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384   0xC071 /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0xC074 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0xC075 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0xC076 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0xC077 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0xC078 /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0xC079 /**< Not in SSL3! */
-
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256         0xC07A /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384         0xC07B /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256     0xC07C /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384     0xC07D /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  0xC088 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  0xC089 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256   0xC08A /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384   0xC08B /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256    0xC08C /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384    0xC08D /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256       0xC08E /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384       0xC08F /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC090 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC091 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC092 /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC093 /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256       0xC094
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384       0xC095
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC096
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC097
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC098
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC099
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */
-
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM                0xC09C  /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM                0xC09D  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM            0xC09E  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM            0xC09F  /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8              0xC0A0  /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8              0xC0A1  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8          0xC0A2  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8          0xC0A3  /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM                0xC0A4  /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM                0xC0A5  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM            0xC0A6  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM            0xC0A7  /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8              0xC0A8  /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8              0xC0A9  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8          0xC0AA  /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8          0xC0AB  /**< TLS 1.2 */
-/* The last two are named with PSK_DHE in the RFC, which looks like a typo */
-
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM        0xC0AC  /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM        0xC0AD  /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8      0xC0AE  /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8      0xC0AF  /**< TLS 1.2 */
-
-#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8          0xC0FF  /**< experimental */
-
-/* RFC 7905 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   0xCCA8 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9 /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     0xCCAA /**< TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256         0xCCAB /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256   0xCCAC /**< TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256     0xCCAD /**< TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256     0xCCAE /**< TLS 1.2 */
-
-/* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
- * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
- */
-typedef enum {
-    MBEDTLS_KEY_EXCHANGE_NONE = 0,
-    MBEDTLS_KEY_EXCHANGE_RSA,
-    MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-    MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-    MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-    MBEDTLS_KEY_EXCHANGE_PSK,
-    MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-    MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-    MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-    MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-    MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-    MBEDTLS_KEY_EXCHANGE_ECJPAKE,
-} mbedtls_key_exchange_type_t;
-
-/* Key exchanges using a certificate */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
-#endif
-
-/* Key exchanges allowing client certificate requests */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           ||       \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       ||       \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      ||       \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     ||       \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)    ||       \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
-#endif
-
-/* Key exchanges involving server signature in ServerKeyExchange */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
-#endif
-
-/* Key exchanges using ECDH */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED
-#endif
-
-/* Key exchanges that don't involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
-#endif
-
-/* Key exchanges that involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
-#endif
-
-/* Key exchanges using a PSK */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
-#endif
-
-/* Key exchanges using DHE */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED
-#endif
-
-/* Key exchanges using ECDHE */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
-#endif
-
-typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
-
-#define MBEDTLS_CIPHERSUITE_WEAK       0x01    /**< Weak ciphersuite flag  */
-#define MBEDTLS_CIPHERSUITE_SHORT_TAG  0x02    /**< Short authentication tag,
-                                                     eg for CCM_8 */
-#define MBEDTLS_CIPHERSUITE_NODTLS     0x04    /**< Can't be used with DTLS */
-
-/**
- * \brief   This structure is used for storing ciphersuite information
- */
-struct mbedtls_ssl_ciphersuite_t
-{
-    int id;
-    const char * name;
-
-    mbedtls_cipher_type_t cipher;
-    mbedtls_md_type_t mac;
-    mbedtls_key_exchange_type_t key_exchange;
-
-    int min_major_ver;
-    int min_minor_ver;
-    int max_major_ver;
-    int max_minor_ver;
-
-    unsigned char flags;
-};
-
-const int *mbedtls_ssl_list_ciphersuites( void );
-
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id );
-
-#if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info );
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info );
-#endif
-
-int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
-int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
-
-static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-
-static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl_ciphersuites.h */
diff --git a/Sources/mbedtls/include/mbedtls/ssl_cookie.h b/Sources/mbedtls/include/mbedtls/ssl_cookie.h
deleted file mode 100644
index 2aa3731..0000000
--- a/Sources/mbedtls/include/mbedtls/ssl_cookie.h
+++ /dev/null
@@ -1,113 +0,0 @@
-/**
- * \file ssl_cookie.h
- *
- * \brief DTLS cookie callbacks implementation
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_SSL_COOKIE_H
-#define MBEDTLS_SSL_COOKIE_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/ssl.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/**
- * \name SECTION: Module settings
- *
- * The configuration options you can set for this module are in this section.
- * Either change them in config.h or define them on the compiler command line.
- * \{
- */
-#ifndef MBEDTLS_SSL_COOKIE_TIMEOUT
-#define MBEDTLS_SSL_COOKIE_TIMEOUT     60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
-#endif
-
-/** \} name SECTION: Module settings */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief          Context for the default cookie functions.
- */
-typedef struct mbedtls_ssl_cookie_ctx
-{
-    mbedtls_md_context_t    hmac_ctx;   /*!< context for the HMAC portion   */
-#if !defined(MBEDTLS_HAVE_TIME)
-    unsigned long   serial;     /*!< serial number for expiration   */
-#endif
-    unsigned long   timeout;    /*!< timeout delay, in seconds if HAVE_TIME,
-                                     or in number of tickets issued */
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t mutex;
-#endif
-} mbedtls_ssl_cookie_ctx;
-
-/**
- * \brief          Initialize cookie context
- */
-void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx );
-
-/**
- * \brief          Setup cookie context (generate keys)
- */
-int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
-
-/**
- * \brief          Set expiration delay for cookies
- *                 (Default MBEDTLS_SSL_COOKIE_TIMEOUT)
- *
- * \param ctx      Cookie context
- * \param delay    Delay, in seconds if HAVE_TIME, or in number of cookies
- *                 issued in the meantime.
- *                 0 to disable expiration (NOT recommended)
- */
-void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay );
-
-/**
- * \brief          Free cookie context
- */
-void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx );
-
-/**
- * \brief          Generate cookie, see \c mbedtls_ssl_cookie_write_t
- */
-mbedtls_ssl_cookie_write_t mbedtls_ssl_cookie_write;
-
-/**
- * \brief          Verify cookie, see \c mbedtls_ssl_cookie_write_t
- */
-mbedtls_ssl_cookie_check_t mbedtls_ssl_cookie_check;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl_cookie.h */
diff --git a/Sources/mbedtls/include/mbedtls/ssl_internal.h b/Sources/mbedtls/include/mbedtls/ssl_internal.h
deleted file mode 100644
index 77ad755..0000000
--- a/Sources/mbedtls/include/mbedtls/ssl_internal.h
+++ /dev/null
@@ -1,1352 +0,0 @@
-/**
- * \file ssl_internal.h
- *
- * \brief Internal functions shared by the SSL modules
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_SSL_INTERNAL_H
-#define MBEDTLS_SSL_INTERNAL_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/ssl.h"
-#include "mbedtls/cipher.h"
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#endif
-
-#if defined(MBEDTLS_MD5_C)
-#include "mbedtls/md5.h"
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-#include "mbedtls/sha1.h"
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-#include "mbedtls/sha256.h"
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#include "mbedtls/sha512.h"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#include "mbedtls/ecjpake.h"
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#include "mbedtls/psa_util.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-/* Determine minimum supported version */
-#define MBEDTLS_SSL_MIN_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_0
-#else
-#if defined(MBEDTLS_SSL_PROTO_TLS1)
-#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_1
-#else
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
-#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_2
-#else
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#define MBEDTLS_SSL_MIN_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_3
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1   */
-#endif /* MBEDTLS_SSL_PROTO_SSL3   */
-
-#define MBEDTLS_SSL_MIN_VALID_MINOR_VERSION MBEDTLS_SSL_MINOR_VERSION_1
-#define MBEDTLS_SSL_MIN_VALID_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3
-
-/* Determine maximum supported version */
-#define MBEDTLS_SSL_MAX_MAJOR_VERSION           MBEDTLS_SSL_MAJOR_VERSION_3
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_3
-#else
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1)
-#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_2
-#else
-#if defined(MBEDTLS_SSL_PROTO_TLS1)
-#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_1
-#else
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-#define MBEDTLS_SSL_MAX_MINOR_VERSION           MBEDTLS_SSL_MINOR_VERSION_0
-#endif /* MBEDTLS_SSL_PROTO_SSL3   */
-#endif /* MBEDTLS_SSL_PROTO_TLS1   */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-/* Shorthand for restartable ECC */
-#if defined(MBEDTLS_ECP_RESTARTABLE) && \
-    defined(MBEDTLS_SSL_CLI_C) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#define MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED
-#endif
-
-#define MBEDTLS_SSL_INITIAL_HANDSHAKE           0
-#define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS   1   /* In progress */
-#define MBEDTLS_SSL_RENEGOTIATION_DONE          2   /* Done or aborted */
-#define MBEDTLS_SSL_RENEGOTIATION_PENDING       3   /* Requested (server only) */
-
-/*
- * DTLS retransmission states, see RFC 6347 4.2.4
- *
- * The SENDING state is merged in PREPARING for initial sends,
- * but is distinct for resends.
- *
- * Note: initial state is wrong for server, but is not used anyway.
- */
-#define MBEDTLS_SSL_RETRANS_PREPARING       0
-#define MBEDTLS_SSL_RETRANS_SENDING         1
-#define MBEDTLS_SSL_RETRANS_WAITING         2
-#define MBEDTLS_SSL_RETRANS_FINISHED        3
-
-/*
- * Allow extra bytes for record, authentication and encryption overhead:
- * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
- * and allow for a maximum of 1024 of compression expansion if
- * enabled.
- */
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-#define MBEDTLS_SSL_COMPRESSION_ADD          1024
-#else
-#define MBEDTLS_SSL_COMPRESSION_ADD             0
-#endif
-
-/* This macro determines whether CBC is supported. */
-#if defined(MBEDTLS_CIPHER_MODE_CBC) &&                               \
-    ( defined(MBEDTLS_AES_C)      ||                                  \
-      defined(MBEDTLS_CAMELLIA_C) ||                                  \
-      defined(MBEDTLS_ARIA_C)     ||                                  \
-      defined(MBEDTLS_DES_C) )
-#define MBEDTLS_SSL_SOME_SUITES_USE_CBC
-#endif
-
-/* This macro determines whether the CBC construct used in TLS 1.0-1.2 (as
- * opposed to the very different CBC construct used in SSLv3) is supported. */
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
-    ( defined(MBEDTLS_SSL_PROTO_TLS1) ||        \
-      defined(MBEDTLS_SSL_PROTO_TLS1_1) ||      \
-      defined(MBEDTLS_SSL_PROTO_TLS1_2) )
-#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
-#endif
-
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) ||   \
-    defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
-#define MBEDTLS_SSL_SOME_MODES_USE_MAC
-#endif
-
-#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
-/* Ciphersuites using HMAC */
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_SSL_MAC_ADD                 48  /* SHA-384 used for HMAC */
-#elif defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_SSL_MAC_ADD                 32  /* SHA-256 used for HMAC */
-#else
-#define MBEDTLS_SSL_MAC_ADD                 20  /* SHA-1   used for HMAC */
-#endif
-#else /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
-/* AEAD ciphersuites: GCM and CCM use a 128 bits tag */
-#define MBEDTLS_SSL_MAC_ADD                 16
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_SSL_PADDING_ADD            256
-#else
-#define MBEDTLS_SSL_PADDING_ADD              0
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define MBEDTLS_SSL_MAX_CID_EXPANSION      MBEDTLS_SSL_CID_PADDING_GRANULARITY
-#else
-#define MBEDTLS_SSL_MAX_CID_EXPANSION        0
-#endif
-
-#define MBEDTLS_SSL_PAYLOAD_OVERHEAD ( MBEDTLS_SSL_COMPRESSION_ADD +    \
-                                       MBEDTLS_MAX_IV_LENGTH +          \
-                                       MBEDTLS_SSL_MAC_ADD +            \
-                                       MBEDTLS_SSL_PADDING_ADD +        \
-                                       MBEDTLS_SSL_MAX_CID_EXPANSION    \
-                                       )
-
-#define MBEDTLS_SSL_IN_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
-                                     ( MBEDTLS_SSL_IN_CONTENT_LEN ) )
-
-#define MBEDTLS_SSL_OUT_PAYLOAD_LEN ( MBEDTLS_SSL_PAYLOAD_OVERHEAD + \
-                                      ( MBEDTLS_SSL_OUT_CONTENT_LEN ) )
-
-/* The maximum number of buffered handshake messages. */
-#define MBEDTLS_SSL_MAX_BUFFERED_HS 4
-
-/* Maximum length we can advertise as our max content length for
-   RFC 6066 max_fragment_length extension negotiation purposes
-   (the lesser of both sizes, if they are unequal.)
- */
-#define MBEDTLS_TLS_EXT_ADV_CONTENT_LEN (                            \
-        (MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN)   \
-        ? ( MBEDTLS_SSL_OUT_CONTENT_LEN )                            \
-        : ( MBEDTLS_SSL_IN_CONTENT_LEN )                             \
-        )
-
-/* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */
-#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN  65534
-
-/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
-#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN         65535
-
-/*
- * Check that we obey the standard's message size bounds
- */
-
-#if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384
-#error "Bad configuration - record content too large."
-#endif
-
-#if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
-#error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
-#endif
-
-#if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN
-#error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN."
-#endif
-
-#if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
-#error "Bad configuration - incoming protected record payload too large."
-#endif
-
-#if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048
-#error "Bad configuration - outgoing protected record payload too large."
-#endif
-
-/* Calculate buffer sizes */
-
-/* Note: Even though the TLS record header is only 5 bytes
-   long, we're internally using 8 bytes to store the
-   implicit sequence number. */
-#define MBEDTLS_SSL_HEADER_LEN 13
-
-#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define MBEDTLS_SSL_IN_BUFFER_LEN  \
-    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) )
-#else
-#define MBEDTLS_SSL_IN_BUFFER_LEN  \
-    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_IN_PAYLOAD_LEN ) \
-      + ( MBEDTLS_SSL_CID_IN_LEN_MAX ) )
-#endif
-
-#if !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define MBEDTLS_SSL_OUT_BUFFER_LEN  \
-    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN ) )
-#else
-#define MBEDTLS_SSL_OUT_BUFFER_LEN                               \
-    ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_OUT_PAYLOAD_LEN )    \
-      + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) )
-#endif
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-static inline size_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx )
-{
-#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    return mbedtls_ssl_get_output_max_frag_len( ctx )
-               + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
-               + MBEDTLS_SSL_CID_OUT_LEN_MAX;
-#else
-    return mbedtls_ssl_get_output_max_frag_len( ctx )
-               + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
-#endif
-}
-
-static inline size_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context *ctx )
-{
-#if defined (MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    return mbedtls_ssl_get_input_max_frag_len( ctx )
-               + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD
-               + MBEDTLS_SSL_CID_IN_LEN_MAX;
-#else
-    return mbedtls_ssl_get_input_max_frag_len( ctx )
-               + MBEDTLS_SSL_HEADER_LEN + MBEDTLS_SSL_PAYLOAD_OVERHEAD;
-#endif
-}
-#endif
-
-#ifdef MBEDTLS_ZLIB_SUPPORT
-/* Compression buffer holds both IN and OUT buffers, so should be size of the larger */
-#define MBEDTLS_SSL_COMPRESS_BUFFER_LEN (                               \
-        ( MBEDTLS_SSL_IN_BUFFER_LEN > MBEDTLS_SSL_OUT_BUFFER_LEN )      \
-        ? MBEDTLS_SSL_IN_BUFFER_LEN                                     \
-        : MBEDTLS_SSL_OUT_BUFFER_LEN                                    \
-        )
-#endif
-
-/*
- * TLS extension flags (for extensions with outgoing ServerHello content
- * that need it (e.g. for RENEGOTIATION_INFO the server already knows because
- * of state of the renegotiation flag, so no indicator is required)
- */
-#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
-#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK                 (1 << 1)
-
-/**
- * \brief        This function checks if the remaining size in a buffer is
- *               greater or equal than a needed space.
- *
- * \param cur    Pointer to the current position in the buffer.
- * \param end    Pointer to one past the end of the buffer.
- * \param need   Needed space in bytes.
- *
- * \return       Zero if the needed space is available in the buffer, non-zero
- *               otherwise.
- */
-static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
-                                           const uint8_t *end, size_t need )
-{
-    return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
-}
-
-/**
- * \brief        This macro checks if the remaining size in a buffer is
- *               greater or equal than a needed space. If it is not the case,
- *               it returns an SSL_BUFFER_TOO_SMALL error.
- *
- * \param cur    Pointer to the current position in the buffer.
- * \param end    Pointer to one past the end of the buffer.
- * \param need   Needed space in bytes.
- *
- */
-#define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need )                        \
-    do {                                                                 \
-        if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
-        {                                                                \
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );                  \
-        }                                                                \
-    } while( 0 )
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-/*
- * Abstraction for a grid of allowed signature-hash-algorithm pairs.
- */
-struct mbedtls_ssl_sig_hash_set_t
-{
-    /* At the moment, we only need to remember a single suitable
-     * hash algorithm per signature algorithm. As long as that's
-     * the case - and we don't need a general lookup function -
-     * we can implement the sig-hash-set as a map from signatures
-     * to hash algorithms. */
-    mbedtls_md_type_t rsa;
-    mbedtls_md_type_t ecdsa;
-};
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
-          MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
-typedef int  mbedtls_ssl_tls_prf_cb( const unsigned char *secret, size_t slen,
-                                     const char *label,
-                                     const unsigned char *random, size_t rlen,
-                                     unsigned char *dstbuf, size_t dlen );
-
-/* cipher.h exports the maximum IV, key and block length from
- * all ciphers enabled in the config, regardless of whether those
- * ciphers are actually usable in SSL/TLS. Notably, XTS is enabled
- * in the default configuration and uses 64 Byte keys, but it is
- * not used for record protection in SSL/TLS.
- *
- * In order to prevent unnecessary inflation of key structures,
- * we introduce SSL-specific variants of the max-{key,block,IV}
- * macros here which are meant to only take those ciphers into
- * account which can be negotiated in SSL/TLS.
- *
- * Since the current definitions of MBEDTLS_MAX_{KEY|BLOCK|IV}_LENGTH
- * in cipher.h are rough overapproximations of the real maxima, here
- * we content ourselves with replicating those overapproximations
- * for the maximum block and IV length, and excluding XTS from the
- * computation of the maximum key length. */
-#define MBEDTLS_SSL_MAX_BLOCK_LENGTH 16
-#define MBEDTLS_SSL_MAX_IV_LENGTH    16
-#define MBEDTLS_SSL_MAX_KEY_LENGTH   32
-
-/**
- * \brief   The data structure holding the cryptographic material (key and IV)
- *          used for record protection in TLS 1.3.
- */
-struct mbedtls_ssl_key_set
-{
-    /*! The key for client->server records. */
-    unsigned char client_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ];
-    /*! The key for server->client records. */
-    unsigned char server_write_key[ MBEDTLS_SSL_MAX_KEY_LENGTH ];
-    /*! The IV  for client->server records. */
-    unsigned char client_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ];
-    /*! The IV  for server->client records. */
-    unsigned char server_write_iv[ MBEDTLS_SSL_MAX_IV_LENGTH ];
-
-    size_t key_len; /*!< The length of client_write_key and
-                     *   server_write_key, in Bytes. */
-    size_t iv_len;  /*!< The length of client_write_iv and
-                     *   server_write_iv, in Bytes. */
-};
-typedef struct mbedtls_ssl_key_set mbedtls_ssl_key_set;
-
-/*
- * This structure contains the parameters only needed during handshake.
- */
-struct mbedtls_ssl_handshake_params
-{
-    /*
-     * Handshake specific crypto variables
-     */
-
-    uint8_t max_major_ver;              /*!< max. major version client*/
-    uint8_t max_minor_ver;              /*!< max. minor version client*/
-    uint8_t resume;                     /*!<  session resume indicator*/
-    uint8_t cli_exts;                   /*!< client extension presence*/
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) &&        \
-    defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    uint8_t sni_authmode;               /*!< authmode from SNI callback     */
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    uint8_t new_session_ticket;         /*!< use NewSessionTicket?    */
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-    uint8_t extended_ms;                /*!< use Extended Master Secret? */
-#endif
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-    uint8_t async_in_progress;          /*!< an asynchronous operation is in progress */
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    unsigned char retransmit_state;     /*!<  Retransmission state           */
-#endif
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    uint8_t ecrs_enabled;               /*!< Handshake supports EC restart? */
-    enum { /* this complements ssl->state with info on intra-state operations */
-        ssl_ecrs_none = 0,              /*!< nothing going on (yet)         */
-        ssl_ecrs_crt_verify,            /*!< Certificate: crt_verify()      */
-        ssl_ecrs_ske_start_processing,  /*!< ServerKeyExchange: pk_verify() */
-        ssl_ecrs_cke_ecdh_calc_secret,  /*!< ClientKeyExchange: ECDH step 2 */
-        ssl_ecrs_crt_vrfy_sign,         /*!< CertificateVerify: pk_sign()   */
-    } ecrs_state;                       /*!< current (or last) operation    */
-    mbedtls_x509_crt *ecrs_peer_cert;   /*!< The peer's CRT chain.          */
-    size_t ecrs_n;                      /*!< place for saving a length      */
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) &&                \
-    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-    mbedtls_ssl_sig_hash_set_t hash_algs;             /*!<  Set of suitable sig-hash pairs */
-#endif
-
-    size_t pmslen;                      /*!<  premaster length        */
-
-    mbedtls_ssl_ciphersuite_t const *ciphersuite_info;
-
-    void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t);
-    void (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *);
-    void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int);
-    mbedtls_ssl_tls_prf_cb *tls_prf;
-
-#if defined(MBEDTLS_DHM_C)
-    mbedtls_dhm_context dhm_ctx;                /*!<  DHM key exchange        */
-#endif
-
-/* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
- * to guards also being in ssl_srv.c and ssl_cli.c. There is a gap
- * in functionality that access to ecdh_ctx structure is needed for
- * MBEDTLS_ECDSA_C which does not seem correct.
- */
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
-    mbedtls_ecdh_context ecdh_ctx;              /*!<  ECDH key exchange       */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_key_type_t ecdh_psa_type;
-    uint16_t ecdh_bits;
-    psa_key_id_t ecdh_psa_privkey;
-    unsigned char ecdh_psa_peerkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
-    size_t ecdh_psa_peerkey_len;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    mbedtls_ecjpake_context ecjpake_ctx;        /*!< EC J-PAKE key exchange */
-#if defined(MBEDTLS_SSL_CLI_C)
-    unsigned char *ecjpake_cache;               /*!< Cache for ClientHello ext */
-    size_t ecjpake_cache_len;                   /*!< Length of cached data */
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) ||      \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    const mbedtls_ecp_curve_info **curves;      /*!<  Supported elliptic curves */
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_key_id_t psk_opaque;            /*!< Opaque PSK from the callback   */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-    unsigned char *psk;                 /*!<  PSK from the callback         */
-    size_t psk_len;                     /*!<  Length of PSK from callback   */
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    mbedtls_ssl_key_cert *key_cert;     /*!< chosen key/cert pair (server)  */
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI         */
-    mbedtls_x509_crt *sni_ca_chain;     /*!< trusted CAs from SNI callback  */
-    mbedtls_x509_crl *sni_ca_crl;       /*!< trusted CAs CRLs from SNI      */
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    mbedtls_x509_crt_restart_ctx ecrs_ctx;  /*!< restart context            */
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) &&        \
-    !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    mbedtls_pk_context peer_pubkey;     /*!< The public key from the peer.  */
-#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    struct
-    {
-        size_t total_bytes_buffered; /*!< Cumulative size of heap allocated
-                                      *   buffers used for message buffering. */
-
-        uint8_t seen_ccs;               /*!< Indicates if a CCS message has
-                                         *   been seen in the current flight. */
-
-        struct mbedtls_ssl_hs_buffer
-        {
-            unsigned is_valid      : 1;
-            unsigned is_fragmented : 1;
-            unsigned is_complete   : 1;
-            unsigned char *data;
-            size_t data_len;
-        } hs[MBEDTLS_SSL_MAX_BUFFERED_HS];
-
-        struct
-        {
-            unsigned char *data;
-            size_t len;
-            unsigned epoch;
-        } future_record;
-
-    } buffering;
-
-    unsigned int out_msg_seq;           /*!<  Outgoing handshake sequence number */
-    unsigned int in_msg_seq;            /*!<  Incoming handshake sequence number */
-
-    unsigned char *verify_cookie;       /*!<  Cli: HelloVerifyRequest cookie
-                                              Srv: unused                    */
-    unsigned char verify_cookie_len;    /*!<  Cli: cookie length
-                                              Srv: flag for sending a cookie */
-
-    uint32_t retransmit_timeout;        /*!<  Current value of timeout       */
-    mbedtls_ssl_flight_item *flight;    /*!<  Current outgoing flight        */
-    mbedtls_ssl_flight_item *cur_msg;   /*!<  Current message in flight      */
-    unsigned char *cur_msg_p;           /*!<  Position in current message    */
-    unsigned int in_flight_start_seq;   /*!<  Minimum message sequence in the
-                                              flight being received          */
-    mbedtls_ssl_transform *alt_transform_out;   /*!<  Alternative transform for
-                                              resending messages             */
-    unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
-                                              for resending messages         */
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    /* The state of CID configuration in this handshake. */
-
-    uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension
-                         *   has been negotiated. Possible values are
-                         *   #MBEDTLS_SSL_CID_ENABLED and
-                         *   #MBEDTLS_SSL_CID_DISABLED. */
-    unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */
-    uint8_t peer_cid_len;                                  /*!< The length of
-                                                            *   \c peer_cid.  */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-    uint16_t mtu;                       /*!<  Handshake mtu, used to fragment outgoing messages */
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-    /*
-     * Checksum contexts
-     */
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-    mbedtls_md5_context fin_md5;
-    mbedtls_sha1_context fin_sha1;
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_hash_operation_t fin_sha256_psa;
-#else
-    mbedtls_sha256_context fin_sha256;
-#endif
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_hash_operation_t fin_sha384_psa;
-#else
-    mbedtls_sha512_context fin_sha512;
-#endif
-#endif
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-    unsigned char randbytes[64];        /*!<  random bytes            */
-    unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
-                                        /*!<  premaster secret        */
-
-#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-    /** Asynchronous operation context. This field is meant for use by the
-     * asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start,
-     * mbedtls_ssl_config::f_async_decrypt_start,
-     * mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel).
-     * The library does not use it internally. */
-    void *user_async_ctx;
-#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
-};
-
-typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
-
-/*
- * Representation of decryption/encryption transformations on records
- *
- * There are the following general types of record transformations:
- * - Stream transformations (TLS versions <= 1.2 only)
- *   Transformation adding a MAC and applying a stream-cipher
- *   to the authenticated message.
- * - CBC block cipher transformations ([D]TLS versions <= 1.2 only)
- *   In addition to the distinction of the order of encryption and
- *   authentication, there's a fundamental difference between the
- *   handling in SSL3 & TLS 1.0 and TLS 1.1 and TLS 1.2: For SSL3
- *   and TLS 1.0, the final IV after processing a record is used
- *   as the IV for the next record. No explicit IV is contained
- *   in an encrypted record. The IV for the first record is extracted
- *   at key extraction time. In contrast, for TLS 1.1 and 1.2, no
- *   IV is generated at key extraction time, but every encrypted
- *   record is explicitly prefixed by the IV with which it was encrypted.
- * - AEAD transformations ([D]TLS versions >= 1.2 only)
- *   These come in two fundamentally different versions, the first one
- *   used in TLS 1.2, excluding ChaChaPoly ciphersuites, and the second
- *   one used for ChaChaPoly ciphersuites in TLS 1.2 as well as for TLS 1.3.
- *   In the first transformation, the IV to be used for a record is obtained
- *   as the concatenation of an explicit, static 4-byte IV and the 8-byte
- *   record sequence number, and explicitly prepending this sequence number
- *   to the encrypted record. In contrast, in the second transformation
- *   the IV is obtained by XOR'ing a static IV obtained at key extraction
- *   time with the 8-byte record sequence number, without prepending the
- *   latter to the encrypted record.
- *
- * Additionally, DTLS 1.2 + CID as well as TLS 1.3 use an inner plaintext
- * which allows to add flexible length padding and to hide a record's true
- * content type.
- *
- * In addition to type and version, the following parameters are relevant:
- * - The symmetric cipher algorithm to be used.
- * - The (static) encryption/decryption keys for the cipher.
- * - For stream/CBC, the type of message digest to be used.
- * - For stream/CBC, (static) encryption/decryption keys for the digest.
- * - For AEAD transformations, the size (potentially 0) of an explicit,
- *   random initialization vector placed in encrypted records.
- * - For some transformations (currently AEAD and CBC in SSL3 and TLS 1.0)
- *   an implicit IV. It may be static (e.g. AEAD) or dynamic (e.g. CBC)
- *   and (if present) is combined with the explicit IV in a transformation-
- *   dependent way (e.g. appending in TLS 1.2 and XOR'ing in TLS 1.3).
- * - For stream/CBC, a flag determining the order of encryption and MAC.
- * - The details of the transformation depend on the SSL/TLS version.
- * - The length of the authentication tag.
- *
- * Note: Except for CBC in SSL3 and TLS 1.0, these parameters are
- *       constant across multiple encryption/decryption operations.
- *       For CBC, the implicit IV needs to be updated after each
- *       operation.
- *
- * The struct below refines this abstract view as follows:
- * - The cipher underlying the transformation is managed in
- *   cipher contexts cipher_ctx_{enc/dec}, which must have the
- *   same cipher type. The mode of these cipher contexts determines
- *   the type of the transformation in the sense above: e.g., if
- *   the type is MBEDTLS_CIPHER_AES_256_CBC resp. MBEDTLS_CIPHER_AES_192_GCM
- *   then the transformation has type CBC resp. AEAD.
- * - The cipher keys are never stored explicitly but
- *   are maintained within cipher_ctx_{enc/dec}.
- * - For stream/CBC transformations, the message digest contexts
- *   used for the MAC's are stored in md_ctx_{enc/dec}. These contexts
- *   are unused for AEAD transformations.
- * - For stream/CBC transformations and versions > SSL3, the
- *   MAC keys are not stored explicitly but maintained within
- *   md_ctx_{enc/dec}.
- * - For stream/CBC transformations and version SSL3, the MAC
- *   keys are stored explicitly in mac_enc, mac_dec and have
- *   a fixed size of 20 bytes. These fields are unused for
- *   AEAD transformations or transformations >= TLS 1.0.
- * - For transformations using an implicit IV maintained within
- *   the transformation context, its contents are stored within
- *   iv_{enc/dec}.
- * - The value of ivlen indicates the length of the IV.
- *   This is redundant in case of stream/CBC transformations
- *   which always use 0 resp. the cipher's block length as the
- *   IV length, but is needed for AEAD ciphers and may be
- *   different from the underlying cipher's block length
- *   in this case.
- * - The field fixed_ivlen is nonzero for AEAD transformations only
- *   and indicates the length of the static part of the IV which is
- *   constant throughout the communication, and which is stored in
- *   the first fixed_ivlen bytes of the iv_{enc/dec} arrays.
- *   Note: For CBC in SSL3 and TLS 1.0, the fields iv_{enc/dec}
- *   still store IV's for continued use across multiple transformations,
- *   so it is not true that fixed_ivlen == 0 means that iv_{enc/dec} are
- *   not being used!
- * - minor_ver denotes the SSL/TLS version
- * - For stream/CBC transformations, maclen denotes the length of the
- *   authentication tag, while taglen is unused and 0.
- * - For AEAD transformations, taglen denotes the length of the
- *   authentication tag, while maclen is unused and 0.
- * - For CBC transformations, encrypt_then_mac determines the
- *   order of encryption and authentication. This field is unused
- *   in other transformations.
- *
- */
-struct mbedtls_ssl_transform
-{
-    /*
-     * Session specific crypto layer
-     */
-    size_t minlen;                      /*!<  min. ciphertext length  */
-    size_t ivlen;                       /*!<  IV length               */
-    size_t fixed_ivlen;                 /*!<  Fixed part of IV (AEAD) */
-    size_t maclen;                      /*!<  MAC(CBC) len            */
-    size_t taglen;                      /*!<  TAG(AEAD) len           */
-
-    unsigned char iv_enc[16];           /*!<  IV (encryption)         */
-    unsigned char iv_dec[16];           /*!<  IV (decryption)         */
-
-#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-    /* Needed only for SSL v3.0 secret */
-    unsigned char mac_enc[20];          /*!<  SSL v3.0 secret (enc)   */
-    unsigned char mac_dec[20];          /*!<  SSL v3.0 secret (dec)   */
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-
-    mbedtls_md_context_t md_ctx_enc;            /*!<  MAC (encryption)        */
-    mbedtls_md_context_t md_ctx_dec;            /*!<  MAC (decryption)        */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-    int encrypt_then_mac;       /*!< flag for EtM activation                */
-#endif
-
-#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
-
-    mbedtls_cipher_context_t cipher_ctx_enc;    /*!<  encryption context      */
-    mbedtls_cipher_context_t cipher_ctx_dec;    /*!<  decryption context      */
-    int minor_ver;
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    uint8_t in_cid_len;
-    uint8_t out_cid_len;
-    unsigned char in_cid [ MBEDTLS_SSL_CID_IN_LEN_MAX ];
-    unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ];
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-    /*
-     * Session specific compression layer
-     */
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    z_stream ctx_deflate;               /*!<  compression context     */
-    z_stream ctx_inflate;               /*!<  decompression context   */
-#endif
-
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
-    /* We need the Hello random bytes in order to re-derive keys from the
-     * Master Secret and other session info, see ssl_populate_transform() */
-    unsigned char randbytes[64]; /*!< ServerHello.random+ClientHello.random */
-#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
-};
-
-/*
- * Return 1 if the transform uses an AEAD cipher, 0 otherwise.
- * Equivalently, return 0 if a separate MAC is used, 1 otherwise.
- */
-static inline int mbedtls_ssl_transform_uses_aead(
-        const mbedtls_ssl_transform *transform )
-{
-#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
-    return( transform->maclen == 0 && transform->taglen != 0 );
-#else
-    (void) transform;
-    return( 1 );
-#endif
-}
-
-/*
- * Internal representation of record frames
- *
- * Instances come in two flavors:
- * (1) Encrypted
- *     These always have data_offset = 0
- * (2) Unencrypted
- *     These have data_offset set to the amount of
- *     pre-expansion during record protection. Concretely,
- *     this is the length of the fixed part of the explicit IV
- *     used for encryption, or 0 if no explicit IV is used
- *     (e.g. for CBC in TLS 1.0, or stream ciphers).
- *
- * The reason for the data_offset in the unencrypted case
- * is to allow for in-place conversion of an unencrypted to
- * an encrypted record. If the offset wasn't included, the
- * encrypted content would need to be shifted afterwards to
- * make space for the fixed IV.
- *
- */
-#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
-#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_OUT_LEN_MAX
-#else
-#define MBEDTLS_SSL_CID_LEN_MAX MBEDTLS_SSL_CID_IN_LEN_MAX
-#endif
-
-typedef struct
-{
-    uint8_t ctr[8];         /* In TLS:  The implicit record sequence number.
-                             * In DTLS: The 2-byte epoch followed by
-                             *          the 6-byte sequence number.
-                             * This is stored as a raw big endian byte array
-                             * as opposed to a uint64_t because we rarely
-                             * need to perform arithmetic on this, but do
-                             * need it as a Byte array for the purpose of
-                             * MAC computations.                             */
-    uint8_t type;           /* The record content type.                      */
-    uint8_t ver[2];         /* SSL/TLS version as present on the wire.
-                             * Convert to internal presentation of versions
-                             * using mbedtls_ssl_read_version() and
-                             * mbedtls_ssl_write_version().
-                             * Keep wire-format for MAC computations.        */
-
-    unsigned char *buf;     /* Memory buffer enclosing the record content    */
-    size_t buf_len;         /* Buffer length                                 */
-    size_t data_offset;     /* Offset of record content                      */
-    size_t data_len;        /* Length of record content                      */
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    uint8_t cid_len;        /* Length of the CID (0 if not present)          */
-    unsigned char cid[ MBEDTLS_SSL_CID_LEN_MAX ]; /* The CID                 */
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-} mbedtls_record;
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/*
- * List of certificate + private key pairs
- */
-struct mbedtls_ssl_key_cert
-{
-    mbedtls_x509_crt *cert;                 /*!< cert                       */
-    mbedtls_pk_context *key;                /*!< private key                */
-    mbedtls_ssl_key_cert *next;             /*!< next key/cert pair         */
-};
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-/*
- * List of handshake messages kept around for resending
- */
-struct mbedtls_ssl_flight_item
-{
-    unsigned char *p;       /*!< message, including handshake headers   */
-    size_t len;             /*!< length of p                            */
-    unsigned char type;     /*!< type of the message: handshake or CCS  */
-    mbedtls_ssl_flight_item *next;  /*!< next handshake message(s)              */
-};
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-
-/* Find an entry in a signature-hash set matching a given hash algorithm. */
-mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
-                                                 mbedtls_pk_type_t sig_alg );
-/* Add a signature-hash-pair to a signature-hash set */
-void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
-                                   mbedtls_pk_type_t sig_alg,
-                                   mbedtls_md_type_t md_alg );
-/* Allow exactly one hash algorithm for each signature. */
-void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
-                                          mbedtls_md_type_t md_alg );
-
-/* Setup an empty signature-hash set */
-static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set )
-{
-    mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE );
-}
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
-          MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
-/**
- * \brief           Free referenced items in an SSL transform context and clear
- *                  memory
- *
- * \param transform SSL transform context
- */
-void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform );
-
-/**
- * \brief           Free referenced items in an SSL handshake context and clear
- *                  memory
- *
- * \param ssl       SSL context
- */
-void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl );
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl );
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
-
-void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
-
-/**
- * \brief       Update record layer
- *
- *              This function roughly separates the implementation
- *              of the logic of (D)TLS from the implementation
- *              of the secure transport.
- *
- * \param  ssl              The SSL context to use.
- * \param  update_hs_digest This indicates if the handshake digest
- *                          should be automatically updated in case
- *                          a handshake message is found.
- *
- * \return      0 or non-zero error code.
- *
- * \note        A clarification on what is called 'record layer' here
- *              is in order, as many sensible definitions are possible:
- *
- *              The record layer takes as input an untrusted underlying
- *              transport (stream or datagram) and transforms it into
- *              a serially multiplexed, secure transport, which
- *              conceptually provides the following:
- *
- *              (1) Three datagram based, content-agnostic transports
- *                  for handshake, alert and CCS messages.
- *              (2) One stream- or datagram-based transport
- *                  for application data.
- *              (3) Functionality for changing the underlying transform
- *                  securing the contents.
- *
- *              The interface to this functionality is given as follows:
- *
- *              a Updating
- *                [Currently implemented by mbedtls_ssl_read_record]
- *
- *                Check if and on which of the four 'ports' data is pending:
- *                Nothing, a controlling datagram of type (1), or application
- *                data (2). In any case data is present, internal buffers
- *                provide access to the data for the user to process it.
- *                Consumption of type (1) datagrams is done automatically
- *                on the next update, invalidating that the internal buffers
- *                for previous datagrams, while consumption of application
- *                data (2) is user-controlled.
- *
- *              b Reading of application data
- *                [Currently manual adaption of ssl->in_offt pointer]
- *
- *                As mentioned in the last paragraph, consumption of data
- *                is different from the automatic consumption of control
- *                datagrams (1) because application data is treated as a stream.
- *
- *              c Tracking availability of application data
- *                [Currently manually through decreasing ssl->in_msglen]
- *
- *                For efficiency and to retain datagram semantics for
- *                application data in case of DTLS, the record layer
- *                provides functionality for checking how much application
- *                data is still available in the internal buffer.
- *
- *              d Changing the transformation securing the communication.
- *
- *              Given an opaque implementation of the record layer in the
- *              above sense, it should be possible to implement the logic
- *              of (D)TLS on top of it without the need to know anything
- *              about the record layer's internals. This is done e.g.
- *              in all the handshake handling functions, and in the
- *              application data reading function mbedtls_ssl_read.
- *
- * \note        The above tries to give a conceptual picture of the
- *              record layer, but the current implementation deviates
- *              from it in some places. For example, our implementation of
- *              the update functionality through mbedtls_ssl_read_record
- *              discards datagrams depending on the current state, which
- *              wouldn't fall under the record layer's responsibility
- *              following the above definition.
- *
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
-                             unsigned update_hs_digest );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want );
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl );
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl );
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl );
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
-
-void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
-                            const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exchange_type_t key_ex );
-
-/**
- * Get the first defined PSK by order of precedence:
- * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk() in the PSK callback
- * 2. static PSK configured by \c mbedtls_ssl_conf_psk()
- * Return a code and update the pair (PSK, PSK length) passed to this function
- */
-static inline int mbedtls_ssl_get_psk( const mbedtls_ssl_context *ssl,
-    const unsigned char **psk, size_t *psk_len )
-{
-    if( ssl->handshake->psk != NULL && ssl->handshake->psk_len > 0 )
-    {
-        *psk = ssl->handshake->psk;
-        *psk_len = ssl->handshake->psk_len;
-    }
-
-    else if( ssl->conf->psk != NULL && ssl->conf->psk_len > 0 )
-    {
-        *psk = ssl->conf->psk;
-        *psk_len = ssl->conf->psk_len;
-    }
-
-    else
-    {
-        *psk = NULL;
-        *psk_len = 0;
-        return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
-    }
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/**
- * Get the first defined opaque PSK by order of precedence:
- * 1. handshake PSK set by \c mbedtls_ssl_set_hs_psk_opaque() in the PSK
- *    callback
- * 2. static PSK configured by \c mbedtls_ssl_conf_psk_opaque()
- * Return an opaque PSK
- */
-static inline psa_key_id_t mbedtls_ssl_get_opaque_psk(
-    const mbedtls_ssl_context *ssl )
-{
-    if( ! mbedtls_svc_key_id_is_null( ssl->handshake->psk_opaque ) )
-        return( ssl->handshake->psk_opaque );
-
-    if( ! mbedtls_svc_key_id_is_null( ssl->conf->psk_opaque ) )
-        return( ssl->conf->psk_opaque );
-
-    return( MBEDTLS_SVC_KEY_ID_INIT );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
-#if defined(MBEDTLS_PK_C)
-unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
-unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type );
-mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
-#endif
-
-mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash( unsigned char hash );
-unsigned char mbedtls_ssl_hash_from_md_alg( int md );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md );
-
-#if defined(MBEDTLS_ECP_C)
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_curve_tls_id( const mbedtls_ssl_context *ssl, uint16_t tls_id );
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
-                                mbedtls_md_type_t md );
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-static inline mbedtls_ssl_srtp_profile mbedtls_ssl_check_srtp_profile_value
-                                                    ( const uint16_t srtp_profile_value )
-{
-    switch( srtp_profile_value )
-    {
-        case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
-        case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
-        case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
-        case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32:
-            return srtp_profile_value;
-        default: break;
-    }
-    return( MBEDTLS_TLS_SRTP_UNSET );
-}
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-static inline mbedtls_pk_context *mbedtls_ssl_own_key( mbedtls_ssl_context *ssl )
-{
-    mbedtls_ssl_key_cert *key_cert;
-
-    if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
-        key_cert = ssl->handshake->key_cert;
-    else
-        key_cert = ssl->conf->key_cert;
-
-    return( key_cert == NULL ? NULL : key_cert->key );
-}
-
-static inline mbedtls_x509_crt *mbedtls_ssl_own_cert( mbedtls_ssl_context *ssl )
-{
-    mbedtls_ssl_key_cert *key_cert;
-
-    if( ssl->handshake != NULL && ssl->handshake->key_cert != NULL )
-        key_cert = ssl->handshake->key_cert;
-    else
-        key_cert = ssl->conf->key_cert;
-
-    return( key_cert == NULL ? NULL : key_cert->cert );
-}
-
-/*
- * Check usage of a certificate wrt extensions:
- * keyUsage, extendedKeyUsage (later), and nSCertType (later).
- *
- * Warning: cert_endpoint is the endpoint of the cert (ie, of our peer when we
- * check a cert we received from them)!
- *
- * Return 0 if everything is OK, -1 if not.
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
-                          const mbedtls_ssl_ciphersuite_t *ciphersuite,
-                          int cert_endpoint,
-                          uint32_t *flags );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-void mbedtls_ssl_write_version( int major, int minor, int transport,
-                        unsigned char ver[2] );
-void mbedtls_ssl_read_version( int *major, int *minor, int transport,
-                       const unsigned char ver[2] );
-
-static inline size_t mbedtls_ssl_in_hdr_len( const mbedtls_ssl_context *ssl )
-{
-#if !defined(MBEDTLS_SSL_PROTO_DTLS)
-    ((void) ssl);
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        return( 13 );
-    }
-    else
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-    {
-        return( 5 );
-    }
-}
-
-static inline size_t mbedtls_ssl_out_hdr_len( const mbedtls_ssl_context *ssl )
-{
-    return( (size_t) ( ssl->out_iv - ssl->out_hdr ) );
-}
-
-static inline size_t mbedtls_ssl_hs_hdr_len( const mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        return( 12 );
-#else
-    ((void) ssl);
-#endif
-    return( 4 );
-}
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_recv_flight_completed( mbedtls_ssl_context *ssl );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_resend( mbedtls_ssl_context *ssl );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl );
-#endif
-
-/* Visible for testing purposes only */
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_dtls_replay_check( mbedtls_ssl_context const *ssl );
-void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
-#endif
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst,
-                              const mbedtls_ssl_session *src );
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
-                                        unsigned char *output,
-                                        unsigned char *data, size_t data_len );
-#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
-          MBEDTLS_SSL_PROTO_TLS1_1 */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-/* The hash buffer must have at least MBEDTLS_MD_MAX_SIZE bytes of length. */
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
-                                            unsigned char *hash, size_t *hashlen,
-                                            unsigned char *data, size_t data_len,
-                                            mbedtls_md_type_t md_alg );
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
-          MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#ifdef __cplusplus
-}
-#endif
-
-void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
-                             mbedtls_ssl_transform *transform,
-                             mbedtls_record *rec,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
-                             mbedtls_ssl_transform *transform,
-                             mbedtls_record *rec );
-
-/* Length of the "epoch" field in the record header */
-static inline size_t mbedtls_ssl_ep_len( const mbedtls_ssl_context *ssl )
-{
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        return( 2 );
-#else
-    ((void) ssl);
-#endif
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_resend_hello_request( mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs );
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl );
-
-void mbedtls_ssl_reset_in_out_pointers( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl,
-                              mbedtls_ssl_transform *transform );
-void mbedtls_ssl_update_in_pointers( mbedtls_ssl_context *ssl );
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial );
-
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-void mbedtls_ssl_dtls_replay_reset( mbedtls_ssl_context *ssl );
-#endif
-
-void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-MBEDTLS_CHECK_RETURN_CRITICAL
-int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl );
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-size_t mbedtls_ssl_get_current_mtu( const mbedtls_ssl_context *ssl );
-void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
-void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-#if defined(MBEDTLS_TEST_HOOKS)
-int mbedtls_ssl_check_dtls_clihlo_cookie(
-                          mbedtls_ssl_context *ssl,
-                          const unsigned char *cli_id, size_t cli_id_len,
-                          const unsigned char *in, size_t in_len,
-                          unsigned char *obuf, size_t buf_len, size_t *olen );
-#endif
-
-#endif /* ssl_internal.h */
diff --git a/Sources/mbedtls/include/mbedtls/ssl_ticket.h b/Sources/mbedtls/include/mbedtls/ssl_ticket.h
deleted file mode 100644
index 8221051..0000000
--- a/Sources/mbedtls/include/mbedtls/ssl_ticket.h
+++ /dev/null
@@ -1,140 +0,0 @@
-/**
- * \file ssl_ticket.h
- *
- * \brief TLS server ticket callbacks implementation
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_SSL_TICKET_H
-#define MBEDTLS_SSL_TICKET_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-/*
- * This implementation of the session ticket callbacks includes key
- * management, rotating the keys periodically in order to preserve forward
- * secrecy, when MBEDTLS_HAVE_TIME is defined.
- */
-
-#include "mbedtls/ssl.h"
-#include "mbedtls/cipher.h"
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief   Information for session ticket protection
- */
-typedef struct mbedtls_ssl_ticket_key
-{
-    unsigned char name[4];          /*!< random key identifier              */
-    uint32_t generation_time;       /*!< key generation timestamp (seconds) */
-    mbedtls_cipher_context_t ctx;   /*!< context for auth enc/decryption    */
-}
-mbedtls_ssl_ticket_key;
-
-/**
- * \brief   Context for session ticket handling functions
- */
-typedef struct mbedtls_ssl_ticket_context
-{
-    mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys             */
-    unsigned char active;           /*!< index of the currently active key  */
-
-    uint32_t ticket_lifetime;       /*!< lifetime of tickets in seconds     */
-
-    /** Callback for getting (pseudo-)random numbers                        */
-    int  (*f_rng)(void *, unsigned char *, size_t);
-    void *p_rng;                    /*!< context for the RNG function       */
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t mutex;
-#endif
-}
-mbedtls_ssl_ticket_context;
-
-/**
- * \brief           Initialize a ticket context.
- *                  (Just make it ready for mbedtls_ssl_ticket_setup()
- *                  or mbedtls_ssl_ticket_free().)
- *
- * \param ctx       Context to be initialized
- */
-void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
-
-/**
- * \brief           Prepare context to be actually used
- *
- * \param ctx       Context to be set up
- * \param f_rng     RNG callback function
- * \param p_rng     RNG callback context
- * \param cipher    AEAD cipher to use for ticket protection.
- *                  Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
- * \param lifetime  Tickets lifetime in seconds
- *                  Recommended value: 86400 (one day).
- *
- * \note            It is highly recommended to select a cipher that is at
- *                  least as strong as the strongest ciphersuite
- *                  supported. Usually that means a 256-bit key.
- *
- * \note            The lifetime of the keys is twice the lifetime of tickets.
- *                  It is recommended to pick a reasonable lifetime so as not
- *                  to negate the benefits of forward secrecy.
- *
- * \return          0 if successful,
- *                  or a specific MBEDTLS_ERR_XXX error code
- */
-int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
-    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-    mbedtls_cipher_type_t cipher,
-    uint32_t lifetime );
-
-/**
- * \brief           Implementation of the ticket write callback
- *
- * \note            See \c mbedtls_ssl_ticket_write_t for description
- */
-mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
-
-/**
- * \brief           Implementation of the ticket parse callback
- *
- * \note            See \c mbedtls_ssl_ticket_parse_t for description
- */
-mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
-
-/**
- * \brief           Free a context's content and zeroize it.
- *
- * \param ctx       Context to be cleaned up
- */
-void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* ssl_ticket.h */
diff --git a/Sources/mbedtls/include/mbedtls/threading.h b/Sources/mbedtls/include/mbedtls/threading.h
deleted file mode 100644
index d147c73..0000000
--- a/Sources/mbedtls/include/mbedtls/threading.h
+++ /dev/null
@@ -1,126 +0,0 @@
-/**
- * \file threading.h
- *
- * \brief Threading abstraction layer
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_THREADING_H
-#define MBEDTLS_THREADING_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stdlib.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE is deprecated and should not be
- * used. */
-/** The selected feature is not available. */
-#define MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE         -0x001A
-
-/** Bad input parameters to function. */
-#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA              -0x001C
-/** Locking / unlocking / free failed with error code. */
-#define MBEDTLS_ERR_THREADING_MUTEX_ERROR                 -0x001E
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
-#include <pthread.h>
-typedef struct mbedtls_threading_mutex_t
-{
-    pthread_mutex_t mutex;
-    /* is_valid is 0 after a failed init or a free, and nonzero after a
-     * successful init. This field is not considered part of the public
-     * API of Mbed TLS and may change without notice. */
-    char is_valid;
-} mbedtls_threading_mutex_t;
-#endif
-
-#if defined(MBEDTLS_THREADING_ALT)
-/* You should define the mbedtls_threading_mutex_t type in your header */
-#include "threading_alt.h"
-
-/**
- * \brief           Set your alternate threading implementation function
- *                  pointers and initialize global mutexes. If used, this
- *                  function must be called once in the main thread before any
- *                  other mbed TLS function is called, and
- *                  mbedtls_threading_free_alt() must be called once in the main
- *                  thread after all other mbed TLS functions.
- *
- * \note            mutex_init() and mutex_free() don't return a status code.
- *                  If mutex_init() fails, it should leave its argument (the
- *                  mutex) in a state such that mutex_lock() will fail when
- *                  called with this argument.
- *
- * \param mutex_init    the init function implementation
- * \param mutex_free    the free function implementation
- * \param mutex_lock    the lock function implementation
- * \param mutex_unlock  the unlock function implementation
- */
-void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
-                       void (*mutex_free)( mbedtls_threading_mutex_t * ),
-                       int (*mutex_lock)( mbedtls_threading_mutex_t * ),
-                       int (*mutex_unlock)( mbedtls_threading_mutex_t * ) );
-
-/**
- * \brief               Free global mutexes.
- */
-void mbedtls_threading_free_alt( void );
-#endif /* MBEDTLS_THREADING_ALT */
-
-#if defined(MBEDTLS_THREADING_C)
-/*
- * The function pointers for mutex_init, mutex_free, mutex_ and mutex_unlock
- *
- * All these functions are expected to work or the result will be undefined.
- */
-extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex );
-extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex );
-extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex );
-extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
-
-/*
- * Global mutexes
- */
-#if defined(MBEDTLS_FS_IO)
-extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
-/* This mutex may or may not be used in the default definition of
- * mbedtls_platform_gmtime_r(), but in order to determine that,
- * we need to check POSIX features, hence modify _POSIX_C_SOURCE.
- * With the current approach, this declaration is orphaned, lacking
- * an accompanying definition, in case mbedtls_platform_gmtime_r()
- * doesn't need it, but that's not a problem. */
-extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
-#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
-
-#endif /* MBEDTLS_THREADING_C */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* threading.h */
diff --git a/Sources/mbedtls/include/mbedtls/timing.h b/Sources/mbedtls/include/mbedtls/timing.h
deleted file mode 100644
index b7290cf..0000000
--- a/Sources/mbedtls/include/mbedtls/timing.h
+++ /dev/null
@@ -1,151 +0,0 @@
-/**
- * \file timing.h
- *
- * \brief Portable interface to timeouts and to the CPU cycle counter
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_TIMING_H
-#define MBEDTLS_TIMING_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stdint.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_TIMING_ALT)
-// Regular implementation
-//
-
-/**
- * \brief          timer structure
- */
-struct mbedtls_timing_hr_time
-{
-    unsigned char opaque[32];
-};
-
-/**
- * \brief          Context for mbedtls_timing_set/get_delay()
- */
-typedef struct mbedtls_timing_delay_context
-{
-    struct mbedtls_timing_hr_time   timer;
-    uint32_t                        int_ms;
-    uint32_t                        fin_ms;
-} mbedtls_timing_delay_context;
-
-#else  /* MBEDTLS_TIMING_ALT */
-#include "timing_alt.h"
-#endif /* MBEDTLS_TIMING_ALT */
-
-extern volatile int mbedtls_timing_alarmed;
-
-/**
- * \brief          Return the CPU cycle counter value
- *
- * \warning        This is only a best effort! Do not rely on this!
- *                 In particular, it is known to be unreliable on virtual
- *                 machines.
- *
- * \note           This value starts at an unspecified origin and
- *                 may wrap around.
- */
-unsigned long mbedtls_timing_hardclock( void );
-
-/**
- * \brief          Return the elapsed time in milliseconds
- *
- * \param val      points to a timer structure
- * \param reset    If 0, query the elapsed time. Otherwise (re)start the timer.
- *
- * \return         Elapsed time since the previous reset in ms. When
- *                 restarting, this is always 0.
- *
- * \note           To initialize a timer, call this function with reset=1.
- *
- *                 Determining the elapsed time and resetting the timer is not
- *                 atomic on all platforms, so after the sequence
- *                 `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 =
- *                 get_timer(0) }` the value time1+time2 is only approximately
- *                 the delay since the first reset.
- */
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
-
-/**
- * \brief          Setup an alarm clock
- *
- * \param seconds  delay before the "mbedtls_timing_alarmed" flag is set
- *                 (must be >=0)
- *
- * \warning        Only one alarm at a time  is supported. In a threaded
- *                 context, this means one for the whole process, not one per
- *                 thread.
- */
-void mbedtls_set_alarm( int seconds );
-
-/**
- * \brief          Set a pair of delays to watch
- *                 (See \c mbedtls_timing_get_delay().)
- *
- * \param data     Pointer to timing data.
- *                 Must point to a valid \c mbedtls_timing_delay_context struct.
- * \param int_ms   First (intermediate) delay in milliseconds.
- *                 The effect if int_ms > fin_ms is unspecified.
- * \param fin_ms   Second (final) delay in milliseconds.
- *                 Pass 0 to cancel the current delay.
- *
- * \note           To set a single delay, either use \c mbedtls_timing_set_timer
- *                 directly or use this function with int_ms == fin_ms.
- */
-void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
-
-/**
- * \brief          Get the status of delays
- *                 (Memory helper: number of delays passed.)
- *
- * \param data     Pointer to timing data
- *                 Must point to a valid \c mbedtls_timing_delay_context struct.
- *
- * \return         -1 if cancelled (fin_ms = 0),
- *                  0 if none of the delays are passed,
- *                  1 if only the intermediate delay is passed,
- *                  2 if the final delay is passed.
- */
-int mbedtls_timing_get_delay( void *data );
-
-#if defined(MBEDTLS_SELF_TEST)
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if a test failed
- */
-int mbedtls_timing_self_test( int verbose );
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* timing.h */
diff --git a/Sources/mbedtls/include/mbedtls/version.h b/Sources/mbedtls/include/mbedtls/version.h
deleted file mode 100644
index b3b441d..0000000
--- a/Sources/mbedtls/include/mbedtls/version.h
+++ /dev/null
@@ -1,110 +0,0 @@
-/**
- * \file version.h
- *
- * \brief Run-time version information
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- * This set of compile-time defines and run-time variables can be used to
- * determine the version number of the mbed TLS library used.
- */
-#ifndef MBEDTLS_VERSION_H
-#define MBEDTLS_VERSION_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-/**
- * The version number x.y.z is split into three parts.
- * Major, Minor, Patchlevel
- */
-#define MBEDTLS_VERSION_MAJOR  2
-#define MBEDTLS_VERSION_MINOR  28
-#define MBEDTLS_VERSION_PATCH  2
-
-/**
- * The single version number has the following structure:
- *    MMNNPP00
- *    Major version | Minor version | Patch version
- */
-#define MBEDTLS_VERSION_NUMBER         0x021C0200
-#define MBEDTLS_VERSION_STRING         "2.28.2"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.28.2"
-
-#if defined(MBEDTLS_VERSION_C)
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * Get the version number.
- *
- * \return          The constructed version number in the format
- *                  MMNNPP00 (Major, Minor, Patch).
- */
-unsigned int mbedtls_version_get_number( void );
-
-/**
- * Get the version string ("x.y.z").
- *
- * \param string    The string that will receive the value.
- *                  (Should be at least 9 bytes in size)
- */
-void mbedtls_version_get_string( char *string );
-
-/**
- * Get the full version string ("mbed TLS x.y.z").
- *
- * \param string    The string that will receive the value. The mbed TLS version
- *                  string will use 18 bytes AT MOST including a terminating
- *                  null byte.
- *                  (So the buffer should be at least 18 bytes to receive this
- *                  version string).
- */
-void mbedtls_version_get_string_full( char *string );
-
-/**
- * \brief           Check if support for a feature was compiled into this
- *                  mbed TLS binary. This allows you to see at runtime if the
- *                  library was for instance compiled with or without
- *                  Multi-threading support.
- *
- * \note            only checks against defines in the sections "System
- *                  support", "mbed TLS modules" and "mbed TLS feature
- *                  support" in config.h
- *
- * \param feature   The string for the define to check (e.g. "MBEDTLS_AES_C")
- *
- * \return          0 if the feature is present,
- *                  -1 if the feature is not present and
- *                  -2 if support for feature checking as a whole was not
- *                  compiled in.
- */
-int mbedtls_version_check_feature( const char *feature );
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* MBEDTLS_VERSION_C */
-
-#endif /* version.h */
diff --git a/Sources/mbedtls/include/mbedtls/x509.h b/Sources/mbedtls/include/mbedtls/x509.h
deleted file mode 100644
index 31b78df..0000000
--- a/Sources/mbedtls/include/mbedtls/x509.h
+++ /dev/null
@@ -1,380 +0,0 @@
-/**
- * \file x509.h
- *
- * \brief X.509 generic defines and structures
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_X509_H
-#define MBEDTLS_X509_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/asn1.h"
-#include "mbedtls/pk.h"
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-
-/**
- * \addtogroup x509_module
- * \{
- */
-
-#if !defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA)
-/**
- * Maximum number of intermediate CAs in a verification chain.
- * That is, maximum length of the chain, excluding the end-entity certificate
- * and the trusted root certificate.
- *
- * Set this to a low value to prevent an adversary from making you waste
- * resources verifying an overlong certificate chain.
- */
-#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8
-#endif
-
-/**
- * \name X509 Error codes
- * \{
- */
-/** Unavailable feature, e.g. RSA hashing/encryption combination. */
-#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE              -0x2080
-/** Requested OID is unknown. */
-#define MBEDTLS_ERR_X509_UNKNOWN_OID                      -0x2100
-/** The CRT/CRL/CSR format is invalid, e.g. different type expected. */
-#define MBEDTLS_ERR_X509_INVALID_FORMAT                   -0x2180
-/** The CRT/CRL/CSR version element is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_VERSION                  -0x2200
-/** The serial tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_SERIAL                   -0x2280
-/** The algorithm tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_ALG                      -0x2300
-/** The name tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_NAME                     -0x2380
-/** The date tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_DATE                     -0x2400
-/** The signature tag or value invalid. */
-#define MBEDTLS_ERR_X509_INVALID_SIGNATURE                -0x2480
-/** The extension tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS               -0x2500
-/** CRT/CRL/CSR has an unsupported version number. */
-#define MBEDTLS_ERR_X509_UNKNOWN_VERSION                  -0x2580
-/** Signature algorithm (oid) is unsupported. */
-#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG                  -0x2600
-/** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */
-#define MBEDTLS_ERR_X509_SIG_MISMATCH                     -0x2680
-/** Certificate verification failed, e.g. CRL, CA or signature check failed. */
-#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED               -0x2700
-/** Format not recognized as DER or PEM. */
-#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT              -0x2780
-/** Input invalid. */
-#define MBEDTLS_ERR_X509_BAD_INPUT_DATA                   -0x2800
-/** Allocation of memory failed. */
-#define MBEDTLS_ERR_X509_ALLOC_FAILED                     -0x2880
-/** Read/write of file failed. */
-#define MBEDTLS_ERR_X509_FILE_IO_ERROR                    -0x2900
-/** Destination buffer is too small. */
-#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980
-/** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
-#define MBEDTLS_ERR_X509_FATAL_ERROR                      -0x3000
-/** \} name X509 Error codes */
-
-/**
- * \name X509 Verify codes
- * \{
- */
-/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
-#define MBEDTLS_X509_BADCERT_EXPIRED             0x01  /**< The certificate validity has expired. */
-#define MBEDTLS_X509_BADCERT_REVOKED             0x02  /**< The certificate has been revoked (is on a CRL). */
-#define MBEDTLS_X509_BADCERT_CN_MISMATCH         0x04  /**< The certificate Common Name (CN) does not match with the expected CN. */
-#define MBEDTLS_X509_BADCERT_NOT_TRUSTED         0x08  /**< The certificate is not correctly signed by the trusted CA. */
-#define MBEDTLS_X509_BADCRL_NOT_TRUSTED          0x10  /**< The CRL is not correctly signed by the trusted CA. */
-#define MBEDTLS_X509_BADCRL_EXPIRED              0x20  /**< The CRL is expired. */
-#define MBEDTLS_X509_BADCERT_MISSING             0x40  /**< Certificate was missing. */
-#define MBEDTLS_X509_BADCERT_SKIP_VERIFY         0x80  /**< Certificate verification was skipped. */
-#define MBEDTLS_X509_BADCERT_OTHER             0x0100  /**< Other reason (can be used by verify callback) */
-#define MBEDTLS_X509_BADCERT_FUTURE            0x0200  /**< The certificate validity starts in the future. */
-#define MBEDTLS_X509_BADCRL_FUTURE             0x0400  /**< The CRL is from the future */
-#define MBEDTLS_X509_BADCERT_KEY_USAGE         0x0800  /**< Usage does not match the keyUsage extension. */
-#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE     0x1000  /**< Usage does not match the extendedKeyUsage extension. */
-#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE      0x2000  /**< Usage does not match the nsCertType extension. */
-#define MBEDTLS_X509_BADCERT_BAD_MD            0x4000  /**< The certificate is signed with an unacceptable hash. */
-#define MBEDTLS_X509_BADCERT_BAD_PK            0x8000  /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
-#define MBEDTLS_X509_BADCERT_BAD_KEY         0x010000  /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */
-#define MBEDTLS_X509_BADCRL_BAD_MD           0x020000  /**< The CRL is signed with an unacceptable hash. */
-#define MBEDTLS_X509_BADCRL_BAD_PK           0x040000  /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
-#define MBEDTLS_X509_BADCRL_BAD_KEY          0x080000  /**< The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
-
-/** \} name X509 Verify codes */
-/** \} addtogroup x509_module */
-
-/*
- * X.509 v3 Subject Alternative Name types.
- *      otherName                       [0]     OtherName,
- *      rfc822Name                      [1]     IA5String,
- *      dNSName                         [2]     IA5String,
- *      x400Address                     [3]     ORAddress,
- *      directoryName                   [4]     Name,
- *      ediPartyName                    [5]     EDIPartyName,
- *      uniformResourceIdentifier       [6]     IA5String,
- *      iPAddress                       [7]     OCTET STRING,
- *      registeredID                    [8]     OBJECT IDENTIFIER
- */
-#define MBEDTLS_X509_SAN_OTHER_NAME                      0
-#define MBEDTLS_X509_SAN_RFC822_NAME                     1
-#define MBEDTLS_X509_SAN_DNS_NAME                        2
-#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME               3
-#define MBEDTLS_X509_SAN_DIRECTORY_NAME                  4
-#define MBEDTLS_X509_SAN_EDI_PARTY_NAME                  5
-#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER     6
-#define MBEDTLS_X509_SAN_IP_ADDRESS                      7
-#define MBEDTLS_X509_SAN_REGISTERED_ID                   8
-
-/*
- * X.509 v3 Key Usage Extension flags
- * Reminder: update x509_info_key_usage() when adding new flags.
- */
-#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE            (0x80)  /* bit 0 */
-#define MBEDTLS_X509_KU_NON_REPUDIATION              (0x40)  /* bit 1 */
-#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT             (0x20)  /* bit 2 */
-#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT            (0x10)  /* bit 3 */
-#define MBEDTLS_X509_KU_KEY_AGREEMENT                (0x08)  /* bit 4 */
-#define MBEDTLS_X509_KU_KEY_CERT_SIGN                (0x04)  /* bit 5 */
-#define MBEDTLS_X509_KU_CRL_SIGN                     (0x02)  /* bit 6 */
-#define MBEDTLS_X509_KU_ENCIPHER_ONLY                (0x01)  /* bit 7 */
-#define MBEDTLS_X509_KU_DECIPHER_ONLY              (0x8000)  /* bit 8 */
-
-/*
- * Netscape certificate types
- * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
- */
-
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT         (0x80)  /* bit 0 */
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER         (0x40)  /* bit 1 */
-#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL              (0x20)  /* bit 2 */
-#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING     (0x10)  /* bit 3 */
-#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED           (0x08)  /* bit 4 */
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA             (0x04)  /* bit 5 */
-#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA           (0x02)  /* bit 6 */
-#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA  (0x01)  /* bit 7 */
-
-/*
- * X.509 extension types
- *
- * Comments refer to the status for using certificates. Status can be
- * different for writing certificates or reading CRLs or CSRs.
- *
- * Those are defined in oid.h as oid.c needs them in a data structure. Since
- * these were previously defined here, let's have aliases for compatibility.
- */
-#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
-#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER   MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
-#define MBEDTLS_X509_EXT_KEY_USAGE                MBEDTLS_OID_X509_EXT_KEY_USAGE
-#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES     MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
-#define MBEDTLS_X509_EXT_POLICY_MAPPINGS          MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS
-#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME         MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME         /* Supported (DNS) */
-#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME          MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME
-#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS  MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS
-#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS        MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS        /* Supported */
-#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS         MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS
-#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS       MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS
-#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE       MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
-#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS  MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS
-#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY       MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY
-#define MBEDTLS_X509_EXT_FRESHEST_CRL             MBEDTLS_OID_X509_EXT_FRESHEST_CRL
-#define MBEDTLS_X509_EXT_NS_CERT_TYPE             MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
-
-/*
- * Storage format identifiers
- * Recognized formats: PEM and DER
- */
-#define MBEDTLS_X509_FORMAT_DER                 1
-#define MBEDTLS_X509_FORMAT_PEM                 2
-
-#define MBEDTLS_X509_MAX_DN_NAME_SIZE         256 /**< Maximum value size of a DN entry */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \addtogroup x509_module
- * \{ */
-
-/**
- * \name Structures for parsing X.509 certificates, CRLs and CSRs
- * \{
- */
-
-/**
- * Type-length-value structure that allows for ASN1 using DER.
- */
-typedef mbedtls_asn1_buf mbedtls_x509_buf;
-
-/**
- * Container for ASN1 bit strings.
- */
-typedef mbedtls_asn1_bitstring mbedtls_x509_bitstring;
-
-/**
- * Container for ASN1 named information objects.
- * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.).
- */
-typedef mbedtls_asn1_named_data mbedtls_x509_name;
-
-/**
- * Container for a sequence of ASN.1 items
- */
-typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
-
-/** Container for date and time (precision in seconds). */
-typedef struct mbedtls_x509_time
-{
-    int year, mon, day;         /**< Date. */
-    int hour, min, sec;         /**< Time. */
-}
-mbedtls_x509_time;
-
-/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
-
-/**
- * \brief          Store the certificate DN in printable form into buf;
- *                 no more than size characters will be written.
- *
- * \param buf      Buffer to write to
- * \param size     Maximum size of buffer
- * \param dn       The X509 name to represent
- *
- * \return         The length of the string written (not including the
- *                 terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
-
-/**
- * \brief          Store the certificate serial in printable form into buf;
- *                 no more than size characters will be written.
- *
- * \param buf      Buffer to write to
- * \param size     Maximum size of buffer
- * \param serial   The X509 serial to represent
- *
- * \return         The length of the string written (not including the
- *                 terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
-
-/**
- * \brief          Check a given mbedtls_x509_time against the system time
- *                 and tell if it's in the past.
- *
- * \note           Intended usage is "if( is_past( valid_to ) ) ERROR".
- *                 Hence the return value of 1 if on internal errors.
- *
- * \param to       mbedtls_x509_time to check
- *
- * \return         1 if the given time is in the past or an error occurred,
- *                 0 otherwise.
- */
-int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
-
-/**
- * \brief          Check a given mbedtls_x509_time against the system time
- *                 and tell if it's in the future.
- *
- * \note           Intended usage is "if( is_future( valid_from ) ) ERROR".
- *                 Hence the return value of 1 if on internal errors.
- *
- * \param from     mbedtls_x509_time to check
- *
- * \return         1 if the given time is in the future or an error occurred,
- *                 0 otherwise.
- */
-int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
-
-/** \} addtogroup x509_module */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_x509_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-/*
- * Internal module functions. You probably do not want to use these unless you
- * know you do.
- */
-int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
-                   mbedtls_x509_name *cur );
-int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
-                       mbedtls_x509_buf *alg );
-int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
-                  mbedtls_x509_buf *alg, mbedtls_x509_buf *params );
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
-                                mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
-                                int *salt_len );
-#endif
-int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig );
-int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
-                      mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
-                      void **sig_opts );
-int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
-                   mbedtls_x509_time *t );
-int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
-                     mbedtls_x509_buf *serial );
-int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
-                  mbedtls_x509_buf *ext, int tag );
-int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
-                       mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
-                       const void *sig_opts );
-int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
-int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
-int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
-                        int critical, const unsigned char *val,
-                        size_t val_len );
-int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
-                           mbedtls_asn1_named_data *first );
-int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
-                      mbedtls_asn1_named_data *first );
-int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
-                    const char *oid, size_t oid_len,
-                    unsigned char *sig, size_t size );
-
-#define MBEDTLS_X509_SAFE_SNPRINTF                          \
-    do {                                                    \
-        if( ret < 0 || (size_t) ret >= n )                  \
-            return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );    \
-                                                            \
-        n -= (size_t) ret;                                  \
-        p += (size_t) ret;                                  \
-    } while( 0 )
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* x509.h */
diff --git a/Sources/mbedtls/include/mbedtls/x509_crl.h b/Sources/mbedtls/include/mbedtls/x509_crl.h
deleted file mode 100644
index 9222009..0000000
--- a/Sources/mbedtls/include/mbedtls/x509_crl.h
+++ /dev/null
@@ -1,172 +0,0 @@
-/**
- * \file x509_crl.h
- *
- * \brief X.509 certificate revocation list parsing
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_X509_CRL_H
-#define MBEDTLS_X509_CRL_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/x509.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \addtogroup x509_module
- * \{ */
-
-/**
- * \name Structures and functions for parsing CRLs
- * \{
- */
-
-/**
- * Certificate revocation list entry.
- * Contains the CA-specific serial numbers and revocation dates.
- */
-typedef struct mbedtls_x509_crl_entry
-{
-    mbedtls_x509_buf raw;
-
-    mbedtls_x509_buf serial;
-
-    mbedtls_x509_time revocation_date;
-
-    mbedtls_x509_buf entry_ext;
-
-    struct mbedtls_x509_crl_entry *next;
-}
-mbedtls_x509_crl_entry;
-
-/**
- * Certificate revocation list structure.
- * Every CRL may have multiple entries.
- */
-typedef struct mbedtls_x509_crl
-{
-    mbedtls_x509_buf raw;           /**< The raw certificate data (DER). */
-    mbedtls_x509_buf tbs;           /**< The raw certificate body (DER). The part that is To Be Signed. */
-
-    int version;            /**< CRL version (1=v1, 2=v2) */
-    mbedtls_x509_buf sig_oid;       /**< CRL signature type identifier */
-
-    mbedtls_x509_buf issuer_raw;    /**< The raw issuer data (DER). */
-
-    mbedtls_x509_name issuer;       /**< The parsed issuer data (named information object). */
-
-    mbedtls_x509_time this_update;
-    mbedtls_x509_time next_update;
-
-    mbedtls_x509_crl_entry entry;   /**< The CRL entries containing the certificate revocation times for this CA. */
-
-    mbedtls_x509_buf crl_ext;
-
-    mbedtls_x509_buf sig_oid2;
-    mbedtls_x509_buf sig;
-    mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
-    mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
-    void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
-
-    struct mbedtls_x509_crl *next;
-}
-mbedtls_x509_crl;
-
-/**
- * \brief          Parse a DER-encoded CRL and append it to the chained list
- *
- * \param chain    points to the start of the chain
- * \param buf      buffer holding the CRL data in DER format
- * \param buflen   size of the buffer
- *                 (including the terminating null byte for PEM data)
- *
- * \return         0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
-                        const unsigned char *buf, size_t buflen );
-/**
- * \brief          Parse one or more CRLs and append them to the chained list
- *
- * \note           Multiple CRLs are accepted only if using PEM format
- *
- * \param chain    points to the start of the chain
- * \param buf      buffer holding the CRL data in PEM or DER format
- * \param buflen   size of the buffer
- *                 (including the terminating null byte for PEM data)
- *
- * \return         0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief          Load one or more CRLs and append them to the chained list
- *
- * \note           Multiple CRLs are accepted only if using PEM format
- *
- * \param chain    points to the start of the chain
- * \param path     filename to read the CRLs from (in PEM or DER encoding)
- *
- * \return         0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief          Returns an informational string about the CRL.
- *
- * \param buf      Buffer to write to
- * \param size     Maximum size of buffer
- * \param prefix   A line prefix
- * \param crl      The X509 CRL to represent
- *
- * \return         The length of the string written (not including the
- *                 terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_crl *crl );
-
-/**
- * \brief          Initialize a CRL (chain)
- *
- * \param crl      CRL chain to initialize
- */
-void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
-
-/**
- * \brief          Unallocate all CRL data
- *
- * \param crl      CRL chain to free
- */
-void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
-
-/** \} name Structures and functions for parsing CRLs */
-/** \} addtogroup x509_module */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_x509_crl.h */
diff --git a/Sources/mbedtls/include/mbedtls/x509_crt.h b/Sources/mbedtls/include/mbedtls/x509_crt.h
deleted file mode 100644
index 0f2885a..0000000
--- a/Sources/mbedtls/include/mbedtls/x509_crt.h
+++ /dev/null
@@ -1,1097 +0,0 @@
-/**
- * \file x509_crt.h
- *
- * \brief X.509 certificate parsing and writing
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_X509_CRT_H
-#define MBEDTLS_X509_CRT_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/x509.h"
-#include "mbedtls/x509_crl.h"
-#include "mbedtls/bignum.h"
-
-/**
- * \addtogroup x509_module
- * \{
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \name Structures and functions for parsing and writing X.509 certificates
- * \{
- */
-
-/**
- * Container for an X.509 certificate. The certificate may be chained.
- */
-typedef struct mbedtls_x509_crt
-{
-    int own_buffer;                     /**< Indicates if \c raw is owned
-                                         *   by the structure or not.        */
-    mbedtls_x509_buf raw;               /**< The raw certificate data (DER). */
-    mbedtls_x509_buf tbs;               /**< The raw certificate body (DER). The part that is To Be Signed. */
-
-    int version;                /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
-    mbedtls_x509_buf serial;            /**< Unique id for certificate issued by a specific CA. */
-    mbedtls_x509_buf sig_oid;           /**< Signature algorithm, e.g. sha1RSA */
-
-    mbedtls_x509_buf issuer_raw;        /**< The raw issuer data (DER). Used for quick comparison. */
-    mbedtls_x509_buf subject_raw;       /**< The raw subject data (DER). Used for quick comparison. */
-
-    mbedtls_x509_name issuer;           /**< The parsed issuer data (named information object). */
-    mbedtls_x509_name subject;          /**< The parsed subject data (named information object). */
-
-    mbedtls_x509_time valid_from;       /**< Start time of certificate validity. */
-    mbedtls_x509_time valid_to;         /**< End time of certificate validity. */
-
-    mbedtls_x509_buf pk_raw;
-    mbedtls_pk_context pk;              /**< Container for the public key context. */
-
-    mbedtls_x509_buf issuer_id;         /**< Optional X.509 v2/v3 issuer unique identifier. */
-    mbedtls_x509_buf subject_id;        /**< Optional X.509 v2/v3 subject unique identifier. */
-    mbedtls_x509_buf v3_ext;            /**< Optional X.509 v3 extensions.  */
-    mbedtls_x509_sequence subject_alt_names;    /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
-
-    mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
-
-    int ext_types;              /**< Bit string containing detected and parsed extensions */
-    int ca_istrue;              /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
-    int max_pathlen;            /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
-
-    unsigned int key_usage;     /**< Optional key usage extension value: See the values in x509.h */
-
-    mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
-
-    unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
-
-    mbedtls_x509_buf sig;               /**< Signature: hash of the tbs part signed with the private key. */
-    mbedtls_md_type_t sig_md;           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
-    mbedtls_pk_type_t sig_pk;           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
-    void *sig_opts;             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
-
-    struct mbedtls_x509_crt *next;     /**< Next certificate in the CA-chain. */
-}
-mbedtls_x509_crt;
-
-/**
- * From RFC 5280 section 4.2.1.6:
- * OtherName ::= SEQUENCE {
- *      type-id    OBJECT IDENTIFIER,
- *      value      [0] EXPLICIT ANY DEFINED BY type-id }
- */
-typedef struct mbedtls_x509_san_other_name
-{
-    /**
-     * The type_id is an OID as defined in RFC 5280.
-     * To check the value of the type id, you should use
-     * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
-     */
-    mbedtls_x509_buf type_id;                   /**< The type id. */
-    union
-    {
-        /**
-         * From RFC 4108 section 5:
-         * HardwareModuleName ::= SEQUENCE {
-         *                         hwType OBJECT IDENTIFIER,
-         *                         hwSerialNum OCTET STRING }
-         */
-        struct
-        {
-            mbedtls_x509_buf oid;               /**< The object identifier. */
-            mbedtls_x509_buf val;               /**< The named value. */
-        }
-        hardware_module_name;
-    }
-    value;
-}
-mbedtls_x509_san_other_name;
-
-/**
- * A structure for holding the parsed Subject Alternative Name, according to type
- */
-typedef struct mbedtls_x509_subject_alternative_name
-{
-    int type;                              /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
-    union {
-        mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
-        mbedtls_x509_buf   unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */
-    }
-    san; /**< A union of the supported SAN types */
-}
-mbedtls_x509_subject_alternative_name;
-
-/**
- * Build flag from an algorithm/curve identifier (pk, md, ecp)
- * Since 0 is always XXX_NONE, ignore it.
- */
-#define MBEDTLS_X509_ID_FLAG( id )   ( 1 << ( (id) - 1 ) )
-
-/**
- * Security profile for certificate verification.
- *
- * All lists are bitfields, built by ORing flags from MBEDTLS_X509_ID_FLAG().
- */
-typedef struct mbedtls_x509_crt_profile
-{
-    uint32_t allowed_mds;       /**< MDs for signatures         */
-    uint32_t allowed_pks;       /**< PK algs for public keys;
-                                 *   this applies to all certificates
-                                 *   in the provided chain.     */
-    uint32_t allowed_curves;    /**< Elliptic curves for ECDSA  */
-    uint32_t rsa_min_bitlen;    /**< Minimum size for RSA keys  */
-}
-mbedtls_x509_crt_profile;
-
-#define MBEDTLS_X509_CRT_VERSION_1              0
-#define MBEDTLS_X509_CRT_VERSION_2              1
-#define MBEDTLS_X509_CRT_VERSION_3              2
-
-#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
-#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN   15
-
-#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
-#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
-#endif
-
-/**
- * Container for writing a certificate (CRT)
- */
-typedef struct mbedtls_x509write_cert
-{
-    int version;
-    mbedtls_mpi serial;
-    mbedtls_pk_context *subject_key;
-    mbedtls_pk_context *issuer_key;
-    mbedtls_asn1_named_data *subject;
-    mbedtls_asn1_named_data *issuer;
-    mbedtls_md_type_t md_alg;
-    char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
-    char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
-    mbedtls_asn1_named_data *extensions;
-}
-mbedtls_x509write_cert;
-
-/**
- * Item in a verification chain: cert and flags for it
- */
-typedef struct {
-    mbedtls_x509_crt *crt;
-    uint32_t flags;
-} mbedtls_x509_crt_verify_chain_item;
-
-/**
- * Max size of verification chain: end-entity + intermediates + trusted root
- */
-#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE  ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
-
-/**
- * Verification chain as built by \c mbedtls_crt_verify_chain()
- */
-typedef struct
-{
-    mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
-    unsigned len;
-
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-    /* This stores the list of potential trusted signers obtained from
-     * the CA callback used for the CRT verification, if configured.
-     * We must track it somewhere because the callback passes its
-     * ownership to the caller. */
-    mbedtls_x509_crt *trust_ca_cb_result;
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-} mbedtls_x509_crt_verify_chain;
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-
-/**
- * \brief       Context for resuming X.509 verify operations
- */
-typedef struct
-{
-    /* for check_signature() */
-    mbedtls_pk_restart_ctx pk;
-
-    /* for find_parent_in() */
-    mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */
-    mbedtls_x509_crt *fallback_parent;
-    int fallback_signature_is_good;
-
-    /* for find_parent() */
-    int parent_is_trusted; /* -1 if find_parent is not in progress */
-
-    /* for verify_chain() */
-    enum {
-        x509_crt_rs_none,
-        x509_crt_rs_find_parent,
-    } in_progress;  /* none if no operation is in progress */
-    int self_cnt;
-    mbedtls_x509_crt_verify_chain ver_chain;
-
-} mbedtls_x509_crt_restart_ctx;
-
-#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-/* Now we can declare functions that take a pointer to that */
-typedef void mbedtls_x509_crt_restart_ctx;
-
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-/**
- * Default security profile. Should provide a good balance between security
- * and compatibility with current deployments.
- *
- * This profile permits:
- * - SHA2 hashes.
- * - All supported elliptic curves.
- * - RSA with 2048 bits and above.
- *
- * New minor versions of Mbed TLS may extend this profile, for example if
- * new curves are added to the library. New minor versions of Mbed TLS will
- * not reduce this profile unless serious security concerns require it.
- */
-extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
-
-/**
- * Expected next default profile. Recommended for new deployments.
- * Currently targets a 128-bit security level, except for allowing RSA-2048.
- */
-extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
-
-/**
- * NSA Suite B profile.
- */
-extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
-
-/**
- * \brief          Parse a single DER formatted certificate and add it
- *                 to the end of the provided chained list.
- *
- * \param chain    The pointer to the start of the CRT chain to attach to.
- *                 When parsing the first CRT in a chain, this should point
- *                 to an instance of ::mbedtls_x509_crt initialized through
- *                 mbedtls_x509_crt_init().
- * \param buf      The buffer holding the DER encoded certificate.
- * \param buflen   The size in Bytes of \p buf.
- *
- * \note           This function makes an internal copy of the CRT buffer
- *                 \p buf. In particular, \p buf may be destroyed or reused
- *                 after this call returns. To avoid duplicating the CRT
- *                 buffer (at the cost of stricter lifetime constraints),
- *                 use mbedtls_x509_crt_parse_der_nocopy() instead.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
-                                const unsigned char *buf,
-                                size_t buflen );
-
-/**
- * \brief          The type of certificate extension callbacks.
- *
- *                 Callbacks of this type are passed to and used by the
- *                 mbedtls_x509_crt_parse_der_with_ext_cb() routine when
- *                 it encounters either an unsupported extension or a
- *                 "certificate policies" extension containing any
- *                 unsupported certificate policies.
- *                 Future versions of the library may invoke the callback
- *                 in other cases, if and when the need arises.
- *
- * \param p_ctx    An opaque context passed to the callback.
- * \param crt      The certificate being parsed.
- * \param oid      The OID of the extension.
- * \param critical Whether the extension is critical.
- * \param p        Pointer to the start of the extension value
- *                 (the content of the OCTET STRING).
- * \param end      End of extension value.
- *
- * \note           The callback must fail and return a negative error code
- *                 if it can not parse or does not support the extension.
- *                 When the callback fails to parse a critical extension
- *                 mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
- *                 When the callback fails to parse a non critical extension
- *                 mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
- *                 the extension and continues parsing.
- *
- * \return         \c 0 on success.
- * \return         A negative error code on failure.
- */
-typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
-                                          mbedtls_x509_crt const *crt,
-                                          mbedtls_x509_buf const *oid,
-                                          int critical,
-                                          const unsigned char *p,
-                                          const unsigned char *end );
-
-/**
- * \brief            Parse a single DER formatted certificate and add it
- *                   to the end of the provided chained list.
- *
- * \param chain      The pointer to the start of the CRT chain to attach to.
- *                   When parsing the first CRT in a chain, this should point
- *                   to an instance of ::mbedtls_x509_crt initialized through
- *                   mbedtls_x509_crt_init().
- * \param buf        The buffer holding the DER encoded certificate.
- * \param buflen     The size in Bytes of \p buf.
- * \param make_copy  When not zero this function makes an internal copy of the
- *                   CRT buffer \p buf. In particular, \p buf may be destroyed
- *                   or reused after this call returns.
- *                   When zero this function avoids duplicating the CRT buffer
- *                   by taking temporary ownership thereof until the CRT
- *                   is destroyed (like mbedtls_x509_crt_parse_der_nocopy())
- * \param cb         A callback invoked for every unsupported certificate
- *                   extension.
- * \param p_ctx      An opaque context passed to the callback.
- *
- * \note             This call is functionally equivalent to
- *                   mbedtls_x509_crt_parse_der(), and/or
- *                   mbedtls_x509_crt_parse_der_nocopy()
- *                   but it calls the callback with every unsupported
- *                   certificate extension and additionally the
- *                   "certificate policies" extension if it contains any
- *                   unsupported certificate policies.
- *                   The callback must return a negative error code if it
- *                   does not know how to handle such an extension.
- *                   When the callback fails to parse a critical extension
- *                   mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
- *                   When the callback fails to parse a non critical extension
- *                   mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
- *                   the extension and continues parsing.
- *                   Future versions of the library may invoke the callback
- *                   in other cases, if and when the need arises.
- *
- * \return           \c 0 if successful.
- * \return           A negative error code on failure.
- */
-int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
-                                            const unsigned char *buf,
-                                            size_t buflen,
-                                            int make_copy,
-                                            mbedtls_x509_crt_ext_cb_t cb,
-                                            void *p_ctx );
-
-/**
- * \brief          Parse a single DER formatted certificate and add it
- *                 to the end of the provided chained list. This is a
- *                 variant of mbedtls_x509_crt_parse_der() which takes
- *                 temporary ownership of the CRT buffer until the CRT
- *                 is destroyed.
- *
- * \param chain    The pointer to the start of the CRT chain to attach to.
- *                 When parsing the first CRT in a chain, this should point
- *                 to an instance of ::mbedtls_x509_crt initialized through
- *                 mbedtls_x509_crt_init().
- * \param buf      The address of the readable buffer holding the DER encoded
- *                 certificate to use. On success, this buffer must be
- *                 retained and not be changed for the liftetime of the
- *                 CRT chain \p chain, that is, until \p chain is destroyed
- *                 through a call to mbedtls_x509_crt_free().
- * \param buflen   The size in Bytes of \p buf.
- *
- * \note           This call is functionally equivalent to
- *                 mbedtls_x509_crt_parse_der(), but it avoids creating a
- *                 copy of the input buffer at the cost of stronger lifetime
- *                 constraints. This is useful in constrained environments
- *                 where duplication of the CRT cannot be tolerated.
- *
- * \return         \c 0 if successful.
- * \return         A negative error code on failure.
- */
-int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
-                                       const unsigned char *buf,
-                                       size_t buflen );
-
-/**
- * \brief          Parse one DER-encoded or one or more concatenated PEM-encoded
- *                 certificates and add them to the chained list.
- *
- *                 For CRTs in PEM encoding, the function parses permissively:
- *                 if at least one certificate can be parsed, the function
- *                 returns the number of certificates for which parsing failed
- *                 (hence \c 0 if all certificates were parsed successfully).
- *                 If no certificate could be parsed, the function returns
- *                 the first (negative) error encountered during parsing.
- *
- *                 PEM encoded certificates may be interleaved by other data
- *                 such as human readable descriptions of their content, as
- *                 long as the certificates are enclosed in the PEM specific
- *                 '-----{BEGIN/END} CERTIFICATE-----' delimiters.
- *
- * \param chain    The chain to which to add the parsed certificates.
- * \param buf      The buffer holding the certificate data in PEM or DER format.
- *                 For certificates in PEM encoding, this may be a concatenation
- *                 of multiple certificates; for DER encoding, the buffer must
- *                 comprise exactly one certificate.
- * \param buflen   The size of \p buf, including the terminating \c NULL byte
- *                 in case of PEM encoded data.
- *
- * \return         \c 0 if all certificates were parsed successfully.
- * \return         The (positive) number of certificates that couldn't
- *                 be parsed if parsing was partly successful (see above).
- * \return         A negative X509 or PEM error code otherwise.
- *
- */
-int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief          Load one or more certificates and add them
- *                 to the chained list. Parses permissively. If some
- *                 certificates can be parsed, the result is the number
- *                 of failed certificates it encountered. If none complete
- *                 correctly, the first error is returned.
- *
- * \param chain    points to the start of the chain
- * \param path     filename to read the certificates from
- *
- * \return         0 if all certificates parsed successfully, a positive number
- *                 if partly successful or a specific X509 or PEM error code
- */
-int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
-
-/**
- * \brief          Load one or more certificate files from a path and add them
- *                 to the chained list. Parses permissively. If some
- *                 certificates can be parsed, the result is the number
- *                 of failed certificates it encountered. If none complete
- *                 correctly, the first error is returned.
- *
- * \param chain    points to the start of the chain
- * \param path     directory / folder to read the certificate files from
- *
- * \return         0 if all certificates parsed successfully, a positive number
- *                 if partly successful or a specific X509 or PEM error code
- */
-int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
-
-#endif /* MBEDTLS_FS_IO */
-/**
- * \brief          This function parses an item in the SubjectAlternativeNames
- *                 extension.
- *
- * \param san_buf  The buffer holding the raw data item of the subject
- *                 alternative name.
- * \param san      The target structure to populate with the parsed presentation
- *                 of the subject alternative name encoded in \p san_raw.
- *
- * \note           Only "dnsName" and "otherName" of type hardware_module_name
- *                 as defined in RFC 4180 is supported.
- *
- * \note           This function should be called on a single raw data of
- *                 subject alternative name. For example, after successful
- *                 certificate parsing, one must iterate on every item in the
- *                 \p crt->subject_alt_names sequence, and pass it to
- *                 this function.
- *
- * \warning        The target structure contains pointers to the raw data of the
- *                 parsed certificate, and its lifetime is restricted by the
- *                 lifetime of the certificate.
- *
- * \return         \c 0 on success
- * \return         #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
- *                 SAN type.
- * \return         Another negative value for any other failure.
- */
-int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
-                                         mbedtls_x509_subject_alternative_name *san );
-/**
- * \brief          Returns an informational string about the
- *                 certificate.
- *
- * \param buf      Buffer to write to
- * \param size     Maximum size of buffer
- * \param prefix   A line prefix
- * \param crt      The X509 certificate to represent
- *
- * \return         The length of the string written (not including the
- *                 terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_crt *crt );
-
-/**
- * \brief          Returns an informational string about the
- *                 verification status of a certificate.
- *
- * \param buf      Buffer to write to
- * \param size     Maximum size of buffer
- * \param prefix   A line prefix
- * \param flags    Verification flags created by mbedtls_x509_crt_verify()
- *
- * \return         The length of the string written (not including the
- *                 terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
-                          uint32_t flags );
-
-/**
- * \brief          Verify a chain of certificates.
- *
- *                 The verify callback is a user-supplied callback that
- *                 can clear / modify / add flags for a certificate. If set,
- *                 the verification callback is called for each
- *                 certificate in the chain (from the trust-ca down to the
- *                 presented crt). The parameters for the callback are:
- *                 (void *parameter, mbedtls_x509_crt *crt, int certificate_depth,
- *                 int *flags). With the flags representing current flags for
- *                 that specific certificate and the certificate depth from
- *                 the bottom (Peer cert depth = 0).
- *
- *                 All flags left after returning from the callback
- *                 are also returned to the application. The function should
- *                 return 0 for anything (including invalid certificates)
- *                 other than fatal error, as a non-zero return code
- *                 immediately aborts the verification process. For fatal
- *                 errors, a specific error code should be used (different
- *                 from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
- *                 be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
- *                 can be used if no better code is available.
- *
- * \note           In case verification failed, the results can be displayed
- *                 using \c mbedtls_x509_crt_verify_info()
- *
- * \note           Same as \c mbedtls_x509_crt_verify_with_profile() with the
- *                 default security profile.
- *
- * \note           It is your responsibility to provide up-to-date CRLs for
- *                 all trusted CAs. If no CRL is provided for the CA that was
- *                 used to sign the certificate, CRL verification is skipped
- *                 silently, that is *without* setting any flag.
- *
- * \note           The \c trust_ca list can contain two types of certificates:
- *                 (1) those of trusted root CAs, so that certificates
- *                 chaining up to those CAs will be trusted, and (2)
- *                 self-signed end-entity certificates to be trusted (for
- *                 specific peers you know) - in that case, the self-signed
- *                 certificate doesn't need to have the CA bit set.
- *
- * \param crt      The certificate chain to be verified.
- * \param trust_ca The list of trusted CAs.
- * \param ca_crl   The list of CRLs for trusted CAs.
- * \param cn       The expected Common Name. This will be checked to be
- *                 present in the certificate's subjectAltNames extension or,
- *                 if this extension is absent, as a CN component in its
- *                 Subject name. Currently only DNS names are supported. This
- *                 may be \c NULL if the CN need not be verified.
- * \param flags    The address at which to store the result of the verification.
- *                 If the verification couldn't be completed, the flag value is
- *                 set to (uint32_t) -1.
- * \param f_vrfy   The verification callback to use. See the documentation
- *                 of mbedtls_x509_crt_verify() for more information.
- * \param p_vrfy   The context to be passed to \p f_vrfy.
- *
- * \return         \c 0 if the chain is valid with respect to the
- *                 passed CN, CAs, CRLs and security profile.
- * \return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
- *                 certificate chain verification failed. In this case,
- *                 \c *flags will have one or more
- *                 \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
- *                 flags set.
- * \return         Another negative error code in case of a fatal error
- *                 encountered during the verification process.
- */
-int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy );
-
-/**
- * \brief          Verify a chain of certificates with respect to
- *                 a configurable security profile.
- *
- * \note           Same as \c mbedtls_x509_crt_verify(), but with explicit
- *                 security profile.
- *
- * \note           The restrictions on keys (RSA minimum size, allowed curves
- *                 for ECDSA) apply to all certificates: trusted root,
- *                 intermediate CAs if any, and end entity certificate.
- *
- * \param crt      The certificate chain to be verified.
- * \param trust_ca The list of trusted CAs.
- * \param ca_crl   The list of CRLs for trusted CAs.
- * \param profile  The security profile to use for the verification.
- * \param cn       The expected Common Name. This may be \c NULL if the
- *                 CN need not be verified.
- * \param flags    The address at which to store the result of the verification.
- *                 If the verification couldn't be completed, the flag value is
- *                 set to (uint32_t) -1.
- * \param f_vrfy   The verification callback to use. See the documentation
- *                 of mbedtls_x509_crt_verify() for more information.
- * \param p_vrfy   The context to be passed to \p f_vrfy.
- *
- * \return         \c 0 if the chain is valid with respect to the
- *                 passed CN, CAs, CRLs and security profile.
- * \return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
- *                 certificate chain verification failed. In this case,
- *                 \c *flags will have one or more
- *                 \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
- *                 flags set.
- * \return         Another negative error code in case of a fatal error
- *                 encountered during the verification process.
- */
-int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     const mbedtls_x509_crt_profile *profile,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy );
-
-/**
- * \brief          Restartable version of \c mbedtls_crt_verify_with_profile()
- *
- * \note           Performs the same job as \c mbedtls_crt_verify_with_profile()
- *                 but can return early and restart according to the limit
- *                 set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
- *
- * \param crt      The certificate chain to be verified.
- * \param trust_ca The list of trusted CAs.
- * \param ca_crl   The list of CRLs for trusted CAs.
- * \param profile  The security profile to use for the verification.
- * \param cn       The expected Common Name. This may be \c NULL if the
- *                 CN need not be verified.
- * \param flags    The address at which to store the result of the verification.
- *                 If the verification couldn't be completed, the flag value is
- *                 set to (uint32_t) -1.
- * \param f_vrfy   The verification callback to use. See the documentation
- *                 of mbedtls_x509_crt_verify() for more information.
- * \param p_vrfy   The context to be passed to \p f_vrfy.
- * \param rs_ctx   The restart context to use. This may be set to \c NULL
- *                 to disable restartable ECC.
- *
- * \return         See \c mbedtls_crt_verify_with_profile(), or
- * \return         #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
- *                 operations was reached: see \c mbedtls_ecp_set_max_ops().
- */
-int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     const mbedtls_x509_crt_profile *profile,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy,
-                     mbedtls_x509_crt_restart_ctx *rs_ctx );
-
-/**
- * \brief               The type of trusted certificate callbacks.
- *
- *                      Callbacks of this type are passed to and used by the CRT
- *                      verification routine mbedtls_x509_crt_verify_with_ca_cb()
- *                      when looking for trusted signers of a given certificate.
- *
- *                      On success, the callback returns a list of trusted
- *                      certificates to be considered as potential signers
- *                      for the input certificate.
- *
- * \param p_ctx         An opaque context passed to the callback.
- * \param child         The certificate for which to search a potential signer.
- *                      This will point to a readable certificate.
- * \param candidate_cas The address at which to store the address of the first
- *                      entry in the generated linked list of candidate signers.
- *                      This will not be \c NULL.
- *
- * \note                The callback must only return a non-zero value on a
- *                      fatal error. If, in contrast, the search for a potential
- *                      signer completes without a single candidate, the
- *                      callback must return \c 0 and set \c *candidate_cas
- *                      to \c NULL.
- *
- * \return              \c 0 on success. In this case, \c *candidate_cas points
- *                      to a heap-allocated linked list of instances of
- *                      ::mbedtls_x509_crt, and ownership of this list is passed
- *                      to the caller.
- * \return              A negative error code on failure.
- */
-typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx,
-                                         mbedtls_x509_crt const *child,
-                                         mbedtls_x509_crt **candidate_cas );
-
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
-/**
- * \brief          Version of \c mbedtls_x509_crt_verify_with_profile() which
- *                 uses a callback to acquire the list of trusted CA
- *                 certificates.
- *
- * \param crt      The certificate chain to be verified.
- * \param f_ca_cb  The callback to be used to query for potential signers
- *                 of a given child certificate. See the documentation of
- *                 ::mbedtls_x509_crt_ca_cb_t for more information.
- * \param p_ca_cb  The opaque context to be passed to \p f_ca_cb.
- * \param profile  The security profile for the verification.
- * \param cn       The expected Common Name. This may be \c NULL if the
- *                 CN need not be verified.
- * \param flags    The address at which to store the result of the verification.
- *                 If the verification couldn't be completed, the flag value is
- *                 set to (uint32_t) -1.
- * \param f_vrfy   The verification callback to use. See the documentation
- *                 of mbedtls_x509_crt_verify() for more information.
- * \param p_vrfy   The context to be passed to \p f_vrfy.
- *
- * \return         See \c mbedtls_crt_verify_with_profile().
- */
-int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt_ca_cb_t f_ca_cb,
-                     void *p_ca_cb,
-                     const mbedtls_x509_crt_profile *profile,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy );
-
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-
-#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
-/**
- * \brief          Check usage of certificate against keyUsage extension.
- *
- * \param crt      Leaf certificate used.
- * \param usage    Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT
- *                 before using the certificate to perform an RSA key
- *                 exchange).
- *
- * \note           Except for decipherOnly and encipherOnly, a bit set in the
- *                 usage argument means this bit MUST be set in the
- *                 certificate. For decipherOnly and encipherOnly, it means
- *                 that bit MAY be set.
- *
- * \return         0 is these uses of the certificate are allowed,
- *                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
- *                 is present but does not match the usage argument.
- *
- * \note           You should only call this function on leaf certificates, on
- *                 (intermediate) CAs the keyUsage extension is automatically
- *                 checked by \c mbedtls_x509_crt_verify().
- */
-int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
-                                      unsigned int usage );
-#endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
-
-#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
-/**
- * \brief           Check usage of certificate against extendedKeyUsage.
- *
- * \param crt       Leaf certificate used.
- * \param usage_oid Intended usage (eg MBEDTLS_OID_SERVER_AUTH or
- *                  MBEDTLS_OID_CLIENT_AUTH).
- * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
- *
- * \return          0 if this use of the certificate is allowed,
- *                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
- *
- * \note            Usually only makes sense on leaf certificates.
- */
-int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
-                                               const char *usage_oid,
-                                               size_t usage_len );
-#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
-
-#if defined(MBEDTLS_X509_CRL_PARSE_C)
-/**
- * \brief          Verify the certificate revocation status
- *
- * \param crt      a certificate to be verified
- * \param crl      the CRL to verify against
- *
- * \return         1 if the certificate is revoked, 0 otherwise
- *
- */
-int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
-#endif /* MBEDTLS_X509_CRL_PARSE_C */
-
-/**
- * \brief          Initialize a certificate (chain)
- *
- * \param crt      Certificate chain to initialize
- */
-void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
-
-/**
- * \brief          Unallocate all certificate data
- *
- * \param crt      Certificate chain to free
- */
-void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-/**
- * \brief           Initialize a restart context
- */
-void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
-
-/**
- * \brief           Free the components of a restart context
- */
-void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-/** \} name Structures and functions for parsing and writing X.509 certificates */
-
-#if defined(MBEDTLS_X509_CRT_WRITE_C)
-/**
- * \brief           Initialize a CRT writing context
- *
- * \param ctx       CRT context to initialize
- */
-void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
-
-/**
- * \brief           Set the version for a Certificate
- *                  Default: MBEDTLS_X509_CRT_VERSION_3
- *
- * \param ctx       CRT context to use
- * \param version   version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
- *                                  MBEDTLS_X509_CRT_VERSION_3)
- */
-void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
-
-/**
- * \brief           Set the serial number for a Certificate.
- *
- * \param ctx       CRT context to use
- * \param serial    serial number to set
- *
- * \return          0 if successful
- */
-int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
-
-/**
- * \brief           Set the validity period for a Certificate
- *                  Timestamps should be in string format for UTC timezone
- *                  i.e. "YYYYMMDDhhmmss"
- *                  e.g. "20131231235959" for December 31st 2013
- *                       at 23:59:59
- *
- * \param ctx       CRT context to use
- * \param not_before    not_before timestamp
- * \param not_after     not_after timestamp
- *
- * \return          0 if timestamp was parsed successfully, or
- *                  a specific error code
- */
-int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
-                                const char *not_after );
-
-/**
- * \brief           Set the issuer name for a Certificate
- *                  Issuer names should contain a comma-separated list
- *                  of OID types and values:
- *                  e.g. "C=UK,O=ARM,CN=mbed TLS CA"
- *
- * \param ctx           CRT context to use
- * \param issuer_name   issuer name to set
- *
- * \return          0 if issuer name was parsed successfully, or
- *                  a specific error code
- */
-int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
-                                   const char *issuer_name );
-
-/**
- * \brief           Set the subject name for a Certificate
- *                  Subject names should contain a comma-separated list
- *                  of OID types and values:
- *                  e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
- *
- * \param ctx           CRT context to use
- * \param subject_name  subject name to set
- *
- * \return          0 if subject name was parsed successfully, or
- *                  a specific error code
- */
-int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
-                                    const char *subject_name );
-
-/**
- * \brief           Set the subject public key for the certificate
- *
- * \param ctx       CRT context to use
- * \param key       public key to include
- */
-void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
-
-/**
- * \brief           Set the issuer key used for signing the certificate
- *
- * \param ctx       CRT context to use
- * \param key       private key to sign with
- */
-void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
-
-/**
- * \brief           Set the MD algorithm to use for the signature
- *                  (e.g. MBEDTLS_MD_SHA1)
- *
- * \param ctx       CRT context to use
- * \param md_alg    MD algorithm to use
- */
-void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
-
-/**
- * \brief           Generic function to add to or replace an extension in the
- *                  CRT
- *
- * \param ctx       CRT context to use
- * \param oid       OID of the extension
- * \param oid_len   length of the OID
- * \param critical  if the extension is critical (per the RFC's definition)
- * \param val       value of the extension OCTET STRING
- * \param val_len   length of the value data
- *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
-                                 const char *oid, size_t oid_len,
-                                 int critical,
-                                 const unsigned char *val, size_t val_len );
-
-/**
- * \brief           Set the basicConstraints extension for a CRT
- *
- * \param ctx       CRT context to use
- * \param is_ca     is this a CA certificate
- * \param max_pathlen   maximum length of certificate chains below this
- *                      certificate (only for CA certificates, -1 is
- *                      unlimited)
- *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
-                                         int is_ca, int max_pathlen );
-
-#if defined(MBEDTLS_SHA1_C)
-/**
- * \brief           Set the subjectKeyIdentifier extension for a CRT
- *                  Requires that mbedtls_x509write_crt_set_subject_key() has been
- *                  called before
- *
- * \param ctx       CRT context to use
- *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
-
-/**
- * \brief           Set the authorityKeyIdentifier extension for a CRT
- *                  Requires that mbedtls_x509write_crt_set_issuer_key() has been
- *                  called before
- *
- * \param ctx       CRT context to use
- *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
-#endif /* MBEDTLS_SHA1_C */
-
-/**
- * \brief           Set the Key Usage Extension flags
- *                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
- *
- * \param ctx       CRT context to use
- * \param key_usage key usage flags to set
- *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
-                                         unsigned int key_usage );
-
-/**
- * \brief           Set the Netscape Cert Type flags
- *                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
- *
- * \param ctx           CRT context to use
- * \param ns_cert_type  Netscape Cert Type flags to set
- *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
-                                    unsigned char ns_cert_type );
-
-/**
- * \brief           Free the contents of a CRT write context
- *
- * \param ctx       CRT context to free
- */
-void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
-
-/**
- * \brief           Write a built up certificate to a X509 DER structure
- *                  Note: data is written at the end of the buffer! Use the
- *                        return value to determine where you should start
- *                        using the buffer
- *
- * \param ctx       certificate to write away
- * \param buf       buffer to write to
- * \param size      size of the buffer
- * \param f_rng     RNG function (for signature, see note)
- * \param p_rng     RNG parameter
- *
- * \return          length of data written if successful, or a specific
- *                  error code
- *
- * \note            f_rng may be NULL if RSA is used for signature and the
- *                  signature is made offline (otherwise f_rng is desirable
- *                  for countermeasures against timing attacks).
- *                  ECDSA signatures always require a non-NULL f_rng.
- */
-int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng );
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief           Write a built up certificate to a X509 PEM string
- *
- * \param ctx       certificate to write away
- * \param buf       buffer to write to
- * \param size      size of the buffer
- * \param f_rng     RNG function (for signature, see note)
- * \param p_rng     RNG parameter
- *
- * \return          0 if successful, or a specific error code
- *
- * \note            f_rng may be NULL if RSA is used for signature and the
- *                  signature is made offline (otherwise f_rng is desirable
- *                  for countermeasures against timing attacks).
- *                  ECDSA signatures always require a non-NULL f_rng.
- */
-int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng );
-#endif /* MBEDTLS_PEM_WRITE_C */
-#endif /* MBEDTLS_X509_CRT_WRITE_C */
-
-/** \} addtogroup x509_module */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_x509_crt.h */
diff --git a/Sources/mbedtls/include/mbedtls/x509_csr.h b/Sources/mbedtls/include/mbedtls/x509_csr.h
deleted file mode 100644
index 2a1c046..0000000
--- a/Sources/mbedtls/include/mbedtls/x509_csr.h
+++ /dev/null
@@ -1,306 +0,0 @@
-/**
- * \file x509_csr.h
- *
- * \brief X.509 certificate signing request parsing and writing
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_X509_CSR_H
-#define MBEDTLS_X509_CSR_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/x509.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \addtogroup x509_module
- * \{ */
-
-/**
- * \name Structures and functions for X.509 Certificate Signing Requests (CSR)
- * \{
- */
-
-/**
- * Certificate Signing Request (CSR) structure.
- */
-typedef struct mbedtls_x509_csr
-{
-    mbedtls_x509_buf raw;           /**< The raw CSR data (DER). */
-    mbedtls_x509_buf cri;           /**< The raw CertificateRequestInfo body (DER). */
-
-    int version;            /**< CSR version (1=v1). */
-
-    mbedtls_x509_buf  subject_raw;  /**< The raw subject data (DER). */
-    mbedtls_x509_name subject;      /**< The parsed subject data (named information object). */
-
-    mbedtls_pk_context pk;          /**< Container for the public key context. */
-
-    mbedtls_x509_buf sig_oid;
-    mbedtls_x509_buf sig;
-    mbedtls_md_type_t sig_md;       /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
-    mbedtls_pk_type_t sig_pk;       /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
-    void *sig_opts;         /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
-}
-mbedtls_x509_csr;
-
-/**
- * Container for writing a CSR
- */
-typedef struct mbedtls_x509write_csr
-{
-    mbedtls_pk_context *key;
-    mbedtls_asn1_named_data *subject;
-    mbedtls_md_type_t md_alg;
-    mbedtls_asn1_named_data *extensions;
-}
-mbedtls_x509write_csr;
-
-#if defined(MBEDTLS_X509_CSR_PARSE_C)
-/**
- * \brief          Load a Certificate Signing Request (CSR) in DER format
- *
- * \note           CSR attributes (if any) are currently silently ignored.
- *
- * \param csr      CSR context to fill
- * \param buf      buffer holding the CRL data
- * \param buflen   size of the buffer
- *
- * \return         0 if successful, or a specific X509 error code
- */
-int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
-                        const unsigned char *buf, size_t buflen );
-
-/**
- * \brief          Load a Certificate Signing Request (CSR), DER or PEM format
- *
- * \note           See notes for \c mbedtls_x509_csr_parse_der()
- *
- * \param csr      CSR context to fill
- * \param buf      buffer holding the CRL data
- * \param buflen   size of the buffer
- *                 (including the terminating null byte for PEM data)
- *
- * \return         0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen );
-
-#if defined(MBEDTLS_FS_IO)
-/**
- * \brief          Load a Certificate Signing Request (CSR)
- *
- * \note           See notes for \c mbedtls_x509_csr_parse()
- *
- * \param csr      CSR context to fill
- * \param path     filename to read the CSR from
- *
- * \return         0 if successful, or a specific X509 or PEM error code
- */
-int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path );
-#endif /* MBEDTLS_FS_IO */
-
-/**
- * \brief          Returns an informational string about the
- *                 CSR.
- *
- * \param buf      Buffer to write to
- * \param size     Maximum size of buffer
- * \param prefix   A line prefix
- * \param csr      The X509 CSR to represent
- *
- * \return         The length of the string written (not including the
- *                 terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_csr *csr );
-
-/**
- * \brief          Initialize a CSR
- *
- * \param csr      CSR to initialize
- */
-void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
-
-/**
- * \brief          Unallocate all CSR data
- *
- * \param csr      CSR to free
- */
-void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
-#endif /* MBEDTLS_X509_CSR_PARSE_C */
-
-/** \} name Structures and functions for X.509 Certificate Signing Requests (CSR) */
-
-#if defined(MBEDTLS_X509_CSR_WRITE_C)
-/**
- * \brief           Initialize a CSR context
- *
- * \param ctx       CSR context to initialize
- */
-void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx );
-
-/**
- * \brief           Set the subject name for a CSR
- *                  Subject names should contain a comma-separated list
- *                  of OID types and values:
- *                  e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
- *
- * \param ctx           CSR context to use
- * \param subject_name  subject name to set
- *
- * \return          0 if subject name was parsed successfully, or
- *                  a specific error code
- */
-int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
-                                    const char *subject_name );
-
-/**
- * \brief           Set the key for a CSR (public key will be included,
- *                  private key used to sign the CSR when writing it)
- *
- * \param ctx       CSR context to use
- * \param key       Asymmetric key to include
- */
-void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
-
-/**
- * \brief           Set the MD algorithm to use for the signature
- *                  (e.g. MBEDTLS_MD_SHA1)
- *
- * \param ctx       CSR context to use
- * \param md_alg    MD algorithm to use
- */
-void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg );
-
-/**
- * \brief           Set the Key Usage Extension flags
- *                  (e.g. MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_CERT_SIGN)
- *
- * \param ctx       CSR context to use
- * \param key_usage key usage flags to set
- *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
- *
- * \note            The <code>decipherOnly</code> flag from the Key Usage
- *                  extension is represented by bit 8 (i.e.
- *                  <code>0x8000</code>), which cannot typically be represented
- *                  in an unsigned char. Therefore, the flag
- *                  <code>decipherOnly</code> (i.e.
- *                  #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this
- *                  function.
- */
-int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
-
-/**
- * \brief           Set the Netscape Cert Type flags
- *                  (e.g. MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT | MBEDTLS_X509_NS_CERT_TYPE_EMAIL)
- *
- * \param ctx           CSR context to use
- * \param ns_cert_type  Netscape Cert Type flags to set
- *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
-                                    unsigned char ns_cert_type );
-
-/**
- * \brief           Generic function to add to or replace an extension in the
- *                  CSR
- *
- * \param ctx       CSR context to use
- * \param oid       OID of the extension
- * \param oid_len   length of the OID
- * \param val       value of the extension OCTET STRING
- * \param val_len   length of the value data
- *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
- */
-int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
-                                 const char *oid, size_t oid_len,
-                                 const unsigned char *val, size_t val_len );
-
-/**
- * \brief           Free the contents of a CSR context
- *
- * \param ctx       CSR context to free
- */
-void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx );
-
-/**
- * \brief           Write a CSR (Certificate Signing Request) to a
- *                  DER structure
- *                  Note: data is written at the end of the buffer! Use the
- *                        return value to determine where you should start
- *                        using the buffer
- *
- * \param ctx       CSR to write away
- * \param buf       buffer to write to
- * \param size      size of the buffer
- * \param f_rng     RNG function (for signature, see note)
- * \param p_rng     RNG parameter
- *
- * \return          length of data written if successful, or a specific
- *                  error code
- *
- * \note            f_rng may be NULL if RSA is used for signature and the
- *                  signature is made offline (otherwise f_rng is desirable
- *                  for countermeasures against timing attacks).
- *                  ECDSA signatures always require a non-NULL f_rng.
- */
-int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng );
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-/**
- * \brief           Write a CSR (Certificate Signing Request) to a
- *                  PEM string
- *
- * \param ctx       CSR to write away
- * \param buf       buffer to write to
- * \param size      size of the buffer
- * \param f_rng     RNG function (for signature, see note)
- * \param p_rng     RNG parameter
- *
- * \return          0 if successful, or a specific error code
- *
- * \note            f_rng may be NULL if RSA is used for signature and the
- *                  signature is made offline (otherwise f_rng is desirable
- *                  for countermeasures against timing attacks).
- *                  ECDSA signatures always require a non-NULL f_rng.
- */
-int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng );
-#endif /* MBEDTLS_PEM_WRITE_C */
-#endif /* MBEDTLS_X509_CSR_WRITE_C */
-
-/** \} addtogroup x509_module */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* mbedtls_x509_csr.h */
diff --git a/Sources/mbedtls/include/mbedtls/xtea.h b/Sources/mbedtls/include/mbedtls/xtea.h
deleted file mode 100644
index 4bdc711..0000000
--- a/Sources/mbedtls/include/mbedtls/xtea.h
+++ /dev/null
@@ -1,139 +0,0 @@
-/**
- * \file xtea.h
- *
- * \brief XTEA block cipher (32-bit)
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_XTEA_H
-#define MBEDTLS_XTEA_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-#define MBEDTLS_XTEA_ENCRYPT     1
-#define MBEDTLS_XTEA_DECRYPT     0
-
-/** The data input has an invalid length. */
-#define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH             -0x0028
-
-/* MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED is deprecated and should not be used. */
-/** XTEA hardware accelerator failed. */
-#define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED                  -0x0029
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if !defined(MBEDTLS_XTEA_ALT)
-// Regular implementation
-//
-
-/**
- * \brief          XTEA context structure
- */
-typedef struct mbedtls_xtea_context
-{
-    uint32_t k[4];       /*!< key */
-}
-mbedtls_xtea_context;
-
-#else  /* MBEDTLS_XTEA_ALT */
-#include "xtea_alt.h"
-#endif /* MBEDTLS_XTEA_ALT */
-
-/**
- * \brief          Initialize XTEA context
- *
- * \param ctx      XTEA context to be initialized
- */
-void mbedtls_xtea_init( mbedtls_xtea_context *ctx );
-
-/**
- * \brief          Clear XTEA context
- *
- * \param ctx      XTEA context to be cleared
- */
-void mbedtls_xtea_free( mbedtls_xtea_context *ctx );
-
-/**
- * \brief          XTEA key schedule
- *
- * \param ctx      XTEA context to be initialized
- * \param key      the secret key
- */
-void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] );
-
-/**
- * \brief          XTEA cipher function
- *
- * \param ctx      XTEA context
- * \param mode     MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT
- * \param input    8-byte input block
- * \param output   8-byte output block
- *
- * \return         0 if successful
- */
-int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx,
-                    int mode,
-                    const unsigned char input[8],
-                    unsigned char output[8] );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/**
- * \brief          XTEA CBC cipher function
- *
- * \param ctx      XTEA context
- * \param mode     MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT
- * \param length   the length of input, multiple of 8
- * \param iv       initialization vector for CBC mode
- * \param input    input block
- * \param output   output block
- *
- * \return         0 if successful,
- *                 MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0
- */
-int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[8],
-                    const unsigned char *input,
-                    unsigned char *output);
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/**
- * \brief          Checkup routine
- *
- * \return         0 if successful, or 1 if the test failed
- */
-int mbedtls_xtea_self_test( int verbose );
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* xtea.h */
diff --git a/Sources/mbedtls/include/psa/crypto.h b/Sources/mbedtls/include/psa/crypto.h
deleted file mode 100644
index faa3b9e..0000000
--- a/Sources/mbedtls/include/psa/crypto.h
+++ /dev/null
@@ -1,3910 +0,0 @@
-/**
- * \file psa/crypto.h
- * \brief Platform Security Architecture cryptography module
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_H
-#define PSA_CRYPTO_H
-
-#include "crypto_platform.h"
-
-#include <stddef.h>
-
-#ifdef __DOXYGEN_ONLY__
-/* This __DOXYGEN_ONLY__ block contains mock definitions for things that
- * must be defined in the crypto_platform.h header. These mock definitions
- * are present in this file as a convenience to generate pretty-printed
- * documentation that includes those definitions. */
-
-/** \defgroup platform Implementation-specific definitions
- * @{
- */
-
-/**@}*/
-#endif /* __DOXYGEN_ONLY__ */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* The file "crypto_types.h" declares types that encode errors,
- * algorithms, key types, policies, etc. */
-#include "crypto_types.h"
-
-/** \defgroup version API version
- * @{
- */
-
-/**
- * The major version of this implementation of the PSA Crypto API
- */
-#define PSA_CRYPTO_API_VERSION_MAJOR 1
-
-/**
- * The minor version of this implementation of the PSA Crypto API
- */
-#define PSA_CRYPTO_API_VERSION_MINOR 0
-
-/**@}*/
-
-/* The file "crypto_values.h" declares macros to build and analyze values
- * of integral types defined in "crypto_types.h". */
-#include "crypto_values.h"
-
-/** \defgroup initialization Library initialization
- * @{
- */
-
-/**
- * \brief Library initialization.
- *
- * Applications must call this function before calling any other
- * function in this module.
- *
- * Applications may call this function more than once. Once a call
- * succeeds, subsequent calls are guaranteed to succeed.
- *
- * If the application calls other functions before calling psa_crypto_init(),
- * the behavior is undefined. Implementations are encouraged to either perform
- * the operation as if the library had been initialized or to return
- * #PSA_ERROR_BAD_STATE or some other applicable error. In particular,
- * implementations should not return a success status if the lack of
- * initialization may have security implications, for example due to improper
- * seeding of the random number generator.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- */
-psa_status_t psa_crypto_init(void);
-
-/**@}*/
-
-/** \addtogroup attributes
- * @{
- */
-
-/** \def PSA_KEY_ATTRIBUTES_INIT
- *
- * This macro returns a suitable initializer for a key attribute structure
- * of type #psa_key_attributes_t.
- */
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_KEY_ATTRIBUTES_INIT {0}
-#endif
-
-/** Return an initial value for a key attributes structure.
- */
-static psa_key_attributes_t psa_key_attributes_init(void);
-
-/** Declare a key as persistent and set its key identifier.
- *
- * If the attribute structure currently declares the key as volatile (which
- * is the default content of an attribute structure), this function sets
- * the lifetime attribute to #PSA_KEY_LIFETIME_PERSISTENT.
- *
- * This function does not access storage, it merely stores the given
- * value in the structure.
- * The persistent key will be written to storage when the attribute
- * structure is passed to a key creation function such as
- * psa_import_key(), psa_generate_key(),
- * psa_key_derivation_output_key() or psa_copy_key().
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate each of its arguments exactly once.
- *
- * \param[out] attributes  The attribute structure to write to.
- * \param key              The persistent identifier for the key.
- */
-static void psa_set_key_id( psa_key_attributes_t *attributes,
-                            mbedtls_svc_key_id_t key );
-
-#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
-/** Set the owner identifier of a key.
- *
- * When key identifiers encode key owner identifiers, psa_set_key_id() does
- * not allow to define in key attributes the owner of volatile keys as
- * psa_set_key_id() enforces the key to be persistent.
- *
- * This function allows to set in key attributes the owner identifier of a
- * key. It is intended to be used for volatile keys. For persistent keys,
- * it is recommended to use the PSA Cryptography API psa_set_key_id() to define
- * the owner of a key.
- *
- * \param[out] attributes  The attribute structure to write to.
- * \param owner            The key owner identifier.
- */
-static void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
-                                      mbedtls_key_owner_id_t owner );
-#endif
-
-/** Set the location of a persistent key.
- *
- * To make a key persistent, you must give it a persistent key identifier
- * with psa_set_key_id(). By default, a key that has a persistent identifier
- * is stored in the default storage area identifier by
- * #PSA_KEY_LIFETIME_PERSISTENT. Call this function to choose a storage
- * area, or to explicitly declare the key as volatile.
- *
- * This function does not access storage, it merely stores the given
- * value in the structure.
- * The persistent key will be written to storage when the attribute
- * structure is passed to a key creation function such as
- * psa_import_key(), psa_generate_key(),
- * psa_key_derivation_output_key() or psa_copy_key().
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate each of its arguments exactly once.
- *
- * \param[out] attributes       The attribute structure to write to.
- * \param lifetime              The lifetime for the key.
- *                              If this is #PSA_KEY_LIFETIME_VOLATILE, the
- *                              key will be volatile, and the key identifier
- *                              attribute is reset to 0.
- */
-static void psa_set_key_lifetime(psa_key_attributes_t *attributes,
-                                 psa_key_lifetime_t lifetime);
-
-/** Retrieve the key identifier from key attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate its argument exactly once.
- *
- * \param[in] attributes        The key attribute structure to query.
- *
- * \return The persistent identifier stored in the attribute structure.
- *         This value is unspecified if the attribute structure declares
- *         the key as volatile.
- */
-static mbedtls_svc_key_id_t psa_get_key_id(
-    const psa_key_attributes_t *attributes);
-
-/** Retrieve the lifetime from key attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate its argument exactly once.
- *
- * \param[in] attributes        The key attribute structure to query.
- *
- * \return The lifetime value stored in the attribute structure.
- */
-static psa_key_lifetime_t psa_get_key_lifetime(
-    const psa_key_attributes_t *attributes);
-
-/** Declare usage flags for a key.
- *
- * Usage flags are part of a key's usage policy. They encode what
- * kind of operations are permitted on the key. For more details,
- * refer to the documentation of the type #psa_key_usage_t.
- *
- * This function overwrites any usage flags
- * previously set in \p attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate each of its arguments exactly once.
- *
- * \param[out] attributes       The attribute structure to write to.
- * \param usage_flags           The usage flags to write.
- */
-static void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
-                                    psa_key_usage_t usage_flags);
-
-/** Retrieve the usage flags from key attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate its argument exactly once.
- *
- * \param[in] attributes        The key attribute structure to query.
- *
- * \return The usage flags stored in the attribute structure.
- */
-static psa_key_usage_t psa_get_key_usage_flags(
-    const psa_key_attributes_t *attributes);
-
-/** Declare the permitted algorithm policy for a key.
- *
- * The permitted algorithm policy of a key encodes which algorithm or
- * algorithms are permitted to be used with this key. The following
- * algorithm policies are supported:
- * - 0 does not allow any cryptographic operation with the key. The key
- *   may be used for non-cryptographic actions such as exporting (if
- *   permitted by the usage flags).
- * - An algorithm value permits this particular algorithm.
- * - An algorithm wildcard built from #PSA_ALG_ANY_HASH allows the specified
- *   signature scheme with any hash algorithm.
- * - An algorithm built from #PSA_ALG_AT_LEAST_THIS_LENGTH_MAC allows
- *   any MAC algorithm from the same base class (e.g. CMAC) which
- *   generates/verifies a MAC length greater than or equal to the length
- *   encoded in the wildcard algorithm.
- * - An algorithm built from #PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG
- *   allows any AEAD algorithm from the same base class (e.g. CCM) which
- *   generates/verifies a tag length greater than or equal to the length
- *   encoded in the wildcard algorithm.
- *
- * This function overwrites any algorithm policy
- * previously set in \p attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate each of its arguments exactly once.
- *
- * \param[out] attributes       The attribute structure to write to.
- * \param alg                   The permitted algorithm policy to write.
- */
-static void psa_set_key_algorithm(psa_key_attributes_t *attributes,
-                                  psa_algorithm_t alg);
-
-
-/** Retrieve the algorithm policy from key attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate its argument exactly once.
- *
- * \param[in] attributes        The key attribute structure to query.
- *
- * \return The algorithm stored in the attribute structure.
- */
-static psa_algorithm_t psa_get_key_algorithm(
-    const psa_key_attributes_t *attributes);
-
-/** Declare the type of a key.
- *
- * This function overwrites any key type
- * previously set in \p attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate each of its arguments exactly once.
- *
- * \param[out] attributes       The attribute structure to write to.
- * \param type                  The key type to write.
- *                              If this is 0, the key type in \p attributes
- *                              becomes unspecified.
- */
-static void psa_set_key_type(psa_key_attributes_t *attributes,
-                             psa_key_type_t type);
-
-
-/** Declare the size of a key.
- *
- * This function overwrites any key size previously set in \p attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate each of its arguments exactly once.
- *
- * \param[out] attributes       The attribute structure to write to.
- * \param bits                  The key size in bits.
- *                              If this is 0, the key size in \p attributes
- *                              becomes unspecified. Keys of size 0 are
- *                              not supported.
- */
-static void psa_set_key_bits(psa_key_attributes_t *attributes,
-                             size_t bits);
-
-/** Retrieve the key type from key attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate its argument exactly once.
- *
- * \param[in] attributes        The key attribute structure to query.
- *
- * \return The key type stored in the attribute structure.
- */
-static psa_key_type_t psa_get_key_type(const psa_key_attributes_t *attributes);
-
-/** Retrieve the key size from key attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate its argument exactly once.
- *
- * \param[in] attributes        The key attribute structure to query.
- *
- * \return The key size stored in the attribute structure, in bits.
- */
-static size_t psa_get_key_bits(const psa_key_attributes_t *attributes);
-
-/** Retrieve the attributes of a key.
- *
- * This function first resets the attribute structure as with
- * psa_reset_key_attributes(). It then copies the attributes of
- * the given key into the given attribute structure.
- *
- * \note This function may allocate memory or other resources.
- *       Once you have called this function on an attribute structure,
- *       you must call psa_reset_key_attributes() to free these resources.
- *
- * \param[in] key               Identifier of the key to query.
- * \param[in,out] attributes    On success, the attributes of the key.
- *                              On failure, equivalent to a
- *                              freshly-initialized structure.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
-                                    psa_key_attributes_t *attributes);
-
-/** Reset a key attribute structure to a freshly initialized state.
- *
- * You must initialize the attribute structure as described in the
- * documentation of the type #psa_key_attributes_t before calling this
- * function. Once the structure has been initialized, you may call this
- * function at any time.
- *
- * This function frees any auxiliary resources that the structure
- * may contain.
- *
- * \param[in,out] attributes    The attribute structure to reset.
- */
-void psa_reset_key_attributes(psa_key_attributes_t *attributes);
-
-/**@}*/
-
-/** \defgroup key_management Key management
- * @{
- */
-
-/** Remove non-essential copies of key material from memory.
- *
- * If the key identifier designates a volatile key, this functions does not do
- * anything and returns successfully.
- *
- * If the key identifier designates a persistent key, then this function will
- * free all resources associated with the key in volatile memory. The key
- * data in persistent storage is not affected and the key can still be used.
- *
- * \param key Identifier of the key to purge.
- *
- * \retval #PSA_SUCCESS
- *         The key material will have been removed from memory if it is not
- *         currently required.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not a valid key identifier.
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
-
-/** Make a copy of a key.
- *
- * Copy key material from one location to another.
- *
- * This function is primarily useful to copy a key from one location
- * to another, since it populates a key using the material from
- * another key which may have a different lifetime.
- *
- * This function may be used to share a key with a different party,
- * subject to implementation-defined restrictions on key sharing.
- *
- * The policy on the source key must have the usage flag
- * #PSA_KEY_USAGE_COPY set.
- * This flag is sufficient to permit the copy if the key has the lifetime
- * #PSA_KEY_LIFETIME_VOLATILE or #PSA_KEY_LIFETIME_PERSISTENT.
- * Some secure elements do not provide a way to copy a key without
- * making it extractable from the secure element. If a key is located
- * in such a secure element, then the key must have both usage flags
- * #PSA_KEY_USAGE_COPY and #PSA_KEY_USAGE_EXPORT in order to make
- * a copy of the key outside the secure element.
- *
- * The resulting key may only be used in a way that conforms to
- * both the policy of the original key and the policy specified in
- * the \p attributes parameter:
- * - The usage flags on the resulting key are the bitwise-and of the
- *   usage flags on the source policy and the usage flags in \p attributes.
- * - If both allow the same algorithm or wildcard-based
- *   algorithm policy, the resulting key has the same algorithm policy.
- * - If either of the policies allows an algorithm and the other policy
- *   allows a wildcard-based algorithm policy that includes this algorithm,
- *   the resulting key allows the same algorithm.
- * - If the policies do not allow any algorithm in common, this function
- *   fails with the status #PSA_ERROR_INVALID_ARGUMENT.
- *
- * The effect of this function on implementation-defined attributes is
- * implementation-defined.
- *
- * \param source_key        The key to copy. It must allow the usage
- *                          #PSA_KEY_USAGE_COPY. If a private or secret key is
- *                          being copied outside of a secure element it must
- *                          also allow #PSA_KEY_USAGE_EXPORT.
- * \param[in] attributes    The attributes for the new key.
- *                          They are used as follows:
- *                          - The key type and size may be 0. If either is
- *                            nonzero, it must match the corresponding
- *                            attribute of the source key.
- *                          - The key location (the lifetime and, for
- *                            persistent keys, the key identifier) is
- *                            used directly.
- *                          - The policy constraints (usage flags and
- *                            algorithm policy) are combined from
- *                            the source key and \p attributes so that
- *                            both sets of restrictions apply, as
- *                            described in the documentation of this function.
- * \param[out] target_key   On success, an identifier for the newly created
- *                          key. For persistent keys, this is the key
- *                          identifier defined in \p attributes.
- *                          \c 0 on failure.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- *         \p source_key is invalid.
- * \retval #PSA_ERROR_ALREADY_EXISTS
- *         This is an attempt to create a persistent key, and there is
- *         already a persistent key with the given identifier.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The lifetime or identifier in \p attributes are invalid, or
- *         the policy constraints on the source and specified in
- *         \p attributes are incompatible, or
- *         \p attributes specifies a key type or key size
- *         which does not match the attributes of the source key.
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
- *         the source key is not exportable and its lifetime does not
- *         allow copying it to the target's lifetime.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
-                          const psa_key_attributes_t *attributes,
-                          mbedtls_svc_key_id_t *target_key);
-
-
-/**
- * \brief Destroy a key.
- *
- * This function destroys a key from both volatile
- * memory and, if applicable, non-volatile storage. Implementations shall
- * make a best effort to ensure that that the key material cannot be recovered.
- *
- * This function also erases any metadata such as policies and frees
- * resources associated with the key.
- *
- * If a key is currently in use in a multipart operation, then destroying the
- * key will cause the multipart operation to fail.
- *
- * \param key  Identifier of the key to erase. If this is \c 0, do nothing and
- *             return #PSA_SUCCESS.
- *
- * \retval #PSA_SUCCESS
- *         \p key was a valid identifier and the key material that it
- *         referred to has been erased. Alternatively, \p key is \c 0.
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The key cannot be erased because it is
- *         read-only, either due to a policy or due to physical restrictions.
- * \retval #PSA_ERROR_INVALID_HANDLE
- *         \p key is not a valid identifier nor \c 0.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- *         There was a failure in communication with the cryptoprocessor.
- *         The key material may still be present in the cryptoprocessor.
- * \retval #PSA_ERROR_DATA_INVALID
- *         This error is typically a result of either storage corruption on a
- *         cleartext storage backend, or an attempt to read data that was
- *         written by an incompatible version of the library.
- * \retval #PSA_ERROR_STORAGE_FAILURE
- *         The storage is corrupted. Implementations shall make a best effort
- *         to erase key material even in this stage, however applications
- *         should be aware that it may be impossible to guarantee that the
- *         key material is not recoverable in such cases.
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- *         An unexpected condition which is not a storage corruption or
- *         a communication failure occurred. The cryptoprocessor may have
- *         been compromised.
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key);
-
-/**@}*/
-
-/** \defgroup import_export Key import and export
- * @{
- */
-
-/**
- * \brief Import a key in binary format.
- *
- * This function supports any output from psa_export_key(). Refer to the
- * documentation of psa_export_public_key() for the format of public keys
- * and to the documentation of psa_export_key() for the format for
- * other key types.
- *
- * The key data determines the key size. The attributes may optionally
- * specify a key size; in this case it must match the size determined
- * from the key data. A key size of 0 in \p attributes indicates that
- * the key size is solely determined by the key data.
- *
- * Implementations must reject an attempt to import a key of size 0.
- *
- * This specification supports a single format for each key type.
- * Implementations may support other formats as long as the standard
- * format is supported. Implementations that support other formats
- * should ensure that the formats are clearly unambiguous so as to
- * minimize the risk that an invalid input is accidentally interpreted
- * according to a different format.
- *
- * \param[in] attributes    The attributes for the new key.
- *                          The key size is always determined from the
- *                          \p data buffer.
- *                          If the key size in \p attributes is nonzero,
- *                          it must be equal to the size from \p data.
- * \param[out] key          On success, an identifier to the newly created key.
- *                          For persistent keys, this is the key identifier
- *                          defined in \p attributes.
- *                          \c 0 on failure.
- * \param[in] data    Buffer containing the key data. The content of this
- *                    buffer is interpreted according to the type declared
- *                    in \p attributes.
- *                    All implementations must support at least the format
- *                    described in the documentation
- *                    of psa_export_key() or psa_export_public_key() for
- *                    the chosen type. Implementations may allow other
- *                    formats, but should be conservative: implementations
- *                    should err on the side of rejecting content if it
- *                    may be erroneous (e.g. wrong type or truncated data).
- * \param data_length Size of the \p data buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- *         If the key is persistent, the key material and the key's metadata
- *         have been saved to persistent storage.
- * \retval #PSA_ERROR_ALREADY_EXISTS
- *         This is an attempt to create a persistent key, and there is
- *         already a persistent key with the given identifier.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         The key type or key size is not supported, either by the
- *         implementation in general or in this particular persistent location.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key attributes, as a whole, are invalid, or
- *         the key data is not correctly formatted, or
- *         the size in \p attributes is nonzero and does not match the size
- *         of the key data.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
-                            const uint8_t *data,
-                            size_t data_length,
-                            mbedtls_svc_key_id_t *key);
-
-
-
-/**
- * \brief Export a key in binary format.
- *
- * The output of this function can be passed to psa_import_key() to
- * create an equivalent object.
- *
- * If the implementation of psa_import_key() supports other formats
- * beyond the format specified here, the output from psa_export_key()
- * must use the representation specified here, not the original
- * representation.
- *
- * For standard key types, the output format is as follows:
- *
- * - For symmetric keys (including MAC keys), the format is the
- *   raw bytes of the key.
- * - For DES, the key data consists of 8 bytes. The parity bits must be
- *   correct.
- * - For Triple-DES, the format is the concatenation of the
- *   two or three DES keys.
- * - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEY_PAIR), the format
- *   is the non-encrypted DER encoding of the representation defined by
- *   PKCS\#1 (RFC 8017) as `RSAPrivateKey`, version 0.
- *   ```
- *   RSAPrivateKey ::= SEQUENCE {
- *       version             INTEGER,  -- must be 0
- *       modulus             INTEGER,  -- n
- *       publicExponent      INTEGER,  -- e
- *       privateExponent     INTEGER,  -- d
- *       prime1              INTEGER,  -- p
- *       prime2              INTEGER,  -- q
- *       exponent1           INTEGER,  -- d mod (p-1)
- *       exponent2           INTEGER,  -- d mod (q-1)
- *       coefficient         INTEGER,  -- (inverse of q) mod p
- *   }
- *   ```
- * - For elliptic curve key pairs (key types for which
- *   #PSA_KEY_TYPE_IS_ECC_KEY_PAIR is true), the format is
- *   a representation of the private value as a `ceiling(m/8)`-byte string
- *   where `m` is the bit size associated with the curve, i.e. the bit size
- *   of the order of the curve's coordinate field. This byte string is
- *   in little-endian order for Montgomery curves (curve types
- *   `PSA_ECC_FAMILY_CURVEXXX`), and in big-endian order for Weierstrass
- *   curves (curve types `PSA_ECC_FAMILY_SECTXXX`, `PSA_ECC_FAMILY_SECPXXX`
- *   and `PSA_ECC_FAMILY_BRAINPOOL_PXXX`).
- *   For Weierstrass curves, this is the content of the `privateKey` field of
- *   the `ECPrivateKey` format defined by RFC 5915.  For Montgomery curves,
- *   the format is defined by RFC 7748, and output is masked according to §5.
- *   For twisted Edwards curves, the private key is as defined by RFC 8032
- *   (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
- * - For Diffie-Hellman key exchange key pairs (key types for which
- *   #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the
- *   format is the representation of the private key `x` as a big-endian byte
- *   string. The length of the byte string is the private key size in bytes
- *   (leading zeroes are not stripped).
- * - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is
- *   true), the format is the same as for psa_export_public_key().
- *
- * The policy on the key must have the usage flag #PSA_KEY_USAGE_EXPORT set.
- *
- * \param key               Identifier of the key to export. It must allow the
- *                          usage #PSA_KEY_USAGE_EXPORT, unless it is a public
- *                          key.
- * \param[out] data         Buffer where the key data is to be written.
- * \param data_size         Size of the \p data buffer in bytes.
- * \param[out] data_length  On success, the number of bytes
- *                          that make up the key data.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The key does not have the #PSA_KEY_USAGE_EXPORT flag.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p data buffer is too small. You can determine a
- *         sufficient buffer size by calling
- *         #PSA_EXPORT_KEY_OUTPUT_SIZE(\c type, \c bits)
- *         where \c type is the key type
- *         and \c bits is the key size in bits.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
-                            uint8_t *data,
-                            size_t data_size,
-                            size_t *data_length);
-
-/**
- * \brief Export a public key or the public part of a key pair in binary format.
- *
- * The output of this function can be passed to psa_import_key() to
- * create an object that is equivalent to the public key.
- *
- * This specification supports a single format for each key type.
- * Implementations may support other formats as long as the standard
- * format is supported. Implementations that support other formats
- * should ensure that the formats are clearly unambiguous so as to
- * minimize the risk that an invalid input is accidentally interpreted
- * according to a different format.
- *
- * For standard key types, the output format is as follows:
- * - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the DER encoding of
- *   the representation defined by RFC 3279 &sect;2.3.1 as `RSAPublicKey`.
- *   ```
- *   RSAPublicKey ::= SEQUENCE {
- *      modulus            INTEGER,    -- n
- *      publicExponent     INTEGER  }  -- e
- *   ```
- * - For elliptic curve keys on a twisted Edwards curve (key types for which
- *   #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true and #PSA_KEY_TYPE_ECC_GET_FAMILY
- *   returns #PSA_ECC_FAMILY_TWISTED_EDWARDS), the public key is as defined
- *   by RFC 8032
- *   (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
- * - For other elliptic curve public keys (key types for which
- *   #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed
- *   representation defined by SEC1 &sect;2.3.3 as the content of an ECPoint.
- *   Let `m` be the bit size associated with the curve, i.e. the bit size of
- *   `q` for a curve over `F_q`. The representation consists of:
- *      - The byte 0x04;
- *      - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
- *      - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
- * - For Diffie-Hellman key exchange public keys (key types for which
- *   #PSA_KEY_TYPE_IS_DH_PUBLIC_KEY is true),
- *   the format is the representation of the public key `y = g^x mod p` as a
- *   big-endian byte string. The length of the byte string is the length of the
- *   base prime `p` in bytes.
- *
- * Exporting a public key object or the public part of a key pair is
- * always permitted, regardless of the key's usage flags.
- *
- * \param key               Identifier of the key to export.
- * \param[out] data         Buffer where the key data is to be written.
- * \param data_size         Size of the \p data buffer in bytes.
- * \param[out] data_length  On success, the number of bytes
- *                          that make up the key data.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key is neither a public key nor a key pair.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p data buffer is too small. You can determine a
- *         sufficient buffer size by calling
- *         #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
- *         where \c type is the key type
- *         and \c bits is the key size in bits.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
-                                   uint8_t *data,
-                                   size_t data_size,
-                                   size_t *data_length);
-
-
-
-/**@}*/
-
-/** \defgroup hash Message digests
- * @{
- */
-
-/** Calculate the hash (digest) of a message.
- *
- * \note To verify the hash of a message against an
- *       expected value, use psa_hash_compare() instead.
- *
- * \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
- *                          such that #PSA_ALG_IS_HASH(\p alg) is true).
- * \param[in] input         Buffer containing the message to hash.
- * \param input_length      Size of the \p input buffer in bytes.
- * \param[out] hash         Buffer where the hash is to be written.
- * \param hash_size         Size of the \p hash buffer in bytes.
- * \param[out] hash_length  On success, the number of bytes
- *                          that make up the hash value. This is always
- *                          #PSA_HASH_LENGTH(\p alg).
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not a hash algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         \p hash_size is too small
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_hash_compute(psa_algorithm_t alg,
-                              const uint8_t *input,
-                              size_t input_length,
-                              uint8_t *hash,
-                              size_t hash_size,
-                              size_t *hash_length);
-
-/** Calculate the hash (digest) of a message and compare it with a
- * reference value.
- *
- * \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
- *                          such that #PSA_ALG_IS_HASH(\p alg) is true).
- * \param[in] input         Buffer containing the message to hash.
- * \param input_length      Size of the \p input buffer in bytes.
- * \param[out] hash         Buffer containing the expected hash value.
- * \param hash_length       Size of the \p hash buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         The expected hash is identical to the actual hash of the input.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The hash of the message was calculated successfully, but it
- *         differs from the expected hash.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not a hash algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p input_length or \p hash_length do not match the hash size for \p alg
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_hash_compare(psa_algorithm_t alg,
-                              const uint8_t *input,
-                              size_t input_length,
-                              const uint8_t *hash,
-                              size_t hash_length);
-
-/** The type of the state data structure for multipart hash operations.
- *
- * Before calling any function on a hash operation object, the application must
- * initialize it by any of the following means:
- * - Set the structure to all-bits-zero, for example:
- *   \code
- *   psa_hash_operation_t operation;
- *   memset(&operation, 0, sizeof(operation));
- *   \endcode
- * - Initialize the structure to logical zero values, for example:
- *   \code
- *   psa_hash_operation_t operation = {0};
- *   \endcode
- * - Initialize the structure to the initializer #PSA_HASH_OPERATION_INIT,
- *   for example:
- *   \code
- *   psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
- *   \endcode
- * - Assign the result of the function psa_hash_operation_init()
- *   to the structure, for example:
- *   \code
- *   psa_hash_operation_t operation;
- *   operation = psa_hash_operation_init();
- *   \endcode
- *
- * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
-typedef struct psa_hash_operation_s psa_hash_operation_t;
-
-/** \def PSA_HASH_OPERATION_INIT
- *
- * This macro returns a suitable initializer for a hash operation object
- * of type #psa_hash_operation_t.
- */
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_HASH_OPERATION_INIT {0}
-#endif
-
-/** Return an initial value for a hash operation object.
- */
-static psa_hash_operation_t psa_hash_operation_init(void);
-
-/** Set up a multipart hash operation.
- *
- * The sequence of operations to calculate a hash (message digest)
- * is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- *    listed here.
- * -# Initialize the operation object with one of the methods described in the
- *    documentation for #psa_hash_operation_t, e.g. #PSA_HASH_OPERATION_INIT.
- * -# Call psa_hash_setup() to specify the algorithm.
- * -# Call psa_hash_update() zero, one or more times, passing a fragment
- *    of the message each time. The hash that is calculated is the hash
- *    of the concatenation of these messages in order.
- * -# To calculate the hash, call psa_hash_finish().
- *    To compare the hash with an expected value, call psa_hash_verify().
- *
- * If an error occurs at any step after a call to psa_hash_setup(), the
- * operation will need to be reset by a call to psa_hash_abort(). The
- * application may call psa_hash_abort() at any time after the operation
- * has been initialized.
- *
- * After a successful call to psa_hash_setup(), the application must
- * eventually terminate the operation. The following events terminate an
- * operation:
- * - A successful call to psa_hash_finish() or psa_hash_verify().
- * - A call to psa_hash_abort().
- *
- * \param[in,out] operation The operation object to set up. It must have
- *                          been initialized as per the documentation for
- *                          #psa_hash_operation_t and not yet in use.
- * \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
- *                          such that #PSA_ALG_IS_HASH(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not a supported hash algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p alg is not a hash algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive), or
- *         the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
-                            psa_algorithm_t alg);
-
-/** Add a message fragment to a multipart hash operation.
- *
- * The application must call psa_hash_setup() before calling this function.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_hash_abort().
- *
- * \param[in,out] operation Active hash operation.
- * \param[in] input         Buffer containing the message fragment to hash.
- * \param input_length      Size of the \p input buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active), or
- *         the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_hash_update(psa_hash_operation_t *operation,
-                             const uint8_t *input,
-                             size_t input_length);
-
-/** Finish the calculation of the hash of a message.
- *
- * The application must call psa_hash_setup() before calling this function.
- * This function calculates the hash of the message formed by concatenating
- * the inputs passed to preceding calls to psa_hash_update().
- *
- * When this function returns successfully, the operation becomes inactive.
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_hash_abort().
- *
- * \warning Applications should not call this function if they expect
- *          a specific value for the hash. Call psa_hash_verify() instead.
- *          Beware that comparing integrity or authenticity data such as
- *          hash values with a function such as \c memcmp is risky
- *          because the time taken by the comparison may leak information
- *          about the hashed data which could allow an attacker to guess
- *          a valid hash and thereby bypass security controls.
- *
- * \param[in,out] operation     Active hash operation.
- * \param[out] hash             Buffer where the hash is to be written.
- * \param hash_size             Size of the \p hash buffer in bytes.
- * \param[out] hash_length      On success, the number of bytes
- *                              that make up the hash value. This is always
- *                              #PSA_HASH_LENGTH(\c alg) where \c alg is the
- *                              hash algorithm that is calculated.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p hash buffer is too small. You can determine a
- *         sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
- *         where \c alg is the hash algorithm that is calculated.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active), or
- *         the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
-                             uint8_t *hash,
-                             size_t hash_size,
-                             size_t *hash_length);
-
-/** Finish the calculation of the hash of a message and compare it with
- * an expected value.
- *
- * The application must call psa_hash_setup() before calling this function.
- * This function calculates the hash of the message formed by concatenating
- * the inputs passed to preceding calls to psa_hash_update(). It then
- * compares the calculated hash with the expected hash passed as a
- * parameter to this function.
- *
- * When this function returns successfully, the operation becomes inactive.
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_hash_abort().
- *
- * \note Implementations shall make the best effort to ensure that the
- * comparison between the actual hash and the expected hash is performed
- * in constant time.
- *
- * \param[in,out] operation     Active hash operation.
- * \param[in] hash              Buffer containing the expected hash value.
- * \param hash_length           Size of the \p hash buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         The expected hash is identical to the actual hash of the message.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The hash of the message was calculated successfully, but it
- *         differs from the expected hash.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active), or
- *         the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
-                             const uint8_t *hash,
-                             size_t hash_length);
-
-/** Abort a hash operation.
- *
- * Aborting an operation frees all associated resources except for the
- * \p operation structure itself. Once aborted, the operation object
- * can be reused for another operation by calling
- * psa_hash_setup() again.
- *
- * You may call this function any time after the operation object has
- * been initialized by one of the methods described in #psa_hash_operation_t.
- *
- * In particular, calling psa_hash_abort() after the operation has been
- * terminated by a call to psa_hash_abort(), psa_hash_finish() or
- * psa_hash_verify() is safe and has no effect.
- *
- * \param[in,out] operation     Initialized hash operation.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_hash_abort(psa_hash_operation_t *operation);
-
-/** Clone a hash operation.
- *
- * This function copies the state of an ongoing hash operation to
- * a new operation object. In other words, this function is equivalent
- * to calling psa_hash_setup() on \p target_operation with the same
- * algorithm that \p source_operation was set up for, then
- * psa_hash_update() on \p target_operation with the same input that
- * that was passed to \p source_operation. After this function returns, the
- * two objects are independent, i.e. subsequent calls involving one of
- * the objects do not affect the other object.
- *
- * \param[in] source_operation      The active hash operation to clone.
- * \param[in,out] target_operation  The operation object to set up.
- *                                  It must be initialized but not active.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_BAD_STATE
- *         The \p source_operation state is not valid (it must be active), or
- *         the \p target_operation state is not valid (it must be inactive), or
- *         the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
-                            psa_hash_operation_t *target_operation);
-
-/**@}*/
-
-/** \defgroup MAC Message authentication codes
- * @{
- */
-
-/** Calculate the MAC (message authentication code) of a message.
- *
- * \note To verify the MAC of a message against an
- *       expected value, use psa_mac_verify() instead.
- *       Beware that comparing integrity or authenticity data such as
- *       MAC values with a function such as \c memcmp is risky
- *       because the time taken by the comparison may leak information
- *       about the MAC value which could allow an attacker to guess
- *       a valid MAC and thereby bypass security controls.
- *
- * \param key               Identifier of the key to use for the operation. It
- *                          must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
- * \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
- *                          such that #PSA_ALG_IS_MAC(\p alg) is true).
- * \param[in] input         Buffer containing the input message.
- * \param input_length      Size of the \p input buffer in bytes.
- * \param[out] mac          Buffer where the MAC value is to be written.
- * \param mac_size          Size of the \p mac buffer in bytes.
- * \param[out] mac_length   On success, the number of bytes
- *                          that make up the MAC value.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not a MAC algorithm.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         \p mac_size is too small
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- *         The key could not be retrieved from storage.
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key,
-                             psa_algorithm_t alg,
-                             const uint8_t *input,
-                             size_t input_length,
-                             uint8_t *mac,
-                             size_t mac_size,
-                             size_t *mac_length);
-
-/** Calculate the MAC of a message and compare it with a reference value.
- *
- * \param key               Identifier of the key to use for the operation. It
- *                          must allow the usage PSA_KEY_USAGE_VERIFY_MESSAGE.
- * \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
- *                          such that #PSA_ALG_IS_MAC(\p alg) is true).
- * \param[in] input         Buffer containing the input message.
- * \param input_length      Size of the \p input buffer in bytes.
- * \param[out] mac          Buffer containing the expected MAC value.
- * \param mac_length        Size of the \p mac buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         The expected MAC is identical to the actual MAC of the input.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The MAC of the message was calculated successfully, but it
- *         differs from the expected value.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not a MAC algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- *         The key could not be retrieved from storage.
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
-                            psa_algorithm_t alg,
-                            const uint8_t *input,
-                            size_t input_length,
-                            const uint8_t *mac,
-                            size_t mac_length);
-
-/** The type of the state data structure for multipart MAC operations.
- *
- * Before calling any function on a MAC operation object, the application must
- * initialize it by any of the following means:
- * - Set the structure to all-bits-zero, for example:
- *   \code
- *   psa_mac_operation_t operation;
- *   memset(&operation, 0, sizeof(operation));
- *   \endcode
- * - Initialize the structure to logical zero values, for example:
- *   \code
- *   psa_mac_operation_t operation = {0};
- *   \endcode
- * - Initialize the structure to the initializer #PSA_MAC_OPERATION_INIT,
- *   for example:
- *   \code
- *   psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
- *   \endcode
- * - Assign the result of the function psa_mac_operation_init()
- *   to the structure, for example:
- *   \code
- *   psa_mac_operation_t operation;
- *   operation = psa_mac_operation_init();
- *   \endcode
- *
- * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
-typedef struct psa_mac_operation_s psa_mac_operation_t;
-
-/** \def PSA_MAC_OPERATION_INIT
- *
- * This macro returns a suitable initializer for a MAC operation object of type
- * #psa_mac_operation_t.
- */
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_MAC_OPERATION_INIT {0}
-#endif
-
-/** Return an initial value for a MAC operation object.
- */
-static psa_mac_operation_t psa_mac_operation_init(void);
-
-/** Set up a multipart MAC calculation operation.
- *
- * This function sets up the calculation of the MAC
- * (message authentication code) of a byte string.
- * To verify the MAC of a message against an
- * expected value, use psa_mac_verify_setup() instead.
- *
- * The sequence of operations to calculate a MAC is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- *    listed here.
- * -# Initialize the operation object with one of the methods described in the
- *    documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
- * -# Call psa_mac_sign_setup() to specify the algorithm and key.
- * -# Call psa_mac_update() zero, one or more times, passing a fragment
- *    of the message each time. The MAC that is calculated is the MAC
- *    of the concatenation of these messages in order.
- * -# At the end of the message, call psa_mac_sign_finish() to finish
- *    calculating the MAC value and retrieve it.
- *
- * If an error occurs at any step after a call to psa_mac_sign_setup(), the
- * operation will need to be reset by a call to psa_mac_abort(). The
- * application may call psa_mac_abort() at any time after the operation
- * has been initialized.
- *
- * After a successful call to psa_mac_sign_setup(), the application must
- * eventually terminate the operation through one of the following methods:
- * - A successful call to psa_mac_sign_finish().
- * - A call to psa_mac_abort().
- *
- * \param[in,out] operation The operation object to set up. It must have
- *                          been initialized as per the documentation for
- *                          #psa_mac_operation_t and not yet in use.
- * \param key               Identifier of the key to use for the operation. It
- *                          must remain valid until the operation terminates.
- *                          It must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
- * \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
- *                          such that #PSA_ALG_IS_MAC(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not a MAC algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- *         The key could not be retrieved from storage.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive), or
- *         the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
-                                mbedtls_svc_key_id_t key,
-                                psa_algorithm_t alg);
-
-/** Set up a multipart MAC verification operation.
- *
- * This function sets up the verification of the MAC
- * (message authentication code) of a byte string against an expected value.
- *
- * The sequence of operations to verify a MAC is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- *    listed here.
- * -# Initialize the operation object with one of the methods described in the
- *    documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
- * -# Call psa_mac_verify_setup() to specify the algorithm and key.
- * -# Call psa_mac_update() zero, one or more times, passing a fragment
- *    of the message each time. The MAC that is calculated is the MAC
- *    of the concatenation of these messages in order.
- * -# At the end of the message, call psa_mac_verify_finish() to finish
- *    calculating the actual MAC of the message and verify it against
- *    the expected value.
- *
- * If an error occurs at any step after a call to psa_mac_verify_setup(), the
- * operation will need to be reset by a call to psa_mac_abort(). The
- * application may call psa_mac_abort() at any time after the operation
- * has been initialized.
- *
- * After a successful call to psa_mac_verify_setup(), the application must
- * eventually terminate the operation through one of the following methods:
- * - A successful call to psa_mac_verify_finish().
- * - A call to psa_mac_abort().
- *
- * \param[in,out] operation The operation object to set up. It must have
- *                          been initialized as per the documentation for
- *                          #psa_mac_operation_t and not yet in use.
- * \param key               Identifier of the key to use for the operation. It
- *                          must remain valid until the operation terminates.
- *                          It must allow the usage
- *                          PSA_KEY_USAGE_VERIFY_MESSAGE.
- * \param alg               The MAC algorithm to compute (\c PSA_ALG_XXX value
- *                          such that #PSA_ALG_IS_MAC(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c key is not compatible with \c alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \c alg is not supported or is not a MAC algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- *         The key could not be retrieved from storage.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive), or
- *         the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
-                                  mbedtls_svc_key_id_t key,
-                                  psa_algorithm_t alg);
-
-/** Add a message fragment to a multipart MAC operation.
- *
- * The application must call psa_mac_sign_setup() or psa_mac_verify_setup()
- * before calling this function.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_mac_abort().
- *
- * \param[in,out] operation Active MAC operation.
- * \param[in] input         Buffer containing the message fragment to add to
- *                          the MAC calculation.
- * \param input_length      Size of the \p input buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active), or
- *         the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_mac_update(psa_mac_operation_t *operation,
-                            const uint8_t *input,
-                            size_t input_length);
-
-/** Finish the calculation of the MAC of a message.
- *
- * The application must call psa_mac_sign_setup() before calling this function.
- * This function calculates the MAC of the message formed by concatenating
- * the inputs passed to preceding calls to psa_mac_update().
- *
- * When this function returns successfully, the operation becomes inactive.
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_mac_abort().
- *
- * \warning Applications should not call this function if they expect
- *          a specific value for the MAC. Call psa_mac_verify_finish() instead.
- *          Beware that comparing integrity or authenticity data such as
- *          MAC values with a function such as \c memcmp is risky
- *          because the time taken by the comparison may leak information
- *          about the MAC value which could allow an attacker to guess
- *          a valid MAC and thereby bypass security controls.
- *
- * \param[in,out] operation Active MAC operation.
- * \param[out] mac          Buffer where the MAC value is to be written.
- * \param mac_size          Size of the \p mac buffer in bytes.
- * \param[out] mac_length   On success, the number of bytes
- *                          that make up the MAC value. This is always
- *                          #PSA_MAC_LENGTH(\c key_type, \c key_bits, \c alg)
- *                          where \c key_type and \c key_bits are the type and
- *                          bit-size respectively of the key and \c alg is the
- *                          MAC algorithm that is calculated.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p mac buffer is too small. You can determine a
- *         sufficient buffer size by calling PSA_MAC_LENGTH().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active mac sign
- *         operation), or the library has not been previously initialized
- *         by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
-                                 uint8_t *mac,
-                                 size_t mac_size,
-                                 size_t *mac_length);
-
-/** Finish the calculation of the MAC of a message and compare it with
- * an expected value.
- *
- * The application must call psa_mac_verify_setup() before calling this function.
- * This function calculates the MAC of the message formed by concatenating
- * the inputs passed to preceding calls to psa_mac_update(). It then
- * compares the calculated MAC with the expected MAC passed as a
- * parameter to this function.
- *
- * When this function returns successfully, the operation becomes inactive.
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_mac_abort().
- *
- * \note Implementations shall make the best effort to ensure that the
- * comparison between the actual MAC and the expected MAC is performed
- * in constant time.
- *
- * \param[in,out] operation Active MAC operation.
- * \param[in] mac           Buffer containing the expected MAC value.
- * \param mac_length        Size of the \p mac buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         The expected MAC is identical to the actual MAC of the message.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The MAC of the message was calculated successfully, but it
- *         differs from the expected MAC.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active mac verify
- *         operation), or the library has not been previously initialized
- *         by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
-                                   const uint8_t *mac,
-                                   size_t mac_length);
-
-/** Abort a MAC operation.
- *
- * Aborting an operation frees all associated resources except for the
- * \p operation structure itself. Once aborted, the operation object
- * can be reused for another operation by calling
- * psa_mac_sign_setup() or psa_mac_verify_setup() again.
- *
- * You may call this function any time after the operation object has
- * been initialized by one of the methods described in #psa_mac_operation_t.
- *
- * In particular, calling psa_mac_abort() after the operation has been
- * terminated by a call to psa_mac_abort(), psa_mac_sign_finish() or
- * psa_mac_verify_finish() is safe and has no effect.
- *
- * \param[in,out] operation Initialized MAC operation.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_mac_abort(psa_mac_operation_t *operation);
-
-/**@}*/
-
-/** \defgroup cipher Symmetric ciphers
- * @{
- */
-
-/** Encrypt a message using a symmetric cipher.
- *
- * This function encrypts a message with a random IV (initialization
- * vector). Use the multipart operation interface with a
- * #psa_cipher_operation_t object to provide other forms of IV.
- *
- * \param key                   Identifier of the key to use for the operation.
- *                              It must allow the usage #PSA_KEY_USAGE_ENCRYPT.
- * \param alg                   The cipher algorithm to compute
- *                              (\c PSA_ALG_XXX value such that
- *                              #PSA_ALG_IS_CIPHER(\p alg) is true).
- * \param[in] input             Buffer containing the message to encrypt.
- * \param input_length          Size of the \p input buffer in bytes.
- * \param[out] output           Buffer where the output is to be written.
- *                              The output contains the IV followed by
- *                              the ciphertext proper.
- * \param output_size           Size of the \p output buffer in bytes.
- * \param[out] output_length    On success, the number of bytes
- *                              that make up the output.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not a cipher algorithm.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
-                                psa_algorithm_t alg,
-                                const uint8_t *input,
-                                size_t input_length,
-                                uint8_t *output,
-                                size_t output_size,
-                                size_t *output_length);
-
-/** Decrypt a message using a symmetric cipher.
- *
- * This function decrypts a message encrypted with a symmetric cipher.
- *
- * \param key                   Identifier of the key to use for the operation.
- *                              It must remain valid until the operation
- *                              terminates. It must allow the usage
- *                              #PSA_KEY_USAGE_DECRYPT.
- * \param alg                   The cipher algorithm to compute
- *                              (\c PSA_ALG_XXX value such that
- *                              #PSA_ALG_IS_CIPHER(\p alg) is true).
- * \param[in] input             Buffer containing the message to decrypt.
- *                              This consists of the IV followed by the
- *                              ciphertext proper.
- * \param input_length          Size of the \p input buffer in bytes.
- * \param[out] output           Buffer where the plaintext is to be written.
- * \param output_size           Size of the \p output buffer in bytes.
- * \param[out] output_length    On success, the number of bytes
- *                              that make up the output.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not a cipher algorithm.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
-                                psa_algorithm_t alg,
-                                const uint8_t *input,
-                                size_t input_length,
-                                uint8_t *output,
-                                size_t output_size,
-                                size_t *output_length);
-
-/** The type of the state data structure for multipart cipher operations.
- *
- * Before calling any function on a cipher operation object, the application
- * must initialize it by any of the following means:
- * - Set the structure to all-bits-zero, for example:
- *   \code
- *   psa_cipher_operation_t operation;
- *   memset(&operation, 0, sizeof(operation));
- *   \endcode
- * - Initialize the structure to logical zero values, for example:
- *   \code
- *   psa_cipher_operation_t operation = {0};
- *   \endcode
- * - Initialize the structure to the initializer #PSA_CIPHER_OPERATION_INIT,
- *   for example:
- *   \code
- *   psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- *   \endcode
- * - Assign the result of the function psa_cipher_operation_init()
- *   to the structure, for example:
- *   \code
- *   psa_cipher_operation_t operation;
- *   operation = psa_cipher_operation_init();
- *   \endcode
- *
- * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
-typedef struct psa_cipher_operation_s psa_cipher_operation_t;
-
-/** \def PSA_CIPHER_OPERATION_INIT
- *
- * This macro returns a suitable initializer for a cipher operation object of
- * type #psa_cipher_operation_t.
- */
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_CIPHER_OPERATION_INIT {0}
-#endif
-
-/** Return an initial value for a cipher operation object.
- */
-static psa_cipher_operation_t psa_cipher_operation_init(void);
-
-/** Set the key for a multipart symmetric encryption operation.
- *
- * The sequence of operations to encrypt a message with a symmetric cipher
- * is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- *    listed here.
- * -# Initialize the operation object with one of the methods described in the
- *    documentation for #psa_cipher_operation_t, e.g.
- *    #PSA_CIPHER_OPERATION_INIT.
- * -# Call psa_cipher_encrypt_setup() to specify the algorithm and key.
- * -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to
- *    generate or set the IV (initialization vector). You should use
- *    psa_cipher_generate_iv() unless the protocol you are implementing
- *    requires a specific IV value.
- * -# Call psa_cipher_update() zero, one or more times, passing a fragment
- *    of the message each time.
- * -# Call psa_cipher_finish().
- *
- * If an error occurs at any step after a call to psa_cipher_encrypt_setup(),
- * the operation will need to be reset by a call to psa_cipher_abort(). The
- * application may call psa_cipher_abort() at any time after the operation
- * has been initialized.
- *
- * After a successful call to psa_cipher_encrypt_setup(), the application must
- * eventually terminate the operation. The following events terminate an
- * operation:
- * - A successful call to psa_cipher_finish().
- * - A call to psa_cipher_abort().
- *
- * \param[in,out] operation     The operation object to set up. It must have
- *                              been initialized as per the documentation for
- *                              #psa_cipher_operation_t and not yet in use.
- * \param key                   Identifier of the key to use for the operation.
- *                              It must remain valid until the operation
- *                              terminates. It must allow the usage
- *                              #PSA_KEY_USAGE_ENCRYPT.
- * \param alg                   The cipher algorithm to compute
- *                              (\c PSA_ALG_XXX value such that
- *                              #PSA_ALG_IS_CIPHER(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not a cipher algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive), or
- *         the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
-                                      mbedtls_svc_key_id_t key,
-                                      psa_algorithm_t alg);
-
-/** Set the key for a multipart symmetric decryption operation.
- *
- * The sequence of operations to decrypt a message with a symmetric cipher
- * is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- *    listed here.
- * -# Initialize the operation object with one of the methods described in the
- *    documentation for #psa_cipher_operation_t, e.g.
- *    #PSA_CIPHER_OPERATION_INIT.
- * -# Call psa_cipher_decrypt_setup() to specify the algorithm and key.
- * -# Call psa_cipher_set_iv() with the IV (initialization vector) for the
- *    decryption. If the IV is prepended to the ciphertext, you can call
- *    psa_cipher_update() on a buffer containing the IV followed by the
- *    beginning of the message.
- * -# Call psa_cipher_update() zero, one or more times, passing a fragment
- *    of the message each time.
- * -# Call psa_cipher_finish().
- *
- * If an error occurs at any step after a call to psa_cipher_decrypt_setup(),
- * the operation will need to be reset by a call to psa_cipher_abort(). The
- * application may call psa_cipher_abort() at any time after the operation
- * has been initialized.
- *
- * After a successful call to psa_cipher_decrypt_setup(), the application must
- * eventually terminate the operation. The following events terminate an
- * operation:
- * - A successful call to psa_cipher_finish().
- * - A call to psa_cipher_abort().
- *
- * \param[in,out] operation     The operation object to set up. It must have
- *                              been initialized as per the documentation for
- *                              #psa_cipher_operation_t and not yet in use.
- * \param key                   Identifier of the key to use for the operation.
- *                              It must remain valid until the operation
- *                              terminates. It must allow the usage
- *                              #PSA_KEY_USAGE_DECRYPT.
- * \param alg                   The cipher algorithm to compute
- *                              (\c PSA_ALG_XXX value such that
- *                              #PSA_ALG_IS_CIPHER(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not a cipher algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive), or
- *         the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
-                                      mbedtls_svc_key_id_t key,
-                                      psa_algorithm_t alg);
-
-/** Generate an IV for a symmetric encryption operation.
- *
- * This function generates a random IV (initialization vector), nonce
- * or initial counter value for the encryption operation as appropriate
- * for the chosen algorithm, key type and key size.
- *
- * The application must call psa_cipher_encrypt_setup() before
- * calling this function.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_cipher_abort().
- *
- * \param[in,out] operation     Active cipher operation.
- * \param[out] iv               Buffer where the generated IV is to be written.
- * \param iv_size               Size of the \p iv buffer in bytes.
- * \param[out] iv_length        On success, the number of bytes of the
- *                              generated IV.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p iv buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with no IV set),
- *         or the library has not been previously initialized
- *         by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
-                                    uint8_t *iv,
-                                    size_t iv_size,
-                                    size_t *iv_length);
-
-/** Set the IV for a symmetric encryption or decryption operation.
- *
- * This function sets the IV (initialization vector), nonce
- * or initial counter value for the encryption or decryption operation.
- *
- * The application must call psa_cipher_encrypt_setup() before
- * calling this function.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_cipher_abort().
- *
- * \note When encrypting, applications should use psa_cipher_generate_iv()
- * instead of this function, unless implementing a protocol that requires
- * a non-random IV.
- *
- * \param[in,out] operation     Active cipher operation.
- * \param[in] iv                Buffer containing the IV to use.
- * \param iv_length             Size of the IV in bytes.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The size of \p iv is not acceptable for the chosen algorithm,
- *         or the chosen algorithm does not use an IV.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active cipher
- *         encrypt operation, with no IV set), or the library has not been
- *         previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
-                               const uint8_t *iv,
-                               size_t iv_length);
-
-/** Encrypt or decrypt a message fragment in an active cipher operation.
- *
- * Before calling this function, you must:
- * 1. Call either psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup().
- *    The choice of setup function determines whether this function
- *    encrypts or decrypts its input.
- * 2. If the algorithm requires an IV, call psa_cipher_generate_iv()
- *    (recommended when encrypting) or psa_cipher_set_iv().
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_cipher_abort().
- *
- * \param[in,out] operation     Active cipher operation.
- * \param[in] input             Buffer containing the message fragment to
- *                              encrypt or decrypt.
- * \param input_length          Size of the \p input buffer in bytes.
- * \param[out] output           Buffer where the output is to be written.
- * \param output_size           Size of the \p output buffer in bytes.
- * \param[out] output_length    On success, the number of bytes
- *                              that make up the returned output.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with an IV set
- *         if required for the algorithm), or the library has not been
- *         previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
-                               const uint8_t *input,
-                               size_t input_length,
-                               uint8_t *output,
-                               size_t output_size,
-                               size_t *output_length);
-
-/** Finish encrypting or decrypting a message in a cipher operation.
- *
- * The application must call psa_cipher_encrypt_setup() or
- * psa_cipher_decrypt_setup() before calling this function. The choice
- * of setup function determines whether this function encrypts or
- * decrypts its input.
- *
- * This function finishes the encryption or decryption of the message
- * formed by concatenating the inputs passed to preceding calls to
- * psa_cipher_update().
- *
- * When this function returns successfully, the operation becomes inactive.
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_cipher_abort().
- *
- * \param[in,out] operation     Active cipher operation.
- * \param[out] output           Buffer where the output is to be written.
- * \param output_size           Size of the \p output buffer in bytes.
- * \param[out] output_length    On success, the number of bytes
- *                              that make up the returned output.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total input size passed to this operation is not valid for
- *         this particular algorithm. For example, the algorithm is a based
- *         on block cipher and requires a whole number of blocks, but the
- *         total input size is not a multiple of the block size.
- * \retval #PSA_ERROR_INVALID_PADDING
- *         This is a decryption operation for an algorithm that includes
- *         padding, and the ciphertext does not contain valid padding.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with an IV set
- *         if required for the algorithm), or the library has not been
- *         previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
-                               uint8_t *output,
-                               size_t output_size,
-                               size_t *output_length);
-
-/** Abort a cipher operation.
- *
- * Aborting an operation frees all associated resources except for the
- * \p operation structure itself. Once aborted, the operation object
- * can be reused for another operation by calling
- * psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() again.
- *
- * You may call this function any time after the operation object has
- * been initialized as described in #psa_cipher_operation_t.
- *
- * In particular, calling psa_cipher_abort() after the operation has been
- * terminated by a call to psa_cipher_abort() or psa_cipher_finish()
- * is safe and has no effect.
- *
- * \param[in,out] operation     Initialized cipher operation.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
-
-/**@}*/
-
-/** \defgroup aead Authenticated encryption with associated data (AEAD)
- * @{
- */
-
-/** Process an authenticated encryption operation.
- *
- * \param key                     Identifier of the key to use for the
- *                                operation. It must allow the usage
- *                                #PSA_KEY_USAGE_ENCRYPT.
- * \param alg                     The AEAD algorithm to compute
- *                                (\c PSA_ALG_XXX value such that
- *                                #PSA_ALG_IS_AEAD(\p alg) is true).
- * \param[in] nonce               Nonce or IV to use.
- * \param nonce_length            Size of the \p nonce buffer in bytes.
- * \param[in] additional_data     Additional data that will be authenticated
- *                                but not encrypted.
- * \param additional_data_length  Size of \p additional_data in bytes.
- * \param[in] plaintext           Data that will be authenticated and
- *                                encrypted.
- * \param plaintext_length        Size of \p plaintext in bytes.
- * \param[out] ciphertext         Output buffer for the authenticated and
- *                                encrypted data. The additional data is not
- *                                part of this output. For algorithms where the
- *                                encrypted data and the authentication tag
- *                                are defined as separate outputs, the
- *                                authentication tag is appended to the
- *                                encrypted data.
- * \param ciphertext_size         Size of the \p ciphertext buffer in bytes.
- *                                This must be appropriate for the selected
- *                                algorithm and key:
- *                                - A sufficient output size is
- *                                  #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type,
- *                                  \p alg, \p plaintext_length) where
- *                                  \c key_type is the type of \p key.
- *                                - #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p
- *                                  plaintext_length) evaluates to the maximum
- *                                  ciphertext size of any supported AEAD
- *                                  encryption.
- * \param[out] ciphertext_length  On success, the size of the output
- *                                in the \p ciphertext buffer.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not an AEAD algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         \p ciphertext_size is too small.
- *         #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type, \p alg,
- *         \p plaintext_length) or
- *         #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p plaintext_length) can be used to
- *         determine the required buffer size.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
-                              psa_algorithm_t alg,
-                              const uint8_t *nonce,
-                              size_t nonce_length,
-                              const uint8_t *additional_data,
-                              size_t additional_data_length,
-                              const uint8_t *plaintext,
-                              size_t plaintext_length,
-                              uint8_t *ciphertext,
-                              size_t ciphertext_size,
-                              size_t *ciphertext_length);
-
-/** Process an authenticated decryption operation.
- *
- * \param key                     Identifier of the key to use for the
- *                                operation. It must allow the usage
- *                                #PSA_KEY_USAGE_DECRYPT.
- * \param alg                     The AEAD algorithm to compute
- *                                (\c PSA_ALG_XXX value such that
- *                                #PSA_ALG_IS_AEAD(\p alg) is true).
- * \param[in] nonce               Nonce or IV to use.
- * \param nonce_length            Size of the \p nonce buffer in bytes.
- * \param[in] additional_data     Additional data that has been authenticated
- *                                but not encrypted.
- * \param additional_data_length  Size of \p additional_data in bytes.
- * \param[in] ciphertext          Data that has been authenticated and
- *                                encrypted. For algorithms where the
- *                                encrypted data and the authentication tag
- *                                are defined as separate inputs, the buffer
- *                                must contain the encrypted data followed
- *                                by the authentication tag.
- * \param ciphertext_length       Size of \p ciphertext in bytes.
- * \param[out] plaintext          Output buffer for the decrypted data.
- * \param plaintext_size          Size of the \p plaintext buffer in bytes.
- *                                This must be appropriate for the selected
- *                                algorithm and key:
- *                                - A sufficient output size is
- *                                  #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type,
- *                                  \p alg, \p ciphertext_length) where
- *                                  \c key_type is the type of \p key.
- *                                - #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p
- *                                  ciphertext_length) evaluates to the maximum
- *                                  plaintext size of any supported AEAD
- *                                  decryption.
- * \param[out] plaintext_length   On success, the size of the output
- *                                in the \p plaintext buffer.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The ciphertext is not authentic.
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not an AEAD algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         \p plaintext_size is too small.
- *         #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type, \p alg,
- *         \p ciphertext_length) or
- *         #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p ciphertext_length) can be used
- *         to determine the required buffer size.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
-                              psa_algorithm_t alg,
-                              const uint8_t *nonce,
-                              size_t nonce_length,
-                              const uint8_t *additional_data,
-                              size_t additional_data_length,
-                              const uint8_t *ciphertext,
-                              size_t ciphertext_length,
-                              uint8_t *plaintext,
-                              size_t plaintext_size,
-                              size_t *plaintext_length);
-
-/** The type of the state data structure for multipart AEAD operations.
- *
- * Before calling any function on an AEAD operation object, the application
- * must initialize it by any of the following means:
- * - Set the structure to all-bits-zero, for example:
- *   \code
- *   psa_aead_operation_t operation;
- *   memset(&operation, 0, sizeof(operation));
- *   \endcode
- * - Initialize the structure to logical zero values, for example:
- *   \code
- *   psa_aead_operation_t operation = {0};
- *   \endcode
- * - Initialize the structure to the initializer #PSA_AEAD_OPERATION_INIT,
- *   for example:
- *   \code
- *   psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
- *   \endcode
- * - Assign the result of the function psa_aead_operation_init()
- *   to the structure, for example:
- *   \code
- *   psa_aead_operation_t operation;
- *   operation = psa_aead_operation_init();
- *   \endcode
- *
- * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation. */
-typedef struct psa_aead_operation_s psa_aead_operation_t;
-
-/** \def PSA_AEAD_OPERATION_INIT
- *
- * This macro returns a suitable initializer for an AEAD operation object of
- * type #psa_aead_operation_t.
- */
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_AEAD_OPERATION_INIT {0}
-#endif
-
-/** Return an initial value for an AEAD operation object.
- */
-static psa_aead_operation_t psa_aead_operation_init(void);
-
-/** Set the key for a multipart authenticated encryption operation.
- *
- * The sequence of operations to encrypt a message with authentication
- * is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- *    listed here.
- * -# Initialize the operation object with one of the methods described in the
- *    documentation for #psa_aead_operation_t, e.g.
- *    #PSA_AEAD_OPERATION_INIT.
- * -# Call psa_aead_encrypt_setup() to specify the algorithm and key.
- * -# If needed, call psa_aead_set_lengths() to specify the length of the
- *    inputs to the subsequent calls to psa_aead_update_ad() and
- *    psa_aead_update(). See the documentation of psa_aead_set_lengths()
- *    for details.
- * -# Call either psa_aead_generate_nonce() or psa_aead_set_nonce() to
- *    generate or set the nonce. You should use
- *    psa_aead_generate_nonce() unless the protocol you are implementing
- *    requires a specific nonce value.
- * -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
- *    of the non-encrypted additional authenticated data each time.
- * -# Call psa_aead_update() zero, one or more times, passing a fragment
- *    of the message to encrypt each time.
- * -# Call psa_aead_finish().
- *
- * If an error occurs at any step after a call to psa_aead_encrypt_setup(),
- * the operation will need to be reset by a call to psa_aead_abort(). The
- * application may call psa_aead_abort() at any time after the operation
- * has been initialized.
- *
- * After a successful call to psa_aead_encrypt_setup(), the application must
- * eventually terminate the operation. The following events terminate an
- * operation:
- * - A successful call to psa_aead_finish().
- * - A call to psa_aead_abort().
- *
- * \param[in,out] operation     The operation object to set up. It must have
- *                              been initialized as per the documentation for
- *                              #psa_aead_operation_t and not yet in use.
- * \param key                   Identifier of the key to use for the operation.
- *                              It must remain valid until the operation
- *                              terminates. It must allow the usage
- *                              #PSA_KEY_USAGE_ENCRYPT.
- * \param alg                   The AEAD algorithm to compute
- *                              (\c PSA_ALG_XXX value such that
- *                              #PSA_ALG_IS_AEAD(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive), or
- *         the library has not been previously initialized by psa_crypto_init().
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not an AEAD algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
-                                    mbedtls_svc_key_id_t key,
-                                    psa_algorithm_t alg);
-
-/** Set the key for a multipart authenticated decryption operation.
- *
- * The sequence of operations to decrypt a message with authentication
- * is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- *    listed here.
- * -# Initialize the operation object with one of the methods described in the
- *    documentation for #psa_aead_operation_t, e.g.
- *    #PSA_AEAD_OPERATION_INIT.
- * -# Call psa_aead_decrypt_setup() to specify the algorithm and key.
- * -# If needed, call psa_aead_set_lengths() to specify the length of the
- *    inputs to the subsequent calls to psa_aead_update_ad() and
- *    psa_aead_update(). See the documentation of psa_aead_set_lengths()
- *    for details.
- * -# Call psa_aead_set_nonce() with the nonce for the decryption.
- * -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
- *    of the non-encrypted additional authenticated data each time.
- * -# Call psa_aead_update() zero, one or more times, passing a fragment
- *    of the ciphertext to decrypt each time.
- * -# Call psa_aead_verify().
- *
- * If an error occurs at any step after a call to psa_aead_decrypt_setup(),
- * the operation will need to be reset by a call to psa_aead_abort(). The
- * application may call psa_aead_abort() at any time after the operation
- * has been initialized.
- *
- * After a successful call to psa_aead_decrypt_setup(), the application must
- * eventually terminate the operation. The following events terminate an
- * operation:
- * - A successful call to psa_aead_verify().
- * - A call to psa_aead_abort().
- *
- * \param[in,out] operation     The operation object to set up. It must have
- *                              been initialized as per the documentation for
- *                              #psa_aead_operation_t and not yet in use.
- * \param key                   Identifier of the key to use for the operation.
- *                              It must remain valid until the operation
- *                              terminates. It must allow the usage
- *                              #PSA_KEY_USAGE_DECRYPT.
- * \param alg                   The AEAD algorithm to compute
- *                              (\c PSA_ALG_XXX value such that
- *                              #PSA_ALG_IS_AEAD(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported or is not an AEAD algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive), or the
- *         library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
-                                    mbedtls_svc_key_id_t key,
-                                    psa_algorithm_t alg);
-
-/** Generate a random nonce for an authenticated encryption operation.
- *
- * This function generates a random nonce for the authenticated encryption
- * operation with an appropriate size for the chosen algorithm, key type
- * and key size.
- *
- * The application must call psa_aead_encrypt_setup() before
- * calling this function.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_aead_abort().
- *
- * \param[in,out] operation     Active AEAD operation.
- * \param[out] nonce            Buffer where the generated nonce is to be
- *                              written.
- * \param nonce_size            Size of the \p nonce buffer in bytes.
- * \param[out] nonce_length     On success, the number of bytes of the
- *                              generated nonce.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p nonce buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active aead encrypt
- *         operation, with no nonce set), or the library has not been
- *         previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
-                                     uint8_t *nonce,
-                                     size_t nonce_size,
-                                     size_t *nonce_length);
-
-/** Set the nonce for an authenticated encryption or decryption operation.
- *
- * This function sets the nonce for the authenticated
- * encryption or decryption operation.
- *
- * The application must call psa_aead_encrypt_setup() or
- * psa_aead_decrypt_setup() before calling this function.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_aead_abort().
- *
- * \note When encrypting, applications should use psa_aead_generate_nonce()
- * instead of this function, unless implementing a protocol that requires
- * a non-random IV.
- *
- * \param[in,out] operation     Active AEAD operation.
- * \param[in] nonce             Buffer containing the nonce to use.
- * \param nonce_length          Size of the nonce in bytes.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The size of \p nonce is not acceptable for the chosen algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, with no nonce
- *         set), or the library has not been previously initialized
- *         by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
-                                const uint8_t *nonce,
-                                size_t nonce_length);
-
-/** Declare the lengths of the message and additional data for AEAD.
- *
- * The application must call this function before calling
- * psa_aead_update_ad() or psa_aead_update() if the algorithm for
- * the operation requires it. If the algorithm does not require it,
- * calling this function is optional, but if this function is called
- * then the implementation must enforce the lengths.
- *
- * You may call this function before or after setting the nonce with
- * psa_aead_set_nonce() or psa_aead_generate_nonce().
- *
- * - For #PSA_ALG_CCM, calling this function is required.
- * - For the other AEAD algorithms defined in this specification, calling
- *   this function is not required.
- * - For vendor-defined algorithm, refer to the vendor documentation.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_aead_abort().
- *
- * \param[in,out] operation     Active AEAD operation.
- * \param ad_length             Size of the non-encrypted additional
- *                              authenticated data in bytes.
- * \param plaintext_length      Size of the plaintext to encrypt in bytes.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         At least one of the lengths is not acceptable for the chosen
- *         algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, and
- *         psa_aead_update_ad() and psa_aead_update() must not have been
- *         called yet), or the library has not been previously initialized
- *         by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
-                                  size_t ad_length,
-                                  size_t plaintext_length);
-
-/** Pass additional data to an active AEAD operation.
- *
- * Additional data is authenticated, but not encrypted.
- *
- * You may call this function multiple times to pass successive fragments
- * of the additional data. You may not call this function after passing
- * data to encrypt or decrypt with psa_aead_update().
- *
- * Before calling this function, you must:
- * 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
- * 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_aead_abort().
- *
- * \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
- *          there is no guarantee that the input is valid. Therefore, until
- *          you have called psa_aead_verify() and it has returned #PSA_SUCCESS,
- *          treat the input as untrusted and prepare to undo any action that
- *          depends on the input if psa_aead_verify() returns an error status.
- *
- * \param[in,out] operation     Active AEAD operation.
- * \param[in] input             Buffer containing the fragment of
- *                              additional data.
- * \param input_length          Size of the \p input buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total input length overflows the additional data length that
- *         was previously specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, have a nonce
- *         set, have lengths set if required by the algorithm, and
- *         psa_aead_update() must not have been called yet), or the library
- *         has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
-                                const uint8_t *input,
-                                size_t input_length);
-
-/** Encrypt or decrypt a message fragment in an active AEAD operation.
- *
- * Before calling this function, you must:
- * 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
- *    The choice of setup function determines whether this function
- *    encrypts or decrypts its input.
- * 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
- * 3. Call psa_aead_update_ad() to pass all the additional data.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_aead_abort().
- *
- * \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
- *          there is no guarantee that the input is valid. Therefore, until
- *          you have called psa_aead_verify() and it has returned #PSA_SUCCESS:
- *          - Do not use the output in any way other than storing it in a
- *            confidential location. If you take any action that depends
- *            on the tentative decrypted data, this action will need to be
- *            undone if the input turns out not to be valid. Furthermore,
- *            if an adversary can observe that this action took place
- *            (for example through timing), they may be able to use this
- *            fact as an oracle to decrypt any message encrypted with the
- *            same key.
- *          - In particular, do not copy the output anywhere but to a
- *            memory or storage space that you have exclusive access to.
- *
- * This function does not require the input to be aligned to any
- * particular block boundary. If the implementation can only process
- * a whole block at a time, it must consume all the input provided, but
- * it may delay the end of the corresponding output until a subsequent
- * call to psa_aead_update(), psa_aead_finish() or psa_aead_verify()
- * provides sufficient input. The amount of data that can be delayed
- * in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE.
- *
- * \param[in,out] operation     Active AEAD operation.
- * \param[in] input             Buffer containing the message fragment to
- *                              encrypt or decrypt.
- * \param input_length          Size of the \p input buffer in bytes.
- * \param[out] output           Buffer where the output is to be written.
- * \param output_size           Size of the \p output buffer in bytes.
- *                              This must be appropriate for the selected
- *                                algorithm and key:
- *                                - A sufficient output size is
- *                                  #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type,
- *                                  \c alg, \p input_length) where
- *                                  \c key_type is the type of key and \c alg is
- *                                  the algorithm that were used to set up the
- *                                  operation.
- *                                - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p
- *                                  input_length) evaluates to the maximum
- *                                  output size of any supported AEAD
- *                                  algorithm.
- * \param[out] output_length    On success, the number of bytes
- *                              that make up the returned output.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p output buffer is too small.
- *         #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or
- *         #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to
- *         determine the required buffer size.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to psa_aead_update_ad() so far is
- *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths(), or
- *         the total input length overflows the plaintext length that
- *         was previously specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active, have a nonce
- *         set, and have lengths set if required by the algorithm), or the
- *         library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_aead_update(psa_aead_operation_t *operation,
-                             const uint8_t *input,
-                             size_t input_length,
-                             uint8_t *output,
-                             size_t output_size,
-                             size_t *output_length);
-
-/** Finish encrypting a message in an AEAD operation.
- *
- * The operation must have been set up with psa_aead_encrypt_setup().
- *
- * This function finishes the authentication of the additional data
- * formed by concatenating the inputs passed to preceding calls to
- * psa_aead_update_ad() with the plaintext formed by concatenating the
- * inputs passed to preceding calls to psa_aead_update().
- *
- * This function has two output buffers:
- * - \p ciphertext contains trailing ciphertext that was buffered from
- *   preceding calls to psa_aead_update().
- * - \p tag contains the authentication tag.
- *
- * When this function returns successfully, the operation becomes inactive.
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_aead_abort().
- *
- * \param[in,out] operation     Active AEAD operation.
- * \param[out] ciphertext       Buffer where the last part of the ciphertext
- *                              is to be written.
- * \param ciphertext_size       Size of the \p ciphertext buffer in bytes.
- *                              This must be appropriate for the selected
- *                              algorithm and key:
- *                              - A sufficient output size is
- *                                #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type,
- *                                \c alg) where \c key_type is the type of key
- *                                and \c alg is the algorithm that were used to
- *                                set up the operation.
- *                              - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to
- *                                the maximum output size of any supported AEAD
- *                                algorithm.
- * \param[out] ciphertext_length On success, the number of bytes of
- *                              returned ciphertext.
- * \param[out] tag              Buffer where the authentication tag is
- *                              to be written.
- * \param tag_size              Size of the \p tag buffer in bytes.
- *                              This must be appropriate for the selected
- *                              algorithm and key:
- *                              - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c
- *                                key_type, \c key_bits, \c alg) where
- *                                \c key_type and \c key_bits are the type and
- *                                bit-size of the key, and \c alg is the
- *                                algorithm that were used in the call to
- *                                psa_aead_encrypt_setup().
- *                              - #PSA_AEAD_TAG_MAX_SIZE evaluates to the
- *                                maximum tag size of any supported AEAD
- *                                algorithm.
- * \param[out] tag_length       On success, the number of bytes
- *                              that make up the returned tag.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p ciphertext or \p tag buffer is too small.
- *         #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or
- *         #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the
- *         required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type,
- *         \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to
- *         determine the required \p tag buffer size.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to psa_aead_update_ad() so far is
- *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths(), or
- *         the total length of input to psa_aead_update() so far is
- *         less than the plaintext length that was previously
- *         specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active encryption
- *         operation with a nonce set), or the library has not been previously
- *         initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
-                             uint8_t *ciphertext,
-                             size_t ciphertext_size,
-                             size_t *ciphertext_length,
-                             uint8_t *tag,
-                             size_t tag_size,
-                             size_t *tag_length);
-
-/** Finish authenticating and decrypting a message in an AEAD operation.
- *
- * The operation must have been set up with psa_aead_decrypt_setup().
- *
- * This function finishes the authenticated decryption of the message
- * components:
- *
- * -  The additional data consisting of the concatenation of the inputs
- *    passed to preceding calls to psa_aead_update_ad().
- * -  The ciphertext consisting of the concatenation of the inputs passed to
- *    preceding calls to psa_aead_update().
- * -  The tag passed to this function call.
- *
- * If the authentication tag is correct, this function outputs any remaining
- * plaintext and reports success. If the authentication tag is not correct,
- * this function returns #PSA_ERROR_INVALID_SIGNATURE.
- *
- * When this function returns successfully, the operation becomes inactive.
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_aead_abort().
- *
- * \note Implementations shall make the best effort to ensure that the
- * comparison between the actual tag and the expected tag is performed
- * in constant time.
- *
- * \param[in,out] operation     Active AEAD operation.
- * \param[out] plaintext        Buffer where the last part of the plaintext
- *                              is to be written. This is the remaining data
- *                              from previous calls to psa_aead_update()
- *                              that could not be processed until the end
- *                              of the input.
- * \param plaintext_size        Size of the \p plaintext buffer in bytes.
- *                              This must be appropriate for the selected algorithm and key:
- *                              - A sufficient output size is
- *                                #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type,
- *                                \c alg) where \c key_type is the type of key
- *                                and \c alg is the algorithm that were used to
- *                                set up the operation.
- *                              - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to
- *                                the maximum output size of any supported AEAD
- *                                algorithm.
- * \param[out] plaintext_length On success, the number of bytes of
- *                              returned plaintext.
- * \param[in] tag               Buffer containing the authentication tag.
- * \param tag_length            Size of the \p tag buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The calculations were successful, but the authentication tag is
- *         not correct.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p plaintext buffer is too small.
- *         #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or
- *         #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the
- *         required buffer size.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total length of input to psa_aead_update_ad() so far is
- *         less than the additional data length that was previously
- *         specified with psa_aead_set_lengths(), or
- *         the total length of input to psa_aead_update() so far is
- *         less than the plaintext length that was previously
- *         specified with psa_aead_set_lengths().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active decryption
- *         operation with a nonce set), or the library has not been previously
- *         initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
-                             uint8_t *plaintext,
-                             size_t plaintext_size,
-                             size_t *plaintext_length,
-                             const uint8_t *tag,
-                             size_t tag_length);
-
-/** Abort an AEAD operation.
- *
- * Aborting an operation frees all associated resources except for the
- * \p operation structure itself. Once aborted, the operation object
- * can be reused for another operation by calling
- * psa_aead_encrypt_setup() or psa_aead_decrypt_setup() again.
- *
- * You may call this function any time after the operation object has
- * been initialized as described in #psa_aead_operation_t.
- *
- * In particular, calling psa_aead_abort() after the operation has been
- * terminated by a call to psa_aead_abort(), psa_aead_finish() or
- * psa_aead_verify() is safe and has no effect.
- *
- * \param[in,out] operation     Initialized AEAD operation.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
-
-/**@}*/
-
-/** \defgroup asymmetric Asymmetric cryptography
- * @{
- */
-
-/**
- * \brief Sign a message with a private key. For hash-and-sign algorithms,
- *        this includes the hashing step.
- *
- * \note To perform a multi-part hash-and-sign signature algorithm, first use
- *       a multi-part hash operation and then pass the resulting hash to
- *       psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the
- *       hash algorithm to use.
- *
- * \param[in]  key              Identifier of the key to use for the operation.
- *                              It must be an asymmetric key pair. The key must
- *                              allow the usage #PSA_KEY_USAGE_SIGN_MESSAGE.
- * \param[in]  alg              An asymmetric signature algorithm (PSA_ALG_XXX
- *                              value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
- *                              is true), that is compatible with the type of
- *                              \p key.
- * \param[in]  input            The input message to sign.
- * \param[in]  input_length     Size of the \p input buffer in bytes.
- * \param[out] signature        Buffer where the signature is to be written.
- * \param[in]  signature_size   Size of the \p signature buffer in bytes. This
- *                              must be appropriate for the selected
- *                              algorithm and key:
- *                              - The required signature size is
- *                                #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
- *                                where \c key_type and \c key_bits are the type and
- *                                bit-size respectively of key.
- *                              - #PSA_SIGNATURE_MAX_SIZE evaluates to the
- *                                maximum signature size of any supported
- *                                signature algorithm.
- * \param[out] signature_length On success, the number of bytes that make up
- *                              the returned signature value.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
- *         or it does not permit the requested algorithm.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p signature buffer is too small. You can
- *         determine a sufficient buffer size by calling
- *         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
- *         where \c key_type and \c key_bits are the type and bit-size
- *         respectively of \p key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
-                               psa_algorithm_t alg,
-                               const uint8_t * input,
-                               size_t input_length,
-                               uint8_t * signature,
-                               size_t signature_size,
-                               size_t * signature_length );
-
-/** \brief Verify the signature of a message with a public key, using
- *         a hash-and-sign verification algorithm.
- *
- * \note To perform a multi-part hash-and-sign signature verification
- *       algorithm, first use a multi-part hash operation to hash the message
- *       and then pass the resulting hash to psa_verify_hash().
- *       PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm
- *       to use.
- *
- * \param[in]  key              Identifier of the key to use for the operation.
- *                              It must be a public key or an asymmetric key
- *                              pair. The key must allow the usage
- *                              #PSA_KEY_USAGE_VERIFY_MESSAGE.
- * \param[in]  alg              An asymmetric signature algorithm (PSA_ALG_XXX
- *                              value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
- *                              is true), that is compatible with the type of
- *                              \p key.
- * \param[in]  input            The message whose signature is to be verified.
- * \param[in]  input_length     Size of the \p input buffer in bytes.
- * \param[out] signature        Buffer containing the signature to verify.
- * \param[in]  signature_length Size of the \p signature buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
- *         or it does not permit the requested algorithm.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The calculation was performed successfully, but the passed signature
- *         is not a valid signature.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
-                                 psa_algorithm_t alg,
-                                 const uint8_t * input,
-                                 size_t input_length,
-                                 const uint8_t * signature,
-                                 size_t signature_length );
-
-/**
- * \brief Sign a hash or short message with a private key.
- *
- * Note that to perform a hash-and-sign signature algorithm, you must
- * first calculate the hash by calling psa_hash_setup(), psa_hash_update()
- * and psa_hash_finish(), or alternatively by calling psa_hash_compute().
- * Then pass the resulting hash as the \p hash
- * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
- * to determine the hash algorithm to use.
- *
- * \param key                   Identifier of the key to use for the operation.
- *                              It must be an asymmetric key pair. The key must
- *                              allow the usage #PSA_KEY_USAGE_SIGN_HASH.
- * \param alg                   A signature algorithm (PSA_ALG_XXX
- *                              value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
- *                              is true), that is compatible with
- *                              the type of \p key.
- * \param[in] hash              The hash or message to sign.
- * \param hash_length           Size of the \p hash buffer in bytes.
- * \param[out] signature        Buffer where the signature is to be written.
- * \param signature_size        Size of the \p signature buffer in bytes.
- * \param[out] signature_length On success, the number of bytes
- *                              that make up the returned signature value.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p signature buffer is too small. You can
- *         determine a sufficient buffer size by calling
- *         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
- *         where \c key_type and \c key_bits are the type and bit-size
- *         respectively of \p key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
-                           psa_algorithm_t alg,
-                           const uint8_t *hash,
-                           size_t hash_length,
-                           uint8_t *signature,
-                           size_t signature_size,
-                           size_t *signature_length);
-
-/**
- * \brief Verify the signature of a hash or short message using a public key.
- *
- * Note that to perform a hash-and-sign signature algorithm, you must
- * first calculate the hash by calling psa_hash_setup(), psa_hash_update()
- * and psa_hash_finish(), or alternatively by calling psa_hash_compute().
- * Then pass the resulting hash as the \p hash
- * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
- * to determine the hash algorithm to use.
- *
- * \param key               Identifier of the key to use for the operation. It
- *                          must be a public key or an asymmetric key pair. The
- *                          key must allow the usage
- *                          #PSA_KEY_USAGE_VERIFY_HASH.
- * \param alg               A signature algorithm (PSA_ALG_XXX
- *                          value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
- *                          is true), that is compatible with
- *                          the type of \p key.
- * \param[in] hash          The hash or message whose signature is to be
- *                          verified.
- * \param hash_length       Size of the \p hash buffer in bytes.
- * \param[in] signature     Buffer containing the signature to verify.
- * \param signature_length  Size of the \p signature buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         The signature is valid.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The calculation was performed successfully, but the passed
- *         signature is not a valid signature.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key,
-                             psa_algorithm_t alg,
-                             const uint8_t *hash,
-                             size_t hash_length,
-                             const uint8_t *signature,
-                             size_t signature_length);
-
-/**
- * \brief Encrypt a short message with a public key.
- *
- * \param key                   Identifier of the key to use for the operation.
- *                              It must be a public key or an asymmetric key
- *                              pair. It must allow the usage
- *                              #PSA_KEY_USAGE_ENCRYPT.
- * \param alg                   An asymmetric encryption algorithm that is
- *                              compatible with the type of \p key.
- * \param[in] input             The message to encrypt.
- * \param input_length          Size of the \p input buffer in bytes.
- * \param[in] salt              A salt or label, if supported by the
- *                              encryption algorithm.
- *                              If the algorithm does not support a
- *                              salt, pass \c NULL.
- *                              If the algorithm supports an optional
- *                              salt and you do not want to pass a salt,
- *                              pass \c NULL.
- *
- *                              - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
- *                                supported.
- * \param salt_length           Size of the \p salt buffer in bytes.
- *                              If \p salt is \c NULL, pass 0.
- * \param[out] output           Buffer where the encrypted message is to
- *                              be written.
- * \param output_size           Size of the \p output buffer in bytes.
- * \param[out] output_length    On success, the number of bytes
- *                              that make up the returned output.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p output buffer is too small. You can
- *         determine a sufficient buffer size by calling
- *         #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
- *         where \c key_type and \c key_bits are the type and bit-size
- *         respectively of \p key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
-                                    psa_algorithm_t alg,
-                                    const uint8_t *input,
-                                    size_t input_length,
-                                    const uint8_t *salt,
-                                    size_t salt_length,
-                                    uint8_t *output,
-                                    size_t output_size,
-                                    size_t *output_length);
-
-/**
- * \brief Decrypt a short message with a private key.
- *
- * \param key                   Identifier of the key to use for the operation.
- *                              It must be an asymmetric key pair. It must
- *                              allow the usage #PSA_KEY_USAGE_DECRYPT.
- * \param alg                   An asymmetric encryption algorithm that is
- *                              compatible with the type of \p key.
- * \param[in] input             The message to decrypt.
- * \param input_length          Size of the \p input buffer in bytes.
- * \param[in] salt              A salt or label, if supported by the
- *                              encryption algorithm.
- *                              If the algorithm does not support a
- *                              salt, pass \c NULL.
- *                              If the algorithm supports an optional
- *                              salt and you do not want to pass a salt,
- *                              pass \c NULL.
- *
- *                              - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
- *                                supported.
- * \param salt_length           Size of the \p salt buffer in bytes.
- *                              If \p salt is \c NULL, pass 0.
- * \param[out] output           Buffer where the decrypted message is to
- *                              be written.
- * \param output_size           Size of the \c output buffer in bytes.
- * \param[out] output_length    On success, the number of bytes
- *                              that make up the returned output.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p output buffer is too small. You can
- *         determine a sufficient buffer size by calling
- *         #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
- *         where \c key_type and \c key_bits are the type and bit-size
- *         respectively of \p key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- * \retval #PSA_ERROR_INVALID_PADDING
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
-                                    psa_algorithm_t alg,
-                                    const uint8_t *input,
-                                    size_t input_length,
-                                    const uint8_t *salt,
-                                    size_t salt_length,
-                                    uint8_t *output,
-                                    size_t output_size,
-                                    size_t *output_length);
-
-/**@}*/
-
-/** \defgroup key_derivation Key derivation and pseudorandom generation
- * @{
- */
-
-/** The type of the state data structure for key derivation operations.
- *
- * Before calling any function on a key derivation operation object, the
- * application must initialize it by any of the following means:
- * - Set the structure to all-bits-zero, for example:
- *   \code
- *   psa_key_derivation_operation_t operation;
- *   memset(&operation, 0, sizeof(operation));
- *   \endcode
- * - Initialize the structure to logical zero values, for example:
- *   \code
- *   psa_key_derivation_operation_t operation = {0};
- *   \endcode
- * - Initialize the structure to the initializer #PSA_KEY_DERIVATION_OPERATION_INIT,
- *   for example:
- *   \code
- *   psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
- *   \endcode
- * - Assign the result of the function psa_key_derivation_operation_init()
- *   to the structure, for example:
- *   \code
- *   psa_key_derivation_operation_t operation;
- *   operation = psa_key_derivation_operation_init();
- *   \endcode
- *
- * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
- * as directed by the documentation of a specific implementation.
- */
-typedef struct psa_key_derivation_s psa_key_derivation_operation_t;
-
-/** \def PSA_KEY_DERIVATION_OPERATION_INIT
- *
- * This macro returns a suitable initializer for a key derivation operation
- * object of type #psa_key_derivation_operation_t.
- */
-#ifdef __DOXYGEN_ONLY__
-/* This is an example definition for documentation purposes.
- * Implementations should define a suitable value in `crypto_struct.h`.
- */
-#define PSA_KEY_DERIVATION_OPERATION_INIT {0}
-#endif
-
-/** Return an initial value for a key derivation operation object.
- */
-static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
-
-/** Set up a key derivation operation.
- *
- * A key derivation algorithm takes some inputs and uses them to generate
- * a byte stream in a deterministic way.
- * This byte stream can be used to produce keys and other
- * cryptographic material.
- *
- * To derive a key:
- * -# Start with an initialized object of type #psa_key_derivation_operation_t.
- * -# Call psa_key_derivation_setup() to select the algorithm.
- * -# Provide the inputs for the key derivation by calling
- *    psa_key_derivation_input_bytes() or psa_key_derivation_input_key()
- *    as appropriate. Which inputs are needed, in what order, and whether
- *    they may be keys and if so of what type depends on the algorithm.
- * -# Optionally set the operation's maximum capacity with
- *    psa_key_derivation_set_capacity(). You may do this before, in the middle
- *    of or after providing inputs. For some algorithms, this step is mandatory
- *    because the output depends on the maximum capacity.
- * -# To derive a key, call psa_key_derivation_output_key().
- *    To derive a byte string for a different purpose, call
- *    psa_key_derivation_output_bytes().
- *    Successive calls to these functions use successive output bytes
- *    calculated by the key derivation algorithm.
- * -# Clean up the key derivation operation object with
- *    psa_key_derivation_abort().
- *
- * If this function returns an error, the key derivation operation object is
- * not changed.
- *
- * If an error occurs at any step after a call to psa_key_derivation_setup(),
- * the operation will need to be reset by a call to psa_key_derivation_abort().
- *
- * Implementations must reject an attempt to derive a key of size 0.
- *
- * \param[in,out] operation       The key derivation operation object
- *                                to set up. It must
- *                                have been initialized but not set up yet.
- * \param alg                     The key derivation algorithm to compute
- *                                (\c PSA_ALG_XXX value such that
- *                                #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c alg is not a key derivation algorithm.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \c alg is not supported or is not a key derivation algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive), or
- *         the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_key_derivation_setup(
-    psa_key_derivation_operation_t *operation,
-    psa_algorithm_t alg);
-
-/** Retrieve the current capacity of a key derivation operation.
- *
- * The capacity of a key derivation is the maximum number of bytes that it can
- * return. When you get *N* bytes of output from a key derivation operation,
- * this reduces its capacity by *N*.
- *
- * \param[in] operation     The operation to query.
- * \param[out] capacity     On success, the capacity of the operation.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active), or
- *         the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_key_derivation_get_capacity(
-    const psa_key_derivation_operation_t *operation,
-    size_t *capacity);
-
-/** Set the maximum capacity of a key derivation operation.
- *
- * The capacity of a key derivation operation is the maximum number of bytes
- * that the key derivation operation can return from this point onwards.
- *
- * \param[in,out] operation The key derivation operation object to modify.
- * \param capacity          The new capacity of the operation.
- *                          It must be less or equal to the operation's
- *                          current capacity.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p capacity is larger than the operation's current capacity.
- *         In this case, the operation object remains valid and its capacity
- *         remains unchanged.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active), or the
- *         library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_key_derivation_set_capacity(
-    psa_key_derivation_operation_t *operation,
-    size_t capacity);
-
-/** Use the maximum possible capacity for a key derivation operation.
- *
- * Use this value as the capacity argument when setting up a key derivation
- * to indicate that the operation should have the maximum possible capacity.
- * The value of the maximum possible capacity depends on the key derivation
- * algorithm.
- */
-#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(-1))
-
-/** Provide an input for key derivation or key agreement.
- *
- * Which inputs are required and in what order depends on the algorithm.
- * Refer to the documentation of each key derivation or key agreement
- * algorithm for information.
- *
- * This function passes direct inputs, which is usually correct for
- * non-secret inputs. To pass a secret input, which should be in a key
- * object, call psa_key_derivation_input_key() instead of this function.
- * Refer to the documentation of individual step types
- * (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t)
- * for more information.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_key_derivation_abort().
- *
- * \param[in,out] operation       The key derivation operation object to use.
- *                                It must have been set up with
- *                                psa_key_derivation_setup() and must not
- *                                have produced any output yet.
- * \param step                    Which step the input data is for.
- * \param[in] data                Input data to use.
- * \param data_length             Size of the \p data buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step is not compatible with the operation's algorithm, or
- *         \c step does not allow direct inputs.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this input \p step, or
- *         the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_key_derivation_input_bytes(
-    psa_key_derivation_operation_t *operation,
-    psa_key_derivation_step_t step,
-    const uint8_t *data,
-    size_t data_length);
-
-/** Provide an input for key derivation in the form of a key.
- *
- * Which inputs are required and in what order depends on the algorithm.
- * Refer to the documentation of each key derivation or key agreement
- * algorithm for information.
- *
- * This function obtains input from a key object, which is usually correct for
- * secret inputs or for non-secret personalization strings kept in the key
- * store. To pass a non-secret parameter which is not in the key store,
- * call psa_key_derivation_input_bytes() instead of this function.
- * Refer to the documentation of individual step types
- * (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t)
- * for more information.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_key_derivation_abort().
- *
- * \param[in,out] operation       The key derivation operation object to use.
- *                                It must have been set up with
- *                                psa_key_derivation_setup() and must not
- *                                have produced any output yet.
- * \param step                    Which step the input data is for.
- * \param key                     Identifier of the key. It must have an
- *                                appropriate type for step and must allow the
- *                                usage #PSA_KEY_USAGE_DERIVE.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c step is not compatible with the operation's algorithm, or
- *         \c step does not allow key inputs of the given type
- *         or does not allow key inputs at all.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this input \p step, or
- *         the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_key_derivation_input_key(
-    psa_key_derivation_operation_t *operation,
-    psa_key_derivation_step_t step,
-    mbedtls_svc_key_id_t key);
-
-/** Perform a key agreement and use the shared secret as input to a key
- * derivation.
- *
- * A key agreement algorithm takes two inputs: a private key \p private_key
- * a public key \p peer_key.
- * The result of this function is passed as input to a key derivation.
- * The output of this key derivation can be extracted by reading from the
- * resulting operation to produce keys and other cryptographic material.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_key_derivation_abort().
- *
- * \param[in,out] operation       The key derivation operation object to use.
- *                                It must have been set up with
- *                                psa_key_derivation_setup() with a
- *                                key agreement and derivation algorithm
- *                                \c alg (\c PSA_ALG_XXX value such that
- *                                #PSA_ALG_IS_KEY_AGREEMENT(\c alg) is true
- *                                and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\c alg)
- *                                is false).
- *                                The operation must be ready for an
- *                                input of the type given by \p step.
- * \param step                    Which step the input data is for.
- * \param private_key             Identifier of the private key to use. It must
- *                                allow the usage #PSA_KEY_USAGE_DERIVE.
- * \param[in] peer_key      Public key of the peer. The peer key must be in the
- *                          same format that psa_import_key() accepts for the
- *                          public key type corresponding to the type of
- *                          private_key. That is, this function performs the
- *                          equivalent of
- *                          #psa_import_key(...,
- *                          `peer_key`, `peer_key_length`) where
- *                          with key attributes indicating the public key
- *                          type corresponding to the type of `private_key`.
- *                          For example, for EC keys, this means that peer_key
- *                          is interpreted as a point on the curve that the
- *                          private key is on. The standard formats for public
- *                          keys are documented in the documentation of
- *                          psa_export_public_key().
- * \param peer_key_length         Size of \p peer_key in bytes.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c private_key is not compatible with \c alg,
- *         or \p peer_key is not valid for \c alg or not compatible with
- *         \c private_key, or \c step does not allow an input resulting
- *         from a key agreement.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \c alg is not supported or is not a key derivation algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid for this key agreement \p step,
- *         or the library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_key_derivation_key_agreement(
-    psa_key_derivation_operation_t *operation,
-    psa_key_derivation_step_t step,
-    mbedtls_svc_key_id_t private_key,
-    const uint8_t *peer_key,
-    size_t peer_key_length);
-
-/** Read some data from a key derivation operation.
- *
- * This function calculates output bytes from a key derivation algorithm and
- * return those bytes.
- * If you view the key derivation's output as a stream of bytes, this
- * function destructively reads the requested number of bytes from the
- * stream.
- * The operation's capacity decreases by the number of bytes read.
- *
- * If this function returns an error status other than
- * #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error
- * state and must be aborted by calling psa_key_derivation_abort().
- *
- * \param[in,out] operation The key derivation operation object to read from.
- * \param[out] output       Buffer where the output will be written.
- * \param output_length     Number of bytes to output.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_DATA
- *                          The operation's capacity was less than
- *                          \p output_length bytes. Note that in this case,
- *                          no output is written to the output buffer.
- *                          The operation's capacity is set to 0, thus
- *                          subsequent calls to this function will not
- *                          succeed, even with a smaller output buffer.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active and completed
- *         all required input steps), or the library has not been previously
- *         initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_key_derivation_output_bytes(
-    psa_key_derivation_operation_t *operation,
-    uint8_t *output,
-    size_t output_length);
-
-/** Derive a key from an ongoing key derivation operation.
- *
- * This function calculates output bytes from a key derivation algorithm
- * and uses those bytes to generate a key deterministically.
- * The key's location, usage policy, type and size are taken from
- * \p attributes.
- *
- * If you view the key derivation's output as a stream of bytes, this
- * function destructively reads as many bytes as required from the
- * stream.
- * The operation's capacity decreases by the number of bytes read.
- *
- * If this function returns an error status other than
- * #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error
- * state and must be aborted by calling psa_key_derivation_abort().
- *
- * How much output is produced and consumed from the operation, and how
- * the key is derived, depends on the key type and on the key size
- * (denoted \c bits below):
- *
- * - For key types for which the key is an arbitrary sequence of bytes
- *   of a given size, this function is functionally equivalent to
- *   calling #psa_key_derivation_output_bytes
- *   and passing the resulting output to #psa_import_key.
- *   However, this function has a security benefit:
- *   if the implementation provides an isolation boundary then
- *   the key material is not exposed outside the isolation boundary.
- *   As a consequence, for these key types, this function always consumes
- *   exactly (\c bits / 8) bytes from the operation.
- *   The following key types defined in this specification follow this scheme:
- *
- *     - #PSA_KEY_TYPE_AES;
- *     - #PSA_KEY_TYPE_ARC4;
- *     - #PSA_KEY_TYPE_ARIA;
- *     - #PSA_KEY_TYPE_CAMELLIA;
- *     - #PSA_KEY_TYPE_DERIVE;
- *     - #PSA_KEY_TYPE_HMAC.
- *
- * - For ECC keys on a Montgomery elliptic curve
- *   (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
- *   Montgomery curve), this function always draws a byte string whose
- *   length is determined by the curve, and sets the mandatory bits
- *   accordingly. That is:
- *
- *     - Curve25519 (#PSA_ECC_FAMILY_MONTGOMERY, 255 bits): draw a 32-byte
- *       string and process it as specified in RFC 7748 &sect;5.
- *     - Curve448 (#PSA_ECC_FAMILY_MONTGOMERY, 448 bits): draw a 56-byte
- *       string and process it as specified in RFC 7748 &sect;5.
- *
- * - For key types for which the key is represented by a single sequence of
- *   \c bits bits with constraints as to which bit sequences are acceptable,
- *   this function draws a byte string of length (\c bits / 8) bytes rounded
- *   up to the nearest whole number of bytes. If the resulting byte string
- *   is acceptable, it becomes the key, otherwise the drawn bytes are discarded.
- *   This process is repeated until an acceptable byte string is drawn.
- *   The byte string drawn from the operation is interpreted as specified
- *   for the output produced by psa_export_key().
- *   The following key types defined in this specification follow this scheme:
- *
- *     - #PSA_KEY_TYPE_DES.
- *       Force-set the parity bits, but discard forbidden weak keys.
- *       For 2-key and 3-key triple-DES, the three keys are generated
- *       successively (for example, for 3-key triple-DES,
- *       if the first 8 bytes specify a weak key and the next 8 bytes do not,
- *       discard the first 8 bytes, use the next 8 bytes as the first key,
- *       and continue reading output from the operation to derive the other
- *       two keys).
- *     - Finite-field Diffie-Hellman keys (#PSA_KEY_TYPE_DH_KEY_PAIR(\c group)
- *       where \c group designates any Diffie-Hellman group) and
- *       ECC keys on a Weierstrass elliptic curve
- *       (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a
- *       Weierstrass curve).
- *       For these key types, interpret the byte string as integer
- *       in big-endian order. Discard it if it is not in the range
- *       [0, *N* - 2] where *N* is the boundary of the private key domain
- *       (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
- *       or the order of the curve's base point for ECC).
- *       Add 1 to the resulting integer and use this as the private key *x*.
- *       This method allows compliance to NIST standards, specifically
- *       the methods titled "key-pair generation by testing candidates"
- *       in NIST SP 800-56A &sect;5.6.1.1.4 for Diffie-Hellman,
- *       in FIPS 186-4 &sect;B.1.2 for DSA, and
- *       in NIST SP 800-56A &sect;5.6.1.2.2 or
- *       FIPS 186-4 &sect;B.4.2 for elliptic curve keys.
- *
- * - For other key types, including #PSA_KEY_TYPE_RSA_KEY_PAIR,
- *   the way in which the operation output is consumed is
- *   implementation-defined.
- *
- * In all cases, the data that is read is discarded from the operation.
- * The operation's capacity is decreased by the number of bytes read.
- *
- * For algorithms that take an input step #PSA_KEY_DERIVATION_INPUT_SECRET,
- * the input to that step must be provided with psa_key_derivation_input_key().
- * Future versions of this specification may include additional restrictions
- * on the derived key based on the attributes and strength of the secret key.
- *
- * \param[in] attributes    The attributes for the new key.
- * \param[in,out] operation The key derivation operation object to read from.
- * \param[out] key          On success, an identifier for the newly created
- *                          key. For persistent keys, this is the key
- *                          identifier defined in \p attributes.
- *                          \c 0 on failure.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- *         If the key is persistent, the key material and the key's metadata
- *         have been saved to persistent storage.
- * \retval #PSA_ERROR_ALREADY_EXISTS
- *         This is an attempt to create a persistent key, and there is
- *         already a persistent key with the given identifier.
- * \retval #PSA_ERROR_INSUFFICIENT_DATA
- *         There was not enough data to create the desired key.
- *         Note that in this case, no output is written to the output buffer.
- *         The operation's capacity is set to 0, thus subsequent calls to
- *         this function will not succeed, even with a smaller output buffer.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         The key type or key size is not supported, either by the
- *         implementation in general or in this particular location.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The provided key attributes are not valid for the operation.
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The #PSA_KEY_DERIVATION_INPUT_SECRET input was not provided through
- *         a key.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active and completed
- *         all required input steps), or the library has not been previously
- *         initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_key_derivation_output_key(
-    const psa_key_attributes_t *attributes,
-    psa_key_derivation_operation_t *operation,
-    mbedtls_svc_key_id_t *key);
-
-/** Abort a key derivation operation.
- *
- * Aborting an operation frees all associated resources except for the \c
- * operation structure itself. Once aborted, the operation object can be reused
- * for another operation by calling psa_key_derivation_setup() again.
- *
- * This function may be called at any time after the operation
- * object has been initialized as described in #psa_key_derivation_operation_t.
- *
- * In particular, it is valid to call psa_key_derivation_abort() twice, or to
- * call psa_key_derivation_abort() on an operation that has not been set up.
- *
- * \param[in,out] operation    The operation to abort.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_key_derivation_abort(
-    psa_key_derivation_operation_t *operation);
-
-/** Perform a key agreement and return the raw shared secret.
- *
- * \warning The raw result of a key agreement algorithm such as finite-field
- * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
- * not be used directly as key material. It should instead be passed as
- * input to a key derivation algorithm. To chain a key agreement with
- * a key derivation, use psa_key_derivation_key_agreement() and other
- * functions from the key derivation interface.
- *
- * \param alg                     The key agreement algorithm to compute
- *                                (\c PSA_ALG_XXX value such that
- *                                #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg)
- *                                is true).
- * \param private_key             Identifier of the private key to use. It must
- *                                allow the usage #PSA_KEY_USAGE_DERIVE.
- * \param[in] peer_key            Public key of the peer. It must be
- *                                in the same format that psa_import_key()
- *                                accepts. The standard formats for public
- *                                keys are documented in the documentation
- *                                of psa_export_public_key().
- * \param peer_key_length         Size of \p peer_key in bytes.
- * \param[out] output             Buffer where the decrypted message is to
- *                                be written.
- * \param output_size             Size of the \c output buffer in bytes.
- * \param[out] output_length      On success, the number of bytes
- *                                that make up the returned output.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p alg is not a key agreement algorithm, or
- *         \p private_key is not compatible with \p alg,
- *         or \p peer_key is not valid for \p alg or not compatible with
- *         \p private_key.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         \p output_size is too small
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not a supported key agreement algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_raw_key_agreement(psa_algorithm_t alg,
-                                   mbedtls_svc_key_id_t private_key,
-                                   const uint8_t *peer_key,
-                                   size_t peer_key_length,
-                                   uint8_t *output,
-                                   size_t output_size,
-                                   size_t *output_length);
-
-/**@}*/
-
-/** \defgroup random Random generation
- * @{
- */
-
-/**
- * \brief Generate random bytes.
- *
- * \warning This function **can** fail! Callers MUST check the return status
- *          and MUST NOT use the content of the output buffer if the return
- *          status is not #PSA_SUCCESS.
- *
- * \note    To generate a key, use psa_generate_key() instead.
- *
- * \param[out] output       Output buffer for the generated data.
- * \param output_size       Number of bytes to generate and output.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_generate_random(uint8_t *output,
-                                 size_t output_size);
-
-/**
- * \brief Generate a key or key pair.
- *
- * The key is generated randomly.
- * Its location, usage policy, type and size are taken from \p attributes.
- *
- * Implementations must reject an attempt to generate a key of size 0.
- *
- * The following type-specific considerations apply:
- * - For RSA keys (#PSA_KEY_TYPE_RSA_KEY_PAIR),
- *   the public exponent is 65537.
- *   The modulus is a product of two probabilistic primes
- *   between 2^{n-1} and 2^n where n is the bit size specified in the
- *   attributes.
- *
- * \param[in] attributes    The attributes for the new key.
- * \param[out] key          On success, an identifier for the newly created
- *                          key. For persistent keys, this is the key
- *                          identifier defined in \p attributes.
- *                          \c 0 on failure.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- *         If the key is persistent, the key material and the key's metadata
- *         have been saved to persistent storage.
- * \retval #PSA_ERROR_ALREADY_EXISTS
- *         This is an attempt to create a persistent key, and there is
- *         already a persistent key with the given identifier.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
-                              mbedtls_svc_key_id_t *key);
-
-/**@}*/
-
-#ifdef __cplusplus
-}
-#endif
-
-/* The file "crypto_sizes.h" contains definitions for size calculation
- * macros whose definitions are implementation-specific. */
-#include "crypto_sizes.h"
-
-/* The file "crypto_struct.h" contains definitions for
- * implementation-specific structs that are declared above. */
-#include "crypto_struct.h"
-
-/* The file "crypto_extra.h" contains vendor-specific definitions. This
- * can include vendor-defined algorithms, extra functions, etc. */
-#include "crypto_extra.h"
-
-#endif /* PSA_CRYPTO_H */
diff --git a/Sources/mbedtls/include/psa/crypto_builtin_composites.h b/Sources/mbedtls/include/psa/crypto_builtin_composites.h
deleted file mode 100644
index 711c43d..0000000
--- a/Sources/mbedtls/include/psa/crypto_builtin_composites.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- *  Context structure declaration of the Mbed TLS software-based PSA drivers
- *  called through the PSA Crypto driver dispatch layer.
- *  This file contains the context structures of those algorithms which need to
- *  rely on other algorithms, i.e. are 'composite' algorithms.
- *
- * \note This file may not be included directly. Applications must
- * include psa/crypto.h.
- *
- * \note This header and its content is not part of the Mbed TLS API and
- * applications must not depend on it. Its main purpose is to define the
- * multi-part state objects of the Mbed TLS software-based PSA drivers. The
- * definition of these objects are then used by crypto_struct.h to define the
- * implementation-defined types of PSA multi-part state objects.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H
-#define PSA_CRYPTO_BUILTIN_COMPOSITES_H
-
-#include <psa/crypto_driver_common.h>
-
-/*
- * MAC multi-part operation definitions.
- */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-#define MBEDTLS_PSA_BUILTIN_MAC
-#endif
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_CCM) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-#define MBEDTLS_PSA_BUILTIN_AEAD  1
-#endif
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
-typedef struct
-{
-    /** The HMAC algorithm in use */
-    psa_algorithm_t alg;
-    /** The hash context. */
-    struct psa_hash_operation_s hash_ctx;
-    /** The HMAC part of the context. */
-    uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
-} mbedtls_psa_hmac_operation_t;
-
-#define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-
-#include "mbedtls/cmac.h"
-
-typedef struct
-{
-    psa_algorithm_t alg;
-    union
-    {
-        unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
-        mbedtls_psa_hmac_operation_t hmac;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
-        mbedtls_cipher_context_t cmac;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-    } ctx;
-} mbedtls_psa_mac_operation_t;
-
-#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}}
-
-#endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */
diff --git a/Sources/mbedtls/include/psa/crypto_builtin_primitives.h b/Sources/mbedtls/include/psa/crypto_builtin_primitives.h
deleted file mode 100644
index 96c4529..0000000
--- a/Sources/mbedtls/include/psa/crypto_builtin_primitives.h
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- *  Context structure declaration of the Mbed TLS software-based PSA drivers
- *  called through the PSA Crypto driver dispatch layer.
- *  This file contains the context structures of those algorithms which do not
- *  rely on other algorithms, i.e. are 'primitive' algorithms.
- *
- * \note This file may not be included directly. Applications must
- * include psa/crypto.h.
- *
- * \note This header and its content is not part of the Mbed TLS API and
- * applications must not depend on it. Its main purpose is to define the
- * multi-part state objects of the Mbed TLS software-based PSA drivers. The
- * definition of these objects are then used by crypto_struct.h to define the
- * implementation-defined types of PSA multi-part state objects.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H
-#define PSA_CRYPTO_BUILTIN_PRIMITIVES_H
-
-#include <psa/crypto_driver_common.h>
-
-/*
- * Hash multi-part operation definitions.
- */
-
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
-#include "mbedtls/md5.h"
-#include "mbedtls/ripemd160.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/sha512.h"
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
-#define MBEDTLS_PSA_BUILTIN_HASH
-#endif
-
-typedef struct
-{
-    psa_algorithm_t alg;
-    union
-    {
-        unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
-        mbedtls_md2_context md2;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
-        mbedtls_md4_context md4;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
-        mbedtls_md5_context md5;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
-        mbedtls_ripemd160_context ripemd160;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
-        mbedtls_sha1_context sha1;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
-        mbedtls_sha256_context sha256;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
-        mbedtls_sha512_context sha512;
-#endif
-    } ctx;
-} mbedtls_psa_hash_operation_t;
-
-#define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}}
-
-/*
- * Cipher multi-part operation definitions.
- */
-
-#include "mbedtls/cipher.h"
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_CTR) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_CFB) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_OFB) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
-#define MBEDTLS_PSA_BUILTIN_CIPHER  1
-#endif
-
-typedef struct {
-    /* Context structure for the Mbed TLS cipher implementation. */
-    psa_algorithm_t alg;
-    uint8_t iv_length;
-    uint8_t block_length;
-    union {
-        unsigned int dummy;
-        mbedtls_cipher_context_t cipher;
-    } ctx;
-} mbedtls_psa_cipher_operation_t;
-
-#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
-
-#endif /* PSA_CRYPTO_BUILTIN_PRIMITIVES_H */
diff --git a/Sources/mbedtls/include/psa/crypto_compat.h b/Sources/mbedtls/include/psa/crypto_compat.h
deleted file mode 100644
index 0d18404..0000000
--- a/Sources/mbedtls/include/psa/crypto_compat.h
+++ /dev/null
@@ -1,528 +0,0 @@
-/**
- * \file psa/crypto_compat.h
- *
- * \brief PSA cryptography module: Backward compatibility aliases
- *
- * This header declares alternative names for macro and functions.
- * New application code should not use these names.
- * These names may be removed in a future version of Mbed Crypto.
- *
- * \note This file may not be included directly. Applications must
- * include psa/crypto.h.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_COMPAT_H
-#define PSA_CRYPTO_COMPAT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * To support both openless APIs and psa_open_key() temporarily, define
- * psa_key_handle_t to be equal to mbedtls_svc_key_id_t. Do not mark the
- * type and its utility macros and functions deprecated yet. This will be done
- * in a subsequent phase.
- */
-typedef mbedtls_svc_key_id_t psa_key_handle_t;
-
-#define PSA_KEY_HANDLE_INIT MBEDTLS_SVC_KEY_ID_INIT
-
-/** Check whether a handle is null.
- *
- * \param handle  Handle
- *
- * \return Non-zero if the handle is null, zero otherwise.
- */
-static inline int psa_key_handle_is_null( psa_key_handle_t handle )
-{
-    return( mbedtls_svc_key_id_is_null( handle ) );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-
-/*
- * Mechanism for declaring deprecated values
- */
-#if defined(MBEDTLS_DEPRECATED_WARNING) && !defined(MBEDTLS_PSA_DEPRECATED)
-#define MBEDTLS_PSA_DEPRECATED __attribute__((deprecated))
-#else
-#define MBEDTLS_PSA_DEPRECATED
-#endif
-
-typedef MBEDTLS_PSA_DEPRECATED size_t mbedtls_deprecated_size_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_status_t mbedtls_deprecated_psa_status_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_key_usage_t mbedtls_deprecated_psa_key_usage_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_ecc_family_t mbedtls_deprecated_psa_ecc_family_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_dh_family_t mbedtls_deprecated_psa_dh_family_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_ecc_family_t psa_ecc_curve_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_dh_family_t psa_dh_group_t;
-typedef MBEDTLS_PSA_DEPRECATED psa_algorithm_t mbedtls_deprecated_psa_algorithm_t;
-
-#define PSA_KEY_TYPE_GET_CURVE PSA_KEY_TYPE_ECC_GET_FAMILY
-#define PSA_KEY_TYPE_GET_GROUP PSA_KEY_TYPE_DH_GET_FAMILY
-
-#define MBEDTLS_DEPRECATED_CONSTANT( type, value )      \
-    ( (mbedtls_deprecated_##type) ( value ) )
-
-/*
- * Deprecated PSA Crypto error code definitions (PSA Crypto API  <= 1.0 beta2)
- */
-#define PSA_ERROR_UNKNOWN_ERROR \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_GENERIC_ERROR )
-#define PSA_ERROR_OCCUPIED_SLOT \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_ALREADY_EXISTS )
-#define PSA_ERROR_EMPTY_SLOT \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_DOES_NOT_EXIST )
-#define PSA_ERROR_INSUFFICIENT_CAPACITY \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_INSUFFICIENT_DATA )
-#define PSA_ERROR_TAMPERING_DETECTED \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_CORRUPTION_DETECTED )
-
-/*
- * Deprecated PSA Crypto numerical encodings (PSA Crypto API  <= 1.0 beta3)
- */
-#define PSA_KEY_USAGE_SIGN \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_SIGN_HASH )
-#define PSA_KEY_USAGE_VERIFY \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_VERIFY_HASH )
-
-/*
- * Deprecated PSA Crypto size calculation macros (PSA Crypto API  <= 1.0 beta3)
- */
-#define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGNATURE_MAX_SIZE )
-#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) )
-#define PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ) \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) )
-#define PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ) )
-#define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE )
-#define PSA_HASH_SIZE( alg ) \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_HASH_LENGTH( alg ) )
-#define PSA_MAC_FINAL_SIZE( key_type, key_bits, alg ) \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_MAC_LENGTH( key_type, key_bits, alg ) )
-#define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE )
-
-/*
- * Deprecated PSA Crypto function names (PSA Crypto API  <= 1.0 beta3)
- */
-MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_sign( psa_key_handle_t key,
-                            psa_algorithm_t alg,
-                            const uint8_t *hash,
-                            size_t hash_length,
-                            uint8_t *signature,
-                            size_t signature_size,
-                            size_t *signature_length )
-{
-    return psa_sign_hash( key, alg, hash, hash_length, signature, signature_size, signature_length );
-}
-
-MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key_handle_t key,
-                              psa_algorithm_t alg,
-                              const uint8_t *hash,
-                              size_t hash_length,
-                              const uint8_t *signature,
-                              size_t signature_length )
-{
-    return psa_verify_hash( key, alg, hash, hash_length, signature, signature_length );
-}
-
-/*
- * Size-specific elliptic curve families.
- */
-#define PSA_ECC_CURVE_SECP160K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP192K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP224K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP256K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP160R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP192R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP224R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP256R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP384R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP521R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP160R2 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R2 )
-#define PSA_ECC_CURVE_SECT163K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT233K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT239K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT283K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT409K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT571K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT163R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT193R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT233R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT283R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT409R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT571R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT163R2 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
-#define PSA_ECC_CURVE_SECT193R2 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
-#define PSA_ECC_CURVE_BRAINPOOL_P256R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
-#define PSA_ECC_CURVE_BRAINPOOL_P384R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
-#define PSA_ECC_CURVE_BRAINPOOL_P512R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
-#define PSA_ECC_CURVE_CURVE25519 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
-#define PSA_ECC_CURVE_CURVE448 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
-
-/*
- * Curves that changed name due to PSA specification.
- */
-#define PSA_ECC_CURVE_SECP_K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
-#define PSA_ECC_CURVE_SECP_R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
-#define PSA_ECC_CURVE_SECP_R2 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R2 )
-#define PSA_ECC_CURVE_SECT_K1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
-#define PSA_ECC_CURVE_SECT_R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
-#define PSA_ECC_CURVE_SECT_R2 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
-#define PSA_ECC_CURVE_BRAINPOOL_P_R1 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
-#define PSA_ECC_CURVE_MONTGOMERY \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
-
-/*
- * Finite-field Diffie-Hellman families.
- */
-#define PSA_DH_GROUP_FFDHE2048 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_FFDHE3072 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_FFDHE4096 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_FFDHE6144 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_FFDHE8192 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-
-/*
- * Diffie-Hellman families that changed name due to PSA specification.
- */
-#define PSA_DH_GROUP_RFC7919 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
-#define PSA_DH_GROUP_CUSTOM \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_CUSTOM )
-
-/*
- * Deprecated PSA Crypto stream cipher algorithms (PSA Crypto API  <= 1.0 beta3)
- */
-#define PSA_ALG_ARC4 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_STREAM_CIPHER )
-#define PSA_ALG_CHACHA20 \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_STREAM_CIPHER )
-
-/*
- * Renamed AEAD tag length macros (PSA Crypto API  <= 1.0 beta3)
- */
-#define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH( aead_alg ) \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( aead_alg ) )
-#define PSA_ALG_AEAD_WITH_TAG_LENGTH( aead_alg, tag_length ) \
-    MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_AEAD_WITH_SHORTENED_TAG( aead_alg, tag_length ) )
-
-/*
- * Deprecated PSA AEAD output size macros (PSA Crypto API  <= 1.0 beta3)
- */
-
-/** The tag size for an AEAD algorithm, in bytes.
- *
- * \param alg                 An AEAD algorithm
- *                            (\c PSA_ALG_XXX value such that
- *                            #PSA_ALG_IS_AEAD(\p alg) is true).
- *
- * \return                    The tag size for the specified algorithm.
- *                            If the AEAD algorithm does not have an identified
- *                            tag that can be distinguished from the rest of
- *                            the ciphertext, return 0.
- *                            If the AEAD algorithm is not recognized, return 0.
- */
-#define PSA_AEAD_TAG_LENGTH_1_ARG( alg )     \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t,     \
-        PSA_ALG_IS_AEAD( alg ) ?             \
-        PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) : \
-        0 )
-
-/** The maximum size of the output of psa_aead_encrypt(), in bytes.
- *
- * If the size of the ciphertext buffer is at least this large, it is
- * guaranteed that psa_aead_encrypt() will not fail due to an
- * insufficient buffer size. Depending on the algorithm, the actual size of
- * the ciphertext may be smaller.
- *
- * \warning This macro may evaluate its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * \param alg                 An AEAD algorithm
- *                            (\c PSA_ALG_XXX value such that
- *                            #PSA_ALG_IS_AEAD(\p alg) is true).
- * \param plaintext_length    Size of the plaintext in bytes.
- *
- * \return                    The AEAD ciphertext size for the specified
- *                            algorithm.
- *                            If the AEAD algorithm is not recognized, return 0.
- */
-#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE_2_ARG( alg, plaintext_length ) \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t,                            \
-        PSA_ALG_IS_AEAD( alg ) ?                                    \
-        (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) :   \
-        0 )
-
-/** The maximum size of the output of psa_aead_decrypt(), in bytes.
- *
- * If the size of the plaintext buffer is at least this large, it is
- * guaranteed that psa_aead_decrypt() will not fail due to an
- * insufficient buffer size. Depending on the algorithm, the actual size of
- * the plaintext may be smaller.
- *
- * \warning This macro may evaluate its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * \param alg                 An AEAD algorithm
- *                            (\c PSA_ALG_XXX value such that
- *                            #PSA_ALG_IS_AEAD(\p alg) is true).
- * \param ciphertext_length   Size of the plaintext in bytes.
- *
- * \return                    The AEAD ciphertext size for the specified
- *                            algorithm.
- *                            If the AEAD algorithm is not recognized, return 0.
- */
-#define PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG( alg, ciphertext_length )   \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t,                               \
-        PSA_ALG_IS_AEAD( alg ) &&                                      \
-            (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) ? \
-            (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) : \
-        0 )
-
-/** A sufficient output buffer size for psa_aead_update().
- *
- * If the size of the output buffer is at least this large, it is
- * guaranteed that psa_aead_update() will not fail due to an
- * insufficient buffer size. The actual size of the output may be smaller
- * in any given call.
- *
- * \warning This macro may evaluate its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * \param alg                 An AEAD algorithm
- *                            (\c PSA_ALG_XXX value such that
- *                            #PSA_ALG_IS_AEAD(\p alg) is true).
- * \param input_length        Size of the input in bytes.
- *
- * \return                    A sufficient output buffer size for the specified
- *                            algorithm.
- *                            If the AEAD algorithm is not recognized, return 0.
- */
-/* For all the AEAD modes defined in this specification, it is possible
- * to emit output without delay. However, hardware may not always be
- * capable of this. So for modes based on a block cipher, allow the
- * implementation to delay the output until it has a full block. */
-#define PSA_AEAD_UPDATE_OUTPUT_SIZE_2_ARG( alg, input_length )                        \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t,                                              \
-        PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER( alg ) ?                                      \
-        PSA_ROUND_UP_TO_MULTIPLE( PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length) ) : \
-        (input_length) )
-
-/** A sufficient ciphertext buffer size for psa_aead_finish().
- *
- * If the size of the ciphertext buffer is at least this large, it is
- * guaranteed that psa_aead_finish() will not fail due to an
- * insufficient ciphertext buffer size. The actual size of the output may
- * be smaller in any given call.
- *
- * \param alg                 An AEAD algorithm
- *                            (\c PSA_ALG_XXX value such that
- *                            #PSA_ALG_IS_AEAD(\p alg) is true).
- *
- * \return                    A sufficient ciphertext buffer size for the
- *                            specified algorithm.
- *                            If the AEAD algorithm is not recognized, return 0.
- */
-#define PSA_AEAD_FINISH_OUTPUT_SIZE_1_ARG( alg )                        \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t,                                \
-        PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER( alg ) ?                        \
-        PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE :                               \
-        0 )
-
-/** A sufficient plaintext buffer size for psa_aead_verify().
- *
- * If the size of the plaintext buffer is at least this large, it is
- * guaranteed that psa_aead_verify() will not fail due to an
- * insufficient plaintext buffer size. The actual size of the output may
- * be smaller in any given call.
- *
- * \param alg                 An AEAD algorithm
- *                            (\c PSA_ALG_XXX value such that
- *                            #PSA_ALG_IS_AEAD(\p alg) is true).
- *
- * \return                    A sufficient plaintext buffer size for the
- *                            specified algorithm.
- *                            If the AEAD algorithm is not recognized, return 0.
- */
-#define PSA_AEAD_VERIFY_OUTPUT_SIZE_1_ARG( alg )                        \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t,                                \
-        PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER( alg ) ?                        \
-        PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE :                               \
-        0 )
-
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/** Open a handle to an existing persistent key.
- *
- * Open a handle to a persistent key. A key is persistent if it was created
- * with a lifetime other than #PSA_KEY_LIFETIME_VOLATILE. A persistent key
- * always has a nonzero key identifier, set with psa_set_key_id() when
- * creating the key. Implementations may provide additional pre-provisioned
- * keys that can be opened with psa_open_key(). Such keys have an application
- * key identifier in the vendor range, as documented in the description of
- * #psa_key_id_t.
- *
- * The application must eventually close the handle with psa_close_key() or
- * psa_destroy_key() to release associated resources. If the application dies
- * without calling one of these functions, the implementation should perform
- * the equivalent of a call to psa_close_key().
- *
- * Some implementations permit an application to open the same key multiple
- * times. If this is successful, each call to psa_open_key() will return a
- * different key handle.
- *
- * \note This API is not part of the PSA Cryptography API Release 1.0.0
- * specification. It was defined in the 1.0 Beta 3 version of the
- * specification but was removed in the 1.0.0 released version. This API is
- * kept for the time being to not break applications relying on it. It is not
- * deprecated yet but will be in the near future.
- *
- * \note Applications that rely on opening a key multiple times will not be
- * portable to implementations that only permit a single key handle to be
- * opened. See also :ref:\`key-handles\`.
- *
- *
- * \param key           The persistent identifier of the key.
- * \param[out] handle   On success, a handle to the key.
- *
- * \retval #PSA_SUCCESS
- *         Success. The application can now use the value of `*handle`
- *         to access the key.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- *         The implementation does not have sufficient resources to open the
- *         key. This can be due to reaching an implementation limit on the
- *         number of open keys, the number of open key handles, or available
- *         memory.
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- *         There is no persistent key with key identifier \p key.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p key is not a valid persistent key identifier.
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The specified key exists, but the application does not have the
- *         permission to access it. Note that this specification does not
- *         define any way to create such a key, but it may be possible
- *         through implementation-specific means.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_open_key( mbedtls_svc_key_id_t key,
-                           psa_key_handle_t *handle );
-
-/** Close a key handle.
- *
- * If the handle designates a volatile key, this will destroy the key material
- * and free all associated resources, just like psa_destroy_key().
- *
- * If this is the last open handle to a persistent key, then closing the handle
- * will free all resources associated with the key in volatile memory. The key
- * data in persistent storage is not affected and can be opened again later
- * with a call to psa_open_key().
- *
- * Closing the key handle makes the handle invalid, and the key handle
- * must not be used again by the application.
- *
- * \note This API is not part of the PSA Cryptography API Release 1.0.0
- * specification. It was defined in the 1.0 Beta 3 version of the
- * specification but was removed in the 1.0.0 released version. This API is
- * kept for the time being to not break applications relying on it. It is not
- * deprecated yet but will be in the near future.
- *
- * \note If the key handle was used to set up an active
- * :ref:\`multipart operation <multipart-operations>\`, then closing the
- * key handle can cause the multipart operation to fail. Applications should
- * maintain the key handle until after the multipart operation has finished.
- *
- * \param handle        The key handle to close.
- *                      If this is \c 0, do nothing and return \c PSA_SUCCESS.
- *
- * \retval #PSA_SUCCESS
- *         \p handle was a valid handle or \c 0. It is now closed.
- * \retval #PSA_ERROR_INVALID_HANDLE
- *         \p handle is not a valid handle nor \c 0.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t psa_close_key(psa_key_handle_t handle);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* PSA_CRYPTO_COMPAT_H */
diff --git a/Sources/mbedtls/include/psa/crypto_config.h b/Sources/mbedtls/include/psa/crypto_config.h
deleted file mode 100644
index f261e01..0000000
--- a/Sources/mbedtls/include/psa/crypto_config.h
+++ /dev/null
@@ -1,130 +0,0 @@
-/**
- * \file psa/crypto_config.h
- * \brief PSA crypto configuration options (set of defines)
- *
- */
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-/**
- * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in config.h,
- * this file determines which cryptographic mechanisms are enabled
- * through the PSA Cryptography API (\c psa_xxx() functions).
- *
- * To enable a cryptographic mechanism, uncomment the definition of
- * the corresponding \c PSA_WANT_xxx preprocessor symbol.
- * To disable a cryptographic mechanism, comment out the definition of
- * the corresponding \c PSA_WANT_xxx preprocessor symbol.
- * The names of cryptographic mechanisms correspond to values
- * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead
- * of \c PSA_.
- *
- * Note that many cryptographic mechanisms involve two symbols: one for
- * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm
- * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve
- * additional symbols.
- */
-#else
-/**
- * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in config.h,
- * this file is not used, and cryptographic mechanisms are supported
- * through the PSA API if and only if they are supported through the
- * mbedtls_xxx API.
- */
-#endif
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_CONFIG_H
-#define PSA_CRYPTO_CONFIG_H
-
-/*
- * CBC-MAC is not yet supported via the PSA API in Mbed TLS.
- */
-//#define PSA_WANT_ALG_CBC_MAC                    1
-#define PSA_WANT_ALG_CBC_NO_PADDING             1
-#define PSA_WANT_ALG_CBC_PKCS7                  1
-#define PSA_WANT_ALG_CCM                        1
-#define PSA_WANT_ALG_CMAC                       1
-#define PSA_WANT_ALG_CFB                        1
-#define PSA_WANT_ALG_CHACHA20_POLY1305          1
-#define PSA_WANT_ALG_CTR                        1
-#define PSA_WANT_ALG_DETERMINISTIC_ECDSA        1
-#define PSA_WANT_ALG_ECB_NO_PADDING             1
-#define PSA_WANT_ALG_ECDH                       1
-#define PSA_WANT_ALG_ECDSA                      1
-#define PSA_WANT_ALG_GCM                        1
-#define PSA_WANT_ALG_HKDF                       1
-#define PSA_WANT_ALG_HMAC                       1
-#define PSA_WANT_ALG_MD2                        1
-#define PSA_WANT_ALG_MD4                        1
-#define PSA_WANT_ALG_MD5                        1
-#define PSA_WANT_ALG_OFB                        1
-#define PSA_WANT_ALG_RIPEMD160                  1
-#define PSA_WANT_ALG_RSA_OAEP                   1
-#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT         1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN          1
-#define PSA_WANT_ALG_RSA_PSS                    1
-#define PSA_WANT_ALG_SHA_1                      1
-#define PSA_WANT_ALG_SHA_224                    1
-#define PSA_WANT_ALG_SHA_256                    1
-#define PSA_WANT_ALG_SHA_384                    1
-#define PSA_WANT_ALG_SHA_512                    1
-#define PSA_WANT_ALG_STREAM_CIPHER              1
-#define PSA_WANT_ALG_TLS12_PRF                  1
-#define PSA_WANT_ALG_TLS12_PSK_TO_MS            1
-/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
- * Note: when adding support, also adjust include/mbedtls/config_psa.h */
-//#define PSA_WANT_ALG_XTS                        1
-
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_256         1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_384         1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_512         1
-#define PSA_WANT_ECC_MONTGOMERY_255             1
-/*
- * Curve448 is not yet supported via the PSA API in Mbed TLS
- * (https://github.com/Mbed-TLS/mbedtls/issues/4249). Thus, do not enable it by
- * default.
- */
-//#define PSA_WANT_ECC_MONTGOMERY_448             1
-#define PSA_WANT_ECC_SECP_K1_192                1
-/*
- * SECP224K1 is buggy via the PSA API in Mbed TLS
- * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
- * default.
- */
-//#define PSA_WANT_ECC_SECP_K1_224                1
-#define PSA_WANT_ECC_SECP_K1_256                1
-#define PSA_WANT_ECC_SECP_R1_192                1
-#define PSA_WANT_ECC_SECP_R1_224                1
-#define PSA_WANT_ECC_SECP_R1_256                1
-#define PSA_WANT_ECC_SECP_R1_384                1
-#define PSA_WANT_ECC_SECP_R1_521                1
-
-#define PSA_WANT_KEY_TYPE_DERIVE                1
-#define PSA_WANT_KEY_TYPE_HMAC                  1
-#define PSA_WANT_KEY_TYPE_AES                   1
-#define PSA_WANT_KEY_TYPE_ARC4                  1
-#define PSA_WANT_KEY_TYPE_ARIA                  1
-#define PSA_WANT_KEY_TYPE_CAMELLIA              1
-#define PSA_WANT_KEY_TYPE_CHACHA20              1
-#define PSA_WANT_KEY_TYPE_DES                   1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR          1
-#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY        1
-#define PSA_WANT_KEY_TYPE_RAW_DATA              1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR          1
-#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY        1
-
-#endif /* PSA_CRYPTO_CONFIG_H */
diff --git a/Sources/mbedtls/include/psa/crypto_driver_common.h b/Sources/mbedtls/include/psa/crypto_driver_common.h
deleted file mode 100644
index 26363c6..0000000
--- a/Sources/mbedtls/include/psa/crypto_driver_common.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
- * \file psa/crypto_driver_common.h
- * \brief Definitions for all PSA crypto drivers
- *
- * This file contains common definitions shared by all PSA crypto drivers.
- * Do not include it directly: instead, include the header file(s) for
- * the type(s) of driver that you are implementing. For example, if
- * you are writing a dynamically registered driver for a secure element,
- * include `psa/crypto_se_driver.h`.
- *
- * This file is part of the PSA Crypto Driver Model, containing functions for
- * driver developers to implement to enable hardware to be called in a
- * standardized way by a PSA Cryptographic API implementation. The functions
- * comprising the driver model, which driver authors implement, are not
- * intended to be called by application developers.
- */
-
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef PSA_CRYPTO_DRIVER_COMMON_H
-#define PSA_CRYPTO_DRIVER_COMMON_H
-
-#include <stddef.h>
-#include <stdint.h>
-
-/* Include type definitions (psa_status_t, psa_algorithm_t,
- * psa_key_type_t, etc.) and macros to build and analyze values
- * of these types. */
-#include "crypto_types.h"
-#include "crypto_values.h"
-/* Include size definitions which are used to size some arrays in operation
- * structures. */
-#include <psa/crypto_sizes.h>
-
-/** For encrypt-decrypt functions, whether the operation is an encryption
- * or a decryption. */
-typedef enum {
-    PSA_CRYPTO_DRIVER_DECRYPT,
-    PSA_CRYPTO_DRIVER_ENCRYPT
-} psa_encrypt_or_decrypt_t;
-
-#endif /* PSA_CRYPTO_DRIVER_COMMON_H */
diff --git a/Sources/mbedtls/include/psa/crypto_driver_contexts_composites.h b/Sources/mbedtls/include/psa/crypto_driver_contexts_composites.h
deleted file mode 100644
index a722009..0000000
--- a/Sources/mbedtls/include/psa/crypto_driver_contexts_composites.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- *  Declaration of context structures for use with the PSA driver wrapper
- *  interface. This file contains the context structures for 'composite'
- *  operations, i.e. those operations which need to make use of other operations
- *  from the primitives (crypto_driver_contexts_primitives.h)
- *
- *  Warning: This file will be auto-generated in the future.
- *
- * \note This file may not be included directly. Applications must
- * include psa/crypto.h.
- *
- * \note This header and its content is not part of the Mbed TLS API and
- * applications must not depend on it. Its main purpose is to define the
- * multi-part state objects of the PSA drivers included in the cryptographic
- * library. The definition of these objects are then used by crypto_struct.h
- * to define the implementation-defined types of PSA multi-part state objects.
- */
-/*  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H
-#define PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H
-
-#include "psa/crypto_driver_common.h"
-
-/* Include the context structure definitions for the Mbed TLS software drivers */
-#include "psa/crypto_builtin_composites.h"
-
-/* Include the context structure definitions for those drivers that were
- * declared during the autogeneration process. */
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include <libtestdriver1/include/psa/crypto.h>
-#endif
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
-    defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
-typedef libtestdriver1_mbedtls_psa_mac_operation_t
-        mbedtls_transparent_test_driver_mac_operation_t;
-typedef libtestdriver1_mbedtls_psa_mac_operation_t
-        mbedtls_opaque_test_driver_mac_operation_t;
-
-#define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT \
-        LIBTESTDRIVER1_MBEDTLS_PSA_MAC_OPERATION_INIT
-#define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT \
-        LIBTESTDRIVER1_MBEDTLS_PSA_MAC_OPERATION_INIT
-
-#else
-typedef mbedtls_psa_mac_operation_t
-        mbedtls_transparent_test_driver_mac_operation_t;
-typedef mbedtls_psa_mac_operation_t
-        mbedtls_opaque_test_driver_mac_operation_t;
-
-#define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT \
-        MBEDTLS_PSA_MAC_OPERATION_INIT
-#define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT \
-        MBEDTLS_PSA_MAC_OPERATION_INIT
-
-#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 */
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-
-/* Define the context to be used for an operation that is executed through the
- * PSA Driver wrapper layer as the union of all possible driver's contexts.
- *
- * The union members are the driver's context structures, and the member names
- * are formatted as `'drivername'_ctx`. This allows for procedural generation
- * of both this file and the content of psa_crypto_driver_wrappers.c */
-
-typedef union {
-    unsigned dummy; /* Make sure this union is always non-empty */
-    mbedtls_psa_mac_operation_t mbedtls_ctx;
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-    mbedtls_transparent_test_driver_mac_operation_t transparent_test_driver_ctx;
-    mbedtls_opaque_test_driver_mac_operation_t opaque_test_driver_ctx;
-#endif
-} psa_driver_mac_context_t;
-
-#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */
-/* End of automatically generated file. */
diff --git a/Sources/mbedtls/include/psa/crypto_driver_contexts_primitives.h b/Sources/mbedtls/include/psa/crypto_driver_contexts_primitives.h
deleted file mode 100644
index 2bb01ed..0000000
--- a/Sources/mbedtls/include/psa/crypto_driver_contexts_primitives.h
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- *  Declaration of context structures for use with the PSA driver wrapper
- *  interface. This file contains the context structures for 'primitive'
- *  operations, i.e. those operations which do not rely on other contexts.
- *
- *  Warning: This file will be auto-generated in the future.
- *
- * \note This file may not be included directly. Applications must
- * include psa/crypto.h.
- *
- * \note This header and its content is not part of the Mbed TLS API and
- * applications must not depend on it. Its main purpose is to define the
- * multi-part state objects of the PSA drivers included in the cryptographic
- * library. The definition of these objects are then used by crypto_struct.h
- * to define the implementation-defined types of PSA multi-part state objects.
- */
-/*  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H
-#define PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H
-
-#include "psa/crypto_driver_common.h"
-
-/* Include the context structure definitions for the Mbed TLS software drivers */
-#include "psa/crypto_builtin_primitives.h"
-
-/* Include the context structure definitions for those drivers that were
- * declared during the autogeneration process. */
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include <libtestdriver1/include/psa/crypto.h>
-#endif
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
-    defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
-typedef libtestdriver1_mbedtls_psa_cipher_operation_t
-        mbedtls_transparent_test_driver_cipher_operation_t;
-
-#define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \
-        LIBTESTDRIVER1_MBEDTLS_PSA_CIPHER_OPERATION_INIT
-#else
-typedef mbedtls_psa_cipher_operation_t
-        mbedtls_transparent_test_driver_cipher_operation_t;
-
-#define MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT \
-        MBEDTLS_PSA_CIPHER_OPERATION_INIT
-#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 &&
-          LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER */
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
-    defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
-typedef libtestdriver1_mbedtls_psa_hash_operation_t
-        mbedtls_transparent_test_driver_hash_operation_t;
-
-#define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT \
-        LIBTESTDRIVER1_MBEDTLS_PSA_HASH_OPERATION_INIT
-#else
-typedef mbedtls_psa_hash_operation_t
-        mbedtls_transparent_test_driver_hash_operation_t;
-
-#define MBEDTLS_TRANSPARENT_TEST_DRIVER_HASH_OPERATION_INIT \
-        MBEDTLS_PSA_HASH_OPERATION_INIT
-#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 &&
-          LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH */
-
-typedef struct {
-    unsigned int initialised : 1;
-    mbedtls_transparent_test_driver_cipher_operation_t ctx;
-} mbedtls_opaque_test_driver_cipher_operation_t;
-
-#define MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT \
-     { 0, MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT }
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-
-/* Define the context to be used for an operation that is executed through the
- * PSA Driver wrapper layer as the union of all possible driver's contexts.
- *
- * The union members are the driver's context structures, and the member names
- * are formatted as `'drivername'_ctx`. This allows for procedural generation
- * of both this file and the content of psa_crypto_driver_wrappers.c */
-
-typedef union {
-    unsigned dummy; /* Make sure this union is always non-empty */
-    mbedtls_psa_hash_operation_t mbedtls_ctx;
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-    mbedtls_transparent_test_driver_hash_operation_t test_driver_ctx;
-#endif
-} psa_driver_hash_context_t;
-
-typedef union {
-    unsigned dummy; /* Make sure this union is always non-empty */
-    mbedtls_psa_cipher_operation_t mbedtls_ctx;
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-    mbedtls_transparent_test_driver_cipher_operation_t transparent_test_driver_ctx;
-    mbedtls_opaque_test_driver_cipher_operation_t opaque_test_driver_ctx;
-#endif
-} psa_driver_cipher_context_t;
-
-#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */
-/* End of automatically generated file. */
diff --git a/Sources/mbedtls/include/psa/crypto_extra.h b/Sources/mbedtls/include/psa/crypto_extra.h
deleted file mode 100644
index a34d551..0000000
--- a/Sources/mbedtls/include/psa/crypto_extra.h
+++ /dev/null
@@ -1,816 +0,0 @@
-/**
- * \file psa/crypto_extra.h
- *
- * \brief PSA cryptography module: Mbed TLS vendor extensions
- *
- * \note This file may not be included directly. Applications must
- * include psa/crypto.h.
- *
- * This file is reserved for vendor-specific definitions.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_EXTRA_H
-#define PSA_CRYPTO_EXTRA_H
-
-#include "mbedtls/platform_util.h"
-
-#include "crypto_types.h"
-#include "crypto_compat.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* UID for secure storage seed */
-#define PSA_CRYPTO_ITS_RANDOM_SEED_UID 0xFFFFFF52
-
-/* See config.h for definition */
-#if !defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
-#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
-#endif
-
-/** \addtogroup attributes
- * @{
- */
-
-/** \brief Declare the enrollment algorithm for a key.
- *
- * An operation on a key may indifferently use the algorithm set with
- * psa_set_key_algorithm() or with this function.
- *
- * \param[out] attributes       The attribute structure to write to.
- * \param alg2                  A second algorithm that the key may be used
- *                              for, in addition to the algorithm set with
- *                              psa_set_key_algorithm().
- *
- * \warning Setting an enrollment algorithm is not recommended, because
- *          using the same key with different algorithms can allow some
- *          attacks based on arithmetic relations between different
- *          computations made with the same key, or can escalate harmless
- *          side channels into exploitable ones. Use this function only
- *          if it is necessary to support a protocol for which it has been
- *          verified that the usage of the key with multiple algorithms
- *          is safe.
- */
-static inline void psa_set_key_enrollment_algorithm(
-    psa_key_attributes_t *attributes,
-    psa_algorithm_t alg2)
-{
-    attributes->core.policy.alg2 = alg2;
-}
-
-/** Retrieve the enrollment algorithm policy from key attributes.
- *
- * \param[in] attributes        The key attribute structure to query.
- *
- * \return The enrollment algorithm stored in the attribute structure.
- */
-static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
-    const psa_key_attributes_t *attributes)
-{
-    return( attributes->core.policy.alg2 );
-}
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-
-/** Retrieve the slot number where a key is stored.
- *
- * A slot number is only defined for keys that are stored in a secure
- * element.
- *
- * This information is only useful if the secure element is not entirely
- * managed through the PSA Cryptography API. It is up to the secure
- * element driver to decide how PSA slot numbers map to any other interface
- * that the secure element may have.
- *
- * \param[in] attributes        The key attribute structure to query.
- * \param[out] slot_number      On success, the slot number containing the key.
- *
- * \retval #PSA_SUCCESS
- *         The key is located in a secure element, and \p *slot_number
- *         indicates the slot number that contains it.
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The caller is not permitted to query the slot number.
- *         Mbed Crypto currently does not return this error.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key is not located in a secure element.
- */
-psa_status_t psa_get_key_slot_number(
-    const psa_key_attributes_t *attributes,
-    psa_key_slot_number_t *slot_number );
-
-/** Choose the slot number where a key is stored.
- *
- * This function declares a slot number in the specified attribute
- * structure.
- *
- * A slot number is only meaningful for keys that are stored in a secure
- * element. It is up to the secure element driver to decide how PSA slot
- * numbers map to any other interface that the secure element may have.
- *
- * \note Setting a slot number in key attributes for a key creation can
- *       cause the following errors when creating the key:
- *       - #PSA_ERROR_NOT_SUPPORTED if the selected secure element does
- *         not support choosing a specific slot number.
- *       - #PSA_ERROR_NOT_PERMITTED if the caller is not permitted to
- *         choose slot numbers in general or to choose this specific slot.
- *       - #PSA_ERROR_INVALID_ARGUMENT if the chosen slot number is not
- *         valid in general or not valid for this specific key.
- *       - #PSA_ERROR_ALREADY_EXISTS if there is already a key in the
- *         selected slot.
- *
- * \param[out] attributes       The attribute structure to write to.
- * \param slot_number           The slot number to set.
- */
-static inline void psa_set_key_slot_number(
-    psa_key_attributes_t *attributes,
-    psa_key_slot_number_t slot_number )
-{
-    attributes->core.flags |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
-    attributes->slot_number = slot_number;
-}
-
-/** Remove the slot number attribute from a key attribute structure.
- *
- * This function undoes the action of psa_set_key_slot_number().
- *
- * \param[out] attributes       The attribute structure to write to.
- */
-static inline void psa_clear_key_slot_number(
-    psa_key_attributes_t *attributes )
-{
-    attributes->core.flags &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
-}
-
-/** Register a key that is already present in a secure element.
- *
- * The key must be located in a secure element designated by the
- * lifetime field in \p attributes, in the slot set with
- * psa_set_key_slot_number() in the attribute structure.
- * This function makes the key available through the key identifier
- * specified in \p attributes.
- *
- * \param[in] attributes        The attributes of the existing key.
- *
- * \retval #PSA_SUCCESS
- *         The key was successfully registered.
- *         Note that depending on the design of the driver, this may or may
- *         not guarantee that a key actually exists in the designated slot
- *         and is compatible with the specified attributes.
- * \retval #PSA_ERROR_ALREADY_EXISTS
- *         There is already a key with the identifier specified in
- *         \p attributes.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         The secure element driver for the specified lifetime does not
- *         support registering a key.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The identifier in \p attributes is invalid, namely the identifier is
- *         not in the user range, or
- *         \p attributes specifies a lifetime which is not located
- *         in a secure element, or no slot number is specified in \p attributes,
- *         or the specified slot number is not valid.
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The caller is not authorized to register the specified key slot.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been previously initialized by psa_crypto_init().
- *         It is implementation-dependent whether a failure to initialize
- *         results in this error code.
- */
-psa_status_t mbedtls_psa_register_se_key(
-    const psa_key_attributes_t *attributes);
-
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-/**@}*/
-
-/**
- * \brief Library deinitialization.
- *
- * This function clears all data associated with the PSA layer,
- * including the whole key store.
- *
- * This is an Mbed TLS extension.
- */
-void mbedtls_psa_crypto_free( void );
-
-/** \brief Statistics about
- * resource consumption related to the PSA keystore.
- *
- * \note The content of this structure is not part of the stable API and ABI
- *       of Mbed Crypto and may change arbitrarily from version to version.
- */
-typedef struct mbedtls_psa_stats_s
-{
-    /** Number of slots containing key material for a volatile key. */
-    size_t volatile_slots;
-    /** Number of slots containing key material for a key which is in
-     * internal persistent storage. */
-    size_t persistent_slots;
-    /** Number of slots containing a reference to a key in a
-     * secure element. */
-    size_t external_slots;
-    /** Number of slots which are occupied, but do not contain
-     * key material yet. */
-    size_t half_filled_slots;
-    /** Number of slots that contain cache data. */
-    size_t cache_slots;
-    /** Number of slots that are not used for anything. */
-    size_t empty_slots;
-    /** Number of slots that are locked. */
-    size_t locked_slots;
-    /** Largest key id value among open keys in internal persistent storage. */
-    psa_key_id_t max_open_internal_key_id;
-    /** Largest key id value among open keys in secure elements. */
-    psa_key_id_t max_open_external_key_id;
-} mbedtls_psa_stats_t;
-
-/** \brief Get statistics about
- * resource consumption related to the PSA keystore.
- *
- * \note When Mbed Crypto is built as part of a service, with isolation
- *       between the application and the keystore, the service may or
- *       may not expose this function.
- */
-void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats );
-
-/**
- * \brief Inject an initial entropy seed for the random generator into
- *        secure storage.
- *
- * This function injects data to be used as a seed for the random generator
- * used by the PSA Crypto implementation. On devices that lack a trusted
- * entropy source (preferably a hardware random number generator),
- * the Mbed PSA Crypto implementation uses this value to seed its
- * random generator.
- *
- * On devices without a trusted entropy source, this function must be
- * called exactly once in the lifetime of the device. On devices with
- * a trusted entropy source, calling this function is optional.
- * In all cases, this function may only be called before calling any
- * other function in the PSA Crypto API, including psa_crypto_init().
- *
- * When this function returns successfully, it populates a file in
- * persistent storage. Once the file has been created, this function
- * can no longer succeed.
- *
- * If any error occurs, this function does not change the system state.
- * You can call this function again after correcting the reason for the
- * error if possible.
- *
- * \warning This function **can** fail! Callers MUST check the return status.
- *
- * \warning If you use this function, you should use it as part of a
- *          factory provisioning process. The value of the injected seed
- *          is critical to the security of the device. It must be
- *          *secret*, *unpredictable* and (statistically) *unique per device*.
- *          You should be generate it randomly using a cryptographically
- *          secure random generator seeded from trusted entropy sources.
- *          You should transmit it securely to the device and ensure
- *          that its value is not leaked or stored anywhere beyond the
- *          needs of transmitting it from the point of generation to
- *          the call of this function, and erase all copies of the value
- *          once this function returns.
- *
- * This is an Mbed TLS extension.
- *
- * \note This function is only available on the following platforms:
- * * If the compile-time option MBEDTLS_PSA_INJECT_ENTROPY is enabled.
- *   Note that you must provide compatible implementations of
- *   mbedtls_nv_seed_read and mbedtls_nv_seed_write.
- * * In a client-server integration of PSA Cryptography, on the client side,
- *   if the server supports this feature.
- * \param[in] seed          Buffer containing the seed value to inject.
- * \param[in] seed_size     Size of the \p seed buffer.
- *                          The size of the seed in bytes must be greater
- *                          or equal to both #MBEDTLS_ENTROPY_MIN_PLATFORM
- *                          and #MBEDTLS_ENTROPY_BLOCK_SIZE.
- *                          It must be less or equal to
- *                          #MBEDTLS_ENTROPY_MAX_SEED_SIZE.
- *
- * \retval #PSA_SUCCESS
- *         The seed value was injected successfully. The random generator
- *         of the PSA Crypto implementation is now ready for use.
- *         You may now call psa_crypto_init() and use the PSA Crypto
- *         implementation.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \p seed_size is out of range.
- * \retval #PSA_ERROR_STORAGE_FAILURE
- *         There was a failure reading or writing from storage.
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The library has already been initialized. It is no longer
- *         possible to call this function.
- */
-psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
-                                        size_t seed_size);
-
-/** \addtogroup crypto_types
- * @{
- */
-
-/** DSA public key.
- *
- * The import and export format is the
- * representation of the public key `y = g^x mod p` as a big-endian byte
- * string. The length of the byte string is the length of the base prime `p`
- * in bytes.
- */
-#define PSA_KEY_TYPE_DSA_PUBLIC_KEY                 ((psa_key_type_t)0x4002)
-
-/** DSA key pair (private and public key).
- *
- * The import and export format is the
- * representation of the private key `x` as a big-endian byte string. The
- * length of the byte string is the private key size in bytes (leading zeroes
- * are not stripped).
- *
- * Deterministic DSA key derivation with psa_generate_derived_key follows
- * FIPS 186-4 &sect;B.1.2: interpret the byte string as integer
- * in big-endian order. Discard it if it is not in the range
- * [0, *N* - 2] where *N* is the boundary of the private key domain
- * (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
- * or the order of the curve's base point for ECC).
- * Add 1 to the resulting integer and use this as the private key *x*.
- *
- */
-#define PSA_KEY_TYPE_DSA_KEY_PAIR                    ((psa_key_type_t)0x7002)
-
-/** Whether a key type is a DSA key (pair or public-only). */
-#define PSA_KEY_TYPE_IS_DSA(type)                                       \
-    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY)
-
-#define PSA_ALG_DSA_BASE                        ((psa_algorithm_t)0x06000400)
-/** DSA signature with hashing.
- *
- * This is the signature scheme defined by FIPS 186-4,
- * with a random per-message secret number (*k*).
- *
- * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
- *                      This includes #PSA_ALG_ANY_HASH
- *                      when specifying the algorithm in a usage policy.
- *
- * \return              The corresponding DSA signature algorithm.
- * \return              Unspecified if \p hash_alg is not a supported
- *                      hash algorithm.
- */
-#define PSA_ALG_DSA(hash_alg)                             \
-    (PSA_ALG_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_DETERMINISTIC_DSA_BASE          ((psa_algorithm_t)0x06000500)
-#define PSA_ALG_DSA_DETERMINISTIC_FLAG PSA_ALG_ECDSA_DETERMINISTIC_FLAG
-/** Deterministic DSA signature with hashing.
- *
- * This is the deterministic variant defined by RFC 6979 of
- * the signature scheme defined by FIPS 186-4.
- *
- * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
- *                      This includes #PSA_ALG_ANY_HASH
- *                      when specifying the algorithm in a usage policy.
- *
- * \return              The corresponding DSA signature algorithm.
- * \return              Unspecified if \p hash_alg is not a supported
- *                      hash algorithm.
- */
-#define PSA_ALG_DETERMINISTIC_DSA(hash_alg)                             \
-    (PSA_ALG_DETERMINISTIC_DSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_IS_DSA(alg)                                             \
-    (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_DSA_DETERMINISTIC_FLAG) ==  \
-     PSA_ALG_DSA_BASE)
-#define PSA_ALG_DSA_IS_DETERMINISTIC(alg)               \
-    (((alg) & PSA_ALG_DSA_DETERMINISTIC_FLAG) != 0)
-#define PSA_ALG_IS_DETERMINISTIC_DSA(alg)                       \
-    (PSA_ALG_IS_DSA(alg) && PSA_ALG_DSA_IS_DETERMINISTIC(alg))
-#define PSA_ALG_IS_RANDOMIZED_DSA(alg)                          \
-    (PSA_ALG_IS_DSA(alg) && !PSA_ALG_DSA_IS_DETERMINISTIC(alg))
-
-
-/* We need to expand the sample definition of this macro from
- * the API definition. */
-#undef PSA_ALG_IS_VENDOR_HASH_AND_SIGN
-#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg)    \
-    PSA_ALG_IS_DSA(alg)
-
-/**@}*/
-
-/** \addtogroup attributes
- * @{
- */
-
-/** Custom Diffie-Hellman group.
- *
- * For keys of type #PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or
- * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM), the group data comes
- * from domain parameters set by psa_set_key_domain_parameters().
- */
-#define PSA_DH_FAMILY_CUSTOM             ((psa_dh_family_t) 0x7e)
-
-
-/**
- * \brief Set domain parameters for a key.
- *
- * Some key types require additional domain parameters in addition to
- * the key type identifier and the key size. Use this function instead
- * of psa_set_key_type() when you need to specify domain parameters.
- *
- * The format for the required domain parameters varies based on the key type.
- *
- * - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEY_PAIR),
- *   the domain parameter data consists of the public exponent,
- *   represented as a big-endian integer with no leading zeros.
- *   This information is used when generating an RSA key pair.
- *   When importing a key, the public exponent is read from the imported
- *   key data and the exponent recorded in the attribute structure is ignored.
- *   As an exception, the public exponent 65537 is represented by an empty
- *   byte string.
- * - For DSA keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY or #PSA_KEY_TYPE_DSA_KEY_PAIR),
- *   the `Dss-Params` format as defined by RFC 3279 &sect;2.3.2.
- *   ```
- *   Dss-Params ::= SEQUENCE  {
- *      p       INTEGER,
- *      q       INTEGER,
- *      g       INTEGER
- *   }
- *   ```
- * - For Diffie-Hellman key exchange keys
- *   (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or
- *   #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM)), the
- *   `DomainParameters` format as defined by RFC 3279 &sect;2.3.3.
- *   ```
- *   DomainParameters ::= SEQUENCE {
- *      p               INTEGER,                    -- odd prime, p=jq +1
- *      g               INTEGER,                    -- generator, g
- *      q               INTEGER,                    -- factor of p-1
- *      j               INTEGER OPTIONAL,           -- subgroup factor
- *      validationParams ValidationParams OPTIONAL
- *   }
- *   ValidationParams ::= SEQUENCE {
- *      seed            BIT STRING,
- *      pgenCounter     INTEGER
- *   }
- *   ```
- *
- * \note This function may allocate memory or other resources.
- *       Once you have called this function on an attribute structure,
- *       you must call psa_reset_key_attributes() to free these resources.
- *
- * \note This is an experimental extension to the interface. It may change
- *       in future versions of the library.
- *
- * \param[in,out] attributes    Attribute structure where the specified domain
- *                              parameters will be stored.
- *                              If this function fails, the content of
- *                              \p attributes is not modified.
- * \param type                  Key type (a \c PSA_KEY_TYPE_XXX value).
- * \param[in] data              Buffer containing the key domain parameters.
- *                              The content of this buffer is interpreted
- *                              according to \p type as described above.
- * \param data_length           Size of the \p data buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
-                                           psa_key_type_t type,
-                                           const uint8_t *data,
-                                           size_t data_length);
-
-/**
- * \brief Get domain parameters for a key.
- *
- * Get the domain parameters for a key with this function, if any. The format
- * of the domain parameters written to \p data is specified in the
- * documentation for psa_set_key_domain_parameters().
- *
- * \note This is an experimental extension to the interface. It may change
- *       in future versions of the library.
- *
- * \param[in] attributes        The key attribute structure to query.
- * \param[out] data             On success, the key domain parameters.
- * \param data_size             Size of the \p data buffer in bytes.
- *                              The buffer is guaranteed to be large
- *                              enough if its size in bytes is at least
- *                              the value given by
- *                              PSA_KEY_DOMAIN_PARAMETERS_SIZE().
- * \param[out] data_length      On success, the number of bytes
- *                              that make up the key domain parameters data.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- */
-psa_status_t psa_get_key_domain_parameters(
-    const psa_key_attributes_t *attributes,
-    uint8_t *data,
-    size_t data_size,
-    size_t *data_length);
-
-/** Safe output buffer size for psa_get_key_domain_parameters().
- *
- * This macro returns a compile-time constant if its arguments are
- * compile-time constants.
- *
- * \warning This function may call its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * \note This is an experimental extension to the interface. It may change
- *       in future versions of the library.
- *
- * \param key_type  A supported key type.
- * \param key_bits  The size of the key in bits.
- *
- * \return If the parameters are valid and supported, return
- *         a buffer size in bytes that guarantees that
- *         psa_get_key_domain_parameters() will not fail with
- *         #PSA_ERROR_BUFFER_TOO_SMALL.
- *         If the parameters are a valid combination that is not supported
- *         by the implementation, this macro shall return either a
- *         sensible size or 0.
- *         If the parameters are not valid, the
- *         return value is unspecified.
- */
-#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits)              \
-    (PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) :                      \
-     PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
-     PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \
-     0)
-#define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits)     \
-    (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/)
-#define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits)    \
-    (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/)
-
-/**@}*/
-
-/** \defgroup psa_tls_helpers TLS helper functions
- * @{
- */
-
-#if defined(MBEDTLS_ECP_C)
-#include <mbedtls/ecp.h>
-
-/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
- *
- * \note This function is provided solely for the convenience of
- *       Mbed TLS and may be removed at any time without notice.
- *
- * \param grpid         An Mbed TLS elliptic curve identifier
- *                      (`MBEDTLS_ECP_DP_xxx`).
- * \param[out] bits     On success, the bit size of the curve.
- *
- * \return              The corresponding PSA elliptic curve identifier
- *                      (`PSA_ECC_FAMILY_xxx`).
- * \return              \c 0 on failure (\p grpid is not recognized).
- */
-static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid,
-                                                        size_t *bits )
-{
-    switch( grpid )
-    {
-        case MBEDTLS_ECP_DP_SECP192R1:
-            *bits = 192;
-            return( PSA_ECC_FAMILY_SECP_R1 );
-        case MBEDTLS_ECP_DP_SECP224R1:
-            *bits = 224;
-            return( PSA_ECC_FAMILY_SECP_R1 );
-        case MBEDTLS_ECP_DP_SECP256R1:
-            *bits = 256;
-            return( PSA_ECC_FAMILY_SECP_R1 );
-        case MBEDTLS_ECP_DP_SECP384R1:
-            *bits = 384;
-            return( PSA_ECC_FAMILY_SECP_R1 );
-        case MBEDTLS_ECP_DP_SECP521R1:
-            *bits = 521;
-            return( PSA_ECC_FAMILY_SECP_R1 );
-        case MBEDTLS_ECP_DP_BP256R1:
-            *bits = 256;
-            return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
-        case MBEDTLS_ECP_DP_BP384R1:
-            *bits = 384;
-            return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
-        case MBEDTLS_ECP_DP_BP512R1:
-            *bits = 512;
-            return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
-        case MBEDTLS_ECP_DP_CURVE25519:
-            *bits = 255;
-            return( PSA_ECC_FAMILY_MONTGOMERY );
-        case MBEDTLS_ECP_DP_SECP192K1:
-            *bits = 192;
-            return( PSA_ECC_FAMILY_SECP_K1 );
-        case MBEDTLS_ECP_DP_SECP224K1:
-            *bits = 224;
-            return( PSA_ECC_FAMILY_SECP_K1 );
-        case MBEDTLS_ECP_DP_SECP256K1:
-            *bits = 256;
-            return( PSA_ECC_FAMILY_SECP_K1 );
-        case MBEDTLS_ECP_DP_CURVE448:
-            *bits = 448;
-            return( PSA_ECC_FAMILY_MONTGOMERY );
-        default:
-            *bits = 0;
-            return( 0 );
-    }
-}
-
-/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
- *
- * \note This function is provided solely for the convenience of
- *       Mbed TLS and may be removed at any time without notice.
- *
- * \param curve         A PSA elliptic curve identifier
- *                      (`PSA_ECC_FAMILY_xxx`).
- * \param bits          The bit-length of a private key on \p curve.
- * \param bits_is_sloppy If true, \p bits may be the bit-length rounded up
- *                      to the nearest multiple of 8. This allows the caller
- *                      to infer the exact curve from the length of a key
- *                      which is supplied as a byte string.
- *
- * \return              The corresponding Mbed TLS elliptic curve identifier
- *                      (`MBEDTLS_ECP_DP_xxx`).
- * \return              #MBEDTLS_ECP_DP_NONE if \c curve is not recognized.
- * \return              #MBEDTLS_ECP_DP_NONE if \p bits is not
- *                      correct for \p curve.
- */
-mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
-                                               size_t bits,
-                                               int bits_is_sloppy );
-#endif /* MBEDTLS_ECP_C */
-
-/**@}*/
-
-/** \defgroup psa_external_rng External random generator
- * @{
- */
-
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-/** External random generator function, implemented by the platform.
- *
- * When the compile-time option #MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled,
- * this function replaces Mbed TLS's entropy and DRBG modules for all
- * random generation triggered via PSA crypto interfaces.
- *
- * \note This random generator must deliver random numbers with cryptographic
- *       quality and high performance. It must supply unpredictable numbers
- *       with a uniform distribution. The implementation of this function
- *       is responsible for ensuring that the random generator is seeded
- *       with sufficient entropy. If you have a hardware TRNG which is slow
- *       or delivers non-uniform output, declare it as an entropy source
- *       with mbedtls_entropy_add_source() instead of enabling this option.
- *
- * \param[in,out] context       Pointer to the random generator context.
- *                              This is all-bits-zero on the first call
- *                              and preserved between successive calls.
- * \param[out] output           Output buffer. On success, this buffer
- *                              contains random data with a uniform
- *                              distribution.
- * \param output_size           The size of the \p output buffer in bytes.
- * \param[out] output_length    On success, set this value to \p output_size.
- *
- * \retval #PSA_SUCCESS
- *         Success. The output buffer contains \p output_size bytes of
- *         cryptographic-quality random data, and \c *output_length is
- *         set to \p output_size.
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- *         The random generator requires extra entropy and there is no
- *         way to obtain entropy under current environment conditions.
- *         This error should not happen under normal circumstances since
- *         this function is responsible for obtaining as much entropy as
- *         it needs. However implementations of this function may return
- *         #PSA_ERROR_INSUFFICIENT_ENTROPY if there is no way to obtain
- *         entropy without blocking indefinitely.
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- *         A failure of the random generator hardware that isn't covered
- *         by #PSA_ERROR_INSUFFICIENT_ENTROPY.
- */
-psa_status_t mbedtls_psa_external_get_random(
-    mbedtls_psa_external_random_context_t *context,
-    uint8_t *output, size_t output_size, size_t *output_length );
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-
-/**@}*/
-
-/** \defgroup psa_builtin_keys Built-in keys
- * @{
- */
-
-/** The minimum value for a key identifier that is built into the
- * implementation.
- *
- * The range of key identifiers from #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN
- * to #MBEDTLS_PSA_KEY_ID_BUILTIN_MAX within the range from
- * #PSA_KEY_ID_VENDOR_MIN and #PSA_KEY_ID_VENDOR_MAX and must not intersect
- * with any other set of implementation-chosen key identifiers.
- *
- * This value is part of the library's ABI since changing it would invalidate
- * the values of built-in key identifiers in applications.
- */
-#define MBEDTLS_PSA_KEY_ID_BUILTIN_MIN          ((psa_key_id_t)0x7fff0000)
-
-/** The maximum value for a key identifier that is built into the
- * implementation.
- *
- * See #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN for more information.
- */
-#define MBEDTLS_PSA_KEY_ID_BUILTIN_MAX          ((psa_key_id_t)0x7fffefff)
-
-/** A slot number identifying a key in a driver.
- *
- * Values of this type are used to identify built-in keys.
- */
-typedef uint64_t psa_drv_slot_number_t;
-
-#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
-/** Test whether a key identifier belongs to the builtin key range.
- *
- * \param key_id  Key identifier to test.
- *
- * \retval 1
- *         The key identifier is a builtin key identifier.
- * \retval 0
- *         The key identifier is not a builtin key identifier.
- */
-static inline int psa_key_id_is_builtin( psa_key_id_t key_id )
-{
-    return( ( key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ) &&
-            ( key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ) );
-}
-
-/** Platform function to obtain the location and slot number of a built-in key.
- *
- * An application-specific implementation of this function must be provided if
- * #MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is enabled. This would typically be provided
- * as part of a platform's system image.
- *
- * #MBEDTLS_SVC_KEY_ID_GET_KEY_ID(\p key_id) needs to be in the range from
- * #MBEDTLS_PSA_KEY_ID_BUILTIN_MIN to #MBEDTLS_PSA_KEY_ID_BUILTIN_MAX.
- *
- * In a multi-application configuration
- * (\c MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is defined),
- * this function should check that #MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(\p key_id)
- * is allowed to use the given key.
- *
- * \param key_id                The key ID for which to retrieve the
- *                              location and slot attributes.
- * \param[out] lifetime         On success, the lifetime associated with the key
- *                              corresponding to \p key_id. Lifetime is a
- *                              combination of which driver contains the key,
- *                              and with what persistence level the key is
- *                              intended to be used. If the platform
- *                              implementation does not contain specific
- *                              information about the intended key persistence
- *                              level, the persistence level may be reported as
- *                              #PSA_KEY_PERSISTENCE_DEFAULT.
- * \param[out] slot_number      On success, the slot number known to the driver
- *                              registered at the lifetime location reported
- *                              through \p lifetime which corresponds to the
- *                              requested built-in key.
- *
- * \retval #PSA_SUCCESS
- *         The requested key identifier designates a built-in key.
- *         In a multi-application configuration, the requested owner
- *         is allowed to access it.
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- *         The requested key identifier is not a built-in key which is known
- *         to this function. If a key exists in the key storage with this
- *         identifier, the data from the storage will be used.
- * \return (any other error)
- *         Any other error is propagated to the function that requested the key.
- *         Common errors include:
- *         - #PSA_ERROR_NOT_PERMITTED: the key exists but the requested owner
- *           is not allowed to access it.
- */
-psa_status_t mbedtls_psa_platform_get_builtin_key(
-    mbedtls_svc_key_id_t key_id,
-    psa_key_lifetime_t *lifetime,
-    psa_drv_slot_number_t *slot_number );
-#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-
-/** @} */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* PSA_CRYPTO_EXTRA_H */
diff --git a/Sources/mbedtls/include/psa/crypto_platform.h b/Sources/mbedtls/include/psa/crypto_platform.h
deleted file mode 100644
index d3f518e..0000000
--- a/Sources/mbedtls/include/psa/crypto_platform.h
+++ /dev/null
@@ -1,111 +0,0 @@
-/**
- * \file psa/crypto_platform.h
- *
- * \brief PSA cryptography module: Mbed TLS platform definitions
- *
- * \note This file may not be included directly. Applications must
- * include psa/crypto.h.
- *
- * This file contains platform-dependent type definitions.
- *
- * In implementations with isolation between the application and the
- * cryptography module, implementers should take care to ensure that
- * the definitions that are exposed to applications match what the
- * module implements.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_PLATFORM_H
-#define PSA_CRYPTO_PLATFORM_H
-
-/* Include the Mbed TLS configuration file, the way Mbed TLS does it
- * in each of its header files. */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-/* Translate between classic MBEDTLS_xxx feature symbols and PSA_xxx
- * feature symbols. */
-#include "mbedtls/config_psa.h"
-
-/* PSA requires several types which C99 provides in stdint.h. */
-#include <stdint.h>
-
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
-
-/* Building for the PSA Crypto service on a PSA platform, a key owner is a PSA
- * partition identifier.
- *
- * The function psa_its_identifier_of_slot() in psa_crypto_storage.c that
- * translates a key identifier to a key storage file name assumes that
- * mbedtls_key_owner_id_t is a 32-bit integer. This function thus needs
- * reworking if mbedtls_key_owner_id_t is not defined as a 32-bit integer
- * here anymore.
- */
-typedef int32_t mbedtls_key_owner_id_t;
-
-/** Compare two key owner identifiers.
- *
- * \param id1 First key owner identifier.
- * \param id2 Second key owner identifier.
- *
- * \return Non-zero if the two key owner identifiers are equal, zero otherwise.
- */
-static inline int mbedtls_key_owner_id_equal( mbedtls_key_owner_id_t id1,
-                                              mbedtls_key_owner_id_t id2 )
-{
-    return( id1 == id2 );
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
-
-/*
- * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is being built for SPM
- * (Secure Partition Manager) integration which separates the code into two
- * parts: NSPE (Non-Secure Processing Environment) and SPE (Secure Processing
- * Environment). When building for the SPE, an additional header file should be
- * included.
- */
-#if defined(MBEDTLS_PSA_CRYPTO_SPM)
-#define PSA_CRYPTO_SECURE 1
-#include "crypto_spe.h"
-#endif // MBEDTLS_PSA_CRYPTO_SPM
-
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-/** The type of the context passed to mbedtls_psa_external_get_random().
- *
- * Mbed TLS initializes the context to all-bits-zero before calling
- * mbedtls_psa_external_get_random() for the first time.
- *
- * The definition of this type in the Mbed TLS source code is for
- * demonstration purposes. Implementers of mbedtls_psa_external_get_random()
- * are expected to replace it with a custom definition.
- */
-typedef struct {
-    uintptr_t opaque[2];
-} mbedtls_psa_external_random_context_t;
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-
-#endif /* PSA_CRYPTO_PLATFORM_H */
diff --git a/Sources/mbedtls/include/psa/crypto_se_driver.h b/Sources/mbedtls/include/psa/crypto_se_driver.h
deleted file mode 100644
index f8f8c92..0000000
--- a/Sources/mbedtls/include/psa/crypto_se_driver.h
+++ /dev/null
@@ -1,1395 +0,0 @@
-/**
- * \file psa/crypto_se_driver.h
- * \brief PSA external cryptoprocessor driver module
- *
- * This header declares types and function signatures for cryptography
- * drivers that access key material via opaque references.
- * This is meant for cryptoprocessors that have a separate key storage from the
- * space in which the PSA Crypto implementation runs, typically secure
- * elements (SEs).
- *
- * This file is part of the PSA Crypto Driver HAL (hardware abstraction layer),
- * containing functions for driver developers to implement to enable hardware
- * to be called in a standardized way by a PSA Cryptography API
- * implementation. The functions comprising the driver HAL, which driver
- * authors implement, are not intended to be called by application developers.
- */
-
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef PSA_CRYPTO_SE_DRIVER_H
-#define PSA_CRYPTO_SE_DRIVER_H
-
-#include "crypto_driver_common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/** \defgroup se_init Secure element driver initialization
- */
-/**@{*/
-
-/** \brief Driver context structure
- *
- * Driver functions receive a pointer to this structure.
- * Each registered driver has one instance of this structure.
- *
- * Implementations must include the fields specified here and
- * may include other fields.
- */
-typedef struct {
-    /** A read-only pointer to the driver's persistent data.
-     *
-     * Drivers typically use this persistent data to keep track of
-     * which slot numbers are available. This is only a guideline:
-     * drivers may use the persistent data for any purpose, keeping
-     * in mind the restrictions on when the persistent data is saved
-     * to storage: the persistent data is only saved after calling
-     * certain functions that receive a writable pointer to the
-     * persistent data.
-     *
-     * The core allocates a memory buffer for the persistent data.
-     * The pointer is guaranteed to be suitably aligned for any data type,
-     * like a pointer returned by `malloc` (but the core can use any
-     * method to allocate the buffer, not necessarily `malloc`).
-     *
-     * The size of this buffer is in the \c persistent_data_size field of
-     * this structure.
-     *
-     * Before the driver is initialized for the first time, the content of
-     * the persistent data is all-bits-zero. After a driver upgrade, if the
-     * size of the persistent data has increased, the original data is padded
-     * on the right with zeros; if the size has decreased, the original data
-     * is truncated to the new size.
-     *
-     * This pointer is to read-only data. Only a few driver functions are
-     * allowed to modify the persistent data. These functions receive a
-     * writable pointer. These functions are:
-     * - psa_drv_se_t::p_init
-     * - psa_drv_se_key_management_t::p_allocate
-     * - psa_drv_se_key_management_t::p_destroy
-     *
-     * The PSA Cryptography core saves the persistent data from one
-     * session to the next. It does this before returning from API functions
-     * that call a driver method that is allowed to modify the persistent
-     * data, specifically:
-     * - psa_crypto_init() causes a call to psa_drv_se_t::p_init, and may call
-     *   psa_drv_se_key_management_t::p_destroy to complete an action
-     *   that was interrupted by a power failure.
-     * - Key creation functions cause a call to
-     *   psa_drv_se_key_management_t::p_allocate, and may cause a call to
-     *   psa_drv_se_key_management_t::p_destroy in case an error occurs.
-     * - psa_destroy_key() causes a call to
-     *   psa_drv_se_key_management_t::p_destroy.
-     */
-    const void *const persistent_data;
-
-    /** The size of \c persistent_data in bytes.
-     *
-     * This is always equal to the value of the `persistent_data_size` field
-     * of the ::psa_drv_se_t structure when the driver is registered.
-     */
-    const size_t persistent_data_size;
-
-    /** Driver transient data.
-     *
-     * The core initializes this value to 0 and does not read or modify it
-     * afterwards. The driver may store whatever it wants in this field.
-     */
-    uintptr_t transient_data;
-} psa_drv_se_context_t;
-
-/** \brief A driver initialization function.
- *
- * \param[in,out] drv_context       The driver context structure.
- * \param[in,out] persistent_data   A pointer to the persistent data
- *                                  that allows writing.
- * \param location                  The location value for which this driver
- *                                  is registered. The driver will be invoked
- *                                  for all keys whose lifetime is in this
- *                                  location.
- *
- * \retval #PSA_SUCCESS
- *         The driver is operational.
- *         The core will update the persistent data in storage.
- * \return
- *         Any other return value prevents the driver from being used in
- *         this session.
- *         The core will NOT update the persistent data in storage.
- */
-typedef psa_status_t (*psa_drv_se_init_t)(psa_drv_se_context_t *drv_context,
-                                          void *persistent_data,
-                                          psa_key_location_t location);
-
-#if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C)
-/* Mbed Crypto with secure element support enabled defines this type in
- * crypto_types.h because it is also visible to applications through an
- * implementation-specific extension.
- * For the PSA Cryptography specification, this type is only visible
- * via crypto_se_driver.h. */
-/** An internal designation of a key slot between the core part of the
- * PSA Crypto implementation and the driver. The meaning of this value
- * is driver-dependent. */
-typedef uint64_t psa_key_slot_number_t;
-#endif /* __DOXYGEN_ONLY__ || !MBEDTLS_PSA_CRYPTO_SE_C */
-
-/**@}*/
-
-/** \defgroup se_mac Secure Element Message Authentication Codes
- * Generation and authentication of Message Authentication Codes (MACs) using
- * a secure element can be done either as a single function call (via the
- * `psa_drv_se_mac_generate_t` or `psa_drv_se_mac_verify_t` functions), or in
- * parts using the following sequence:
- * - `psa_drv_se_mac_setup_t`
- * - `psa_drv_se_mac_update_t`
- * - `psa_drv_se_mac_update_t`
- * - ...
- * - `psa_drv_se_mac_finish_t` or `psa_drv_se_mac_finish_verify_t`
- *
- * If a previously started secure element MAC operation needs to be terminated,
- * it should be done so by the `psa_drv_se_mac_abort_t`. Failure to do so may
- * result in allocated resources not being freed or in other undefined
- * behavior.
- */
-/**@{*/
-/** \brief A function that starts a secure element  MAC operation for a PSA
- * Crypto Driver implementation
- *
- * \param[in,out] drv_context   The driver context structure.
- * \param[in,out] op_context    A structure that will contain the
- *                              hardware-specific MAC context
- * \param[in] key_slot          The slot of the key to be used for the
- *                              operation
- * \param[in] algorithm         The algorithm to be used to underly the MAC
- *                              operation
- *
- * \retval  #PSA_SUCCESS
- *          Success.
- */
-typedef psa_status_t (*psa_drv_se_mac_setup_t)(psa_drv_se_context_t *drv_context,
-                                               void *op_context,
-                                               psa_key_slot_number_t key_slot,
-                                               psa_algorithm_t algorithm);
-
-/** \brief A function that continues a previously started secure element MAC
- * operation
- *
- * \param[in,out] op_context    A hardware-specific structure for the
- *                              previously-established MAC operation to be
- *                              updated
- * \param[in] p_input           A buffer containing the message to be appended
- *                              to the MAC operation
- * \param[in] input_length      The size in bytes of the input message buffer
- */
-typedef psa_status_t (*psa_drv_se_mac_update_t)(void *op_context,
-                                                const uint8_t *p_input,
-                                                size_t input_length);
-
-/** \brief a function that completes a previously started secure element MAC
- * operation by returning the resulting MAC.
- *
- * \param[in,out] op_context    A hardware-specific structure for the
- *                              previously started MAC operation to be
- *                              finished
- * \param[out] p_mac            A buffer where the generated MAC will be
- *                              placed
- * \param[in] mac_size          The size in bytes of the buffer that has been
- *                              allocated for the `output` buffer
- * \param[out] p_mac_length     After completion, will contain the number of
- *                              bytes placed in the `p_mac` buffer
- *
- * \retval  #PSA_SUCCESS
- *          Success.
- */
-typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *op_context,
-                                                uint8_t *p_mac,
-                                                size_t mac_size,
-                                                size_t *p_mac_length);
-
-/** \brief A function that completes a previously started secure element MAC
- * operation by comparing the resulting MAC against a provided value
- *
- * \param[in,out] op_context    A hardware-specific structure for the previously
- *                              started MAC operation to be finished
- * \param[in] p_mac             The MAC value against which the resulting MAC
- *                              will be compared against
- * \param[in] mac_length        The size in bytes of the value stored in `p_mac`
- *
- * \retval #PSA_SUCCESS
- *         The operation completed successfully and the MACs matched each
- *         other
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The operation completed successfully, but the calculated MAC did
- *         not match the provided MAC
- */
-typedef psa_status_t (*psa_drv_se_mac_finish_verify_t)(void *op_context,
-                                                       const uint8_t *p_mac,
-                                                       size_t mac_length);
-
-/** \brief A function that aborts a previous started secure element MAC
- * operation
- *
- * \param[in,out] op_context    A hardware-specific structure for the previously
- *                              started MAC operation to be aborted
- */
-typedef psa_status_t (*psa_drv_se_mac_abort_t)(void *op_context);
-
-/** \brief A function that performs a secure element MAC operation in one
- * command and returns the calculated MAC
- *
- * \param[in,out] drv_context   The driver context structure.
- * \param[in] p_input           A buffer containing the message to be MACed
- * \param[in] input_length      The size in bytes of `p_input`
- * \param[in] key_slot          The slot of the key to be used
- * \param[in] alg               The algorithm to be used to underlie the MAC
- *                              operation
- * \param[out] p_mac            A buffer where the generated MAC will be
- *                              placed
- * \param[in] mac_size          The size in bytes of the `p_mac` buffer
- * \param[out] p_mac_length     After completion, will contain the number of
- *                              bytes placed in the `output` buffer
- *
- * \retval #PSA_SUCCESS
- *         Success.
- */
-typedef psa_status_t (*psa_drv_se_mac_generate_t)(psa_drv_se_context_t *drv_context,
-                                                  const uint8_t *p_input,
-                                                  size_t input_length,
-                                                  psa_key_slot_number_t key_slot,
-                                                  psa_algorithm_t alg,
-                                                  uint8_t *p_mac,
-                                                  size_t mac_size,
-                                                  size_t *p_mac_length);
-
-/** \brief A function that performs a secure element MAC operation in one
- * command and compares the resulting MAC against a provided value
- *
- * \param[in,out] drv_context       The driver context structure.
- * \param[in] p_input       A buffer containing the message to be MACed
- * \param[in] input_length  The size in bytes of `input`
- * \param[in] key_slot      The slot of the key to be used
- * \param[in] alg           The algorithm to be used to underlie the MAC
- *                          operation
- * \param[in] p_mac         The MAC value against which the resulting MAC will
- *                          be compared against
- * \param[in] mac_length   The size in bytes of `mac`
- *
- * \retval #PSA_SUCCESS
- *         The operation completed successfully and the MACs matched each
- *         other
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The operation completed successfully, but the calculated MAC did
- *         not match the provided MAC
- */
-typedef psa_status_t (*psa_drv_se_mac_verify_t)(psa_drv_se_context_t *drv_context,
-                                                const uint8_t *p_input,
-                                                size_t input_length,
-                                                psa_key_slot_number_t key_slot,
-                                                psa_algorithm_t alg,
-                                                const uint8_t *p_mac,
-                                                size_t mac_length);
-
-/** \brief A struct containing all of the function pointers needed to
- * perform secure element MAC operations
- *
- * PSA Crypto API implementations should populate the table as appropriate
- * upon startup.
- *
- * If one of the functions is not implemented (such as
- * `psa_drv_se_mac_generate_t`), it should be set to NULL.
- *
- * Driver implementers should ensure that they implement all of the functions
- * that make sense for their hardware, and that they provide a full solution
- * (for example, if they support `p_setup`, they should also support
- * `p_update` and at least one of `p_finish` or `p_finish_verify`).
- *
- */
-typedef struct {
-    /**The size in bytes of the hardware-specific secure element MAC context
-     * structure
-    */
-    size_t                    context_size;
-    /** Function that performs a MAC setup operation
-     */
-    psa_drv_se_mac_setup_t          p_setup;
-    /** Function that performs a MAC update operation
-     */
-    psa_drv_se_mac_update_t         p_update;
-    /** Function that completes a MAC operation
-     */
-    psa_drv_se_mac_finish_t         p_finish;
-    /** Function that completes a MAC operation with a verify check
-     */
-    psa_drv_se_mac_finish_verify_t  p_finish_verify;
-    /** Function that aborts a previously started MAC operation
-     */
-    psa_drv_se_mac_abort_t          p_abort;
-    /** Function that performs a MAC operation in one call
-     */
-    psa_drv_se_mac_generate_t       p_mac;
-    /** Function that performs a MAC and verify operation in one call
-     */
-    psa_drv_se_mac_verify_t         p_mac_verify;
-} psa_drv_se_mac_t;
-/**@}*/
-
-/** \defgroup se_cipher Secure Element Symmetric Ciphers
- *
- * Encryption and Decryption using secure element keys in block modes other
- * than ECB must be done in multiple parts, using the following flow:
- * - `psa_drv_se_cipher_setup_t`
- * - `psa_drv_se_cipher_set_iv_t` (optional depending upon block mode)
- * - `psa_drv_se_cipher_update_t`
- * - `psa_drv_se_cipher_update_t`
- * - ...
- * - `psa_drv_se_cipher_finish_t`
- *
- * If a previously started secure element Cipher operation needs to be
- * terminated, it should be done so by the `psa_drv_se_cipher_abort_t`. Failure
- * to do so may result in allocated resources not being freed or in other
- * undefined behavior.
- *
- * In situations where a PSA Cryptographic API implementation is using a block
- * mode not-supported by the underlying hardware or driver, it can construct
- * the block mode itself, while calling the `psa_drv_se_cipher_ecb_t` function
- * for the cipher operations.
- */
-/**@{*/
-
-/** \brief A function that provides the cipher setup function for a
- * secure element driver
- *
- * \param[in,out] drv_context   The driver context structure.
- * \param[in,out] op_context    A structure that will contain the
- *                              hardware-specific cipher context.
- * \param[in] key_slot          The slot of the key to be used for the
- *                              operation
- * \param[in] algorithm         The algorithm to be used in the cipher
- *                              operation
- * \param[in] direction         Indicates whether the operation is an encrypt
- *                              or decrypt
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED
- */
-typedef psa_status_t (*psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_context,
-                                                  void *op_context,
-                                                  psa_key_slot_number_t key_slot,
-                                                  psa_algorithm_t algorithm,
-                                                  psa_encrypt_or_decrypt_t direction);
-
-/** \brief A function that sets the initialization vector (if
- * necessary) for a secure element cipher operation
- *
- * Rationale: The `psa_se_cipher_*` operation in the PSA Cryptographic API has
- * two IV functions: one to set the IV, and one to generate it internally. The
- * generate function is not necessary for the drivers to implement as the PSA
- * Crypto implementation can do the generation using its RNG features.
- *
- * \param[in,out] op_context    A structure that contains the previously set up
- *                              hardware-specific cipher context
- * \param[in] p_iv              A buffer containing the initialization vector
- * \param[in] iv_length         The size (in bytes) of the `p_iv` buffer
- *
- * \retval #PSA_SUCCESS
- */
-typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *op_context,
-                                                   const uint8_t *p_iv,
-                                                   size_t iv_length);
-
-/** \brief A function that continues a previously started secure element cipher
- * operation
- *
- * \param[in,out] op_context        A hardware-specific structure for the
- *                                  previously started cipher operation
- * \param[in] p_input               A buffer containing the data to be
- *                                  encrypted/decrypted
- * \param[in] input_size            The size in bytes of the buffer pointed to
- *                                  by `p_input`
- * \param[out] p_output             The caller-allocated buffer where the
- *                                  output will be placed
- * \param[in] output_size           The allocated size in bytes of the
- *                                  `p_output` buffer
- * \param[out] p_output_length      After completion, will contain the number
- *                                  of bytes placed in the `p_output` buffer
- *
- * \retval #PSA_SUCCESS
- */
-typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *op_context,
-                                                   const uint8_t *p_input,
-                                                   size_t input_size,
-                                                   uint8_t *p_output,
-                                                   size_t output_size,
-                                                   size_t *p_output_length);
-
-/** \brief A function that completes a previously started secure element cipher
- * operation
- *
- * \param[in,out] op_context    A hardware-specific structure for the
- *                              previously started cipher operation
- * \param[out] p_output         The caller-allocated buffer where the output
- *                              will be placed
- * \param[in] output_size       The allocated size in bytes of the `p_output`
- *                              buffer
- * \param[out] p_output_length  After completion, will contain the number of
- *                              bytes placed in the `p_output` buffer
- *
- * \retval #PSA_SUCCESS
- */
-typedef psa_status_t (*psa_drv_se_cipher_finish_t)(void *op_context,
-                                                   uint8_t *p_output,
-                                                   size_t output_size,
-                                                   size_t *p_output_length);
-
-/** \brief A function that aborts a previously started secure element cipher
- * operation
- *
- * \param[in,out] op_context    A hardware-specific structure for the
- *                              previously started cipher operation
- */
-typedef psa_status_t (*psa_drv_se_cipher_abort_t)(void *op_context);
-
-/** \brief A function that performs the ECB block mode for secure element
- * cipher operations
- *
- * Note: this function should only be used with implementations that do not
- * provide a needed higher-level operation.
- *
- * \param[in,out] drv_context   The driver context structure.
- * \param[in] key_slot          The slot of the key to be used for the operation
- * \param[in] algorithm         The algorithm to be used in the cipher operation
- * \param[in] direction         Indicates whether the operation is an encrypt or
- *                              decrypt
- * \param[in] p_input           A buffer containing the data to be
- *                              encrypted/decrypted
- * \param[in] input_size        The size in bytes of the buffer pointed to by
- *                              `p_input`
- * \param[out] p_output         The caller-allocated buffer where the output
- *                              will be placed
- * \param[in] output_size       The allocated size in bytes of the `p_output`
- *                              buffer
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED
- */
-typedef psa_status_t (*psa_drv_se_cipher_ecb_t)(psa_drv_se_context_t *drv_context,
-                                                psa_key_slot_number_t key_slot,
-                                                psa_algorithm_t algorithm,
-                                                psa_encrypt_or_decrypt_t direction,
-                                                const uint8_t *p_input,
-                                                size_t input_size,
-                                                uint8_t *p_output,
-                                                size_t output_size);
-
-/**
- * \brief A struct containing all of the function pointers needed to implement
- * cipher operations using secure elements.
- *
- * PSA Crypto API implementations should populate instances of the table as
- * appropriate upon startup or at build time.
- *
- * If one of the functions is not implemented (such as
- * `psa_drv_se_cipher_ecb_t`), it should be set to NULL.
- */
-typedef struct {
-    /** The size in bytes of the hardware-specific secure element cipher
-     * context structure
-     */
-    size_t               context_size;
-    /** Function that performs a cipher setup operation */
-    psa_drv_se_cipher_setup_t  p_setup;
-    /** Function that sets a cipher IV (if necessary) */
-    psa_drv_se_cipher_set_iv_t p_set_iv;
-    /** Function that performs a cipher update operation */
-    psa_drv_se_cipher_update_t p_update;
-    /** Function that completes a cipher operation */
-    psa_drv_se_cipher_finish_t p_finish;
-    /** Function that aborts a cipher operation */
-    psa_drv_se_cipher_abort_t  p_abort;
-    /** Function that performs ECB mode for a cipher operation
-     * (Danger: ECB mode should not be used directly by clients of the PSA
-     * Crypto Client API)
-     */
-    psa_drv_se_cipher_ecb_t    p_ecb;
-} psa_drv_se_cipher_t;
-
-/**@}*/
-
-/** \defgroup se_asymmetric Secure Element Asymmetric Cryptography
- *
- * Since the amount of data that can (or should) be encrypted or signed using
- * asymmetric keys is limited by the key size, asymmetric key operations using
- * keys in a secure element must be done in single function calls.
- */
-/**@{*/
-
-/**
- * \brief A function that signs a hash or short message with a private key in
- * a secure element
- *
- * \param[in,out] drv_context       The driver context structure.
- * \param[in] key_slot              Key slot of an asymmetric key pair
- * \param[in] alg                   A signature algorithm that is compatible
- *                                  with the type of `key`
- * \param[in] p_hash                The hash to sign
- * \param[in] hash_length           Size of the `p_hash` buffer in bytes
- * \param[out] p_signature          Buffer where the signature is to be written
- * \param[in] signature_size        Size of the `p_signature` buffer in bytes
- * \param[out] p_signature_length   On success, the number of bytes
- *                                  that make up the returned signature value
- *
- * \retval #PSA_SUCCESS
- */
-typedef psa_status_t (*psa_drv_se_asymmetric_sign_t)(psa_drv_se_context_t *drv_context,
-                                                     psa_key_slot_number_t key_slot,
-                                                     psa_algorithm_t alg,
-                                                     const uint8_t *p_hash,
-                                                     size_t hash_length,
-                                                     uint8_t *p_signature,
-                                                     size_t signature_size,
-                                                     size_t *p_signature_length);
-
-/**
- * \brief A function that verifies the signature a hash or short message using
- * an asymmetric public key in a secure element
- *
- * \param[in,out] drv_context   The driver context structure.
- * \param[in] key_slot          Key slot of a public key or an asymmetric key
- *                              pair
- * \param[in] alg               A signature algorithm that is compatible with
- *                              the type of `key`
- * \param[in] p_hash            The hash whose signature is to be verified
- * \param[in] hash_length       Size of the `p_hash` buffer in bytes
- * \param[in] p_signature       Buffer containing the signature to verify
- * \param[in] signature_length  Size of the `p_signature` buffer in bytes
- *
- * \retval #PSA_SUCCESS
- *         The signature is valid.
- */
-typedef psa_status_t (*psa_drv_se_asymmetric_verify_t)(psa_drv_se_context_t *drv_context,
-                                                       psa_key_slot_number_t key_slot,
-                                                       psa_algorithm_t alg,
-                                                       const uint8_t *p_hash,
-                                                       size_t hash_length,
-                                                       const uint8_t *p_signature,
-                                                       size_t signature_length);
-
-/**
- * \brief A function that encrypts a short message with an asymmetric public
- * key in a secure element
- *
- * \param[in,out] drv_context   The driver context structure.
- * \param[in] key_slot          Key slot of a public key or an asymmetric key
- *                              pair
- * \param[in] alg               An asymmetric encryption algorithm that is
- *                              compatible with the type of `key`
- * \param[in] p_input           The message to encrypt
- * \param[in] input_length      Size of the `p_input` buffer in bytes
- * \param[in] p_salt            A salt or label, if supported by the
- *                              encryption algorithm
- *                              If the algorithm does not support a
- *                              salt, pass `NULL`.
- *                              If the algorithm supports an optional
- *                              salt and you do not want to pass a salt,
- *                              pass `NULL`.
- *                              For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
- *                              supported.
- * \param[in] salt_length       Size of the `p_salt` buffer in bytes
- *                              If `p_salt` is `NULL`, pass 0.
- * \param[out] p_output         Buffer where the encrypted message is to
- *                              be written
- * \param[in] output_size       Size of the `p_output` buffer in bytes
- * \param[out] p_output_length  On success, the number of bytes that make up
- *                              the returned output
- *
- * \retval #PSA_SUCCESS
- */
-typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *drv_context,
-                                                        psa_key_slot_number_t key_slot,
-                                                        psa_algorithm_t alg,
-                                                        const uint8_t *p_input,
-                                                        size_t input_length,
-                                                        const uint8_t *p_salt,
-                                                        size_t salt_length,
-                                                        uint8_t *p_output,
-                                                        size_t output_size,
-                                                        size_t *p_output_length);
-
-/**
- * \brief A function that decrypts a short message with an asymmetric private
- * key in a secure element.
- *
- * \param[in,out] drv_context   The driver context structure.
- * \param[in] key_slot          Key slot of an asymmetric key pair
- * \param[in] alg               An asymmetric encryption algorithm that is
- *                              compatible with the type of `key`
- * \param[in] p_input           The message to decrypt
- * \param[in] input_length      Size of the `p_input` buffer in bytes
- * \param[in] p_salt            A salt or label, if supported by the
- *                              encryption algorithm
- *                              If the algorithm does not support a
- *                              salt, pass `NULL`.
- *                              If the algorithm supports an optional
- *                              salt and you do not want to pass a salt,
- *                              pass `NULL`.
- *                              For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
- *                              supported.
- * \param[in] salt_length       Size of the `p_salt` buffer in bytes
- *                              If `p_salt` is `NULL`, pass 0.
- * \param[out] p_output         Buffer where the decrypted message is to
- *                              be written
- * \param[in] output_size       Size of the `p_output` buffer in bytes
- * \param[out] p_output_length  On success, the number of bytes
- *                              that make up the returned output
- *
- * \retval #PSA_SUCCESS
- */
-typedef psa_status_t (*psa_drv_se_asymmetric_decrypt_t)(psa_drv_se_context_t *drv_context,
-                                                        psa_key_slot_number_t key_slot,
-                                                        psa_algorithm_t alg,
-                                                        const uint8_t *p_input,
-                                                        size_t input_length,
-                                                        const uint8_t *p_salt,
-                                                        size_t salt_length,
-                                                        uint8_t *p_output,
-                                                        size_t output_size,
-                                                        size_t *p_output_length);
-
-/**
- * \brief A struct containing all of the function pointers needed to implement
- * asymmetric cryptographic operations using secure elements.
- *
- * PSA Crypto API implementations should populate instances of the table as
- * appropriate upon startup or at build time.
- *
- * If one of the functions is not implemented, it should be set to NULL.
- */
-typedef struct {
-    /** Function that performs an asymmetric sign operation */
-    psa_drv_se_asymmetric_sign_t    p_sign;
-    /** Function that performs an asymmetric verify operation */
-    psa_drv_se_asymmetric_verify_t  p_verify;
-    /** Function that performs an asymmetric encrypt operation */
-    psa_drv_se_asymmetric_encrypt_t p_encrypt;
-    /** Function that performs an asymmetric decrypt operation */
-    psa_drv_se_asymmetric_decrypt_t p_decrypt;
-} psa_drv_se_asymmetric_t;
-
-/**@}*/
-
-/** \defgroup se_aead Secure Element Authenticated Encryption with Additional Data
- * Authenticated Encryption with Additional Data (AEAD) operations with secure
- * elements must be done in one function call. While this creates a burden for
- * implementers as there must be sufficient space in memory for the entire
- * message, it prevents decrypted data from being made available before the
- * authentication operation is complete and the data is known to be authentic.
- */
-/**@{*/
-
-/** \brief A function that performs a secure element authenticated encryption
- * operation
- *
- * \param[in,out] drv_context           The driver context structure.
- * \param[in] key_slot                  Slot containing the key to use.
- * \param[in] algorithm                 The AEAD algorithm to compute
- *                                      (\c PSA_ALG_XXX value such that
- *                                      #PSA_ALG_IS_AEAD(`alg`) is true)
- * \param[in] p_nonce                   Nonce or IV to use
- * \param[in] nonce_length              Size of the `p_nonce` buffer in bytes
- * \param[in] p_additional_data         Additional data that will be
- *                                      authenticated but not encrypted
- * \param[in] additional_data_length    Size of `p_additional_data` in bytes
- * \param[in] p_plaintext               Data that will be authenticated and
- *                                      encrypted
- * \param[in] plaintext_length          Size of `p_plaintext` in bytes
- * \param[out] p_ciphertext             Output buffer for the authenticated and
- *                                      encrypted data. The additional data is
- *                                      not part of this output. For algorithms
- *                                      where the encrypted data and the
- *                                      authentication tag are defined as
- *                                      separate outputs, the authentication
- *                                      tag is appended to the encrypted data.
- * \param[in] ciphertext_size           Size of the `p_ciphertext` buffer in
- *                                      bytes
- * \param[out] p_ciphertext_length      On success, the size of the output in
- *                                      the `p_ciphertext` buffer
- *
- * \retval #PSA_SUCCESS
- *         Success.
- */
-typedef psa_status_t (*psa_drv_se_aead_encrypt_t)(psa_drv_se_context_t *drv_context,
-                                                  psa_key_slot_number_t key_slot,
-                                                  psa_algorithm_t algorithm,
-                                                  const uint8_t *p_nonce,
-                                                  size_t nonce_length,
-                                                  const uint8_t *p_additional_data,
-                                                  size_t additional_data_length,
-                                                  const uint8_t *p_plaintext,
-                                                  size_t plaintext_length,
-                                                  uint8_t *p_ciphertext,
-                                                  size_t ciphertext_size,
-                                                  size_t *p_ciphertext_length);
-
-/** A function that performs a secure element authenticated decryption operation
- *
- * \param[in,out] drv_context           The driver context structure.
- * \param[in] key_slot                  Slot containing the key to use
- * \param[in] algorithm                 The AEAD algorithm to compute
- *                                      (\c PSA_ALG_XXX value such that
- *                                      #PSA_ALG_IS_AEAD(`alg`) is true)
- * \param[in] p_nonce                   Nonce or IV to use
- * \param[in] nonce_length              Size of the `p_nonce` buffer in bytes
- * \param[in] p_additional_data         Additional data that has been
- *                                      authenticated but not encrypted
- * \param[in] additional_data_length    Size of `p_additional_data` in bytes
- * \param[in] p_ciphertext              Data that has been authenticated and
- *                                      encrypted.
- *                                      For algorithms where the encrypted data
- *                                      and the authentication tag are defined
- *                                      as separate inputs, the buffer must
- *                                      contain the encrypted data followed by
- *                                      the authentication tag.
- * \param[in] ciphertext_length         Size of `p_ciphertext` in bytes
- * \param[out] p_plaintext              Output buffer for the decrypted data
- * \param[in] plaintext_size            Size of the `p_plaintext` buffer in
- *                                      bytes
- * \param[out] p_plaintext_length       On success, the size of the output in
- *                                      the `p_plaintext` buffer
- *
- * \retval #PSA_SUCCESS
- *         Success.
- */
-typedef psa_status_t (*psa_drv_se_aead_decrypt_t)(psa_drv_se_context_t *drv_context,
-                                                  psa_key_slot_number_t key_slot,
-                                                  psa_algorithm_t algorithm,
-                                                  const uint8_t *p_nonce,
-                                                  size_t nonce_length,
-                                                  const uint8_t *p_additional_data,
-                                                  size_t additional_data_length,
-                                                  const uint8_t *p_ciphertext,
-                                                  size_t ciphertext_length,
-                                                  uint8_t *p_plaintext,
-                                                  size_t plaintext_size,
-                                                  size_t *p_plaintext_length);
-
-/**
- * \brief A struct containing all of the function pointers needed to implement
- * secure element Authenticated Encryption with Additional Data operations
- *
- * PSA Crypto API implementations should populate instances of the table as
- * appropriate upon startup.
- *
- * If one of the functions is not implemented, it should be set to NULL.
- */
-typedef struct {
-    /** Function that performs the AEAD encrypt operation */
-    psa_drv_se_aead_encrypt_t p_encrypt;
-    /** Function that performs the AEAD decrypt operation */
-    psa_drv_se_aead_decrypt_t p_decrypt;
-} psa_drv_se_aead_t;
-/**@}*/
-
-/** \defgroup se_key_management Secure Element Key Management
- * Currently, key management is limited to importing keys in the clear,
- * destroying keys, and exporting keys in the clear.
- * Whether a key may be exported is determined by the key policies in place
- * on the key slot.
- */
-/**@{*/
-
-/** An enumeration indicating how a key is created.
- */
-typedef enum
-{
-    PSA_KEY_CREATION_IMPORT, /**< During psa_import_key() */
-    PSA_KEY_CREATION_GENERATE, /**< During psa_generate_key() */
-    PSA_KEY_CREATION_DERIVE, /**< During psa_key_derivation_output_key() */
-    PSA_KEY_CREATION_COPY, /**< During psa_copy_key() */
-
-#ifndef __DOXYGEN_ONLY__
-    /** A key is being registered with mbedtls_psa_register_se_key().
-     *
-     * The core only passes this value to
-     * psa_drv_se_key_management_t::p_validate_slot_number, not to
-     * psa_drv_se_key_management_t::p_allocate. The call to
-     * `p_validate_slot_number` is not followed by any other call to the
-     * driver: the key is considered successfully registered if the call to
-     * `p_validate_slot_number` succeeds, or if `p_validate_slot_number` is
-     * null.
-     *
-     * With this creation method, the driver must return #PSA_SUCCESS if
-     * the given attributes are compatible with the existing key in the slot,
-     * and #PSA_ERROR_DOES_NOT_EXIST if the driver can determine that there
-     * is no key with the specified slot number.
-     *
-     * This is an Mbed Crypto extension.
-     */
-    PSA_KEY_CREATION_REGISTER,
-#endif
-} psa_key_creation_method_t;
-
-/** \brief A function that allocates a slot for a key.
- *
- * To create a key in a specific slot in a secure element, the core
- * first calls this function to determine a valid slot number,
- * then calls a function to create the key material in that slot.
- * In nominal conditions (that is, if no error occurs),
- * the effect of a call to a key creation function in the PSA Cryptography
- * API with a lifetime that places the key in a secure element is the
- * following:
- * -# The core calls psa_drv_se_key_management_t::p_allocate
- *    (or in some implementations
- *    psa_drv_se_key_management_t::p_validate_slot_number). The driver
- *    selects (or validates) a suitable slot number given the key attributes
- *    and the state of the secure element.
- * -# The core calls a key creation function in the driver.
- *
- * The key creation functions in the PSA Cryptography API are:
- * - psa_import_key(), which causes
- *   a call to `p_allocate` with \p method = #PSA_KEY_CREATION_IMPORT
- *   then a call to psa_drv_se_key_management_t::p_import.
- * - psa_generate_key(), which causes
- *   a call to `p_allocate` with \p method = #PSA_KEY_CREATION_GENERATE
- *   then a call to psa_drv_se_key_management_t::p_import.
- * - psa_key_derivation_output_key(), which causes
- *   a call to `p_allocate` with \p method = #PSA_KEY_CREATION_DERIVE
- *   then a call to psa_drv_se_key_derivation_t::p_derive.
- * - psa_copy_key(), which causes
- *   a call to `p_allocate` with \p method = #PSA_KEY_CREATION_COPY
- *   then a call to psa_drv_se_key_management_t::p_export.
- *
- * In case of errors, other behaviors are possible.
- * - If the PSA Cryptography subsystem dies after the first step,
- *   for example because the device has lost power abruptly,
- *   the second step may never happen, or may happen after a reset
- *   and re-initialization. Alternatively, after a reset and
- *   re-initialization, the core may call
- *   psa_drv_se_key_management_t::p_destroy on the slot number that
- *   was allocated (or validated) instead of calling a key creation function.
- * - If an error occurs, the core may call
- *   psa_drv_se_key_management_t::p_destroy on the slot number that
- *   was allocated (or validated) instead of calling a key creation function.
- *
- * Errors and system resets also have an impact on the driver's persistent
- * data. If a reset happens before the overall key creation process is
- * completed (before or after the second step above), it is unspecified
- * whether the persistent data after the reset is identical to what it
- * was before or after the call to `p_allocate` (or `p_validate_slot_number`).
- *
- * \param[in,out] drv_context       The driver context structure.
- * \param[in,out] persistent_data   A pointer to the persistent data
- *                                  that allows writing.
- * \param[in] attributes            Attributes of the key.
- * \param method                    The way in which the key is being created.
- * \param[out] key_slot             Slot where the key will be stored.
- *                                  This must be a valid slot for a key of the
- *                                  chosen type. It must be unoccupied.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- *         The core will record \c *key_slot as the key slot where the key
- *         is stored and will update the persistent data in storage.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- */
-typedef psa_status_t (*psa_drv_se_allocate_key_t)(
-    psa_drv_se_context_t *drv_context,
-    void *persistent_data,
-    const psa_key_attributes_t *attributes,
-    psa_key_creation_method_t method,
-    psa_key_slot_number_t *key_slot);
-
-/** \brief A function that determines whether a slot number is valid
- * for a key.
- *
- * To create a key in a specific slot in a secure element, the core
- * first calls this function to validate the choice of slot number,
- * then calls a function to create the key material in that slot.
- * See the documentation of #psa_drv_se_allocate_key_t for more details.
- *
- * As of the PSA Cryptography API specification version 1.0, there is no way
- * for applications to trigger a call to this function. However some
- * implementations offer the capability to create or declare a key in
- * a specific slot via implementation-specific means, generally for the
- * sake of initial device provisioning or onboarding. Such a mechanism may
- * be added to a future version of the PSA Cryptography API specification.
- *
- * This function may update the driver's persistent data through
- * \p persistent_data. The core will save the updated persistent data at the
- * end of the key creation process. See the description of
- * ::psa_drv_se_allocate_key_t for more information.
- *
- * \param[in,out] drv_context   The driver context structure.
- * \param[in,out] persistent_data   A pointer to the persistent data
- *                                  that allows writing.
- * \param[in] attributes        Attributes of the key.
- * \param method                The way in which the key is being created.
- * \param[in] key_slot          Slot where the key is to be stored.
- *
- * \retval #PSA_SUCCESS
- *         The given slot number is valid for a key with the given
- *         attributes.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The given slot number is not valid for a key with the
- *         given attributes. This includes the case where the slot
- *         number is not valid at all.
- * \retval #PSA_ERROR_ALREADY_EXISTS
- *         There is already a key with the specified slot number.
- *         Drivers may choose to return this error from the key
- *         creation function instead.
- */
-typedef psa_status_t (*psa_drv_se_validate_slot_number_t)(
-    psa_drv_se_context_t *drv_context,
-    void *persistent_data,
-    const psa_key_attributes_t *attributes,
-    psa_key_creation_method_t method,
-    psa_key_slot_number_t key_slot);
-
-/** \brief A function that imports a key into a secure element in binary format
- *
- * This function can support any output from psa_export_key(). Refer to the
- * documentation of psa_export_key() for the format for each key type.
- *
- * \param[in,out] drv_context   The driver context structure.
- * \param key_slot              Slot where the key will be stored.
- *                              This must be a valid slot for a key of the
- *                              chosen type. It must be unoccupied.
- * \param[in] attributes        The key attributes, including the lifetime,
- *                              the key type and the usage policy.
- *                              Drivers should not access the key size stored
- *                              in the attributes: it may not match the
- *                              data passed in \p data.
- *                              Drivers can call psa_get_key_lifetime(),
- *                              psa_get_key_type(),
- *                              psa_get_key_usage_flags() and
- *                              psa_get_key_algorithm() to access this
- *                              information.
- * \param[in] data              Buffer containing the key data.
- * \param[in] data_length       Size of the \p data buffer in bytes.
- * \param[out] bits             On success, the key size in bits. The driver
- *                              must determine this value after parsing the
- *                              key according to the key type.
- *                              This value is not used if the function fails.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- */
-typedef psa_status_t (*psa_drv_se_import_key_t)(
-    psa_drv_se_context_t *drv_context,
-    psa_key_slot_number_t key_slot,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *data,
-    size_t data_length,
-    size_t *bits);
-
-/**
- * \brief A function that destroys a secure element key and restore the slot to
- * its default state
- *
- * This function destroys the content of the key from a secure element.
- * Implementations shall make a best effort to ensure that any previous content
- * of the slot is unrecoverable.
- *
- * This function returns the specified slot to its default state.
- *
- * \param[in,out] drv_context       The driver context structure.
- * \param[in,out] persistent_data   A pointer to the persistent data
- *                                  that allows writing.
- * \param key_slot                  The key slot to erase.
- *
- * \retval #PSA_SUCCESS
- *         The slot's content, if any, has been erased.
- */
-typedef psa_status_t (*psa_drv_se_destroy_key_t)(
-    psa_drv_se_context_t *drv_context,
-    void *persistent_data,
-    psa_key_slot_number_t key_slot);
-
-/**
- * \brief A function that exports a secure element key in binary format
- *
- * The output of this function can be passed to psa_import_key() to
- * create an equivalent object.
- *
- * If a key is created with `psa_import_key()` and then exported with
- * this function, it is not guaranteed that the resulting data is
- * identical: the implementation may choose a different representation
- * of the same key if the format permits it.
- *
- * This function should generate output in the same format that
- * `psa_export_key()` does. Refer to the
- * documentation of `psa_export_key()` for the format for each key type.
- *
- * \param[in,out] drv_context   The driver context structure.
- * \param[in] key               Slot whose content is to be exported. This must
- *                              be an occupied key slot.
- * \param[out] p_data           Buffer where the key data is to be written.
- * \param[in] data_size         Size of the `p_data` buffer in bytes.
- * \param[out] p_data_length    On success, the number of bytes
- *                              that make up the key data.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- * \retval #PSA_ERROR_NOT_PERMITTED
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-typedef psa_status_t (*psa_drv_se_export_key_t)(psa_drv_se_context_t *drv_context,
-                                                psa_key_slot_number_t key,
-                                                uint8_t *p_data,
-                                                size_t data_size,
-                                                size_t *p_data_length);
-
-/**
- * \brief A function that generates a symmetric or asymmetric key on a secure
- * element
- *
- * If the key type \c type recorded in \p attributes
- * is asymmetric (#PSA_KEY_TYPE_IS_ASYMMETRIC(\c type) = 1),
- * the driver may export the public key at the time of generation,
- * in the format documented for psa_export_public_key() by writing it
- * to the \p pubkey buffer.
- * This is optional, intended for secure elements that output the
- * public key at generation time and that cannot export the public key
- * later. Drivers that do not need this feature should leave
- * \p *pubkey_length set to 0 and should
- * implement the psa_drv_key_management_t::p_export_public function.
- * Some implementations do not support this feature, in which case
- * \p pubkey is \c NULL and \p pubkey_size is 0.
- *
- * \param[in,out] drv_context   The driver context structure.
- * \param key_slot              Slot where the key will be stored.
- *                              This must be a valid slot for a key of the
- *                              chosen type. It must be unoccupied.
- * \param[in] attributes        The key attributes, including the lifetime,
- *                              the key type and size, and the usage policy.
- *                              Drivers can call psa_get_key_lifetime(),
- *                              psa_get_key_type(), psa_get_key_bits(),
- *                              psa_get_key_usage_flags() and
- *                              psa_get_key_algorithm() to access this
- *                              information.
- * \param[out] pubkey           A buffer where the driver can write the
- *                              public key, when generating an asymmetric
- *                              key pair.
- *                              This is \c NULL when generating a symmetric
- *                              key or if the core does not support
- *                              exporting the public key at generation time.
- * \param pubkey_size           The size of the `pubkey` buffer in bytes.
- *                              This is 0 when generating a symmetric
- *                              key or if the core does not support
- *                              exporting the public key at generation time.
- * \param[out] pubkey_length    On entry, this is always 0.
- *                              On success, the number of bytes written to
- *                              \p pubkey. If this is 0 or unchanged on return,
- *                              the core will not read the \p pubkey buffer,
- *                              and will instead call the driver's
- *                              psa_drv_key_management_t::p_export_public
- *                              function to export the public key when needed.
- */
-typedef psa_status_t (*psa_drv_se_generate_key_t)(
-    psa_drv_se_context_t *drv_context,
-    psa_key_slot_number_t key_slot,
-    const psa_key_attributes_t *attributes,
-    uint8_t *pubkey, size_t pubkey_size, size_t *pubkey_length);
-
-/**
- * \brief A struct containing all of the function pointers needed to for secure
- * element key management
- *
- * PSA Crypto API implementations should populate instances of the table as
- * appropriate upon startup or at build time.
- *
- * If one of the functions is not implemented, it should be set to NULL.
- */
-typedef struct {
-    /** Function that allocates a slot for a key. */
-    psa_drv_se_allocate_key_t   p_allocate;
-    /** Function that checks the validity of a slot for a key. */
-    psa_drv_se_validate_slot_number_t p_validate_slot_number;
-    /** Function that performs a key import operation */
-    psa_drv_se_import_key_t     p_import;
-    /** Function that performs a generation */
-    psa_drv_se_generate_key_t   p_generate;
-    /** Function that performs a key destroy operation */
-    psa_drv_se_destroy_key_t    p_destroy;
-    /** Function that performs a key export operation */
-    psa_drv_se_export_key_t     p_export;
-    /** Function that performs a public key export operation */
-    psa_drv_se_export_key_t     p_export_public;
-} psa_drv_se_key_management_t;
-
-/**@}*/
-
-/** \defgroup driver_derivation Secure Element Key Derivation and Agreement
- * Key derivation is the process of generating new key material using an
- * existing key and additional parameters, iterating through a basic
- * cryptographic function, such as a hash.
- * Key agreement is a part of cryptographic protocols that allows two parties
- * to agree on the same key value, but starting from different original key
- * material.
- * The flows are similar, and the PSA Crypto Driver Model uses the same functions
- * for both of the flows.
- *
- * There are two different final functions for the flows,
- * `psa_drv_se_key_derivation_derive` and `psa_drv_se_key_derivation_export`.
- * `psa_drv_se_key_derivation_derive` is used when the key material should be
- * placed in a slot on the hardware and not exposed to the caller.
- * `psa_drv_se_key_derivation_export` is used when the key material should be
- * returned to the PSA Cryptographic API implementation.
- *
- * Different key derivation algorithms require a different number of inputs.
- * Instead of having an API that takes as input variable length arrays, which
- * can be problematic to manage on embedded platforms, the inputs are passed
- * to the driver via a function, `psa_drv_se_key_derivation_collateral`, that
- * is called multiple times with different `collateral_id`s. Thus, for a key
- * derivation algorithm that required 3 parameter inputs, the flow would look
- * something like:
- * ~~~~~~~~~~~~~{.c}
- * psa_drv_se_key_derivation_setup(kdf_algorithm, source_key, dest_key_size_bytes);
- * psa_drv_se_key_derivation_collateral(kdf_algorithm_collateral_id_0,
- *                                      p_collateral_0,
- *                                      collateral_0_size);
- * psa_drv_se_key_derivation_collateral(kdf_algorithm_collateral_id_1,
- *                                      p_collateral_1,
- *                                      collateral_1_size);
- * psa_drv_se_key_derivation_collateral(kdf_algorithm_collateral_id_2,
- *                                      p_collateral_2,
- *                                      collateral_2_size);
- * psa_drv_se_key_derivation_derive();
- * ~~~~~~~~~~~~~
- *
- * key agreement example:
- * ~~~~~~~~~~~~~{.c}
- * psa_drv_se_key_derivation_setup(alg, source_key. dest_key_size_bytes);
- * psa_drv_se_key_derivation_collateral(DHE_PUBKEY, p_pubkey, pubkey_size);
- * psa_drv_se_key_derivation_export(p_session_key,
- *                                  session_key_size,
- *                                  &session_key_length);
- * ~~~~~~~~~~~~~
- */
-/**@{*/
-
-/** \brief A function that Sets up a secure element key derivation operation by
- * specifying the algorithm and the source key sot
- *
- * \param[in,out] drv_context   The driver context structure.
- * \param[in,out] op_context    A hardware-specific structure containing any
- *                              context information for the implementation
- * \param[in] kdf_alg           The algorithm to be used for the key derivation
- * \param[in] source_key        The key to be used as the source material for
- *                              the key derivation
- *
- * \retval #PSA_SUCCESS
- */
-typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(psa_drv_se_context_t *drv_context,
-                                                          void *op_context,
-                                                          psa_algorithm_t kdf_alg,
-                                                          psa_key_slot_number_t source_key);
-
-/** \brief A function that provides collateral (parameters) needed for a secure
- * element key derivation or key agreement operation
- *
- * Since many key derivation algorithms require multiple parameters, it is
- * expected that this function may be called multiple times for the same
- * operation, each with a different algorithm-specific `collateral_id`
- *
- * \param[in,out] op_context    A hardware-specific structure containing any
- *                              context information for the implementation
- * \param[in] collateral_id     An ID for the collateral being provided
- * \param[in] p_collateral      A buffer containing the collateral data
- * \param[in] collateral_size   The size in bytes of the collateral
- *
- * \retval #PSA_SUCCESS
- */
-typedef psa_status_t (*psa_drv_se_key_derivation_collateral_t)(void *op_context,
-                                                               uint32_t collateral_id,
-                                                               const uint8_t *p_collateral,
-                                                               size_t collateral_size);
-
-/** \brief A function that performs the final secure element key derivation
- * step and place the generated key material in a slot
- *
- * \param[in,out] op_context    A hardware-specific structure containing any
- *                              context information for the implementation
- * \param[in] dest_key          The slot where the generated key material
- *                              should be placed
- *
- * \retval #PSA_SUCCESS
- */
-typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *op_context,
-                                                          psa_key_slot_number_t dest_key);
-
-/** \brief A function that performs the final step of a secure element key
- * agreement and place the generated key material in a buffer
- *
- * \param[out] p_output         Buffer in which to place the generated key
- *                              material
- * \param[in] output_size       The size in bytes of `p_output`
- * \param[out] p_output_length  Upon success, contains the number of bytes of
- *                              key material placed in `p_output`
- *
- * \retval #PSA_SUCCESS
- */
-typedef psa_status_t (*psa_drv_se_key_derivation_export_t)(void *op_context,
-                                                           uint8_t *p_output,
-                                                           size_t output_size,
-                                                           size_t *p_output_length);
-
-/**
- * \brief A struct containing all of the function pointers needed to for secure
- * element key derivation and agreement
- *
- * PSA Crypto API implementations should populate instances of the table as
- * appropriate upon startup.
- *
- * If one of the functions is not implemented, it should be set to NULL.
- */
-typedef struct {
-    /** The driver-specific size of the key derivation context */
-    size_t                           context_size;
-    /** Function that performs a key derivation setup */
-    psa_drv_se_key_derivation_setup_t      p_setup;
-    /** Function that sets key derivation collateral */
-    psa_drv_se_key_derivation_collateral_t p_collateral;
-    /** Function that performs a final key derivation step */
-    psa_drv_se_key_derivation_derive_t     p_derive;
-    /** Function that performs a final key derivation or agreement and
-     * exports the key */
-    psa_drv_se_key_derivation_export_t     p_export;
-} psa_drv_se_key_derivation_t;
-
-/**@}*/
-
-/** \defgroup se_registration Secure element driver registration
- */
-/**@{*/
-
-/** A structure containing pointers to all the entry points of a
- * secure element driver.
- *
- * Future versions of this specification may add extra substructures at
- * the end of this structure.
- */
-typedef struct {
-    /** The version of the driver HAL that this driver implements.
-     * This is a protection against loading driver binaries built against
-     * a different version of this specification.
-     * Use #PSA_DRV_SE_HAL_VERSION.
-     */
-    uint32_t hal_version;
-
-    /** The size of the driver's persistent data in bytes.
-     *
-     * This can be 0 if the driver does not need persistent data.
-     *
-     * See the documentation of psa_drv_se_context_t::persistent_data
-     * for more information about why and how a driver can use
-     * persistent data.
-     */
-    size_t persistent_data_size;
-
-    /** The driver initialization function.
-     *
-     * This function is called once during the initialization of the
-     * PSA Cryptography subsystem, before any other function of the
-     * driver is called. If this function returns a failure status,
-     * the driver will be unusable, at least until the next system reset.
-     *
-     * If this field is \c NULL, it is equivalent to a function that does
-     * nothing and returns #PSA_SUCCESS.
-     */
-    psa_drv_se_init_t p_init;
-
-    const psa_drv_se_key_management_t *key_management;
-    const psa_drv_se_mac_t *mac;
-    const psa_drv_se_cipher_t *cipher;
-    const psa_drv_se_aead_t *aead;
-    const psa_drv_se_asymmetric_t *asymmetric;
-    const psa_drv_se_key_derivation_t *derivation;
-} psa_drv_se_t;
-
-/** The current version of the secure element driver HAL.
- */
-/* 0.0.0 patchlevel 5 */
-#define PSA_DRV_SE_HAL_VERSION 0x00000005
-
-/** Register an external cryptoprocessor (secure element) driver.
- *
- * This function is only intended to be used by driver code, not by
- * application code. In implementations with separation between the
- * PSA cryptography module and applications, this function should
- * only be available to callers that run in the same memory space as
- * the cryptography module, and should not be exposed to applications
- * running in a different memory space.
- *
- * This function may be called before psa_crypto_init(). It is
- * implementation-defined whether this function may be called
- * after psa_crypto_init().
- *
- * \note Implementations store metadata about keys including the lifetime
- *       value, which contains the driver's location indicator. Therefore,
- *       from one instantiation of the PSA Cryptography
- *       library to the next one, if there is a key in storage with a certain
- *       lifetime value, you must always register the same driver (or an
- *       updated version that communicates with the same secure element)
- *       with the same location value.
- *
- * \param location      The location value through which this driver will
- *                      be exposed to applications.
- *                      This driver will be used for all keys such that
- *                      `location == #PSA_KEY_LIFETIME_GET_LOCATION( lifetime )`.
- *                      The value #PSA_KEY_LOCATION_LOCAL_STORAGE is reserved
- *                      and may not be used for drivers. Implementations
- *                      may reserve other values.
- * \param[in] methods   The method table of the driver. This structure must
- *                      remain valid for as long as the cryptography
- *                      module keeps running. It is typically a global
- *                      constant.
- *
- * \return #PSA_SUCCESS
- *         The driver was successfully registered. Applications can now
- *         use \p location to access keys through the methods passed to
- *         this function.
- * \return #PSA_ERROR_BAD_STATE
- *         This function was called after the initialization of the
- *         cryptography module, and this implementation does not support
- *         driver registration at this stage.
- * \return #PSA_ERROR_ALREADY_EXISTS
- *         There is already a registered driver for this value of \p location.
- * \return #PSA_ERROR_INVALID_ARGUMENT
- *         \p location is a reserved value.
- * \return #PSA_ERROR_NOT_SUPPORTED
- *         `methods->hal_version` is not supported by this implementation.
- * \return #PSA_ERROR_INSUFFICIENT_MEMORY
- * \return #PSA_ERROR_NOT_PERMITTED
- * \return #PSA_ERROR_STORAGE_FAILURE
- * \return #PSA_ERROR_DATA_CORRUPT
- */
-psa_status_t psa_register_se_driver(
-    psa_key_location_t location,
-    const psa_drv_se_t *methods);
-
-/**@}*/
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* PSA_CRYPTO_SE_DRIVER_H */
diff --git a/Sources/mbedtls/include/psa/crypto_sizes.h b/Sources/mbedtls/include/psa/crypto_sizes.h
deleted file mode 100644
index a0a5287..0000000
--- a/Sources/mbedtls/include/psa/crypto_sizes.h
+++ /dev/null
@@ -1,1171 +0,0 @@
-/**
- * \file psa/crypto_sizes.h
- *
- * \brief PSA cryptography module: Mbed TLS buffer size macros
- *
- * \note This file may not be included directly. Applications must
- * include psa/crypto.h.
- *
- * This file contains the definitions of macros that are useful to
- * compute buffer sizes. The signatures and semantics of these macros
- * are standardized, but the definitions are not, because they depend on
- * the available algorithms and, in some cases, on permitted tolerances
- * on buffer sizes.
- *
- * In implementations with isolation between the application and the
- * cryptography module, implementers should take care to ensure that
- * the definitions that are exposed to applications match what the
- * module implements.
- *
- * Macros that compute sizes whose values do not depend on the
- * implementation are in crypto.h.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_SIZES_H
-#define PSA_CRYPTO_SIZES_H
-
-/* Include the Mbed TLS configuration file, the way Mbed TLS does it
- * in each of its header files. */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
-#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
-
-#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
-    (((length) + (block_size) - 1) / (block_size) * (block_size))
-
-/** The size of the output of psa_hash_finish(), in bytes.
- *
- * This is also the hash size that psa_hash_verify() expects.
- *
- * \param alg   A hash algorithm (\c PSA_ALG_XXX value such that
- *              #PSA_ALG_IS_HASH(\p alg) is true), or an HMAC algorithm
- *              (#PSA_ALG_HMAC(\c hash_alg) where \c hash_alg is a
- *              hash algorithm).
- *
- * \return The hash size for the specified hash algorithm.
- *         If the hash algorithm is not recognized, return 0.
- */
-#define PSA_HASH_LENGTH(alg)                                        \
-    (                                                               \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 :            \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 :            \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 :            \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 :      \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 :          \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 :        \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 :        \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 :        \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 :        \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 :    \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 :    \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 :       \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 :       \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 :       \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 :       \
-        0)
-
-/** The input block size of a hash algorithm, in bytes.
- *
- * Hash algorithms process their input data in blocks. Hash operations will
- * retain any partial blocks until they have enough input to fill the block or
- * until the operation is finished.
- * This affects the output from psa_hash_suspend().
- *
- * \param alg   A hash algorithm (\c PSA_ALG_XXX value such that
- *              PSA_ALG_IS_HASH(\p alg) is true).
- *
- * \return      The block size in bytes for the specified hash algorithm.
- *              If the hash algorithm is not recognized, return 0.
- *              An implementation can return either 0 or the correct size for a
- *              hash algorithm that it recognizes, but does not support.
- */
-#define PSA_HASH_BLOCK_LENGTH(alg)                                  \
-    (                                                               \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 :            \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 64 :            \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 :            \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 :      \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 :          \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 :        \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 :        \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 :       \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 :       \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 :   \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 :   \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 :      \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 :      \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 :      \
-        PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 :       \
-        0)
-
-/** \def PSA_HASH_MAX_SIZE
- *
- * Maximum size of a hash.
- *
- * This macro expands to a compile-time constant integer. This value
- * is the maximum size of a hash in bytes.
- */
-/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
- * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
- * HMAC-SHA3-512. */
-#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384)
-#define PSA_HASH_MAX_SIZE 64
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
-#else
-#define PSA_HASH_MAX_SIZE 32
-#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
-#endif
-
-/** \def PSA_MAC_MAX_SIZE
- *
- * Maximum size of a MAC.
- *
- * This macro expands to a compile-time constant integer. This value
- * is the maximum size of a MAC in bytes.
- */
-/* All non-HMAC MACs have a maximum size that's smaller than the
- * minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
-/* Note that the encoding of truncated MAC algorithms limits this value
- * to 64 bytes.
- */
-#define PSA_MAC_MAX_SIZE PSA_HASH_MAX_SIZE
-
-/** The length of a tag for an AEAD algorithm, in bytes.
- *
- * This macro can be used to allocate a buffer of sufficient size to store the
- * tag output from psa_aead_finish().
- *
- * See also #PSA_AEAD_TAG_MAX_SIZE.
- *
- * \param key_type            The type of the AEAD key.
- * \param key_bits            The size of the AEAD key in bits.
- * \param alg                 An AEAD algorithm
- *                            (\c PSA_ALG_XXX value such that
- *                            #PSA_ALG_IS_AEAD(\p alg) is true).
- *
- * \return                    The tag length for the specified algorithm and key.
- *                            If the AEAD algorithm does not have an identified
- *                            tag that can be distinguished from the rest of
- *                            the ciphertext, return 0.
- *                            If the key type or AEAD algorithm is not
- *                            recognized, or the parameters are incompatible,
- *                            return 0.
- */
-#define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg)                        \
-    (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ?                            \
-     PSA_ALG_AEAD_GET_TAG_LENGTH(alg) :                                     \
-     ((void) (key_bits), 0))
-
-/** The maximum tag size for all supported AEAD algorithms, in bytes.
- *
- * See also #PSA_AEAD_TAG_LENGTH(\p key_type, \p key_bits, \p alg).
- */
-#define PSA_AEAD_TAG_MAX_SIZE       16
-
-/* The maximum size of an RSA key on this implementation, in bits.
- * This is a vendor-specific macro.
- *
- * Mbed TLS does not set a hard limit on the size of RSA keys: any key
- * whose parameters fit in a bignum is accepted. However large keys can
- * induce a large memory usage and long computation times. Unlike other
- * auxiliary macros in this file and in crypto.h, which reflect how the
- * library is configured, this macro defines how the library is
- * configured. This implementation refuses to import or generate an
- * RSA key whose size is larger than the value defined here.
- *
- * Note that an implementation may set different size limits for different
- * operations, and does not need to accept all key sizes up to the limit. */
-#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
-
-/* The maximum size of an ECC key on this implementation, in bits.
- * This is a vendor-specific macro. */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
-#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
-#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
-#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
-#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
-#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
-#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
-#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
-#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
-#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
-#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
-#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
-#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
-#else
-#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
-#endif
-
-/** This macro returns the maximum supported length of the PSK for the
- * TLS-1.2 PSK-to-MS key derivation
- * (#PSA_ALG_TLS12_PSK_TO_MS(\c hash_alg)).
- *
- * The maximum supported length does not depend on the chosen hash algorithm.
- *
- * Quoting RFC 4279, Sect 5.3:
- * TLS implementations supporting these ciphersuites MUST support
- * arbitrary PSK identities up to 128 octets in length, and arbitrary
- * PSKs up to 64 octets in length.  Supporting longer identities and
- * keys is RECOMMENDED.
- *
- * Therefore, no implementation should define a value smaller than 64
- * for #PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE.
- */
-#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
-
-/** The maximum size of a block cipher. */
-#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
-
-/** The size of the output of psa_mac_sign_finish(), in bytes.
- *
- * This is also the MAC size that psa_mac_verify_finish() expects.
- *
- * \warning This macro may evaluate its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * \param key_type      The type of the MAC key.
- * \param key_bits      The size of the MAC key in bits.
- * \param alg           A MAC algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_MAC(\p alg) is true).
- *
- * \return              The MAC size for the specified algorithm with
- *                      the specified key parameters.
- * \return              0 if the MAC algorithm is not recognized.
- * \return              Either 0 or the correct size for a MAC algorithm that
- *                      the implementation recognizes, but does not support.
- * \return              Unspecified if the key parameters are not consistent
- *                      with the algorithm.
- */
-#define PSA_MAC_LENGTH(key_type, key_bits, alg)                                   \
-    ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) :        \
-     PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) :         \
-     PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
-     ((void)(key_type), (void)(key_bits), 0))
-
-/** The maximum size of the output of psa_aead_encrypt(), in bytes.
- *
- * If the size of the ciphertext buffer is at least this large, it is
- * guaranteed that psa_aead_encrypt() will not fail due to an
- * insufficient buffer size. Depending on the algorithm, the actual size of
- * the ciphertext may be smaller.
- *
- * See also #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p plaintext_length).
- *
- * \warning This macro may evaluate its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * \param key_type            A symmetric key type that is
- *                            compatible with algorithm \p alg.
- * \param alg                 An AEAD algorithm
- *                            (\c PSA_ALG_XXX value such that
- *                            #PSA_ALG_IS_AEAD(\p alg) is true).
- * \param plaintext_length    Size of the plaintext in bytes.
- *
- * \return                    The AEAD ciphertext size for the specified
- *                            algorithm.
- *                            If the key type or AEAD algorithm is not
- *                            recognized, or the parameters are incompatible,
- *                            return 0.
- */
-#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
-    (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ?                      \
-     (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) :          \
-     0)
-
-/** A sufficient output buffer size for psa_aead_encrypt(), for any of the
- *  supported key types and AEAD algorithms.
- *
- * If the size of the ciphertext buffer is at least this large, it is guaranteed
- * that psa_aead_encrypt() will not fail due to an insufficient buffer size.
- *
- * \note This macro returns a compile-time constant if its arguments are
- *       compile-time constants.
- *
- * See also #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p key_type, \p alg,
- * \p plaintext_length).
- *
- * \param plaintext_length    Size of the plaintext in bytes.
- *
- * \return                    A sufficient output buffer size for any of the
- *                            supported key types and AEAD algorithms.
- *
- */
-#define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length)          \
-    ((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
-
-
-/** The maximum size of the output of psa_aead_decrypt(), in bytes.
- *
- * If the size of the plaintext buffer is at least this large, it is
- * guaranteed that psa_aead_decrypt() will not fail due to an
- * insufficient buffer size. Depending on the algorithm, the actual size of
- * the plaintext may be smaller.
- *
- * See also #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p ciphertext_length).
- *
- * \warning This macro may evaluate its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * \param key_type            A symmetric key type that is
- *                            compatible with algorithm \p alg.
- * \param alg                 An AEAD algorithm
- *                            (\c PSA_ALG_XXX value such that
- *                            #PSA_ALG_IS_AEAD(\p alg) is true).
- * \param ciphertext_length   Size of the plaintext in bytes.
- *
- * \return                    The AEAD ciphertext size for the specified
- *                            algorithm.
- *                            If the key type or AEAD algorithm is not
- *                            recognized, or the parameters are incompatible,
- *                            return 0.
- */
-#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
-    (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 &&                      \
-         (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ?      \
-         (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) :      \
-     0)
-
-/** A sufficient output buffer size for psa_aead_decrypt(), for any of the
- *  supported key types and AEAD algorithms.
- *
- * If the size of the plaintext buffer is at least this large, it is guaranteed
- * that psa_aead_decrypt() will not fail due to an insufficient buffer size.
- *
- * \note This macro returns a compile-time constant if its arguments are
- *       compile-time constants.
- *
- * See also #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p key_type, \p alg,
- * \p ciphertext_length).
- *
- * \param ciphertext_length   Size of the ciphertext in bytes.
- *
- * \return                    A sufficient output buffer size for any of the
- *                            supported key types and AEAD algorithms.
- *
- */
-#define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length)     \
-     (ciphertext_length)
-
-/** The default nonce size for an AEAD algorithm, in bytes.
- *
- * This macro can be used to allocate a buffer of sufficient size to
- * store the nonce output from #psa_aead_generate_nonce().
- *
- * See also #PSA_AEAD_NONCE_MAX_SIZE.
- *
- * \note This is not the maximum size of nonce supported as input to
- *       #psa_aead_set_nonce(), #psa_aead_encrypt() or #psa_aead_decrypt(),
- *       just the default size that is generated by #psa_aead_generate_nonce().
- *
- * \warning This macro may evaluate its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * \param key_type  A symmetric key type that is compatible with
- *                  algorithm \p alg.
- *
- * \param alg       An AEAD algorithm (\c PSA_ALG_XXX value such that
- *                  #PSA_ALG_IS_AEAD(\p alg) is true).
- *
- * \return The default nonce size for the specified key type and algorithm.
- *         If the key type or AEAD algorithm is not recognized,
- *         or the parameters are incompatible, return 0.
- */
-#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
-    (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
-          MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
-          MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
-          0 : \
-     (key_type) == PSA_KEY_TYPE_CHACHA20 && \
-          MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
-     0)
-
-/** The maximum default nonce size among all supported pairs of key types and
- *  AEAD algorithms, in bytes.
- *
- * This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH()
- * may return.
- *
- * \note This is not the maximum size of nonce supported as input to
- *       #psa_aead_set_nonce(), #psa_aead_encrypt() or #psa_aead_decrypt(),
- *       just the largest size that may be generated by
- *       #psa_aead_generate_nonce().
- */
-#define PSA_AEAD_NONCE_MAX_SIZE 13
-
-/** A sufficient output buffer size for psa_aead_update().
- *
- * If the size of the output buffer is at least this large, it is
- * guaranteed that psa_aead_update() will not fail due to an
- * insufficient buffer size. The actual size of the output may be smaller
- * in any given call.
- *
- * See also #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length).
- *
- * \warning This macro may evaluate its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * \param key_type            A symmetric key type that is
- *                            compatible with algorithm \p alg.
- * \param alg                 An AEAD algorithm
- *                            (\c PSA_ALG_XXX value such that
- *                            #PSA_ALG_IS_AEAD(\p alg) is true).
- * \param input_length        Size of the input in bytes.
- *
- * \return                    A sufficient output buffer size for the specified
- *                            algorithm.
- *                            If the key type or AEAD algorithm is not
- *                            recognized, or the parameters are incompatible,
- *                            return 0.
- */
-/* For all the AEAD modes defined in this specification, it is possible
- * to emit output without delay. However, hardware may not always be
- * capable of this. So for modes based on a block cipher, allow the
- * implementation to delay the output until it has a full block. */
-#define PSA_AEAD_UPDATE_OUTPUT_SIZE(key_type, alg, input_length)                             \
-    (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ?                                             \
-         PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ?                                              \
-         PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
-         (input_length) : \
-     0)
-
-/** A sufficient output buffer size for psa_aead_update(), for any of the
- *  supported key types and AEAD algorithms.
- *
- * If the size of the output buffer is at least this large, it is guaranteed
- * that psa_aead_update() will not fail due to an insufficient buffer size.
- *
- * See also #PSA_AEAD_UPDATE_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
- *
- * \param input_length      Size of the input in bytes.
- */
-#define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length)                           \
-    (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
-
-/** A sufficient ciphertext buffer size for psa_aead_finish().
- *
- * If the size of the ciphertext buffer is at least this large, it is
- * guaranteed that psa_aead_finish() will not fail due to an
- * insufficient ciphertext buffer size. The actual size of the output may
- * be smaller in any given call.
- *
- * See also #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE.
- *
- * \param key_type            A symmetric key type that is
-                              compatible with algorithm \p alg.
- * \param alg                 An AEAD algorithm
- *                            (\c PSA_ALG_XXX value such that
- *                            #PSA_ALG_IS_AEAD(\p alg) is true).
- *
- * \return                    A sufficient ciphertext buffer size for the
- *                            specified algorithm.
- *                            If the key type or AEAD algorithm is not
- *                            recognized, or the parameters are incompatible,
- *                            return 0.
- */
-#define PSA_AEAD_FINISH_OUTPUT_SIZE(key_type, alg) \
-    (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 &&  \
-         PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ?    \
-         PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
-     0)
-
-/** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the
- *  supported key types and AEAD algorithms.
- *
- * See also #PSA_AEAD_FINISH_OUTPUT_SIZE(\p key_type, \p alg).
- */
-#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE     (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
-
-/** A sufficient plaintext buffer size for psa_aead_verify().
- *
- * If the size of the plaintext buffer is at least this large, it is
- * guaranteed that psa_aead_verify() will not fail due to an
- * insufficient plaintext buffer size. The actual size of the output may
- * be smaller in any given call.
- *
- * See also #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE.
- *
- * \param key_type            A symmetric key type that is
- *                            compatible with algorithm \p alg.
- * \param alg                 An AEAD algorithm
- *                            (\c PSA_ALG_XXX value such that
- *                            #PSA_ALG_IS_AEAD(\p alg) is true).
- *
- * \return                    A sufficient plaintext buffer size for the
- *                            specified algorithm.
- *                            If the key type or AEAD algorithm is not
- *                            recognized, or the parameters are incompatible,
- *                            return 0.
- */
-#define PSA_AEAD_VERIFY_OUTPUT_SIZE(key_type, alg) \
-    (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 &&  \
-         PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ?    \
-         PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
-     0)
-
-/** A sufficient plaintext buffer size for psa_aead_verify(), for any of the
- *  supported key types and AEAD algorithms.
- *
- * See also #PSA_AEAD_VERIFY_OUTPUT_SIZE(\p key_type, \p alg).
- */
-#define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE     (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
-
-#define PSA_RSA_MINIMUM_PADDING_SIZE(alg)                         \
-    (PSA_ALG_IS_RSA_OAEP(alg) ?                                   \
-     2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 :    \
-     11 /*PKCS#1v1.5*/)
-
-/**
- * \brief ECDSA signature size for a given curve bit size
- *
- * \param curve_bits    Curve size in bits.
- * \return              Signature size in bytes.
- *
- * \note This macro returns a compile-time constant if its argument is one.
- */
-#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits)    \
-    (PSA_BITS_TO_BYTES(curve_bits) * 2)
-
-/** Sufficient signature buffer size for psa_sign_hash().
- *
- * This macro returns a sufficient buffer size for a signature using a key
- * of the specified type and size, with the specified algorithm.
- * Note that the actual size of the signature may be smaller
- * (some algorithms produce a variable-size signature).
- *
- * \warning This function may call its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * \param key_type  An asymmetric key type (this may indifferently be a
- *                  key pair type or a public key type).
- * \param key_bits  The size of the key in bits.
- * \param alg       The signature algorithm.
- *
- * \return If the parameters are valid and supported, return
- *         a buffer size in bytes that guarantees that
- *         psa_sign_hash() will not fail with
- *         #PSA_ERROR_BUFFER_TOO_SMALL.
- *         If the parameters are a valid combination that is not supported,
- *         return either a sensible size or 0.
- *         If the parameters are not valid, the
- *         return value is unspecified.
- */
-#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg)        \
-    (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
-     PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
-     ((void)alg, 0))
-
-#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE     \
-    PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
-
-/** \def PSA_SIGNATURE_MAX_SIZE
- *
- * Maximum size of an asymmetric signature.
- *
- * This macro expands to a compile-time constant integer. This value
- * is the maximum size of a signature in bytes.
- */
-#define PSA_SIGNATURE_MAX_SIZE                               \
-    (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
-     PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) :                   \
-     PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE)
-
-/** Sufficient output buffer size for psa_asymmetric_encrypt().
- *
- * This macro returns a sufficient buffer size for a ciphertext produced using
- * a key of the specified type and size, with the specified algorithm.
- * Note that the actual size of the ciphertext may be smaller, depending
- * on the algorithm.
- *
- * \warning This function may call its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * \param key_type  An asymmetric key type (this may indifferently be a
- *                  key pair type or a public key type).
- * \param key_bits  The size of the key in bits.
- * \param alg       The asymmetric encryption algorithm.
- *
- * \return If the parameters are valid and supported, return
- *         a buffer size in bytes that guarantees that
- *         psa_asymmetric_encrypt() will not fail with
- *         #PSA_ERROR_BUFFER_TOO_SMALL.
- *         If the parameters are a valid combination that is not supported,
- *         return either a sensible size or 0.
- *         If the parameters are not valid, the
- *         return value is unspecified.
- */
-#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg)     \
-    (PSA_KEY_TYPE_IS_RSA(key_type) ?                                    \
-     ((void)alg, PSA_BITS_TO_BYTES(key_bits)) :                         \
-     0)
-
-/** A sufficient output buffer size for psa_asymmetric_encrypt(), for any
- *  supported asymmetric encryption.
- *
- * See also #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg).
- */
-/* This macro assumes that RSA is the only supported asymmetric encryption. */
-#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE          \
-    (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
-
-/** Sufficient output buffer size for psa_asymmetric_decrypt().
- *
- * This macro returns a sufficient buffer size for a plaintext produced using
- * a key of the specified type and size, with the specified algorithm.
- * Note that the actual size of the plaintext may be smaller, depending
- * on the algorithm.
- *
- * \warning This function may call its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * \param key_type  An asymmetric key type (this may indifferently be a
- *                  key pair type or a public key type).
- * \param key_bits  The size of the key in bits.
- * \param alg       The asymmetric encryption algorithm.
- *
- * \return If the parameters are valid and supported, return
- *         a buffer size in bytes that guarantees that
- *         psa_asymmetric_decrypt() will not fail with
- *         #PSA_ERROR_BUFFER_TOO_SMALL.
- *         If the parameters are a valid combination that is not supported,
- *         return either a sensible size or 0.
- *         If the parameters are not valid, the
- *         return value is unspecified.
- */
-#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg)     \
-    (PSA_KEY_TYPE_IS_RSA(key_type) ?                                    \
-     PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) :  \
-     0)
-
-/** A sufficient output buffer size for psa_asymmetric_decrypt(), for any
- *  supported asymmetric decryption.
- *
- * This macro assumes that RSA is the only supported asymmetric encryption.
- *
- * See also #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg).
- */
-#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE          \
-    (PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
-
-/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
- * number of bits.
- *
- * This definition assumes that bits <= 2^19 - 9 so that the length field
- * is at most 3 bytes. The length of the encoding is the length of the
- * bit string padded to a whole number of bytes plus:
- * - 1 type byte;
- * - 1 to 3 length bytes;
- * - 0 to 1 bytes of leading 0 due to the sign bit.
- */
-#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits)      \
-    ((bits) / 8 + 5)
-
-/* Maximum size of the export encoding of an RSA public key.
- * Assumes that the public exponent is less than 2^32.
- *
- * RSAPublicKey  ::=  SEQUENCE  {
- *    modulus            INTEGER,    -- n
- *    publicExponent     INTEGER  }  -- e
- *
- * - 4 bytes of SEQUENCE overhead;
- * - n : INTEGER;
- * - 7 bytes for the public exponent.
- */
-#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits)        \
-    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
-
-/* Maximum size of the export encoding of an RSA key pair.
- * Assumes that the public exponent is less than 2^32 and that the size
- * difference between the two primes is at most 1 bit.
- *
- * RSAPrivateKey ::= SEQUENCE {
- *     version           Version,  -- 0
- *     modulus           INTEGER,  -- N-bit
- *     publicExponent    INTEGER,  -- 32-bit
- *     privateExponent   INTEGER,  -- N-bit
- *     prime1            INTEGER,  -- N/2-bit
- *     prime2            INTEGER,  -- N/2-bit
- *     exponent1         INTEGER,  -- N/2-bit
- *     exponent2         INTEGER,  -- N/2-bit
- *     coefficient       INTEGER,  -- N/2-bit
- * }
- *
- * - 4 bytes of SEQUENCE overhead;
- * - 3 bytes of version;
- * - 7 half-size INTEGERs plus 2 full-size INTEGERs,
- *   overapproximated as 9 half-size INTEGERS;
- * - 7 bytes for the public exponent.
- */
-#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits)   \
-    (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
-
-/* Maximum size of the export encoding of a DSA public key.
- *
- * SubjectPublicKeyInfo  ::=  SEQUENCE  {
- *      algorithm            AlgorithmIdentifier,
- *      subjectPublicKey     BIT STRING  } -- contains DSAPublicKey
- * AlgorithmIdentifier  ::=  SEQUENCE  {
- *      algorithm               OBJECT IDENTIFIER,
- *      parameters              Dss-Params  } -- SEQUENCE of 3 INTEGERs
- * DSAPublicKey  ::=  INTEGER -- public key, Y
- *
- * - 3 * 4 bytes of SEQUENCE overhead;
- * - 1 + 1 + 7 bytes of algorithm (DSA OID);
- * - 4 bytes of BIT STRING overhead;
- * - 3 full-size INTEGERs (p, g, y);
- * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
- */
-#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits)        \
-    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
-
-/* Maximum size of the export encoding of a DSA key pair.
- *
- * DSAPrivateKey ::= SEQUENCE {
- *     version             Version,  -- 0
- *     prime               INTEGER,  -- p
- *     subprime            INTEGER,  -- q
- *     generator           INTEGER,  -- g
- *     public              INTEGER,  -- y
- *     private             INTEGER,  -- x
- * }
- *
- * - 4 bytes of SEQUENCE overhead;
- * - 3 bytes of version;
- * - 3 full-size INTEGERs (p, g, y);
- * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
- */
-#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits)   \
-    (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
-
-/* Maximum size of the export encoding of an ECC public key.
- *
- * The representation of an ECC public key is:
- *      - The byte 0x04;
- *      - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
- *      - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
- *      - where m is the bit size associated with the curve.
- *
- * - 1 byte + 2 * point size.
- */
-#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits)        \
-    (2 * PSA_BITS_TO_BYTES(key_bits) + 1)
-
-/* Maximum size of the export encoding of an ECC key pair.
- *
- * An ECC key pair is represented by the secret value.
- */
-#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits)   \
-    (PSA_BITS_TO_BYTES(key_bits))
-
-/** Sufficient output buffer size for psa_export_key() or
- * psa_export_public_key().
- *
- * This macro returns a compile-time constant if its arguments are
- * compile-time constants.
- *
- * \warning This macro may evaluate its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * The following code illustrates how to allocate enough memory to export
- * a key by querying the key type and size at runtime.
- * \code{c}
- * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- * psa_status_t status;
- * status = psa_get_key_attributes(key, &attributes);
- * if (status != PSA_SUCCESS) handle_error(...);
- * psa_key_type_t key_type = psa_get_key_type(&attributes);
- * size_t key_bits = psa_get_key_bits(&attributes);
- * size_t buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits);
- * psa_reset_key_attributes(&attributes);
- * uint8_t *buffer = malloc(buffer_size);
- * if (buffer == NULL) handle_error(...);
- * size_t buffer_length;
- * status = psa_export_key(key, buffer, buffer_size, &buffer_length);
- * if (status != PSA_SUCCESS) handle_error(...);
- * \endcode
- *
- * \param key_type  A supported key type.
- * \param key_bits  The size of the key in bits.
- *
- * \return If the parameters are valid and supported, return
- *         a buffer size in bytes that guarantees that
- *         psa_export_key() or psa_export_public_key() will not fail with
- *         #PSA_ERROR_BUFFER_TOO_SMALL.
- *         If the parameters are a valid combination that is not supported,
- *         return either a sensible size or 0.
- *         If the parameters are not valid, the return value is unspecified.
- */
-#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits)                                              \
-    (PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) :                         \
-     (key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) :     \
-     (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
-     (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) :     \
-     (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
-     PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) :      \
-     PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) :  \
-     0)
-
-/** Sufficient output buffer size for psa_export_public_key().
- *
- * This macro returns a compile-time constant if its arguments are
- * compile-time constants.
- *
- * \warning This macro may evaluate its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * The following code illustrates how to allocate enough memory to export
- * a public key by querying the key type and size at runtime.
- * \code{c}
- * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- * psa_status_t status;
- * status = psa_get_key_attributes(key, &attributes);
- * if (status != PSA_SUCCESS) handle_error(...);
- * psa_key_type_t key_type = psa_get_key_type(&attributes);
- * size_t key_bits = psa_get_key_bits(&attributes);
- * size_t buffer_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits);
- * psa_reset_key_attributes(&attributes);
- * uint8_t *buffer = malloc(buffer_size);
- * if (buffer == NULL) handle_error(...);
- * size_t buffer_length;
- * status = psa_export_public_key(key, buffer, buffer_size, &buffer_length);
- * if (status != PSA_SUCCESS) handle_error(...);
- * \endcode
- *
- * \param key_type      A public key or key pair key type.
- * \param key_bits      The size of the key in bits.
- *
- * \return              If the parameters are valid and supported, return
- *                      a buffer size in bytes that guarantees that
- *                      psa_export_public_key() will not fail with
- *                      #PSA_ERROR_BUFFER_TOO_SMALL.
- *                      If the parameters are a valid combination that is not
- *                      supported, return either a sensible size or 0.
- *                      If the parameters are not valid,
- *                      the return value is unspecified.
- *
- *                      If the parameters are valid and supported,
- *                      return the same result as
- *                      #PSA_EXPORT_KEY_OUTPUT_SIZE(
- *                          \p #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\p key_type),
- *                          \p key_bits).
- */
-#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits)                           \
-    (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
-     PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
-     0)
-
-/** Sufficient buffer size for exporting any asymmetric key pair.
- *
- * This macro expands to a compile-time constant integer. This value is
- * a sufficient buffer size when calling psa_export_key() to export any
- * asymmetric key pair, regardless of the exact key type and key size.
- *
- * See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
- */
-#define PSA_EXPORT_KEY_PAIR_MAX_SIZE                                            \
-    (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) >        \
-     PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ?      \
-     PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) :        \
-     PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
-
-/** Sufficient buffer size for exporting any asymmetric public key.
- *
- * This macro expands to a compile-time constant integer. This value is
- * a sufficient buffer size when calling psa_export_key() or
- * psa_export_public_key() to export any asymmetric public key,
- * regardless of the exact key type and key size.
- *
- * See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
- */
-#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE                                          \
-    (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) >      \
-     PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ?    \
-     PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) :      \
-     PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
-
-/** Sufficient output buffer size for psa_raw_key_agreement().
- *
- * This macro returns a compile-time constant if its arguments are
- * compile-time constants.
- *
- * \warning This macro may evaluate its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE.
- *
- * \param key_type      A supported key type.
- * \param key_bits      The size of the key in bits.
- *
- * \return              If the parameters are valid and supported, return
- *                      a buffer size in bytes that guarantees that
- *                      psa_raw_key_agreement() will not fail with
- *                      #PSA_ERROR_BUFFER_TOO_SMALL.
- *                      If the parameters are a valid combination that
- *                      is not supported, return either a sensible size or 0.
- *                      If the parameters are not valid,
- *                      the return value is unspecified.
- */
-/* FFDH is not yet supported in PSA. */
-#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits)   \
-    (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ?                   \
-     PSA_BITS_TO_BYTES(key_bits) :                              \
-     0)
-
-/** Maximum size of the output from psa_raw_key_agreement().
- *
- * This macro expands to a compile-time constant integer. This value is the
- * maximum size of the output any raw key agreement algorithm, in bytes.
- *
- * See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits).
- */
-#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE   \
-    (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
-
-/** The default IV size for a cipher algorithm, in bytes.
- *
- * The IV that is generated as part of a call to #psa_cipher_encrypt() is always
- * the default IV length for the algorithm.
- *
- * This macro can be used to allocate a buffer of sufficient size to
- * store the IV output from #psa_cipher_generate_iv() when using
- * a multi-part cipher operation.
- *
- * See also #PSA_CIPHER_IV_MAX_SIZE.
- *
- * \warning This macro may evaluate its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * \param key_type  A symmetric key type that is compatible with algorithm \p alg.
- *
- * \param alg       A cipher algorithm (\c PSA_ALG_XXX value such that #PSA_ALG_IS_CIPHER(\p alg) is true).
- *
- * \return The default IV size for the specified key type and algorithm.
- *         If the algorithm does not use an IV, return 0.
- *         If the key type or cipher algorithm is not recognized,
- *         or the parameters are incompatible, return 0.
- */
-#define PSA_CIPHER_IV_LENGTH(key_type, alg) \
-    (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
-        ((alg) == PSA_ALG_CTR || \
-         (alg) == PSA_ALG_CFB || \
-         (alg) == PSA_ALG_OFB || \
-         (alg) == PSA_ALG_XTS || \
-         (alg) == PSA_ALG_CBC_NO_PADDING || \
-         (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
-     (key_type) == PSA_KEY_TYPE_CHACHA20 && \
-         (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
-     0)
-
-/** The maximum IV size for all supported cipher algorithms, in bytes.
- *
- * See also #PSA_CIPHER_IV_LENGTH().
- */
-#define PSA_CIPHER_IV_MAX_SIZE 16
-
-/** The maximum size of the output of psa_cipher_encrypt(), in bytes.
- *
- * If the size of the output buffer is at least this large, it is guaranteed
- * that psa_cipher_encrypt() will not fail due to an insufficient buffer size.
- * Depending on the algorithm, the actual size of the output might be smaller.
- *
- * See also #PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(\p input_length).
- *
- * \warning This macro may evaluate its arguments multiple times or
- *          zero times, so you should not pass arguments that contain
- *          side effects.
- *
- * \param key_type      A symmetric key type that is compatible with algorithm
- *                      alg.
- * \param alg           A cipher algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_CIPHER(\p alg) is true).
- * \param input_length  Size of the input in bytes.
- *
- * \return              A sufficient output size for the specified key type and
- *                      algorithm. If the key type or cipher algorithm is not
- *                      recognized, or the parameters are incompatible,
- *                      return 0.
- */
-#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length)             \
-    (alg == PSA_ALG_CBC_PKCS7 ?                                                 \
-     (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ?                            \
-     PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type),          \
-                              (input_length) + 1) +                             \
-     PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) :                             \
-     (PSA_ALG_IS_CIPHER(alg) ?                                                  \
-      (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) :                \
-     0))
-
-/** A sufficient output buffer size for psa_cipher_encrypt(), for any of the
- *  supported key types and cipher algorithms.
- *
- * If the size of the output buffer is at least this large, it is guaranteed
- * that psa_cipher_encrypt() will not fail due to an insufficient buffer size.
- *
- * See also #PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
- *
- * \param input_length  Size of the input in bytes.
- *
- */
-#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length)                        \
-    (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE,                  \
-                              (input_length) + 1) +                             \
-     PSA_CIPHER_IV_MAX_SIZE)
-
-/** The maximum size of the output of psa_cipher_decrypt(), in bytes.
- *
- * If the size of the output buffer is at least this large, it is guaranteed
- * that psa_cipher_decrypt() will not fail due to an insufficient buffer size.
- * Depending on the algorithm, the actual size of the output might be smaller.
- *
- * See also #PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(\p input_length).
- *
- * \param key_type      A symmetric key type that is compatible with algorithm
- *                      alg.
- * \param alg           A cipher algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_CIPHER(\p alg) is true).
- * \param input_length  Size of the input in bytes.
- *
- * \return              A sufficient output size for the specified key type and
- *                      algorithm. If the key type or cipher algorithm is not
- *                      recognized, or the parameters are incompatible,
- *                      return 0.
- */
-#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length)                 \
-    (PSA_ALG_IS_CIPHER(alg) &&                                                      \
-     ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
-     (input_length) :                                                               \
-     0)
-
-/** A sufficient output buffer size for psa_cipher_decrypt(), for any of the
- *  supported key types and cipher algorithms.
- *
- * If the size of the output buffer is at least this large, it is guaranteed
- * that psa_cipher_decrypt() will not fail due to an insufficient buffer size.
- *
- * See also #PSA_CIPHER_DECRYPT_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
- *
- * \param input_length  Size of the input in bytes.
- */
-#define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length)    \
-    (input_length)
-
-/** A sufficient output buffer size for psa_cipher_update().
- *
- * If the size of the output buffer is at least this large, it is guaranteed
- * that psa_cipher_update() will not fail due to an insufficient buffer size.
- * The actual size of the output might be smaller in any given call.
- *
- * See also #PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(\p input_length).
- *
- * \param key_type      A symmetric key type that is compatible with algorithm
- *                      alg.
- * \param alg           A cipher algorithm (PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_CIPHER(\p alg) is true).
- * \param input_length  Size of the input in bytes.
- *
- * \return              A sufficient output size for the specified key type and
- *                      algorithm. If the key type or cipher algorithm is not
- *                      recognized, or the parameters are incompatible, return 0.
- */
-#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length)              \
-    (PSA_ALG_IS_CIPHER(alg) ?                                                   \
-    (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ?                             \
-     (((alg) == PSA_ALG_CBC_PKCS7      ||                                       \
-       (alg) == PSA_ALG_CBC_NO_PADDING ||                                       \
-       (alg) == PSA_ALG_ECB_NO_PADDING) ?                                       \
-      PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type),         \
-                                input_length) :                                 \
-      (input_length)) : 0) :                                                    \
-     0)
-
-/** A sufficient output buffer size for psa_cipher_update(), for any of the
- *  supported key types and cipher algorithms.
- *
- * If the size of the output buffer is at least this large, it is guaranteed
- * that psa_cipher_update() will not fail due to an insufficient buffer size.
- *
- * See also #PSA_CIPHER_UPDATE_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
- *
- * \param input_length  Size of the input in bytes.
- */
-#define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length)     \
-    (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
-
-/** A sufficient ciphertext buffer size for psa_cipher_finish().
- *
- * If the size of the ciphertext buffer is at least this large, it is
- * guaranteed that psa_cipher_finish() will not fail due to an insufficient
- * ciphertext buffer size. The actual size of the output might be smaller in
- * any given call.
- *
- * See also #PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE().
- *
- * \param key_type      A symmetric key type that is compatible with algorithm
- *                      alg.
- * \param alg           A cipher algorithm (PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_CIPHER(\p alg) is true).
- * \return              A sufficient output size for the specified key type and
- *                      algorithm. If the key type or cipher algorithm is not
- *                      recognized, or the parameters are incompatible, return 0.
- */
-#define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg)    \
-    (PSA_ALG_IS_CIPHER(alg) ?                           \
-     (alg == PSA_ALG_CBC_PKCS7 ?                        \
-      PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) :         \
-      0) :                                              \
-     0)
-
-/** A sufficient ciphertext buffer size for psa_cipher_finish(), for any of the
- *  supported key types and cipher algorithms.
- *
- * See also #PSA_CIPHER_FINISH_OUTPUT_SIZE(\p key_type, \p alg).
- */
-#define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE           \
-    (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
-
-#endif /* PSA_CRYPTO_SIZES_H */
diff --git a/Sources/mbedtls/include/psa/crypto_struct.h b/Sources/mbedtls/include/psa/crypto_struct.h
deleted file mode 100644
index 511b397..0000000
--- a/Sources/mbedtls/include/psa/crypto_struct.h
+++ /dev/null
@@ -1,478 +0,0 @@
-/**
- * \file psa/crypto_struct.h
- *
- * \brief PSA cryptography module: Mbed TLS structured type implementations
- *
- * \note This file may not be included directly. Applications must
- * include psa/crypto.h.
- *
- * This file contains the definitions of some data structures with
- * implementation-specific definitions.
- *
- * In implementations with isolation between the application and the
- * cryptography module, it is expected that the front-end and the back-end
- * would have different versions of this file.
- *
- * <h3>Design notes about multipart operation structures</h3>
- *
- * For multipart operations without driver delegation support, each multipart
- * operation structure contains a `psa_algorithm_t alg` field which indicates
- * which specific algorithm the structure is for. When the structure is not in
- * use, `alg` is 0. Most of the structure consists of a union which is
- * discriminated by `alg`.
- *
- * For multipart operations with driver delegation support, each multipart
- * operation structure contains an `unsigned int id` field indicating which
- * driver got assigned to do the operation. When the structure is not in use,
- * 'id' is 0. The structure contains also a driver context which is the union
- * of the contexts of all drivers able to handle the type of multipart
- * operation.
- *
- * Note that when `alg` or `id` is 0, the content of other fields is undefined.
- * In particular, it is not guaranteed that a freshly-initialized structure
- * is all-zero: we initialize structures to something like `{0, 0}`, which
- * is only guaranteed to initializes the first member of the union;
- * GCC and Clang initialize the whole structure to 0 (at the time of writing),
- * but MSVC and CompCert don't.
- *
- * In Mbed Crypto, multipart operation structures live independently from
- * the key. This allows Mbed Crypto to free the key objects when destroying
- * a key slot. If a multipart operation needs to remember the key after
- * the setup function returns, the operation structure needs to contain a
- * copy of the key.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_STRUCT_H
-#define PSA_CRYPTO_STRUCT_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Include the Mbed TLS configuration file, the way Mbed TLS does it
- * in each of its header files. */
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/cmac.h"
-#include "mbedtls/gcm.h"
-
-/* Include the context definition for the compiled-in drivers for the primitive
- * algorithms. */
-#include "psa/crypto_driver_contexts_primitives.h"
-
-struct psa_hash_operation_s
-{
-    /** Unique ID indicating which driver got assigned to do the
-     * operation. Since driver contexts are driver-specific, swapping
-     * drivers halfway through the operation is not supported.
-     * ID values are auto-generated in psa_driver_wrappers.h.
-     * ID value zero means the context is not valid or not assigned to
-     * any driver (i.e. the driver context is not active, in use). */
-    unsigned int id;
-    psa_driver_hash_context_t ctx;
-};
-
-#define PSA_HASH_OPERATION_INIT {0, {0}}
-static inline struct psa_hash_operation_s psa_hash_operation_init( void )
-{
-    const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
-    return( v );
-}
-
-struct psa_cipher_operation_s
-{
-    /** Unique ID indicating which driver got assigned to do the
-     * operation. Since driver contexts are driver-specific, swapping
-     * drivers halfway through the operation is not supported.
-     * ID values are auto-generated in psa_crypto_driver_wrappers.h
-     * ID value zero means the context is not valid or not assigned to
-     * any driver (i.e. none of the driver contexts are active). */
-    unsigned int id;
-
-    unsigned int iv_required : 1;
-    unsigned int iv_set : 1;
-
-    uint8_t default_iv_length;
-
-    psa_driver_cipher_context_t ctx;
-};
-
-#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}}
-static inline struct psa_cipher_operation_s psa_cipher_operation_init( void )
-{
-    const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
-    return( v );
-}
-
-/* Include the context definition for the compiled-in drivers for the composite
- * algorithms. */
-#include "psa/crypto_driver_contexts_composites.h"
-
-struct psa_mac_operation_s
-{
-    /** Unique ID indicating which driver got assigned to do the
-     * operation. Since driver contexts are driver-specific, swapping
-     * drivers halfway through the operation is not supported.
-     * ID values are auto-generated in psa_driver_wrappers.h
-     * ID value zero means the context is not valid or not assigned to
-     * any driver (i.e. none of the driver contexts are active). */
-    unsigned int id;
-    uint8_t mac_size;
-    unsigned int is_sign : 1;
-    psa_driver_mac_context_t ctx;
-};
-
-#define PSA_MAC_OPERATION_INIT {0, 0, 0, {0}}
-static inline struct psa_mac_operation_s psa_mac_operation_init( void )
-{
-    const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
-    return( v );
-}
-
-struct psa_aead_operation_s
-{
-    psa_algorithm_t alg;
-    unsigned int key_set : 1;
-    unsigned int iv_set : 1;
-    uint8_t iv_size;
-    uint8_t block_size;
-    union
-    {
-        unsigned dummy; /* Enable easier initializing of the union. */
-        mbedtls_cipher_context_t cipher;
-    } ctx;
-};
-
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, {0}}
-static inline struct psa_aead_operation_s psa_aead_operation_init( void )
-{
-    const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
-    return( v );
-}
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
-typedef struct
-{
-    uint8_t *info;
-    size_t info_length;
-#if PSA_HASH_MAX_SIZE > 0xff
-#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
-#endif
-    uint8_t offset_in_block;
-    uint8_t block_number;
-    unsigned int state : 2;
-    unsigned int info_set : 1;
-    uint8_t output_block[PSA_HASH_MAX_SIZE];
-    uint8_t prk[PSA_HASH_MAX_SIZE];
-    struct psa_mac_operation_s hmac;
-} psa_hkdf_key_derivation_t;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-typedef enum
-{
-    PSA_TLS12_PRF_STATE_INIT,       /* no input provided */
-    PSA_TLS12_PRF_STATE_SEED_SET,   /* seed has been set */
-    PSA_TLS12_PRF_STATE_KEY_SET,    /* key has been set */
-    PSA_TLS12_PRF_STATE_LABEL_SET,  /* label has been set */
-    PSA_TLS12_PRF_STATE_OUTPUT      /* output has been started */
-} psa_tls12_prf_key_derivation_state_t;
-
-typedef struct psa_tls12_prf_key_derivation_s
-{
-#if PSA_HASH_MAX_SIZE > 0xff
-#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
-#endif
-
-    /* Indicates how many bytes in the current HMAC block have
-     * not yet been read by the user. */
-    uint8_t left_in_block;
-
-    /* The 1-based number of the block. */
-    uint8_t block_number;
-
-    psa_tls12_prf_key_derivation_state_t state;
-
-    uint8_t *secret;
-    size_t secret_length;
-    uint8_t *seed;
-    size_t seed_length;
-    uint8_t *label;
-    size_t label_length;
-
-    uint8_t Ai[PSA_HASH_MAX_SIZE];
-
-    /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
-    uint8_t output_block[PSA_HASH_MAX_SIZE];
-} psa_tls12_prf_key_derivation_t;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
-        * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
-
-struct psa_key_derivation_s
-{
-    psa_algorithm_t alg;
-    unsigned int can_output_key : 1;
-    size_t capacity;
-    union
-    {
-        /* Make the union non-empty even with no supported algorithms. */
-        uint8_t dummy;
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
-        psa_hkdf_key_derivation_t hkdf;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-        psa_tls12_prf_key_derivation_t tls12_prf;
-#endif
-    } ctx;
-};
-
-/* This only zeroes out the first byte in the union, the rest is unspecified. */
-#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, 0, {0}}
-static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void )
-{
-    const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
-    return( v );
-}
-
-struct psa_key_policy_s
-{
-    psa_key_usage_t usage;
-    psa_algorithm_t alg;
-    psa_algorithm_t alg2;
-};
-typedef struct psa_key_policy_s psa_key_policy_t;
-
-#define PSA_KEY_POLICY_INIT {0, 0, 0}
-static inline struct psa_key_policy_s psa_key_policy_init( void )
-{
-    const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
-    return( v );
-}
-
-/* The type used internally for key sizes.
- * Public interfaces use size_t, but internally we use a smaller type. */
-typedef uint16_t psa_key_bits_t;
-/* The maximum value of the type used to represent bit-sizes.
- * This is used to mark an invalid key size. */
-#define PSA_KEY_BITS_TOO_LARGE ( (psa_key_bits_t) ( -1 ) )
-/* The maximum size of a key in bits.
- * Currently defined as the maximum that can be represented, rounded down
- * to a whole number of bytes.
- * This is an uncast value so that it can be used in preprocessor
- * conditionals. */
-#define PSA_MAX_KEY_BITS 0xfff8
-
-/** A mask of flags that can be stored in key attributes.
- *
- * This type is also used internally to store flags in slots. Internal
- * flags are defined in library/psa_crypto_core.h. Internal flags may have
- * the same value as external flags if they are properly handled during
- * key creation and in psa_get_key_attributes.
- */
-typedef uint16_t psa_key_attributes_flag_t;
-
-#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER     \
-    ( (psa_key_attributes_flag_t) 0x0001 )
-
-/* A mask of key attribute flags used externally only.
- * Only meant for internal checks inside the library. */
-#define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY (      \
-        MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER |    \
-        0 )
-
-/* A mask of key attribute flags used both internally and externally.
- * Currently there aren't any. */
-#define MBEDTLS_PSA_KA_MASK_DUAL_USE (          \
-        0 )
-
-typedef struct
-{
-    psa_key_type_t type;
-    psa_key_bits_t bits;
-    psa_key_lifetime_t lifetime;
-    mbedtls_svc_key_id_t id;
-    psa_key_policy_t policy;
-    psa_key_attributes_flag_t flags;
-} psa_core_key_attributes_t;
-
-#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
-
-struct psa_key_attributes_s
-{
-    psa_core_key_attributes_t core;
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    psa_key_slot_number_t slot_number;
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-    void *domain_parameters;
-    size_t domain_parameters_size;
-};
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0}
-#else
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0}
-#endif
-
-static inline struct psa_key_attributes_s psa_key_attributes_init( void )
-{
-    const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
-    return( v );
-}
-
-static inline void psa_set_key_id( psa_key_attributes_t *attributes,
-                                   mbedtls_svc_key_id_t key )
-{
-    psa_key_lifetime_t lifetime = attributes->core.lifetime;
-
-    attributes->core.id = key;
-
-    if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
-    {
-        attributes->core.lifetime =
-            PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
-                PSA_KEY_LIFETIME_PERSISTENT,
-                PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) );
-    }
-}
-
-static inline mbedtls_svc_key_id_t psa_get_key_id(
-    const psa_key_attributes_t *attributes)
-{
-    return( attributes->core.id );
-}
-
-#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
-static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
-                                             mbedtls_key_owner_id_t owner )
-{
-    attributes->core.id.owner = owner;
-}
-#endif
-
-static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
-                                        psa_key_lifetime_t lifetime)
-{
-    attributes->core.lifetime = lifetime;
-    if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
-    {
-#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
-        attributes->core.id.key_id = 0;
-#else
-        attributes->core.id = 0;
-#endif
-    }
-}
-
-static inline psa_key_lifetime_t psa_get_key_lifetime(
-    const psa_key_attributes_t *attributes)
-{
-    return( attributes->core.lifetime );
-}
-
-static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags )
-{
-    if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
-        *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
-
-    if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
-        *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
-}
-
-static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
-                                           psa_key_usage_t usage_flags)
-{
-    psa_extend_key_usage_flags( &usage_flags );
-    attributes->core.policy.usage = usage_flags;
-}
-
-static inline psa_key_usage_t psa_get_key_usage_flags(
-    const psa_key_attributes_t *attributes)
-{
-    return( attributes->core.policy.usage );
-}
-
-static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
-                                         psa_algorithm_t alg)
-{
-    attributes->core.policy.alg = alg;
-}
-
-static inline psa_algorithm_t psa_get_key_algorithm(
-    const psa_key_attributes_t *attributes)
-{
-    return( attributes->core.policy.alg );
-}
-
-/* This function is declared in crypto_extra.h, which comes after this
- * header file, but we need the function here, so repeat the declaration. */
-psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
-                                           psa_key_type_t type,
-                                           const uint8_t *data,
-                                           size_t data_length);
-
-static inline void psa_set_key_type(psa_key_attributes_t *attributes,
-                                    psa_key_type_t type)
-{
-    if( attributes->domain_parameters == NULL )
-    {
-        /* Common case: quick path */
-        attributes->core.type = type;
-    }
-    else
-    {
-        /* Call the bigger function to free the old domain parameters.
-         * Ignore any errors which may arise due to type requiring
-         * non-default domain parameters, since this function can't
-         * report errors. */
-        (void) psa_set_key_domain_parameters( attributes, type, NULL, 0 );
-    }
-}
-
-static inline psa_key_type_t psa_get_key_type(
-    const psa_key_attributes_t *attributes)
-{
-    return( attributes->core.type );
-}
-
-static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
-                                    size_t bits)
-{
-    if( bits > PSA_MAX_KEY_BITS )
-        attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
-    else
-        attributes->core.bits = (psa_key_bits_t) bits;
-}
-
-static inline size_t psa_get_key_bits(
-    const psa_key_attributes_t *attributes)
-{
-    return( attributes->core.bits );
-}
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* PSA_CRYPTO_STRUCT_H */
diff --git a/Sources/mbedtls/include/psa/crypto_types.h b/Sources/mbedtls/include/psa/crypto_types.h
deleted file mode 100644
index 679cbc4..0000000
--- a/Sources/mbedtls/include/psa/crypto_types.h
+++ /dev/null
@@ -1,464 +0,0 @@
-/**
- * \file psa/crypto_types.h
- *
- * \brief PSA cryptography module: type aliases.
- *
- * \note This file may not be included directly. Applications must
- * include psa/crypto.h. Drivers must include the appropriate driver
- * header file.
- *
- * This file contains portable definitions of integral types for properties
- * of cryptographic keys, designations of cryptographic algorithms, and
- * error codes returned by the library.
- *
- * This header file does not declare any function.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_TYPES_H
-#define PSA_CRYPTO_TYPES_H
-
-#include "crypto_platform.h"
-
-/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT
- * is defined as well to include all PSA code.
- */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-#define MBEDTLS_PSA_CRYPTO_CLIENT
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-#include <stdint.h>
-
-/** \defgroup error Error codes
- * @{
- */
-
-/**
- * \brief Function return status.
- *
- * This is either #PSA_SUCCESS (which is zero), indicating success,
- * or a small negative value indicating that an error occurred. Errors are
- * encoded as one of the \c PSA_ERROR_xxx values defined here. */
-/* If #PSA_SUCCESS is already defined, it means that #psa_status_t
- * is also defined in an external header, so prevent its multiple
- * definition.
- */
-#ifndef PSA_SUCCESS
-typedef int32_t psa_status_t;
-#endif
-
-/**@}*/
-
-/** \defgroup crypto_types Key and algorithm types
- * @{
- */
-
-/** \brief Encoding of a key type.
- *
- * Values of this type are generally constructed by macros called
- * `PSA_KEY_TYPE_xxx`.
- *
- * \note Values of this type are encoded in the persistent key store.
- *       Any changes to existing values will require bumping the storage
- *       format version and providing a translation when reading the old
- *       format.
- */
-typedef uint16_t psa_key_type_t;
-
-/** The type of PSA elliptic curve family identifiers.
- *
- * Values of this type are generally constructed by macros called
- * `PSA_ECC_FAMILY_xxx`.
- *
- * The curve identifier is required to create an ECC key using the
- * PSA_KEY_TYPE_ECC_KEY_PAIR() or PSA_KEY_TYPE_ECC_PUBLIC_KEY()
- * macros.
- *
- * Values defined by this standard will never be in the range 0x80-0xff.
- * Vendors who define additional families must use an encoding in this range.
- *
- * \note Values of this type are encoded in the persistent key store.
- *       Any changes to existing values will require bumping the storage
- *       format version and providing a translation when reading the old
- *       format.
- */
-typedef uint8_t psa_ecc_family_t;
-
-/** The type of PSA Diffie-Hellman group family identifiers.
- *
- * Values of this type are generally constructed by macros called
- * `PSA_DH_FAMILY_xxx`.
- *
- * The group identifier is required to create a Diffie-Hellman key using the
- * PSA_KEY_TYPE_DH_KEY_PAIR() or PSA_KEY_TYPE_DH_PUBLIC_KEY()
- * macros.
- *
- * Values defined by this standard will never be in the range 0x80-0xff.
- * Vendors who define additional families must use an encoding in this range.
- *
- * \note Values of this type are encoded in the persistent key store.
- *       Any changes to existing values will require bumping the storage
- *       format version and providing a translation when reading the old
- *       format.
- */
-typedef uint8_t psa_dh_family_t;
-
-/** \brief Encoding of a cryptographic algorithm.
- *
- * Values of this type are generally constructed by macros called
- * `PSA_ALG_xxx`.
- *
- * For algorithms that can be applied to multiple key types, this type
- * does not encode the key type. For example, for symmetric ciphers
- * based on a block cipher, #psa_algorithm_t encodes the block cipher
- * mode and the padding mode while the block cipher itself is encoded
- * via #psa_key_type_t.
- *
- * \note Values of this type are encoded in the persistent key store.
- *       Any changes to existing values will require bumping the storage
- *       format version and providing a translation when reading the old
- *       format.
- */
-typedef uint32_t psa_algorithm_t;
-
-/**@}*/
-
-/** \defgroup key_lifetimes Key lifetimes
- * @{
- */
-
-/** Encoding of key lifetimes.
- *
- * The lifetime of a key indicates where it is stored and what system actions
- * may create and destroy it.
- *
- * Lifetime values have the following structure:
- * - Bits 0-7 (#PSA_KEY_LIFETIME_GET_PERSISTENCE(\c lifetime)):
- *   persistence level. This value indicates what device management
- *   actions can cause it to be destroyed. In particular, it indicates
- *   whether the key is _volatile_ or _persistent_.
- *   See ::psa_key_persistence_t for more information.
- * - Bits 8-31 (#PSA_KEY_LIFETIME_GET_LOCATION(\c lifetime)):
- *   location indicator. This value indicates which part of the system
- *   has access to the key material and can perform operations using the key.
- *   See ::psa_key_location_t for more information.
- *
- * Volatile keys are automatically destroyed when the application instance
- * terminates or on a power reset of the device. Persistent keys are
- * preserved until the application explicitly destroys them or until an
- * integration-specific device management event occurs (for example,
- * a factory reset).
- *
- * Persistent keys have a key identifier of type #mbedtls_svc_key_id_t.
- * This identifier remains valid throughout the lifetime of the key,
- * even if the application instance that created the key terminates.
- * The application can call psa_open_key() to open a persistent key that
- * it created previously.
- *
- * The default lifetime of a key is #PSA_KEY_LIFETIME_VOLATILE. The lifetime
- * #PSA_KEY_LIFETIME_PERSISTENT is supported if persistent storage is
- * available. Other lifetime values may be supported depending on the
- * library configuration.
- *
- * Values of this type are generally constructed by macros called
- * `PSA_KEY_LIFETIME_xxx`.
- *
- * \note Values of this type are encoded in the persistent key store.
- *       Any changes to existing values will require bumping the storage
- *       format version and providing a translation when reading the old
- *       format.
- */
-typedef uint32_t psa_key_lifetime_t;
-
-/** Encoding of key persistence levels.
- *
- * What distinguishes different persistence levels is what device management
- * events may cause keys to be destroyed. _Volatile_ keys are destroyed
- * by a power reset. Persistent keys may be destroyed by events such as
- * a transfer of ownership or a factory reset. What management events
- * actually affect persistent keys at different levels is outside the
- * scope of the PSA Cryptography specification.
- *
- * The PSA Cryptography specification defines the following values of
- * persistence levels:
- * - \c 0 = #PSA_KEY_PERSISTENCE_VOLATILE: volatile key.
- *   A volatile key is automatically destroyed by the implementation when
- *   the application instance terminates. In particular, a volatile key
- *   is automatically destroyed on a power reset of the device.
- * - \c 1 = #PSA_KEY_PERSISTENCE_DEFAULT:
- *   persistent key with a default lifetime.
- * - \c 2-254: currently not supported by Mbed TLS.
- * - \c 255 = #PSA_KEY_PERSISTENCE_READ_ONLY:
- *   read-only or write-once key.
- *   A key with this persistence level cannot be destroyed.
- *   Mbed TLS does not currently offer a way to create such keys, but
- *   integrations of Mbed TLS can use it for built-in keys that the
- *   application cannot modify (for example, a hardware unique key (HUK)).
- *
- * \note Key persistence levels are 8-bit values. Key management
- *       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
- *       encode the persistence as the lower 8 bits of a 32-bit value.
- *
- * \note Values of this type are encoded in the persistent key store.
- *       Any changes to existing values will require bumping the storage
- *       format version and providing a translation when reading the old
- *       format.
- */
-typedef uint8_t psa_key_persistence_t;
-
-/** Encoding of key location indicators.
- *
- * If an integration of Mbed TLS can make calls to external
- * cryptoprocessors such as secure elements, the location of a key
- * indicates which secure element performs the operations on the key.
- * Depending on the design of the secure element, the key
- * material may be stored either in the secure element, or
- * in wrapped (encrypted) form alongside the key metadata in the
- * primary local storage.
- *
- * The PSA Cryptography API specification defines the following values of
- * location indicators:
- * - \c 0: primary local storage.
- *   This location is always available.
- *   The primary local storage is typically the same storage area that
- *   contains the key metadata.
- * - \c 1: primary secure element.
- *   Integrations of Mbed TLS should support this value if there is a secure
- *   element attached to the operating environment.
- *   As a guideline, secure elements may provide higher resistance against
- *   side channel and physical attacks than the primary local storage, but may
- *   have restrictions on supported key types, sizes, policies and operations
- *   and may have different performance characteristics.
- * - \c 2-0x7fffff: other locations defined by a PSA specification.
- *   The PSA Cryptography API does not currently assign any meaning to these
- *   locations, but future versions of that specification or other PSA
- *   specifications may do so.
- * - \c 0x800000-0xffffff: vendor-defined locations.
- *   No PSA specification will assign a meaning to locations in this range.
- *
- * \note Key location indicators are 24-bit values. Key management
- *       interfaces operate on lifetimes (type ::psa_key_lifetime_t) which
- *       encode the location as the upper 24 bits of a 32-bit value.
- *
- * \note Values of this type are encoded in the persistent key store.
- *       Any changes to existing values will require bumping the storage
- *       format version and providing a translation when reading the old
- *       format.
- */
-typedef uint32_t psa_key_location_t;
-
-/** Encoding of identifiers of persistent keys.
- *
- * - Applications may freely choose key identifiers in the range
- *   #PSA_KEY_ID_USER_MIN to #PSA_KEY_ID_USER_MAX.
- * - The implementation may define additional key identifiers in the range
- *   #PSA_KEY_ID_VENDOR_MIN to #PSA_KEY_ID_VENDOR_MAX.
- * - 0 is reserved as an invalid key identifier.
- * - Key identifiers outside these ranges are reserved for future use.
- *
- * \note Values of this type are encoded in the persistent key store.
- *       Any changes to how values are allocated must require careful
- *       consideration to allow backward compatibility.
- */
-typedef uint32_t psa_key_id_t;
-
-/** Encoding of key identifiers as seen inside the PSA Crypto implementation.
- *
- * When PSA Crypto is built as a library inside an application, this type
- * is identical to #psa_key_id_t. When PSA Crypto is built as a service
- * that can store keys on behalf of multiple clients, this type
- * encodes the #psa_key_id_t value seen by each client application as
- * well as extra information that identifies the client that owns
- * the key.
- *
- * \note Values of this type are encoded in the persistent key store.
- *       Any changes to existing values will require bumping the storage
- *       format version and providing a translation when reading the old
- *       format.
-*/
-#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
-typedef psa_key_id_t mbedtls_svc_key_id_t;
-
-#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
-/* Implementation-specific: The Mbed Cryptography library can be built as
- * part of a multi-client service that exposes the PSA Cryptography API in each
- * client and encodes the client identity in the key identifier argument of
- * functions such as psa_open_key().
- */
-typedef struct
-{
-    psa_key_id_t key_id;
-    mbedtls_key_owner_id_t owner;
-} mbedtls_svc_key_id_t;
-
-#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
-
-/**@}*/
-
-/** \defgroup policy Key policies
- * @{
- */
-
-/** \brief Encoding of permitted usage on a key.
- *
- * Values of this type are generally constructed as bitwise-ors of macros
- * called `PSA_KEY_USAGE_xxx`.
- *
- * \note Values of this type are encoded in the persistent key store.
- *       Any changes to existing values will require bumping the storage
- *       format version and providing a translation when reading the old
- *       format.
- */
-typedef uint32_t psa_key_usage_t;
-
-/**@}*/
-
-/** \defgroup attributes Key attributes
- * @{
- */
-
-/** The type of a structure containing key attributes.
- *
- * This is an opaque structure that can represent the metadata of a key
- * object. Metadata that can be stored in attributes includes:
- * - The location of the key in storage, indicated by its key identifier
- *   and its lifetime.
- * - The key's policy, comprising usage flags and a specification of
- *   the permitted algorithm(s).
- * - Information about the key itself: the key type and its size.
- * - Additional implementation-defined attributes.
- *
- * The actual key material is not considered an attribute of a key.
- * Key attributes do not contain information that is generally considered
- * highly confidential.
- *
- * An attribute structure works like a simple data structure where each function
- * `psa_set_key_xxx` sets a field and the corresponding function
- * `psa_get_key_xxx` retrieves the value of the corresponding field.
- * However, a future version of the library  may report values that are
- * equivalent to the original one, but have a different encoding. Invalid
- * values may be mapped to different, also invalid values.
- *
- * An attribute structure may contain references to auxiliary resources,
- * for example pointers to allocated memory or indirect references to
- * pre-calculated values. In order to free such resources, the application
- * must call psa_reset_key_attributes(). As an exception, calling
- * psa_reset_key_attributes() on an attribute structure is optional if
- * the structure has only been modified by the following functions
- * since it was initialized or last reset with psa_reset_key_attributes():
- * - psa_set_key_id()
- * - psa_set_key_lifetime()
- * - psa_set_key_type()
- * - psa_set_key_bits()
- * - psa_set_key_usage_flags()
- * - psa_set_key_algorithm()
- *
- * Before calling any function on a key attribute structure, the application
- * must initialize it by any of the following means:
- * - Set the structure to all-bits-zero, for example:
- *   \code
- *   psa_key_attributes_t attributes;
- *   memset(&attributes, 0, sizeof(attributes));
- *   \endcode
- * - Initialize the structure to logical zero values, for example:
- *   \code
- *   psa_key_attributes_t attributes = {0};
- *   \endcode
- * - Initialize the structure to the initializer #PSA_KEY_ATTRIBUTES_INIT,
- *   for example:
- *   \code
- *   psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- *   \endcode
- * - Assign the result of the function psa_key_attributes_init()
- *   to the structure, for example:
- *   \code
- *   psa_key_attributes_t attributes;
- *   attributes = psa_key_attributes_init();
- *   \endcode
- *
- * A freshly initialized attribute structure contains the following
- * values:
- *
- * - lifetime: #PSA_KEY_LIFETIME_VOLATILE.
- * - key identifier: 0 (which is not a valid key identifier).
- * - type: \c 0 (meaning that the type is unspecified).
- * - key size: \c 0 (meaning that the size is unspecified).
- * - usage flags: \c 0 (which allows no usage except exporting a public key).
- * - algorithm: \c 0 (which allows no cryptographic usage, but allows
- *   exporting).
- *
- * A typical sequence to create a key is as follows:
- * -# Create and initialize an attribute structure.
- * -# If the key is persistent, call psa_set_key_id().
- *    Also call psa_set_key_lifetime() to place the key in a non-default
- *    location.
- * -# Set the key policy with psa_set_key_usage_flags() and
- *    psa_set_key_algorithm().
- * -# Set the key type with psa_set_key_type().
- *    Skip this step if copying an existing key with psa_copy_key().
- * -# When generating a random key with psa_generate_key() or deriving a key
- *    with psa_key_derivation_output_key(), set the desired key size with
- *    psa_set_key_bits().
- * -# Call a key creation function: psa_import_key(), psa_generate_key(),
- *    psa_key_derivation_output_key() or psa_copy_key(). This function reads
- *    the attribute structure, creates a key with these attributes, and
- *    outputs a key identifier to the newly created key.
- * -# The attribute structure is now no longer necessary.
- *    You may call psa_reset_key_attributes(), although this is optional
- *    with the workflow presented here because the attributes currently
- *    defined in this specification do not require any additional resources
- *    beyond the structure itself.
- *
- * A typical sequence to query a key's attributes is as follows:
- * -# Call psa_get_key_attributes().
- * -# Call `psa_get_key_xxx` functions to retrieve the attribute(s) that
- *    you are interested in.
- * -# Call psa_reset_key_attributes() to free any resources that may be
- *    used by the attribute structure.
- *
- * Once a key has been created, it is impossible to change its attributes.
- */
-typedef struct psa_key_attributes_s psa_key_attributes_t;
-
-
-#ifndef __DOXYGEN_ONLY__
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-/* Mbed Crypto defines this type in crypto_types.h because it is also
- * visible to applications through an implementation-specific extension.
- * For the PSA Cryptography specification, this type is only visible
- * via crypto_se_driver.h. */
-typedef uint64_t psa_key_slot_number_t;
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-#endif /* !__DOXYGEN_ONLY__ */
-
-/**@}*/
-
-/** \defgroup derivation Key derivation
- * @{
- */
-
-/** \brief Encoding of the step of a key derivation.
- *
- * Values of this type are generally constructed by macros called
- * `PSA_KEY_DERIVATION_INPUT_xxx`.
- */
-typedef uint16_t psa_key_derivation_step_t;
-
-/**@}*/
-
-#endif /* PSA_CRYPTO_TYPES_H */
diff --git a/Sources/mbedtls/include/psa/crypto_values.h b/Sources/mbedtls/include/psa/crypto_values.h
deleted file mode 100644
index a4b4927..0000000
--- a/Sources/mbedtls/include/psa/crypto_values.h
+++ /dev/null
@@ -1,2373 +0,0 @@
-/**
- * \file psa/crypto_values.h
- *
- * \brief PSA cryptography module: macros to build and analyze integer values.
- *
- * \note This file may not be included directly. Applications must
- * include psa/crypto.h. Drivers must include the appropriate driver
- * header file.
- *
- * This file contains portable definitions of macros to build and analyze
- * values of integral types that encode properties of cryptographic keys,
- * designations of cryptographic algorithms, and error codes returned by
- * the library.
- *
- * Note that many of the constants defined in this file are embedded in
- * the persistent key store, as part of key metadata (including usage
- * policies). As a consequence, they must not be changed (unless the storage
- * format version changes).
- *
- * This header file only defines preprocessor macros.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_VALUES_H
-#define PSA_CRYPTO_VALUES_H
-
-/** \defgroup error Error codes
- * @{
- */
-
-/* PSA error codes */
-
-/* Error codes are standardized across PSA domains (framework, crypto, storage,
- * etc.). Do not change the values in this section or even the expansions
- * of each macro: it must be possible to `#include` both this header
- * and some other PSA component's headers in the same C source,
- * which will lead to duplicate definitions of the `PSA_SUCCESS` and
- * `PSA_ERROR_xxx` macros, which is ok if and only if the macros expand
- * to the same sequence of tokens.
- *
- * If you must add a new
- * value, check with the Arm PSA framework group to pick one that other
- * domains aren't already using. */
-
-/** The action was completed successfully. */
-#define PSA_SUCCESS ((psa_status_t)0)
-
-/** An error occurred that does not correspond to any defined
- * failure cause.
- *
- * Implementations may use this error code if none of the other standard
- * error codes are applicable. */
-#define PSA_ERROR_GENERIC_ERROR         ((psa_status_t)-132)
-
-/** The requested operation or a parameter is not supported
- * by this implementation.
- *
- * Implementations should return this error code when an enumeration
- * parameter such as a key type, algorithm, etc. is not recognized.
- * If a combination of parameters is recognized and identified as
- * not valid, return #PSA_ERROR_INVALID_ARGUMENT instead. */
-#define PSA_ERROR_NOT_SUPPORTED         ((psa_status_t)-134)
-
-/** The requested action is denied by a policy.
- *
- * Implementations should return this error code when the parameters
- * are recognized as valid and supported, and a policy explicitly
- * denies the requested operation.
- *
- * If a subset of the parameters of a function call identify a
- * forbidden operation, and another subset of the parameters are
- * not valid or not supported, it is unspecified whether the function
- * returns #PSA_ERROR_NOT_PERMITTED, #PSA_ERROR_NOT_SUPPORTED or
- * #PSA_ERROR_INVALID_ARGUMENT. */
-#define PSA_ERROR_NOT_PERMITTED         ((psa_status_t)-133)
-
-/** An output buffer is too small.
- *
- * Applications can call the \c PSA_xxx_SIZE macro listed in the function
- * description to determine a sufficient buffer size.
- *
- * Implementations should preferably return this error code only
- * in cases when performing the operation with a larger output
- * buffer would succeed. However implementations may return this
- * error if a function has invalid or unsupported parameters in addition
- * to the parameters that determine the necessary output buffer size. */
-#define PSA_ERROR_BUFFER_TOO_SMALL      ((psa_status_t)-138)
-
-/** Asking for an item that already exists
- *
- * Implementations should return this error, when attempting
- * to write an item (like a key) that already exists. */
-#define PSA_ERROR_ALREADY_EXISTS        ((psa_status_t)-139)
-
-/** Asking for an item that doesn't exist
- *
- * Implementations should return this error, if a requested item (like
- * a key) does not exist. */
-#define PSA_ERROR_DOES_NOT_EXIST        ((psa_status_t)-140)
-
-/** The requested action cannot be performed in the current state.
- *
- * Multipart operations return this error when one of the
- * functions is called out of sequence. Refer to the function
- * descriptions for permitted sequencing of functions.
- *
- * Implementations shall not return this error code to indicate
- * that a key either exists or not,
- * but shall instead return #PSA_ERROR_ALREADY_EXISTS or #PSA_ERROR_DOES_NOT_EXIST
- * as applicable.
- *
- * Implementations shall not return this error code to indicate that a
- * key identifier is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
- * instead. */
-#define PSA_ERROR_BAD_STATE             ((psa_status_t)-137)
-
-/** The parameters passed to the function are invalid.
- *
- * Implementations may return this error any time a parameter or
- * combination of parameters are recognized as invalid.
- *
- * Implementations shall not return this error code to indicate that a
- * key identifier is invalid, but shall return #PSA_ERROR_INVALID_HANDLE
- * instead.
- */
-#define PSA_ERROR_INVALID_ARGUMENT      ((psa_status_t)-135)
-
-/** There is not enough runtime memory.
- *
- * If the action is carried out across multiple security realms, this
- * error can refer to available memory in any of the security realms. */
-#define PSA_ERROR_INSUFFICIENT_MEMORY   ((psa_status_t)-141)
-
-/** There is not enough persistent storage.
- *
- * Functions that modify the key storage return this error code if
- * there is insufficient storage space on the host media. In addition,
- * many functions that do not otherwise access storage may return this
- * error code if the implementation requires a mandatory log entry for
- * the requested action and the log storage space is full. */
-#define PSA_ERROR_INSUFFICIENT_STORAGE  ((psa_status_t)-142)
-
-/** There was a communication failure inside the implementation.
- *
- * This can indicate a communication failure between the application
- * and an external cryptoprocessor or between the cryptoprocessor and
- * an external volatile or persistent memory. A communication failure
- * may be transient or permanent depending on the cause.
- *
- * \warning If a function returns this error, it is undetermined
- * whether the requested action has completed or not. Implementations
- * should return #PSA_SUCCESS on successful completion whenever
- * possible, however functions may return #PSA_ERROR_COMMUNICATION_FAILURE
- * if the requested action was completed successfully in an external
- * cryptoprocessor but there was a breakdown of communication before
- * the cryptoprocessor could report the status to the application.
- */
-#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t)-145)
-
-/** There was a storage failure that may have led to data loss.
- *
- * This error indicates that some persistent storage is corrupted.
- * It should not be used for a corruption of volatile memory
- * (use #PSA_ERROR_CORRUPTION_DETECTED), for a communication error
- * between the cryptoprocessor and its external storage (use
- * #PSA_ERROR_COMMUNICATION_FAILURE), or when the storage is
- * in a valid state but is full (use #PSA_ERROR_INSUFFICIENT_STORAGE).
- *
- * Note that a storage failure does not indicate that any data that was
- * previously read is invalid. However this previously read data may no
- * longer be readable from storage.
- *
- * When a storage failure occurs, it is no longer possible to ensure
- * the global integrity of the keystore. Depending on the global
- * integrity guarantees offered by the implementation, access to other
- * data may or may not fail even if the data is still readable but
- * its integrity cannot be guaranteed.
- *
- * Implementations should only use this error code to report a
- * permanent storage corruption. However application writers should
- * keep in mind that transient errors while reading the storage may be
- * reported using this error code. */
-#define PSA_ERROR_STORAGE_FAILURE       ((psa_status_t)-146)
-
-/** A hardware failure was detected.
- *
- * A hardware failure may be transient or permanent depending on the
- * cause. */
-#define PSA_ERROR_HARDWARE_FAILURE      ((psa_status_t)-147)
-
-/** A tampering attempt was detected.
- *
- * If an application receives this error code, there is no guarantee
- * that previously accessed or computed data was correct and remains
- * confidential. Applications should not perform any security function
- * and should enter a safe failure state.
- *
- * Implementations may return this error code if they detect an invalid
- * state that cannot happen during normal operation and that indicates
- * that the implementation's security guarantees no longer hold. Depending
- * on the implementation architecture and on its security and safety goals,
- * the implementation may forcibly terminate the application.
- *
- * This error code is intended as a last resort when a security breach
- * is detected and it is unsure whether the keystore data is still
- * protected. Implementations shall only return this error code
- * to report an alarm from a tampering detector, to indicate that
- * the confidentiality of stored data can no longer be guaranteed,
- * or to indicate that the integrity of previously returned data is now
- * considered compromised. Implementations shall not use this error code
- * to indicate a hardware failure that merely makes it impossible to
- * perform the requested operation (use #PSA_ERROR_COMMUNICATION_FAILURE,
- * #PSA_ERROR_STORAGE_FAILURE, #PSA_ERROR_HARDWARE_FAILURE,
- * #PSA_ERROR_INSUFFICIENT_ENTROPY or other applicable error code
- * instead).
- *
- * This error indicates an attack against the application. Implementations
- * shall not return this error code as a consequence of the behavior of
- * the application itself. */
-#define PSA_ERROR_CORRUPTION_DETECTED    ((psa_status_t)-151)
-
-/** There is not enough entropy to generate random data needed
- * for the requested action.
- *
- * This error indicates a failure of a hardware random generator.
- * Application writers should note that this error can be returned not
- * only by functions whose purpose is to generate random data, such
- * as key, IV or nonce generation, but also by functions that execute
- * an algorithm with a randomized result, as well as functions that
- * use randomization of intermediate computations as a countermeasure
- * to certain attacks.
- *
- * Implementations should avoid returning this error after psa_crypto_init()
- * has succeeded. Implementations should generate sufficient
- * entropy during initialization and subsequently use a cryptographically
- * secure pseudorandom generator (PRNG). However implementations may return
- * this error at any time if a policy requires the PRNG to be reseeded
- * during normal operation. */
-#define PSA_ERROR_INSUFFICIENT_ENTROPY  ((psa_status_t)-148)
-
-/** The signature, MAC or hash is incorrect.
- *
- * Verification functions return this error if the verification
- * calculations completed successfully, and the value to be verified
- * was determined to be incorrect.
- *
- * If the value to verify has an invalid size, implementations may return
- * either #PSA_ERROR_INVALID_ARGUMENT or #PSA_ERROR_INVALID_SIGNATURE. */
-#define PSA_ERROR_INVALID_SIGNATURE     ((psa_status_t)-149)
-
-/** The decrypted padding is incorrect.
- *
- * \warning In some protocols, when decrypting data, it is essential that
- * the behavior of the application does not depend on whether the padding
- * is correct, down to precise timing. Applications should prefer
- * protocols that use authenticated encryption rather than plain
- * encryption. If the application must perform a decryption of
- * unauthenticated data, the application writer should take care not
- * to reveal whether the padding is invalid.
- *
- * Implementations should strive to make valid and invalid padding
- * as close as possible to indistinguishable to an external observer.
- * In particular, the timing of a decryption operation should not
- * depend on the validity of the padding. */
-#define PSA_ERROR_INVALID_PADDING       ((psa_status_t)-150)
-
-/** Return this error when there's insufficient data when attempting
- * to read from a resource. */
-#define PSA_ERROR_INSUFFICIENT_DATA     ((psa_status_t)-143)
-
-/** The key identifier is not valid. See also :ref:\`key-handles\`.
- */
-#define PSA_ERROR_INVALID_HANDLE        ((psa_status_t)-136)
-
-/** Stored data has been corrupted.
- *
- * This error indicates that some persistent storage has suffered corruption.
- * It does not indicate the following situations, which have specific error
- * codes:
- *
- * - A corruption of volatile memory - use #PSA_ERROR_CORRUPTION_DETECTED.
- * - A communication error between the cryptoprocessor and its external
- *   storage - use #PSA_ERROR_COMMUNICATION_FAILURE.
- * - When the storage is in a valid state but is full - use
- *   #PSA_ERROR_INSUFFICIENT_STORAGE.
- * - When the storage fails for other reasons - use
- *   #PSA_ERROR_STORAGE_FAILURE.
- * - When the stored data is not valid - use #PSA_ERROR_DATA_INVALID.
- *
- * \note A storage corruption does not indicate that any data that was
- * previously read is invalid. However this previously read data might no
- * longer be readable from storage.
- *
- * When a storage failure occurs, it is no longer possible to ensure the
- * global integrity of the keystore.
- */
-#define PSA_ERROR_DATA_CORRUPT          ((psa_status_t)-152)
-
-/** Data read from storage is not valid for the implementation.
- *
- * This error indicates that some data read from storage does not have a valid
- * format. It does not indicate the following situations, which have specific
- * error codes:
- *
- * - When the storage or stored data is corrupted - use #PSA_ERROR_DATA_CORRUPT
- * - When the storage fails for other reasons - use #PSA_ERROR_STORAGE_FAILURE
- * - An invalid argument to the API - use #PSA_ERROR_INVALID_ARGUMENT
- *
- * This error is typically a result of either storage corruption on a
- * cleartext storage backend, or an attempt to read data that was
- * written by an incompatible version of the library.
- */
-#define PSA_ERROR_DATA_INVALID          ((psa_status_t)-153)
-
-/**@}*/
-
-/** \defgroup crypto_types Key and algorithm types
- * @{
- */
-
-/* Note that key type values, including ECC family and DH group values, are
- * embedded in the persistent key store, as part of key metadata. As a
- * consequence, they must not be changed (unless the storage format version
- * changes).
- */
-
-/** An invalid key type value.
- *
- * Zero is not the encoding of any key type.
- */
-#define PSA_KEY_TYPE_NONE                           ((psa_key_type_t)0x0000)
-
-/** Vendor-defined key type flag.
- *
- * Key types defined by this standard will never have the
- * #PSA_KEY_TYPE_VENDOR_FLAG bit set. Vendors who define additional key types
- * must use an encoding with the #PSA_KEY_TYPE_VENDOR_FLAG bit set and should
- * respect the bitwise structure used by standard encodings whenever practical.
- */
-#define PSA_KEY_TYPE_VENDOR_FLAG                    ((psa_key_type_t)0x8000)
-
-#define PSA_KEY_TYPE_CATEGORY_MASK                  ((psa_key_type_t)0x7000)
-#define PSA_KEY_TYPE_CATEGORY_RAW                   ((psa_key_type_t)0x1000)
-#define PSA_KEY_TYPE_CATEGORY_SYMMETRIC             ((psa_key_type_t)0x2000)
-#define PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY            ((psa_key_type_t)0x4000)
-#define PSA_KEY_TYPE_CATEGORY_KEY_PAIR              ((psa_key_type_t)0x7000)
-
-#define PSA_KEY_TYPE_CATEGORY_FLAG_PAIR             ((psa_key_type_t)0x3000)
-
-/** Whether a key type is vendor-defined.
- *
- * See also #PSA_KEY_TYPE_VENDOR_FLAG.
- */
-#define PSA_KEY_TYPE_IS_VENDOR_DEFINED(type) \
-    (((type) & PSA_KEY_TYPE_VENDOR_FLAG) != 0)
-
-/** Whether a key type is an unstructured array of bytes.
- *
- * This encompasses both symmetric keys and non-key data.
- */
-#define PSA_KEY_TYPE_IS_UNSTRUCTURED(type) \
-    (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_RAW || \
-     ((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC)
-
-/** Whether a key type is asymmetric: either a key pair or a public key. */
-#define PSA_KEY_TYPE_IS_ASYMMETRIC(type)                                \
-    (((type) & PSA_KEY_TYPE_CATEGORY_MASK                               \
-      & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) ==                            \
-     PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
-/** Whether a key type is the public part of a key pair. */
-#define PSA_KEY_TYPE_IS_PUBLIC_KEY(type)                                \
-    (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY)
-/** Whether a key type is a key pair containing a private part and a public
- * part. */
-#define PSA_KEY_TYPE_IS_KEY_PAIR(type)                                   \
-    (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_KEY_PAIR)
-/** The key pair type corresponding to a public key type.
- *
- * You may also pass a key pair type as \p type, it will be left unchanged.
- *
- * \param type      A public key type or key pair type.
- *
- * \return          The corresponding key pair type.
- *                  If \p type is not a public key or a key pair,
- *                  the return value is undefined.
- */
-#define PSA_KEY_TYPE_KEY_PAIR_OF_PUBLIC_KEY(type)        \
-    ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
-/** The public key type corresponding to a key pair type.
- *
- * You may also pass a key pair type as \p type, it will be left unchanged.
- *
- * \param type      A public key type or key pair type.
- *
- * \return          The corresponding public key type.
- *                  If \p type is not a public key or a key pair,
- *                  the return value is undefined.
- */
-#define PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type)        \
-    ((type) & ~PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
-
-/** Raw data.
- *
- * A "key" of this type cannot be used for any cryptographic operation.
- * Applications may use this type to store arbitrary data in the keystore. */
-#define PSA_KEY_TYPE_RAW_DATA                       ((psa_key_type_t)0x1001)
-
-/** HMAC key.
- *
- * The key policy determines which underlying hash algorithm the key can be
- * used for.
- *
- * HMAC keys should generally have the same size as the underlying hash.
- * This size can be calculated with #PSA_HASH_LENGTH(\c alg) where
- * \c alg is the HMAC algorithm or the underlying hash algorithm. */
-#define PSA_KEY_TYPE_HMAC                           ((psa_key_type_t)0x1100)
-
-/** A secret for key derivation.
- *
- * The key policy determines which key derivation algorithm the key
- * can be used for.
- */
-#define PSA_KEY_TYPE_DERIVE                         ((psa_key_type_t)0x1200)
-
-/** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher.
- *
- * The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or
- * 32 bytes (AES-256).
- */
-#define PSA_KEY_TYPE_AES                            ((psa_key_type_t)0x2400)
-
-/** Key for a cipher, AEAD or MAC algorithm based on the
- * ARIA block cipher. */
-#define PSA_KEY_TYPE_ARIA                           ((psa_key_type_t)0x2406)
-
-/** Key for a cipher or MAC algorithm based on DES or 3DES (Triple-DES).
- *
- * The size of the key can be 64 bits (single DES), 128 bits (2-key 3DES) or
- * 192 bits (3-key 3DES).
- *
- * Note that single DES and 2-key 3DES are weak and strongly
- * deprecated and should only be used to decrypt legacy data. 3-key 3DES
- * is weak and deprecated and should only be used in legacy protocols.
- */
-#define PSA_KEY_TYPE_DES                            ((psa_key_type_t)0x2301)
-
-/** Key for a cipher, AEAD or MAC algorithm based on the
- * Camellia block cipher. */
-#define PSA_KEY_TYPE_CAMELLIA                       ((psa_key_type_t)0x2403)
-
-/** Key for the ARC4 stream cipher (also known as RC4 or ARCFOUR).
- *
- * Note that ARC4 is weak and deprecated and should only be used in
- * legacy protocols. */
-#define PSA_KEY_TYPE_ARC4                           ((psa_key_type_t)0x2002)
-
-/** Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm.
- *
- * ChaCha20 and the ChaCha20_Poly1305 construction are defined in RFC 7539.
- *
- * Implementations must support 12-byte nonces, may support 8-byte nonces,
- * and should reject other sizes.
- */
-#define PSA_KEY_TYPE_CHACHA20                       ((psa_key_type_t)0x2004)
-
-/** RSA public key.
- *
- * The size of an RSA key is the bit size of the modulus.
- */
-#define PSA_KEY_TYPE_RSA_PUBLIC_KEY                 ((psa_key_type_t)0x4001)
-/** RSA key pair (private and public key).
- *
- * The size of an RSA key is the bit size of the modulus.
- */
-#define PSA_KEY_TYPE_RSA_KEY_PAIR                   ((psa_key_type_t)0x7001)
-/** Whether a key type is an RSA key (pair or public-only). */
-#define PSA_KEY_TYPE_IS_RSA(type)                                       \
-    (PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY)
-
-#define PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE            ((psa_key_type_t)0x4100)
-#define PSA_KEY_TYPE_ECC_KEY_PAIR_BASE              ((psa_key_type_t)0x7100)
-#define PSA_KEY_TYPE_ECC_CURVE_MASK                 ((psa_key_type_t)0x00ff)
-/** Elliptic curve key pair.
- *
- * The size of an elliptic curve key is the bit size associated with the curve,
- * i.e. the bit size of *q* for a curve over a field *F<sub>q</sub>*.
- * See the documentation of `PSA_ECC_FAMILY_xxx` curve families for details.
- *
- * \param curve     A value of type ::psa_ecc_family_t that
- *                  identifies the ECC curve to be used.
- */
-#define PSA_KEY_TYPE_ECC_KEY_PAIR(curve)         \
-    (PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve))
-/** Elliptic curve public key.
- *
- * The size of an elliptic curve public key is the same as the corresponding
- * private key (see #PSA_KEY_TYPE_ECC_KEY_PAIR and the documentation of
- * `PSA_ECC_FAMILY_xxx` curve families).
- *
- * \param curve     A value of type ::psa_ecc_family_t that
- *                  identifies the ECC curve to be used.
- */
-#define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)              \
-    (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve))
-
-/** Whether a key type is an elliptic curve key (pair or public-only). */
-#define PSA_KEY_TYPE_IS_ECC(type)                                       \
-    ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) &                        \
-      ~PSA_KEY_TYPE_ECC_CURVE_MASK) == PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
-/** Whether a key type is an elliptic curve key pair. */
-#define PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)                               \
-    (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) ==                         \
-     PSA_KEY_TYPE_ECC_KEY_PAIR_BASE)
-/** Whether a key type is an elliptic curve public key. */
-#define PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)                            \
-    (((type) & ~PSA_KEY_TYPE_ECC_CURVE_MASK) ==                         \
-     PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE)
-
-/** Extract the curve from an elliptic curve key type. */
-#define PSA_KEY_TYPE_ECC_GET_FAMILY(type)                        \
-    ((psa_ecc_family_t) (PSA_KEY_TYPE_IS_ECC(type) ?             \
-                        ((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \
-                        0))
-
-/** SEC Koblitz curves over prime fields.
- *
- * This family comprises the following curves:
- * secp192k1, secp224k1, secp256k1.
- * They are defined in _Standards for Efficient Cryptography_,
- * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
- * https://www.secg.org/sec2-v2.pdf
- */
-#define PSA_ECC_FAMILY_SECP_K1           ((psa_ecc_family_t) 0x17)
-
-/** SEC random curves over prime fields.
- *
- * This family comprises the following curves:
- * secp192k1, secp224r1, secp256r1, secp384r1, secp521r1.
- * They are defined in _Standards for Efficient Cryptography_,
- * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
- * https://www.secg.org/sec2-v2.pdf
- */
-#define PSA_ECC_FAMILY_SECP_R1           ((psa_ecc_family_t) 0x12)
-/* SECP160R2 (SEC2 v1, obsolete) */
-#define PSA_ECC_FAMILY_SECP_R2           ((psa_ecc_family_t) 0x1b)
-
-/** SEC Koblitz curves over binary fields.
- *
- * This family comprises the following curves:
- * sect163k1, sect233k1, sect239k1, sect283k1, sect409k1, sect571k1.
- * They are defined in _Standards for Efficient Cryptography_,
- * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
- * https://www.secg.org/sec2-v2.pdf
- */
-#define PSA_ECC_FAMILY_SECT_K1           ((psa_ecc_family_t) 0x27)
-
-/** SEC random curves over binary fields.
- *
- * This family comprises the following curves:
- * sect163r1, sect233r1, sect283r1, sect409r1, sect571r1.
- * They are defined in _Standards for Efficient Cryptography_,
- * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
- * https://www.secg.org/sec2-v2.pdf
- */
-#define PSA_ECC_FAMILY_SECT_R1           ((psa_ecc_family_t) 0x22)
-
-/** SEC additional random curves over binary fields.
- *
- * This family comprises the following curve:
- * sect163r2.
- * It is defined in _Standards for Efficient Cryptography_,
- * _SEC 2: Recommended Elliptic Curve Domain Parameters_.
- * https://www.secg.org/sec2-v2.pdf
- */
-#define PSA_ECC_FAMILY_SECT_R2           ((psa_ecc_family_t) 0x2b)
-
-/** Brainpool P random curves.
- *
- * This family comprises the following curves:
- * brainpoolP160r1, brainpoolP192r1, brainpoolP224r1, brainpoolP256r1,
- * brainpoolP320r1, brainpoolP384r1, brainpoolP512r1.
- * It is defined in RFC 5639.
- */
-#define PSA_ECC_FAMILY_BRAINPOOL_P_R1    ((psa_ecc_family_t) 0x30)
-
-/** Curve25519 and Curve448.
- *
- * This family comprises the following Montgomery curves:
- * - 255-bit: Bernstein et al.,
- *   _Curve25519: new Diffie-Hellman speed records_, LNCS 3958, 2006.
- *   The algorithm #PSA_ALG_ECDH performs X25519 when used with this curve.
- * - 448-bit: Hamburg,
- *   _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
- *   The algorithm #PSA_ALG_ECDH performs X448 when used with this curve.
- */
-#define PSA_ECC_FAMILY_MONTGOMERY        ((psa_ecc_family_t) 0x41)
-
-/** The twisted Edwards curves Ed25519 and Ed448.
- *
- * These curves are suitable for EdDSA (#PSA_ALG_PURE_EDDSA for both curves,
- * #PSA_ALG_ED25519PH for the 255-bit curve,
- * #PSA_ALG_ED448PH for the 448-bit curve).
- *
- * This family comprises the following twisted Edwards curves:
- * - 255-bit: Edwards25519, the twisted Edwards curve birationally equivalent
- *   to Curve25519.
- *   Bernstein et al., _Twisted Edwards curves_, Africacrypt 2008.
- * - 448-bit: Edwards448, the twisted Edwards curve birationally equivalent
- *   to Curve448.
- *   Hamburg, _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015.
- */
-#define PSA_ECC_FAMILY_TWISTED_EDWARDS   ((psa_ecc_family_t) 0x42)
-
-#define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE             ((psa_key_type_t)0x4200)
-#define PSA_KEY_TYPE_DH_KEY_PAIR_BASE               ((psa_key_type_t)0x7200)
-#define PSA_KEY_TYPE_DH_GROUP_MASK                  ((psa_key_type_t)0x00ff)
-/** Diffie-Hellman key pair.
- *
- * \param group     A value of type ::psa_dh_family_t that identifies the
- *                  Diffie-Hellman group to be used.
- */
-#define PSA_KEY_TYPE_DH_KEY_PAIR(group)          \
-    (PSA_KEY_TYPE_DH_KEY_PAIR_BASE | (group))
-/** Diffie-Hellman public key.
- *
- * \param group     A value of type ::psa_dh_family_t that identifies the
- *                  Diffie-Hellman group to be used.
- */
-#define PSA_KEY_TYPE_DH_PUBLIC_KEY(group)               \
-    (PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE | (group))
-
-/** Whether a key type is a Diffie-Hellman key (pair or public-only). */
-#define PSA_KEY_TYPE_IS_DH(type)                                        \
-    ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) &                        \
-      ~PSA_KEY_TYPE_DH_GROUP_MASK) == PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
-/** Whether a key type is a Diffie-Hellman key pair. */
-#define PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)                               \
-    (((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) ==                         \
-     PSA_KEY_TYPE_DH_KEY_PAIR_BASE)
-/** Whether a key type is a Diffie-Hellman public key. */
-#define PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type)                            \
-    (((type) & ~PSA_KEY_TYPE_DH_GROUP_MASK) ==                         \
-     PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE)
-
-/** Extract the group from a Diffie-Hellman key type. */
-#define PSA_KEY_TYPE_DH_GET_FAMILY(type)                        \
-    ((psa_dh_family_t) (PSA_KEY_TYPE_IS_DH(type) ?              \
-                       ((type) & PSA_KEY_TYPE_DH_GROUP_MASK) :  \
-                       0))
-
-/** Diffie-Hellman groups defined in RFC 7919 Appendix A.
- *
- * This family includes groups with the following key sizes (in bits):
- * 2048, 3072, 4096, 6144, 8192. A given implementation may support
- * all of these sizes or only a subset.
- */
-#define PSA_DH_FAMILY_RFC7919            ((psa_dh_family_t) 0x03)
-
-#define PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type)      \
-    (((type) >> 8) & 7)
-/** The block size of a block cipher.
- *
- * \param type  A cipher key type (value of type #psa_key_type_t).
- *
- * \return      The block size for a block cipher, or 1 for a stream cipher.
- *              The return value is undefined if \p type is not a supported
- *              cipher key type.
- *
- * \note It is possible to build stream cipher algorithms on top of a block
- *       cipher, for example CTR mode (#PSA_ALG_CTR).
- *       This macro only takes the key type into account, so it cannot be
- *       used to determine the size of the data that #psa_cipher_update()
- *       might buffer for future processing in general.
- *
- * \note This macro returns a compile-time constant if its argument is one.
- *
- * \warning This macro may evaluate its argument multiple times.
- */
-#define PSA_BLOCK_CIPHER_BLOCK_LENGTH(type)                                     \
-    (((type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
-     1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) :                         \
-     0u)
-
-/* Note that algorithm values are embedded in the persistent key store,
- * as part of key metadata. As a consequence, they must not be changed
- * (unless the storage format version changes).
- */
-
-/** Vendor-defined algorithm flag.
- *
- * Algorithms defined by this standard will never have the #PSA_ALG_VENDOR_FLAG
- * bit set. Vendors who define additional algorithms must use an encoding with
- * the #PSA_ALG_VENDOR_FLAG bit set and should respect the bitwise structure
- * used by standard encodings whenever practical.
- */
-#define PSA_ALG_VENDOR_FLAG                     ((psa_algorithm_t)0x80000000)
-
-#define PSA_ALG_CATEGORY_MASK                   ((psa_algorithm_t)0x7f000000)
-#define PSA_ALG_CATEGORY_HASH                   ((psa_algorithm_t)0x02000000)
-#define PSA_ALG_CATEGORY_MAC                    ((psa_algorithm_t)0x03000000)
-#define PSA_ALG_CATEGORY_CIPHER                 ((psa_algorithm_t)0x04000000)
-#define PSA_ALG_CATEGORY_AEAD                   ((psa_algorithm_t)0x05000000)
-#define PSA_ALG_CATEGORY_SIGN                   ((psa_algorithm_t)0x06000000)
-#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION  ((psa_algorithm_t)0x07000000)
-#define PSA_ALG_CATEGORY_KEY_DERIVATION         ((psa_algorithm_t)0x08000000)
-#define PSA_ALG_CATEGORY_KEY_AGREEMENT          ((psa_algorithm_t)0x09000000)
-
-/** Whether an algorithm is vendor-defined.
- *
- * See also #PSA_ALG_VENDOR_FLAG.
- */
-#define PSA_ALG_IS_VENDOR_DEFINED(alg)                                  \
-    (((alg) & PSA_ALG_VENDOR_FLAG) != 0)
-
-/** Whether the specified algorithm is a hash algorithm.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is a hash algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \p alg is not a supported
- *         algorithm identifier.
- */
-#define PSA_ALG_IS_HASH(alg)                                            \
-    (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_HASH)
-
-/** Whether the specified algorithm is a MAC algorithm.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is a MAC algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \p alg is not a supported
- *         algorithm identifier.
- */
-#define PSA_ALG_IS_MAC(alg)                                             \
-    (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_MAC)
-
-/** Whether the specified algorithm is a symmetric cipher algorithm.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is a symmetric cipher algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \p alg is not a supported
- *         algorithm identifier.
- */
-#define PSA_ALG_IS_CIPHER(alg)                                          \
-    (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_CIPHER)
-
-/** Whether the specified algorithm is an authenticated encryption
- * with associated data (AEAD) algorithm.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is an AEAD algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \p alg is not a supported
- *         algorithm identifier.
- */
-#define PSA_ALG_IS_AEAD(alg)                                            \
-    (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_AEAD)
-
-/** Whether the specified algorithm is an asymmetric signature algorithm,
- * also known as public-key signature algorithm.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is an asymmetric signature algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \p alg is not a supported
- *         algorithm identifier.
- */
-#define PSA_ALG_IS_SIGN(alg)                                            \
-    (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_SIGN)
-
-/** Whether the specified algorithm is an asymmetric encryption algorithm,
- * also known as public-key encryption algorithm.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is an asymmetric encryption algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \p alg is not a supported
- *         algorithm identifier.
- */
-#define PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)                           \
-    (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION)
-
-/** Whether the specified algorithm is a key agreement algorithm.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is a key agreement algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \p alg is not a supported
- *         algorithm identifier.
- */
-#define PSA_ALG_IS_KEY_AGREEMENT(alg)                                   \
-    (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_AGREEMENT)
-
-/** Whether the specified algorithm is a key derivation algorithm.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is a key derivation algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \p alg is not a supported
- *         algorithm identifier.
- */
-#define PSA_ALG_IS_KEY_DERIVATION(alg)                                  \
-    (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION)
-
-/** An invalid algorithm identifier value. */
-#define PSA_ALG_NONE                            ((psa_algorithm_t)0)
-
-#define PSA_ALG_HASH_MASK                       ((psa_algorithm_t)0x000000ff)
-/** MD2 */
-#define PSA_ALG_MD2                             ((psa_algorithm_t)0x02000001)
-/** MD4 */
-#define PSA_ALG_MD4                             ((psa_algorithm_t)0x02000002)
-/** MD5 */
-#define PSA_ALG_MD5                             ((psa_algorithm_t)0x02000003)
-/** PSA_ALG_RIPEMD160 */
-#define PSA_ALG_RIPEMD160                       ((psa_algorithm_t)0x02000004)
-/** SHA1 */
-#define PSA_ALG_SHA_1                           ((psa_algorithm_t)0x02000005)
-/** SHA2-224 */
-#define PSA_ALG_SHA_224                         ((psa_algorithm_t)0x02000008)
-/** SHA2-256 */
-#define PSA_ALG_SHA_256                         ((psa_algorithm_t)0x02000009)
-/** SHA2-384 */
-#define PSA_ALG_SHA_384                         ((psa_algorithm_t)0x0200000a)
-/** SHA2-512 */
-#define PSA_ALG_SHA_512                         ((psa_algorithm_t)0x0200000b)
-/** SHA2-512/224 */
-#define PSA_ALG_SHA_512_224                     ((psa_algorithm_t)0x0200000c)
-/** SHA2-512/256 */
-#define PSA_ALG_SHA_512_256                     ((psa_algorithm_t)0x0200000d)
-/** SHA3-224 */
-#define PSA_ALG_SHA3_224                        ((psa_algorithm_t)0x02000010)
-/** SHA3-256 */
-#define PSA_ALG_SHA3_256                        ((psa_algorithm_t)0x02000011)
-/** SHA3-384 */
-#define PSA_ALG_SHA3_384                        ((psa_algorithm_t)0x02000012)
-/** SHA3-512 */
-#define PSA_ALG_SHA3_512                        ((psa_algorithm_t)0x02000013)
-/** The first 512 bits (64 bytes) of the SHAKE256 output.
- *
- * This is the prehashing for Ed448ph (see #PSA_ALG_ED448PH). For other
- * scenarios where a hash function based on SHA3/SHAKE is desired, SHA3-512
- * has the same output size and a (theoretically) higher security strength.
- */
-#define PSA_ALG_SHAKE256_512                    ((psa_algorithm_t)0x02000015)
-
-/** In a hash-and-sign algorithm policy, allow any hash algorithm.
- *
- * This value may be used to form the algorithm usage field of a policy
- * for a signature algorithm that is parametrized by a hash. The key
- * may then be used to perform operations using the same signature
- * algorithm parametrized with any supported hash.
- *
- * That is, suppose that `PSA_xxx_SIGNATURE` is one of the following macros:
- * - #PSA_ALG_RSA_PKCS1V15_SIGN, #PSA_ALG_RSA_PSS, #PSA_ALG_RSA_PSS_ANY_SALT,
- * - #PSA_ALG_ECDSA, #PSA_ALG_DETERMINISTIC_ECDSA.
- * Then you may create and use a key as follows:
- * - Set the key usage field using #PSA_ALG_ANY_HASH, for example:
- *   ```
- *   psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); // or VERIFY
- *   psa_set_key_algorithm(&attributes, PSA_xxx_SIGNATURE(PSA_ALG_ANY_HASH));
- *   ```
- * - Import or generate key material.
- * - Call psa_sign_hash() or psa_verify_hash(), passing
- *   an algorithm built from `PSA_xxx_SIGNATURE` and a specific hash. Each
- *   call to sign or verify a message may use a different hash.
- *   ```
- *   psa_sign_hash(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA_256), ...);
- *   psa_sign_hash(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA_512), ...);
- *   psa_sign_hash(key, PSA_xxx_SIGNATURE(PSA_ALG_SHA3_256), ...);
- *   ```
- *
- * This value may not be used to build other algorithms that are
- * parametrized over a hash. For any valid use of this macro to build
- * an algorithm \c alg, #PSA_ALG_IS_HASH_AND_SIGN(\c alg) is true.
- *
- * This value may not be used to build an algorithm specification to
- * perform an operation. It is only valid to build policies.
- */
-#define PSA_ALG_ANY_HASH                        ((psa_algorithm_t)0x020000ff)
-
-#define PSA_ALG_MAC_SUBCATEGORY_MASK            ((psa_algorithm_t)0x00c00000)
-#define PSA_ALG_HMAC_BASE                       ((psa_algorithm_t)0x03800000)
-/** Macro to build an HMAC algorithm.
- *
- * For example, #PSA_ALG_HMAC(#PSA_ALG_SHA_256) is HMAC-SHA-256.
- *
- * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
- *
- * \return              The corresponding HMAC algorithm.
- * \return              Unspecified if \p hash_alg is not a supported
- *                      hash algorithm.
- */
-#define PSA_ALG_HMAC(hash_alg)                                  \
-    (PSA_ALG_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-
-#define PSA_ALG_HMAC_GET_HASH(hmac_alg)                             \
-    (PSA_ALG_CATEGORY_HASH | ((hmac_alg) & PSA_ALG_HASH_MASK))
-
-/** Whether the specified algorithm is an HMAC algorithm.
- *
- * HMAC is a family of MAC algorithms that are based on a hash function.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is an HMAC algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \p alg is not a supported
- *         algorithm identifier.
- */
-#define PSA_ALG_IS_HMAC(alg)                                            \
-    (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
-     PSA_ALG_HMAC_BASE)
-
-/* In the encoding of a MAC algorithm, the bits corresponding to
- * PSA_ALG_MAC_TRUNCATION_MASK encode the length to which the MAC is
- * truncated. As an exception, the value 0 means the untruncated algorithm,
- * whatever its length is. The length is encoded in 6 bits, so it can
- * reach up to 63; the largest MAC is 64 bytes so its trivial truncation
- * to full length is correctly encoded as 0 and any non-trivial truncation
- * is correctly encoded as a value between 1 and 63. */
-#define PSA_ALG_MAC_TRUNCATION_MASK             ((psa_algorithm_t)0x003f0000)
-#define PSA_MAC_TRUNCATION_OFFSET 16
-
-/* In the encoding of a MAC algorithm, the bit corresponding to
- * #PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
- * is a wildcard algorithm. A key with such wildcard algorithm as permitted
- * algorithm policy can be used with any algorithm corresponding to the
- * same base class and having a (potentially truncated) MAC length greater or
- * equal than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */
-#define PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG   ((psa_algorithm_t)0x00008000)
-
-/** Macro to build a truncated MAC algorithm.
- *
- * A truncated MAC algorithm is identical to the corresponding MAC
- * algorithm except that the MAC value for the truncated algorithm
- * consists of only the first \p mac_length bytes of the MAC value
- * for the untruncated algorithm.
- *
- * \note    This macro may allow constructing algorithm identifiers that
- *          are not valid, either because the specified length is larger
- *          than the untruncated MAC or because the specified length is
- *          smaller than permitted by the implementation.
- *
- * \note    It is implementation-defined whether a truncated MAC that
- *          is truncated to the same length as the MAC of the untruncated
- *          algorithm is considered identical to the untruncated algorithm
- *          for policy comparison purposes.
- *
- * \param mac_alg       A MAC algorithm identifier (value of type
- *                      #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
- *                      is true). This may be a truncated or untruncated
- *                      MAC algorithm.
- * \param mac_length    Desired length of the truncated MAC in bytes.
- *                      This must be at most the full length of the MAC
- *                      and must be at least an implementation-specified
- *                      minimum. The implementation-specified minimum
- *                      shall not be zero.
- *
- * \return              The corresponding MAC algorithm with the specified
- *                      length.
- * \return              Unspecified if \p mac_alg is not a supported
- *                      MAC algorithm or if \p mac_length is too small or
- *                      too large for the specified MAC algorithm.
- */
-#define PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length)              \
-    (((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK |               \
-                    PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG)) |   \
-     ((mac_length) << PSA_MAC_TRUNCATION_OFFSET & PSA_ALG_MAC_TRUNCATION_MASK))
-
-/** Macro to build the base MAC algorithm corresponding to a truncated
- * MAC algorithm.
- *
- * \param mac_alg       A MAC algorithm identifier (value of type
- *                      #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
- *                      is true). This may be a truncated or untruncated
- *                      MAC algorithm.
- *
- * \return              The corresponding base MAC algorithm.
- * \return              Unspecified if \p mac_alg is not a supported
- *                      MAC algorithm.
- */
-#define PSA_ALG_FULL_LENGTH_MAC(mac_alg)                        \
-    ((mac_alg) & ~(PSA_ALG_MAC_TRUNCATION_MASK |                \
-                   PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG))
-
-/** Length to which a MAC algorithm is truncated.
- *
- * \param mac_alg       A MAC algorithm identifier (value of type
- *                      #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
- *                      is true).
- *
- * \return              Length of the truncated MAC in bytes.
- * \return              0 if \p mac_alg is a non-truncated MAC algorithm.
- * \return              Unspecified if \p mac_alg is not a supported
- *                      MAC algorithm.
- */
-#define PSA_MAC_TRUNCATED_LENGTH(mac_alg)                               \
-    (((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
-
-/** Macro to build a MAC minimum-MAC-length wildcard algorithm.
- *
- * A minimum-MAC-length MAC wildcard algorithm permits all MAC algorithms
- * sharing the same base algorithm, and where the (potentially truncated) MAC
- * length of the specific algorithm is equal to or larger then the wildcard
- * algorithm's minimum MAC length.
- *
- * \note    When setting the minimum required MAC length to less than the
- *          smallest MAC length allowed by the base algorithm, this effectively
- *          becomes an 'any-MAC-length-allowed' policy for that base algorithm.
- *
- * \param mac_alg         A MAC algorithm identifier (value of type
- *                        #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
- *                        is true).
- * \param min_mac_length  Desired minimum length of the message authentication
- *                        code in bytes. This must be at most the untruncated
- *                        length of the MAC and must be at least 1.
- *
- * \return                The corresponding MAC wildcard algorithm with the
- *                        specified minimum length.
- * \return                Unspecified if \p mac_alg is not a supported MAC
- *                        algorithm or if \p min_mac_length is less than 1 or
- *                        too large for the specified MAC algorithm.
- */
-#define PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(mac_alg, min_mac_length)   \
-    ( PSA_ALG_TRUNCATED_MAC(mac_alg, min_mac_length) |              \
-      PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG )
-
-#define PSA_ALG_CIPHER_MAC_BASE                 ((psa_algorithm_t)0x03c00000)
-/** The CBC-MAC construction over a block cipher
- *
- * \warning CBC-MAC is insecure in many cases.
- * A more secure mode, such as #PSA_ALG_CMAC, is recommended.
- */
-#define PSA_ALG_CBC_MAC                         ((psa_algorithm_t)0x03c00100)
-/** The CMAC construction over a block cipher */
-#define PSA_ALG_CMAC                            ((psa_algorithm_t)0x03c00200)
-
-/** Whether the specified algorithm is a MAC algorithm based on a block cipher.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is a MAC algorithm based on a block cipher, 0 otherwise.
- *         This macro may return either 0 or 1 if \p alg is not a supported
- *         algorithm identifier.
- */
-#define PSA_ALG_IS_BLOCK_CIPHER_MAC(alg)                                \
-    (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_MAC_SUBCATEGORY_MASK)) == \
-     PSA_ALG_CIPHER_MAC_BASE)
-
-#define PSA_ALG_CIPHER_STREAM_FLAG              ((psa_algorithm_t)0x00800000)
-#define PSA_ALG_CIPHER_FROM_BLOCK_FLAG          ((psa_algorithm_t)0x00400000)
-
-/** Whether the specified algorithm is a stream cipher.
- *
- * A stream cipher is a symmetric cipher that encrypts or decrypts messages
- * by applying a bitwise-xor with a stream of bytes that is generated
- * from a key.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is a stream cipher algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \p alg is not a supported
- *         algorithm identifier or if it is not a symmetric cipher algorithm.
- */
-#define PSA_ALG_IS_STREAM_CIPHER(alg)            \
-    (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_CIPHER_STREAM_FLAG)) == \
-        (PSA_ALG_CATEGORY_CIPHER | PSA_ALG_CIPHER_STREAM_FLAG))
-
-/** The stream cipher mode of a stream cipher algorithm.
- *
- * The underlying stream cipher is determined by the key type.
- * - To use ChaCha20, use a key type of #PSA_KEY_TYPE_CHACHA20.
- * - To use ARC4, use a key type of #PSA_KEY_TYPE_ARC4.
- */
-#define PSA_ALG_STREAM_CIPHER                   ((psa_algorithm_t)0x04800100)
-
-/** The CTR stream cipher mode.
- *
- * CTR is a stream cipher which is built from a block cipher.
- * The underlying block cipher is determined by the key type.
- * For example, to use AES-128-CTR, use this algorithm with
- * a key of type #PSA_KEY_TYPE_AES and a length of 128 bits (16 bytes).
- */
-#define PSA_ALG_CTR                             ((psa_algorithm_t)0x04c01000)
-
-/** The CFB stream cipher mode.
- *
- * The underlying block cipher is determined by the key type.
- */
-#define PSA_ALG_CFB                             ((psa_algorithm_t)0x04c01100)
-
-/** The OFB stream cipher mode.
- *
- * The underlying block cipher is determined by the key type.
- */
-#define PSA_ALG_OFB                             ((psa_algorithm_t)0x04c01200)
-
-/** The XTS cipher mode.
- *
- * XTS is a cipher mode which is built from a block cipher. It requires at
- * least one full block of input, but beyond this minimum the input
- * does not need to be a whole number of blocks.
- */
-#define PSA_ALG_XTS                             ((psa_algorithm_t)0x0440ff00)
-
-/** The Electronic Code Book (ECB) mode of a block cipher, with no padding.
- *
- * \warning ECB mode does not protect the confidentiality of the encrypted data
- * except in extremely narrow circumstances. It is recommended that applications
- * only use ECB if they need to construct an operating mode that the
- * implementation does not provide. Implementations are encouraged to provide
- * the modes that applications need in preference to supporting direct access
- * to ECB.
- *
- * The underlying block cipher is determined by the key type.
- *
- * This symmetric cipher mode can only be used with messages whose lengths are a
- * multiple of the block size of the chosen block cipher.
- *
- * ECB mode does not accept an initialization vector (IV). When using a
- * multi-part cipher operation with this algorithm, psa_cipher_generate_iv()
- * and psa_cipher_set_iv() must not be called.
- */
-#define PSA_ALG_ECB_NO_PADDING                  ((psa_algorithm_t)0x04404400)
-
-/** The CBC block cipher chaining mode, with no padding.
- *
- * The underlying block cipher is determined by the key type.
- *
- * This symmetric cipher mode can only be used with messages whose lengths
- * are whole number of blocks for the chosen block cipher.
- */
-#define PSA_ALG_CBC_NO_PADDING                  ((psa_algorithm_t)0x04404000)
-
-/** The CBC block cipher chaining mode with PKCS#7 padding.
- *
- * The underlying block cipher is determined by the key type.
- *
- * This is the padding method defined by PKCS#7 (RFC 2315) &sect;10.3.
- */
-#define PSA_ALG_CBC_PKCS7                       ((psa_algorithm_t)0x04404100)
-
-#define PSA_ALG_AEAD_FROM_BLOCK_FLAG            ((psa_algorithm_t)0x00400000)
-
-/** Whether the specified algorithm is an AEAD mode on a block cipher.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is an AEAD algorithm which is an AEAD mode based on
- *         a block cipher, 0 otherwise.
- *         This macro may return either 0 or 1 if \p alg is not a supported
- *         algorithm identifier.
- */
-#define PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg)    \
-    (((alg) & (PSA_ALG_CATEGORY_MASK | PSA_ALG_AEAD_FROM_BLOCK_FLAG)) == \
-     (PSA_ALG_CATEGORY_AEAD | PSA_ALG_AEAD_FROM_BLOCK_FLAG))
-
-/** The CCM authenticated encryption algorithm.
- *
- * The underlying block cipher is determined by the key type.
- */
-#define PSA_ALG_CCM                             ((psa_algorithm_t)0x05500100)
-
-/** The GCM authenticated encryption algorithm.
- *
- * The underlying block cipher is determined by the key type.
- */
-#define PSA_ALG_GCM                             ((psa_algorithm_t)0x05500200)
-
-/** The Chacha20-Poly1305 AEAD algorithm.
- *
- * The ChaCha20_Poly1305 construction is defined in RFC 7539.
- *
- * Implementations must support 12-byte nonces, may support 8-byte nonces,
- * and should reject other sizes.
- *
- * Implementations must support 16-byte tags and should reject other sizes.
- */
-#define PSA_ALG_CHACHA20_POLY1305               ((psa_algorithm_t)0x05100500)
-
-/* In the encoding of an AEAD algorithm, the bits corresponding to
- * PSA_ALG_AEAD_TAG_LENGTH_MASK encode the length of the AEAD tag.
- * The constants for default lengths follow this encoding.
- */
-#define PSA_ALG_AEAD_TAG_LENGTH_MASK            ((psa_algorithm_t)0x003f0000)
-#define PSA_AEAD_TAG_LENGTH_OFFSET 16
-
-/* In the encoding of an AEAD algorithm, the bit corresponding to
- * #PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG encodes the fact that the algorithm
- * is a wildcard algorithm. A key with such wildcard algorithm as permitted
- * algorithm policy can be used with any algorithm corresponding to the
- * same base class and having a tag length greater than or equal to the one
- * encoded in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */
-#define PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG  ((psa_algorithm_t)0x00008000)
-
-/** Macro to build a shortened AEAD algorithm.
- *
- * A shortened AEAD algorithm is similar to the corresponding AEAD
- * algorithm, but has an authentication tag that consists of fewer bytes.
- * Depending on the algorithm, the tag length may affect the calculation
- * of the ciphertext.
- *
- * \param aead_alg      An AEAD algorithm identifier (value of type
- *                      #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p aead_alg)
- *                      is true).
- * \param tag_length    Desired length of the authentication tag in bytes.
- *
- * \return              The corresponding AEAD algorithm with the specified
- *                      length.
- * \return              Unspecified if \p aead_alg is not a supported
- *                      AEAD algorithm or if \p tag_length is not valid
- *                      for the specified AEAD algorithm.
- */
-#define PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, tag_length)           \
-    (((aead_alg) & ~(PSA_ALG_AEAD_TAG_LENGTH_MASK |                     \
-                     PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)) |         \
-     ((tag_length) << PSA_AEAD_TAG_LENGTH_OFFSET &                      \
-      PSA_ALG_AEAD_TAG_LENGTH_MASK))
-
-/** Retrieve the tag length of a specified AEAD algorithm
- *
- * \param aead_alg      An AEAD algorithm identifier (value of type
- *                      #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p aead_alg)
- *                      is true).
- *
- * \return              The tag length specified by the input algorithm.
- * \return              Unspecified if \p aead_alg is not a supported
- *                      AEAD algorithm.
- */
-#define PSA_ALG_AEAD_GET_TAG_LENGTH(aead_alg)                           \
-    (((aead_alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >>                     \
-      PSA_AEAD_TAG_LENGTH_OFFSET )
-
-/** Calculate the corresponding AEAD algorithm with the default tag length.
- *
- * \param aead_alg      An AEAD algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_AEAD(\p aead_alg) is true).
- *
- * \return              The corresponding AEAD algorithm with the default
- *                      tag length for that algorithm.
- */
-#define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(aead_alg)                   \
-    (                                                                    \
-        PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CCM) \
-        PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_GCM) \
-        PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, PSA_ALG_CHACHA20_POLY1305) \
-        0)
-#define PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE(aead_alg, ref)         \
-    PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, 0) ==                      \
-    PSA_ALG_AEAD_WITH_SHORTENED_TAG(ref, 0) ?                            \
-    ref :
-
-/** Macro to build an AEAD minimum-tag-length wildcard algorithm.
- *
- * A minimum-tag-length AEAD wildcard algorithm permits all AEAD algorithms
- * sharing the same base algorithm, and where the tag length of the specific
- * algorithm is equal to or larger then the minimum tag length specified by the
- * wildcard algorithm.
- *
- * \note    When setting the minimum required tag length to less than the
- *          smallest tag length allowed by the base algorithm, this effectively
- *          becomes an 'any-tag-length-allowed' policy for that base algorithm.
- *
- * \param aead_alg        An AEAD algorithm identifier (value of type
- *                        #psa_algorithm_t such that
- *                        #PSA_ALG_IS_AEAD(\p aead_alg) is true).
- * \param min_tag_length  Desired minimum length of the authentication tag in
- *                        bytes. This must be at least 1 and at most the largest
- *                        allowed tag length of the algorithm.
- *
- * \return                The corresponding AEAD wildcard algorithm with the
- *                        specified minimum length.
- * \return                Unspecified if \p aead_alg is not a supported
- *                        AEAD algorithm or if \p min_tag_length is less than 1
- *                        or too large for the specified AEAD algorithm.
- */
-#define PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(aead_alg, min_tag_length) \
-    ( PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, min_tag_length) |            \
-      PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG )
-
-#define PSA_ALG_RSA_PKCS1V15_SIGN_BASE          ((psa_algorithm_t)0x06000200)
-/** RSA PKCS#1 v1.5 signature with hashing.
- *
- * This is the signature scheme defined by RFC 8017
- * (PKCS#1: RSA Cryptography Specifications) under the name
- * RSASSA-PKCS1-v1_5.
- *
- * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
- *                      This includes #PSA_ALG_ANY_HASH
- *                      when specifying the algorithm in a usage policy.
- *
- * \return              The corresponding RSA PKCS#1 v1.5 signature algorithm.
- * \return              Unspecified if \p hash_alg is not a supported
- *                      hash algorithm.
- */
-#define PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)                             \
-    (PSA_ALG_RSA_PKCS1V15_SIGN_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-/** Raw PKCS#1 v1.5 signature.
- *
- * The input to this algorithm is the DigestInfo structure used by
- * RFC 8017 (PKCS#1: RSA Cryptography Specifications), &sect;9.2
- * steps 3&ndash;6.
- */
-#define PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA_ALG_RSA_PKCS1V15_SIGN_BASE
-#define PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)                               \
-    (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PKCS1V15_SIGN_BASE)
-
-#define PSA_ALG_RSA_PSS_BASE               ((psa_algorithm_t)0x06000300)
-#define PSA_ALG_RSA_PSS_ANY_SALT_BASE      ((psa_algorithm_t)0x06001300)
-/** RSA PSS signature with hashing.
- *
- * This is the signature scheme defined by RFC 8017
- * (PKCS#1: RSA Cryptography Specifications) under the name
- * RSASSA-PSS, with the message generation function MGF1, and with
- * a salt length equal to the length of the hash, or the largest
- * possible salt length for the algorithm and key size if that is
- * smaller than the hash length. The specified hash algorithm is
- * used to hash the input message, to create the salted hash, and
- * for the mask generation.
- *
- * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
- *                      This includes #PSA_ALG_ANY_HASH
- *                      when specifying the algorithm in a usage policy.
- *
- * \return              The corresponding RSA PSS signature algorithm.
- * \return              Unspecified if \p hash_alg is not a supported
- *                      hash algorithm.
- */
-#define PSA_ALG_RSA_PSS(hash_alg)                               \
-    (PSA_ALG_RSA_PSS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-
-/** RSA PSS signature with hashing with relaxed verification.
- *
- * This algorithm has the same behavior as #PSA_ALG_RSA_PSS when signing,
- * but allows an arbitrary salt length (including \c 0) when verifying a
- * signature.
- *
- * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
- *                      This includes #PSA_ALG_ANY_HASH
- *                      when specifying the algorithm in a usage policy.
- *
- * \return              The corresponding RSA PSS signature algorithm.
- * \return              Unspecified if \p hash_alg is not a supported
- *                      hash algorithm.
- */
-#define PSA_ALG_RSA_PSS_ANY_SALT(hash_alg)                      \
-    (PSA_ALG_RSA_PSS_ANY_SALT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-
-/** Whether the specified algorithm is RSA PSS with standard salt.
- *
- * \param alg           An algorithm value or an algorithm policy wildcard.
- *
- * \return              1 if \p alg is of the form
- *                      #PSA_ALG_RSA_PSS(\c hash_alg),
- *                      where \c hash_alg is a hash algorithm or
- *                      #PSA_ALG_ANY_HASH. 0 otherwise.
- *                      This macro may return either 0 or 1 if \p alg is not
- *                      a supported algorithm identifier or policy.
- */
-#define PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg)                   \
-    (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_BASE)
-
-/** Whether the specified algorithm is RSA PSS with any salt.
- *
- * \param alg           An algorithm value or an algorithm policy wildcard.
- *
- * \return              1 if \p alg is of the form
- *                      #PSA_ALG_RSA_PSS_ANY_SALT_BASE(\c hash_alg),
- *                      where \c hash_alg is a hash algorithm or
- *                      #PSA_ALG_ANY_HASH. 0 otherwise.
- *                      This macro may return either 0 or 1 if \p alg is not
- *                      a supported algorithm identifier or policy.
- */
-#define PSA_ALG_IS_RSA_PSS_ANY_SALT(alg)                                \
-    (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_PSS_ANY_SALT_BASE)
-
-/** Whether the specified algorithm is RSA PSS.
- *
- * This includes any of the RSA PSS algorithm variants, regardless of the
- * constraints on salt length.
- *
- * \param alg           An algorithm value or an algorithm policy wildcard.
- *
- * \return              1 if \p alg is of the form
- *                      #PSA_ALG_RSA_PSS(\c hash_alg) or
- *                      #PSA_ALG_RSA_PSS_ANY_SALT_BASE(\c hash_alg),
- *                      where \c hash_alg is a hash algorithm or
- *                      #PSA_ALG_ANY_HASH. 0 otherwise.
- *                      This macro may return either 0 or 1 if \p alg is not
- *                      a supported algorithm identifier or policy.
- */
-#define PSA_ALG_IS_RSA_PSS(alg)                                 \
-    (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg) ||                   \
-     PSA_ALG_IS_RSA_PSS_ANY_SALT(alg))
-
-#define PSA_ALG_ECDSA_BASE                      ((psa_algorithm_t)0x06000600)
-/** ECDSA signature with hashing.
- *
- * This is the ECDSA signature scheme defined by ANSI X9.62,
- * with a random per-message secret number (*k*).
- *
- * The representation of the signature as a byte string consists of
- * the concatenation of the signature values *r* and *s*. Each of
- * *r* and *s* is encoded as an *N*-octet string, where *N* is the length
- * of the base point of the curve in octets. Each value is represented
- * in big-endian order (most significant octet first).
- *
- * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
- *                      This includes #PSA_ALG_ANY_HASH
- *                      when specifying the algorithm in a usage policy.
- *
- * \return              The corresponding ECDSA signature algorithm.
- * \return              Unspecified if \p hash_alg is not a supported
- *                      hash algorithm.
- */
-#define PSA_ALG_ECDSA(hash_alg)                                 \
-    (PSA_ALG_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-/** ECDSA signature without hashing.
- *
- * This is the same signature scheme as #PSA_ALG_ECDSA(), but
- * without specifying a hash algorithm. This algorithm may only be
- * used to sign or verify a sequence of bytes that should be an
- * already-calculated hash. Note that the input is padded with
- * zeros on the left or truncated on the left as required to fit
- * the curve size.
- */
-#define PSA_ALG_ECDSA_ANY PSA_ALG_ECDSA_BASE
-#define PSA_ALG_DETERMINISTIC_ECDSA_BASE        ((psa_algorithm_t)0x06000700)
-/** Deterministic ECDSA signature with hashing.
- *
- * This is the deterministic ECDSA signature scheme defined by RFC 6979.
- *
- * The representation of a signature is the same as with #PSA_ALG_ECDSA().
- *
- * Note that when this algorithm is used for verification, signatures
- * made with randomized ECDSA (#PSA_ALG_ECDSA(\p hash_alg)) with the
- * same private key are accepted. In other words,
- * #PSA_ALG_DETERMINISTIC_ECDSA(\p hash_alg) differs from
- * #PSA_ALG_ECDSA(\p hash_alg) only for signature, not for verification.
- *
- * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
- *                      This includes #PSA_ALG_ANY_HASH
- *                      when specifying the algorithm in a usage policy.
- *
- * \return              The corresponding deterministic ECDSA signature
- *                      algorithm.
- * \return              Unspecified if \p hash_alg is not a supported
- *                      hash algorithm.
- */
-#define PSA_ALG_DETERMINISTIC_ECDSA(hash_alg)                           \
-    (PSA_ALG_DETERMINISTIC_ECDSA_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_ECDSA_DETERMINISTIC_FLAG        ((psa_algorithm_t)0x00000100)
-#define PSA_ALG_IS_ECDSA(alg)                                           \
-    (((alg) & ~PSA_ALG_HASH_MASK & ~PSA_ALG_ECDSA_DETERMINISTIC_FLAG) ==  \
-     PSA_ALG_ECDSA_BASE)
-#define PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)             \
-    (((alg) & PSA_ALG_ECDSA_DETERMINISTIC_FLAG) != 0)
-#define PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)                             \
-    (PSA_ALG_IS_ECDSA(alg) && PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
-#define PSA_ALG_IS_RANDOMIZED_ECDSA(alg)                                \
-    (PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC(alg))
-
-/** Edwards-curve digital signature algorithm without prehashing (PureEdDSA),
- * using standard parameters.
- *
- * Contexts are not supported in the current version of this specification
- * because there is no suitable signature interface that can take the
- * context as a parameter. A future version of this specification may add
- * suitable functions and extend this algorithm to support contexts.
- *
- * PureEdDSA requires an elliptic curve key on a twisted Edwards curve.
- * In this specification, the following curves are supported:
- * - #PSA_ECC_FAMILY_TWISTED_EDWARDS, 255-bit: Ed25519 as specified
- *   in RFC 8032.
- *   The curve is Edwards25519.
- *   The hash function used internally is SHA-512.
- * - #PSA_ECC_FAMILY_TWISTED_EDWARDS, 448-bit: Ed448 as specified
- *   in RFC 8032.
- *   The curve is Edwards448.
- *   The hash function used internally is the first 114 bytes of the
- *   SHAKE256 output.
- *
- * This algorithm can be used with psa_sign_message() and
- * psa_verify_message(). Since there is no prehashing, it cannot be used
- * with psa_sign_hash() or psa_verify_hash().
- *
- * The signature format is the concatenation of R and S as defined by
- * RFC 8032 §5.1.6 and §5.2.6 (a 64-byte string for Ed25519, a 114-byte
- * string for Ed448).
- */
-#define PSA_ALG_PURE_EDDSA                      ((psa_algorithm_t)0x06000800)
-
-#define PSA_ALG_HASH_EDDSA_BASE                 ((psa_algorithm_t)0x06000900)
-#define PSA_ALG_IS_HASH_EDDSA(alg)              \
-    (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HASH_EDDSA_BASE)
-
-/** Edwards-curve digital signature algorithm with prehashing (HashEdDSA),
- * using SHA-512 and the Edwards25519 curve.
- *
- * See #PSA_ALG_PURE_EDDSA regarding context support and the signature format.
- *
- * This algorithm is Ed25519 as specified in RFC 8032.
- * The curve is Edwards25519.
- * The prehash is SHA-512.
- * The hash function used internally is SHA-512.
- *
- * This is a hash-and-sign algorithm: to calculate a signature,
- * you can either:
- * - call psa_sign_message() on the message;
- * - or calculate the SHA-512 hash of the message
- *   with psa_hash_compute()
- *   or with a multi-part hash operation started with psa_hash_setup(),
- *   using the hash algorithm #PSA_ALG_SHA_512,
- *   then sign the calculated hash with psa_sign_hash().
- * Verifying a signature is similar, using psa_verify_message() or
- * psa_verify_hash() instead of the signature function.
- */
-#define PSA_ALG_ED25519PH                               \
-    (PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHA_512 & PSA_ALG_HASH_MASK))
-
-/** Edwards-curve digital signature algorithm with prehashing (HashEdDSA),
- * using SHAKE256 and the Edwards448 curve.
- *
- * See #PSA_ALG_PURE_EDDSA regarding context support and the signature format.
- *
- * This algorithm is Ed448 as specified in RFC 8032.
- * The curve is Edwards448.
- * The prehash is the first 64 bytes of the SHAKE256 output.
- * The hash function used internally is the first 114 bytes of the
- * SHAKE256 output.
- *
- * This is a hash-and-sign algorithm: to calculate a signature,
- * you can either:
- * - call psa_sign_message() on the message;
- * - or calculate the first 64 bytes of the SHAKE256 output of the message
- *   with psa_hash_compute()
- *   or with a multi-part hash operation started with psa_hash_setup(),
- *   using the hash algorithm #PSA_ALG_SHAKE256_512,
- *   then sign the calculated hash with psa_sign_hash().
- * Verifying a signature is similar, using psa_verify_message() or
- * psa_verify_hash() instead of the signature function.
- */
-#define PSA_ALG_ED448PH                                 \
-    (PSA_ALG_HASH_EDDSA_BASE | (PSA_ALG_SHAKE256_512 & PSA_ALG_HASH_MASK))
-
-/* Default definition, to be overridden if the library is extended with
- * more hash-and-sign algorithms that we want to keep out of this header
- * file. */
-#define PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg) 0
-
-/** Whether the specified algorithm is a signature algorithm that can be used
- * with psa_sign_hash() and psa_verify_hash().
- *
- * This encompasses all strict hash-and-sign algorithms categorized by
- * PSA_ALG_IS_HASH_AND_SIGN(), as well as algorithms that follow the
- * paradigm more loosely:
- * - #PSA_ALG_RSA_PKCS1V15_SIGN_RAW (expects its input to be an encoded hash)
- * - #PSA_ALG_ECDSA_ANY (doesn't specify what kind of hash the input is)
- *
- * \param alg An algorithm identifier (value of type psa_algorithm_t).
- *
- * \return 1 if alg is a signature algorithm that can be used to sign a
- *         hash. 0 if alg is a signature algorithm that can only be used
- *         to sign a message. 0 if alg is not a signature algorithm.
- *         This macro can return either 0 or 1 if alg is not a
- *         supported algorithm identifier.
- */
-#define PSA_ALG_IS_SIGN_HASH(alg)                                       \
-    (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||    \
-     PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) ||             \
-     PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
-
-/** Whether the specified algorithm is a signature algorithm that can be used
- * with psa_sign_message() and psa_verify_message().
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if alg is a signature algorithm that can be used to sign a
- *         message. 0 if \p alg is a signature algorithm that can only be used
- *         to sign an already-calculated hash. 0 if \p alg is not a signature
- *         algorithm. This macro can return either 0 or 1 if \p alg is not a
- *         supported algorithm identifier.
- */
-#define PSA_ALG_IS_SIGN_MESSAGE(alg)                                    \
-    (PSA_ALG_IS_SIGN_HASH(alg) || (alg) == PSA_ALG_PURE_EDDSA )
-
-/** Whether the specified algorithm is a hash-and-sign algorithm.
- *
- * Hash-and-sign algorithms are asymmetric (public-key) signature algorithms
- * structured in two parts: first the calculation of a hash in a way that
- * does not depend on the key, then the calculation of a signature from the
- * hash value and the key. Hash-and-sign algorithms encode the hash
- * used for the hashing step, and you can call #PSA_ALG_SIGN_GET_HASH
- * to extract this algorithm.
- *
- * Thus, for a hash-and-sign algorithm,
- * `psa_sign_message(key, alg, input, ...)` is equivalent to
- * ```
- * psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg), input, ..., hash, ...);
- * psa_sign_hash(key, alg, hash, ..., signature, ...);
- * ```
- * Most usefully, separating the hash from the signature allows the hash
- * to be calculated in multiple steps with psa_hash_setup(), psa_hash_update()
- * and psa_hash_finish(). Likewise psa_verify_message() is equivalent to
- * calculating the hash and then calling psa_verify_hash().
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is a hash-and-sign algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \p alg is not a supported
- *         algorithm identifier.
- */
-#define PSA_ALG_IS_HASH_AND_SIGN(alg)                                   \
-    (PSA_ALG_IS_SIGN_HASH(alg) &&                                       \
-     ((alg) & PSA_ALG_HASH_MASK) != 0)
-
-/** Get the hash used by a hash-and-sign signature algorithm.
- *
- * A hash-and-sign algorithm is a signature algorithm which is
- * composed of two phases: first a hashing phase which does not use
- * the key and produces a hash of the input message, then a signing
- * phase which only uses the hash and the key and not the message
- * itself.
- *
- * \param alg   A signature algorithm (\c PSA_ALG_XXX value such that
- *              #PSA_ALG_IS_SIGN(\p alg) is true).
- *
- * \return      The underlying hash algorithm if \p alg is a hash-and-sign
- *              algorithm.
- * \return      0 if \p alg is a signature algorithm that does not
- *              follow the hash-and-sign structure.
- * \return      Unspecified if \p alg is not a signature algorithm or
- *              if it is not supported by the implementation.
- */
-#define PSA_ALG_SIGN_GET_HASH(alg)                                     \
-    (PSA_ALG_IS_HASH_AND_SIGN(alg) ?                                   \
-     ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH :             \
-     0)
-
-/** RSA PKCS#1 v1.5 encryption.
- */
-#define PSA_ALG_RSA_PKCS1V15_CRYPT              ((psa_algorithm_t)0x07000200)
-
-#define PSA_ALG_RSA_OAEP_BASE                   ((psa_algorithm_t)0x07000300)
-/** RSA OAEP encryption.
- *
- * This is the encryption scheme defined by RFC 8017
- * (PKCS#1: RSA Cryptography Specifications) under the name
- * RSAES-OAEP, with the message generation function MGF1.
- *
- * \param hash_alg      The hash algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_HASH(\p hash_alg) is true) to use
- *                      for MGF1.
- *
- * \return              The corresponding RSA OAEP encryption algorithm.
- * \return              Unspecified if \p hash_alg is not a supported
- *                      hash algorithm.
- */
-#define PSA_ALG_RSA_OAEP(hash_alg)                              \
-    (PSA_ALG_RSA_OAEP_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-#define PSA_ALG_IS_RSA_OAEP(alg)                                \
-    (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_RSA_OAEP_BASE)
-#define PSA_ALG_RSA_OAEP_GET_HASH(alg)                          \
-    (PSA_ALG_IS_RSA_OAEP(alg) ?                                 \
-     ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH :      \
-     0)
-
-#define PSA_ALG_HKDF_BASE                       ((psa_algorithm_t)0x08000100)
-/** Macro to build an HKDF algorithm.
- *
- * For example, `PSA_ALG_HKDF(PSA_ALG_SHA256)` is HKDF using HMAC-SHA-256.
- *
- * This key derivation algorithm uses the following inputs:
- * - #PSA_KEY_DERIVATION_INPUT_SALT is the salt used in the "extract" step.
- *   It is optional; if omitted, the derivation uses an empty salt.
- * - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key used in the "extract" step.
- * - #PSA_KEY_DERIVATION_INPUT_INFO is the info string used in the "expand" step.
- * You must pass #PSA_KEY_DERIVATION_INPUT_SALT before #PSA_KEY_DERIVATION_INPUT_SECRET.
- * You may pass #PSA_KEY_DERIVATION_INPUT_INFO at any time after steup and before
- * starting to generate output.
- *
- * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
- *
- * \return              The corresponding HKDF algorithm.
- * \return              Unspecified if \p hash_alg is not a supported
- *                      hash algorithm.
- */
-#define PSA_ALG_HKDF(hash_alg)                                  \
-    (PSA_ALG_HKDF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-/** Whether the specified algorithm is an HKDF algorithm.
- *
- * HKDF is a family of key derivation algorithms that are based on a hash
- * function and the HMAC construction.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \c alg is an HKDF algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \c alg is not a supported
- *         key derivation algorithm identifier.
- */
-#define PSA_ALG_IS_HKDF(alg)                            \
-    (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE)
-#define PSA_ALG_HKDF_GET_HASH(hkdf_alg)                         \
-    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
-
-#define PSA_ALG_TLS12_PRF_BASE                  ((psa_algorithm_t)0x08000200)
-/** Macro to build a TLS-1.2 PRF algorithm.
- *
- * TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule,
- * specified in Section 5 of RFC 5246. It is based on HMAC and can be
- * used with either SHA-256 or SHA-384.
- *
- * This key derivation algorithm uses the following inputs, which must be
- * passed in the order given here:
- * - #PSA_KEY_DERIVATION_INPUT_SEED is the seed.
- * - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key.
- * - #PSA_KEY_DERIVATION_INPUT_LABEL is the label.
- *
- * For the application to TLS-1.2 key expansion, the seed is the
- * concatenation of ServerHello.Random + ClientHello.Random,
- * and the label is "key expansion".
- *
- * For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)` represents the
- * TLS 1.2 PRF using HMAC-SHA-256.
- *
- * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
- *
- * \return              The corresponding TLS-1.2 PRF algorithm.
- * \return              Unspecified if \p hash_alg is not a supported
- *                      hash algorithm.
- */
-#define PSA_ALG_TLS12_PRF(hash_alg)                                  \
-    (PSA_ALG_TLS12_PRF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-
-/** Whether the specified algorithm is a TLS-1.2 PRF algorithm.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \c alg is a TLS-1.2 PRF algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \c alg is not a supported
- *         key derivation algorithm identifier.
- */
-#define PSA_ALG_IS_TLS12_PRF(alg)                                    \
-    (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)
-#define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg)                         \
-    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
-
-#define PSA_ALG_TLS12_PSK_TO_MS_BASE            ((psa_algorithm_t)0x08000300)
-/** Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.
- *
- * In a pure-PSK handshake in TLS 1.2, the master secret is derived
- * from the PreSharedKey (PSK) through the application of padding
- * (RFC 4279, Section 2) and the TLS-1.2 PRF (RFC 5246, Section 5).
- * The latter is based on HMAC and can be used with either SHA-256
- * or SHA-384.
- *
- * This key derivation algorithm uses the following inputs, which must be
- * passed in the order given here:
- * - #PSA_KEY_DERIVATION_INPUT_SEED is the seed.
- * - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key.
- * - #PSA_KEY_DERIVATION_INPUT_LABEL is the label.
- *
- * For the application to TLS-1.2, the seed (which is
- * forwarded to the TLS-1.2 PRF) is the concatenation of the
- * ClientHello.Random + ServerHello.Random,
- * and the label is "master secret" or "extended master secret".
- *
- * For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)` represents the
- * TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
- *
- * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
- *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
- *
- * \return              The corresponding TLS-1.2 PSK to MS algorithm.
- * \return              Unspecified if \p hash_alg is not a supported
- *                      hash algorithm.
- */
-#define PSA_ALG_TLS12_PSK_TO_MS(hash_alg)                                  \
-    (PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
-
-/** Whether the specified algorithm is a TLS-1.2 PSK to MS algorithm.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \c alg is a TLS-1.2 PSK to MS algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \c alg is not a supported
- *         key derivation algorithm identifier.
- */
-#define PSA_ALG_IS_TLS12_PSK_TO_MS(alg)                                    \
-    (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)
-#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg)                         \
-    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
-
-#define PSA_ALG_KEY_DERIVATION_MASK             ((psa_algorithm_t)0xfe00ffff)
-#define PSA_ALG_KEY_AGREEMENT_MASK              ((psa_algorithm_t)0xffff0000)
-
-/** Macro to build a combined algorithm that chains a key agreement with
- * a key derivation.
- *
- * \param ka_alg        A key agreement algorithm (\c PSA_ALG_XXX value such
- *                      that #PSA_ALG_IS_KEY_AGREEMENT(\p ka_alg) is true).
- * \param kdf_alg       A key derivation algorithm (\c PSA_ALG_XXX value such
- *                      that #PSA_ALG_IS_KEY_DERIVATION(\p kdf_alg) is true).
- *
- * \return              The corresponding key agreement and derivation
- *                      algorithm.
- * \return              Unspecified if \p ka_alg is not a supported
- *                      key agreement algorithm or \p kdf_alg is not a
- *                      supported key derivation algorithm.
- */
-#define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg)  \
-    ((ka_alg) | (kdf_alg))
-
-#define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg)                              \
-    (((alg) & PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)
-
-#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg)                             \
-    (((alg) & PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)
-
-/** Whether the specified algorithm is a raw key agreement algorithm.
- *
- * A raw key agreement algorithm is one that does not specify
- * a key derivation function.
- * Usually, raw key agreement algorithms are constructed directly with
- * a \c PSA_ALG_xxx macro while non-raw key agreement algorithms are
- * constructed with #PSA_ALG_KEY_AGREEMENT().
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \p alg is a raw key agreement algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \p alg is not a supported
- *         algorithm identifier.
- */
-#define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)                               \
-    (PSA_ALG_IS_KEY_AGREEMENT(alg) &&                                   \
-     PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION)
-
-#define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg)     \
-    ((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg)))
-
-/** The finite-field Diffie-Hellman (DH) key agreement algorithm.
- *
- * The shared secret produced by key agreement is
- * `g^{ab}` in big-endian format.
- * It is `ceiling(m / 8)` bytes long where `m` is the size of the prime `p`
- * in bits.
- */
-#define PSA_ALG_FFDH                            ((psa_algorithm_t)0x09010000)
-
-/** Whether the specified algorithm is a finite field Diffie-Hellman algorithm.
- *
- * This includes the raw finite field Diffie-Hellman algorithm as well as
- * finite-field Diffie-Hellman followed by any supporter key derivation
- * algorithm.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \c alg is a finite field Diffie-Hellman algorithm, 0 otherwise.
- *         This macro may return either 0 or 1 if \c alg is not a supported
- *         key agreement algorithm identifier.
- */
-#define PSA_ALG_IS_FFDH(alg) \
-    (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH)
-
-/** The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm.
- *
- * The shared secret produced by key agreement is the x-coordinate of
- * the shared secret point. It is always `ceiling(m / 8)` bytes long where
- * `m` is the bit size associated with the curve, i.e. the bit size of the
- * order of the curve's coordinate field. When `m` is not a multiple of 8,
- * the byte containing the most significant bit of the shared secret
- * is padded with zero bits. The byte order is either little-endian
- * or big-endian depending on the curve type.
- *
- * - For Montgomery curves (curve types `PSA_ECC_FAMILY_CURVEXXX`),
- *   the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A`
- *   in little-endian byte order.
- *   The bit size is 448 for Curve448 and 255 for Curve25519.
- * - For Weierstrass curves over prime fields (curve types
- *   `PSA_ECC_FAMILY_SECPXXX` and `PSA_ECC_FAMILY_BRAINPOOL_PXXX`),
- *   the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A`
- *   in big-endian byte order.
- *   The bit size is `m = ceiling(log_2(p))` for the field `F_p`.
- * - For Weierstrass curves over binary fields (curve types
- *   `PSA_ECC_FAMILY_SECTXXX`),
- *   the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A`
- *   in big-endian byte order.
- *   The bit size is `m` for the field `F_{2^m}`.
- */
-#define PSA_ALG_ECDH                            ((psa_algorithm_t)0x09020000)
-
-/** Whether the specified algorithm is an elliptic curve Diffie-Hellman
- * algorithm.
- *
- * This includes the raw elliptic curve Diffie-Hellman algorithm as well as
- * elliptic curve Diffie-Hellman followed by any supporter key derivation
- * algorithm.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \c alg is an elliptic curve Diffie-Hellman algorithm,
- *         0 otherwise.
- *         This macro may return either 0 or 1 if \c alg is not a supported
- *         key agreement algorithm identifier.
- */
-#define PSA_ALG_IS_ECDH(alg) \
-    (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH)
-
-/** Whether the specified algorithm encoding is a wildcard.
- *
- * Wildcard values may only be used to set the usage algorithm field in
- * a policy, not to perform an operation.
- *
- * \param alg An algorithm identifier (value of type #psa_algorithm_t).
- *
- * \return 1 if \c alg is a wildcard algorithm encoding.
- * \return 0 if \c alg is a non-wildcard algorithm encoding (suitable for
- *         an operation).
- * \return This macro may return either 0 or 1 if \c alg is not a supported
- *         algorithm identifier.
- */
-#define PSA_ALG_IS_WILDCARD(alg)                            \
-    (PSA_ALG_IS_HASH_AND_SIGN(alg) ?                        \
-     PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH :       \
-     PSA_ALG_IS_MAC(alg) ?                                  \
-     (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) != 0 :   \
-     PSA_ALG_IS_AEAD(alg) ?                                 \
-     (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0 :  \
-     (alg) == PSA_ALG_ANY_HASH)
-
-/**@}*/
-
-/** \defgroup key_lifetimes Key lifetimes
- * @{
- */
-
-/* Note that location and persistence level values are embedded in the
- * persistent key store, as part of key metadata. As a consequence, they
- * must not be changed (unless the storage format version changes).
- */
-
-/** The default lifetime for volatile keys.
- *
- * A volatile key only exists as long as the identifier to it is not destroyed.
- * The key material is guaranteed to be erased on a power reset.
- *
- * A key with this lifetime is typically stored in the RAM area of the
- * PSA Crypto subsystem. However this is an implementation choice.
- * If an implementation stores data about the key in a non-volatile memory,
- * it must release all the resources associated with the key and erase the
- * key material if the calling application terminates.
- */
-#define PSA_KEY_LIFETIME_VOLATILE               ((psa_key_lifetime_t)0x00000000)
-
-/** The default lifetime for persistent keys.
- *
- * A persistent key remains in storage until it is explicitly destroyed or
- * until the corresponding storage area is wiped. This specification does
- * not define any mechanism to wipe a storage area, but integrations may
- * provide their own mechanism (for example to perform a factory reset,
- * to prepare for device refurbishment, or to uninstall an application).
- *
- * This lifetime value is the default storage area for the calling
- * application. Integrations of Mbed TLS may support other persistent lifetimes.
- * See ::psa_key_lifetime_t for more information.
- */
-#define PSA_KEY_LIFETIME_PERSISTENT             ((psa_key_lifetime_t)0x00000001)
-
-/** The persistence level of volatile keys.
- *
- * See ::psa_key_persistence_t for more information.
- */
-#define PSA_KEY_PERSISTENCE_VOLATILE            ((psa_key_persistence_t)0x00)
-
-/** The default persistence level for persistent keys.
- *
- * See ::psa_key_persistence_t for more information.
- */
-#define PSA_KEY_PERSISTENCE_DEFAULT             ((psa_key_persistence_t)0x01)
-
-/** A persistence level indicating that a key is never destroyed.
- *
- * See ::psa_key_persistence_t for more information.
- */
-#define PSA_KEY_PERSISTENCE_READ_ONLY           ((psa_key_persistence_t)0xff)
-
-#define PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime)      \
-    ((psa_key_persistence_t)((lifetime) & 0x000000ff))
-
-#define PSA_KEY_LIFETIME_GET_LOCATION(lifetime)      \
-    ((psa_key_location_t)((lifetime) >> 8))
-
-/** Whether a key lifetime indicates that the key is volatile.
- *
- * A volatile key is automatically destroyed by the implementation when
- * the application instance terminates. In particular, a volatile key
- * is automatically destroyed on a power reset of the device.
- *
- * A key that is not volatile is persistent. Persistent keys are
- * preserved until the application explicitly destroys them or until an
- * implementation-specific device management event occurs (for example,
- * a factory reset).
- *
- * \param lifetime      The lifetime value to query (value of type
- *                      ::psa_key_lifetime_t).
- *
- * \return \c 1 if the key is volatile, otherwise \c 0.
- */
-#define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)  \
-    (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
-     PSA_KEY_PERSISTENCE_VOLATILE)
-
-/** Whether a key lifetime indicates that the key is read-only.
- *
- * Read-only keys cannot be created or destroyed through the PSA Crypto API.
- * They must be created through platform-specific means that bypass the API.
- *
- * Some platforms may offer ways to destroy read-only keys. For example,
- * consider a platform with multiple levels of privilege, where a
- * low-privilege application can use a key but is not allowed to destroy
- * it, and the platform exposes the key to the application with a read-only
- * lifetime. High-privilege code can destroy the key even though the
- * application sees the key as read-only.
- *
- * \param lifetime      The lifetime value to query (value of type
- *                      ::psa_key_lifetime_t).
- *
- * \return \c 1 if the key is read-only, otherwise \c 0.
- */
-#define PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime)  \
-    (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
-     PSA_KEY_PERSISTENCE_READ_ONLY)
-
-/** Construct a lifetime from a persistence level and a location.
- *
- * \param persistence   The persistence level
- *                      (value of type ::psa_key_persistence_t).
- * \param location      The location indicator
- *                      (value of type ::psa_key_location_t).
- *
- * \return The constructed lifetime value.
- */
-#define PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(persistence, location) \
-    ((location) << 8 | (persistence))
-
-/** The local storage area for persistent keys.
- *
- * This storage area is available on all systems that can store persistent
- * keys without delegating the storage to a third-party cryptoprocessor.
- *
- * See ::psa_key_location_t for more information.
- */
-#define PSA_KEY_LOCATION_LOCAL_STORAGE          ((psa_key_location_t)0x000000)
-
-#define PSA_KEY_LOCATION_VENDOR_FLAG            ((psa_key_location_t)0x800000)
-
-/* Note that key identifier values are embedded in the
- * persistent key store, as part of key metadata. As a consequence, they
- * must not be changed (unless the storage format version changes).
- */
-
-/** The null key identifier.
- */
-#define PSA_KEY_ID_NULL                         ((psa_key_id_t)0)
-/** The minimum value for a key identifier chosen by the application.
- */
-#define PSA_KEY_ID_USER_MIN                     ((psa_key_id_t)0x00000001)
-/** The maximum value for a key identifier chosen by the application.
- */
-#define PSA_KEY_ID_USER_MAX                     ((psa_key_id_t)0x3fffffff)
-/** The minimum value for a key identifier chosen by the implementation.
- */
-#define PSA_KEY_ID_VENDOR_MIN                   ((psa_key_id_t)0x40000000)
-/** The maximum value for a key identifier chosen by the implementation.
- */
-#define PSA_KEY_ID_VENDOR_MAX                   ((psa_key_id_t)0x7fffffff)
-
-
-#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
-
-#define MBEDTLS_SVC_KEY_ID_INIT ( (psa_key_id_t)0 )
-#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( id )
-#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( 0 )
-
-/** Utility to initialize a key identifier at runtime.
- *
- * \param unused  Unused parameter.
- * \param key_id  Identifier of the key.
- */
-static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
-    unsigned int unused, psa_key_id_t key_id )
-{
-    (void)unused;
-
-    return( key_id );
-}
-
-/** Compare two key identifiers.
- *
- * \param id1 First key identifier.
- * \param id2 Second key identifier.
- *
- * \return Non-zero if the two key identifier are equal, zero otherwise.
- */
-static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
-                                            mbedtls_svc_key_id_t id2 )
-{
-    return( id1 == id2 );
-}
-
-/** Check whether a key identifier is null.
- *
- * \param key Key identifier.
- *
- * \return Non-zero if the key identifier is null, zero otherwise.
- */
-static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
-{
-    return( key == 0 );
-}
-
-#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
-
-#define MBEDTLS_SVC_KEY_ID_INIT ( (mbedtls_svc_key_id_t){ 0, 0 } )
-#define MBEDTLS_SVC_KEY_ID_GET_KEY_ID( id ) ( ( id ).key_id )
-#define MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( id ) ( ( id ).owner )
-
-/** Utility to initialize a key identifier at runtime.
- *
- * \param owner_id Identifier of the key owner.
- * \param key_id   Identifier of the key.
- */
-static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
-    mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id )
-{
-    return( (mbedtls_svc_key_id_t){ .key_id = key_id,
-                                    .owner = owner_id } );
-}
-
-/** Compare two key identifiers.
- *
- * \param id1 First key identifier.
- * \param id2 Second key identifier.
- *
- * \return Non-zero if the two key identifier are equal, zero otherwise.
- */
-static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
-                                            mbedtls_svc_key_id_t id2 )
-{
-    return( ( id1.key_id == id2.key_id ) &&
-            mbedtls_key_owner_id_equal( id1.owner, id2.owner ) );
-}
-
-/** Check whether a key identifier is null.
- *
- * \param key Key identifier.
- *
- * \return Non-zero if the key identifier is null, zero otherwise.
- */
-static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
-{
-    return( key.key_id == 0 );
-}
-
-#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
-
-/**@}*/
-
-/** \defgroup policy Key policies
- * @{
- */
-
-/* Note that key usage flags are embedded in the
- * persistent key store, as part of key metadata. As a consequence, they
- * must not be changed (unless the storage format version changes).
- */
-
-/** Whether the key may be exported.
- *
- * A public key or the public part of a key pair may always be exported
- * regardless of the value of this permission flag.
- *
- * If a key does not have export permission, implementations shall not
- * allow the key to be exported in plain form from the cryptoprocessor,
- * whether through psa_export_key() or through a proprietary interface.
- * The key may however be exportable in a wrapped form, i.e. in a form
- * where it is encrypted by another key.
- */
-#define PSA_KEY_USAGE_EXPORT                    ((psa_key_usage_t)0x00000001)
-
-/** Whether the key may be copied.
- *
- * This flag allows the use of psa_copy_key() to make a copy of the key
- * with the same policy or a more restrictive policy.
- *
- * For lifetimes for which the key is located in a secure element which
- * enforce the non-exportability of keys, copying a key outside the secure
- * element also requires the usage flag #PSA_KEY_USAGE_EXPORT.
- * Copying the key inside the secure element is permitted with just
- * #PSA_KEY_USAGE_COPY if the secure element supports it.
- * For keys with the lifetime #PSA_KEY_LIFETIME_VOLATILE or
- * #PSA_KEY_LIFETIME_PERSISTENT, the usage flag #PSA_KEY_USAGE_COPY
- * is sufficient to permit the copy.
- */
-#define PSA_KEY_USAGE_COPY                      ((psa_key_usage_t)0x00000002)
-
-/** Whether the key may be used to encrypt a message.
- *
- * This flag allows the key to be used for a symmetric encryption operation,
- * for an AEAD encryption-and-authentication operation,
- * or for an asymmetric encryption operation,
- * if otherwise permitted by the key's type and policy.
- *
- * For a key pair, this concerns the public key.
- */
-#define PSA_KEY_USAGE_ENCRYPT                   ((psa_key_usage_t)0x00000100)
-
-/** Whether the key may be used to decrypt a message.
- *
- * This flag allows the key to be used for a symmetric decryption operation,
- * for an AEAD decryption-and-verification operation,
- * or for an asymmetric decryption operation,
- * if otherwise permitted by the key's type and policy.
- *
- * For a key pair, this concerns the private key.
- */
-#define PSA_KEY_USAGE_DECRYPT                   ((psa_key_usage_t)0x00000200)
-
-/** Whether the key may be used to sign a message.
- *
- * This flag allows the key to be used for a MAC calculation operation or for
- * an asymmetric message signature operation, if otherwise permitted by the
- * key’s type and policy.
- *
- * For a key pair, this concerns the private key.
- */
-#define PSA_KEY_USAGE_SIGN_MESSAGE              ((psa_key_usage_t)0x00000400)
-
-/** Whether the key may be used to verify a message.
- *
- * This flag allows the key to be used for a MAC verification operation or for
- * an asymmetric message signature verification operation, if otherwise
- * permitted by the key’s type and policy.
- *
- * For a key pair, this concerns the public key.
- */
-#define PSA_KEY_USAGE_VERIFY_MESSAGE            ((psa_key_usage_t)0x00000800)
-
-/** Whether the key may be used to sign a message.
- *
- * This flag allows the key to be used for a MAC calculation operation
- * or for an asymmetric signature operation,
- * if otherwise permitted by the key's type and policy.
- *
- * For a key pair, this concerns the private key.
- */
-#define PSA_KEY_USAGE_SIGN_HASH                 ((psa_key_usage_t)0x00001000)
-
-/** Whether the key may be used to verify a message signature.
- *
- * This flag allows the key to be used for a MAC verification operation
- * or for an asymmetric signature verification operation,
- * if otherwise permitted by by the key's type and policy.
- *
- * For a key pair, this concerns the public key.
- */
-#define PSA_KEY_USAGE_VERIFY_HASH               ((psa_key_usage_t)0x00002000)
-
-/** Whether the key may be used to derive other keys.
- */
-#define PSA_KEY_USAGE_DERIVE                    ((psa_key_usage_t)0x00004000)
-
-/**@}*/
-
-/** \defgroup derivation Key derivation
- * @{
- */
-
-/* Key input steps are not embedded in the persistent storage, so you can
- * change them if needed: it's only an ABI change. */
-
-/** A secret input for key derivation.
- *
- * This should be a key of type #PSA_KEY_TYPE_DERIVE
- * (passed to psa_key_derivation_input_key())
- * or the shared secret resulting from a key agreement
- * (obtained via psa_key_derivation_key_agreement()).
- *
- * The secret can also be a direct input (passed to
- * key_derivation_input_bytes()). In this case, the derivation operation
- * may not be used to derive keys: the operation will only allow
- * psa_key_derivation_output_bytes(), not psa_key_derivation_output_key().
- */
-#define PSA_KEY_DERIVATION_INPUT_SECRET     ((psa_key_derivation_step_t)0x0101)
-
-/** A label for key derivation.
- *
- * This should be a direct input.
- * It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
- */
-#define PSA_KEY_DERIVATION_INPUT_LABEL      ((psa_key_derivation_step_t)0x0201)
-
-/** A salt for key derivation.
- *
- * This should be a direct input.
- * It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
- */
-#define PSA_KEY_DERIVATION_INPUT_SALT       ((psa_key_derivation_step_t)0x0202)
-
-/** An information string for key derivation.
- *
- * This should be a direct input.
- * It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
- */
-#define PSA_KEY_DERIVATION_INPUT_INFO       ((psa_key_derivation_step_t)0x0203)
-
-/** A seed for key derivation.
- *
- * This should be a direct input.
- * It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
- */
-#define PSA_KEY_DERIVATION_INPUT_SEED       ((psa_key_derivation_step_t)0x0204)
-
-/**@}*/
-
-/** \defgroup helper_macros Helper macros
- * @{
- */
-
-/* Helper macros */
-
-/** Check if two AEAD algorithm identifiers refer to the same AEAD algorithm
- *  regardless of the tag length they encode.
- *
- * \param aead_alg_1 An AEAD algorithm identifier.
- * \param aead_alg_2 An AEAD algorithm identifier.
- *
- * \return           1 if both identifiers refer to the same AEAD algorithm,
- *                   0 otherwise.
- *                   Unspecified if neither \p aead_alg_1 nor \p aead_alg_2 are
- *                   a supported AEAD algorithm.
- */
-#define MBEDTLS_PSA_ALG_AEAD_EQUAL(aead_alg_1, aead_alg_2) \
-    (!(((aead_alg_1) ^ (aead_alg_2)) & \
-       ~(PSA_ALG_AEAD_TAG_LENGTH_MASK | PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG)))
-
-/**@}*/
-
-#endif /* PSA_CRYPTO_VALUES_H */
diff --git a/Sources/mbedtls/library/.gitignore b/Sources/mbedtls/library/.gitignore
deleted file mode 100644
index 3a63a63..0000000
--- a/Sources/mbedtls/library/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-*.o
-libmbed*
-*.sln
-*.vcxproj
diff --git a/Sources/mbedtls/library/CMakeLists.txt b/Sources/mbedtls/library/CMakeLists.txt
deleted file mode 100644
index fd3a3e7..0000000
--- a/Sources/mbedtls/library/CMakeLists.txt
+++ /dev/null
@@ -1,242 +0,0 @@
-option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
-option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
-option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
-option(LINK_WITH_TRUSTED_STORAGE "Explicitly link mbed TLS library to trusted_storage." OFF)
-
-# Set the project root directory if it's not already defined, as may happen if
-# the library folder is included directly by a parent project, without
-# including the top level CMakeLists.txt.
-if(NOT DEFINED MBEDTLS_DIR)
-    set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
-endif()
-
-set(src_crypto
-    aes.c
-    aesni.c
-    arc4.c
-    aria.c
-    asn1parse.c
-    asn1write.c
-    base64.c
-    bignum.c
-    blowfish.c
-    camellia.c
-    ccm.c
-    chacha20.c
-    chachapoly.c
-    cipher.c
-    cipher_wrap.c
-    constant_time.c
-    cmac.c
-    ctr_drbg.c
-    des.c
-    dhm.c
-    ecdh.c
-    ecdsa.c
-    ecjpake.c
-    ecp.c
-    ecp_curves.c
-    entropy.c
-    entropy_poll.c
-    error.c
-    gcm.c
-    havege.c
-    hkdf.c
-    hmac_drbg.c
-    md.c
-    md2.c
-    md4.c
-    md5.c
-    memory_buffer_alloc.c
-    mps_reader.c
-    mps_trace.c
-    nist_kw.c
-    oid.c
-    padlock.c
-    pem.c
-    pk.c
-    pk_wrap.c
-    pkcs12.c
-    pkcs5.c
-    pkparse.c
-    pkwrite.c
-    platform.c
-    platform_util.c
-    poly1305.c
-    psa_crypto.c
-    psa_crypto_aead.c
-    psa_crypto_cipher.c
-    psa_crypto_client.c
-    psa_crypto_driver_wrappers.c
-    psa_crypto_ecp.c
-    psa_crypto_hash.c
-    psa_crypto_mac.c
-    psa_crypto_rsa.c
-    psa_crypto_se.c
-    psa_crypto_slot_management.c
-    psa_crypto_storage.c
-    psa_its_file.c
-    ripemd160.c
-    rsa.c
-    rsa_internal.c
-    sha1.c
-    sha256.c
-    sha512.c
-    threading.c
-    timing.c
-    version.c
-    version_features.c
-    xtea.c
-)
-
-list(APPEND src_crypto ${thirdparty_src})
-
-set(src_x509
-    certs.c
-    pkcs11.c
-    x509.c
-    x509_create.c
-    x509_crl.c
-    x509_crt.c
-    x509_csr.c
-    x509write_crt.c
-    x509write_csr.c
-)
-
-set(src_tls
-    debug.c
-    net_sockets.c
-    ssl_cache.c
-    ssl_ciphersuites.c
-    ssl_cli.c
-    ssl_cookie.c
-    ssl_msg.c
-    ssl_srv.c
-    ssl_ticket.c
-    ssl_tls.c
-    ssl_tls13_keys.c
-)
-
-if(CMAKE_COMPILER_IS_GNUCC)
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes")
-endif(CMAKE_COMPILER_IS_GNUCC)
-
-if(CMAKE_COMPILER_IS_CLANG)
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
-endif(CMAKE_COMPILER_IS_CLANG)
-
-if(WIN32)
-    set(libs ${libs} ws2_32)
-endif(WIN32)
-
-if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
-    SET(CMAKE_C_ARCHIVE_CREATE   "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
-    SET(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
-    SET(CMAKE_C_ARCHIVE_FINISH   "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
-    SET(CMAKE_CXX_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
-endif()
-
-if(HAIKU)
-    set(libs ${libs} network)
-endif(HAIKU)
-
-if(USE_PKCS11_HELPER_LIBRARY)
-    set(libs ${libs} pkcs11-helper)
-endif(USE_PKCS11_HELPER_LIBRARY)
-
-if(ENABLE_ZLIB_SUPPORT)
-    set(libs ${libs} ${ZLIB_LIBRARIES})
-endif(ENABLE_ZLIB_SUPPORT)
-
-if(LINK_WITH_PTHREAD)
-    set(libs ${libs} pthread)
-endif()
-
-if(LINK_WITH_TRUSTED_STORAGE)
-    set(libs ${libs} trusted_storage)
-endif()
-
-if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
-    message(FATAL_ERROR "Need to choose static or shared mbedtls build!")
-endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY)
-
-set(mbedtls_target    "${MBEDTLS_TARGET_PREFIX}mbedtls")
-set(mbedx509_target   "${MBEDTLS_TARGET_PREFIX}mbedx509")
-set(mbedcrypto_target "${MBEDTLS_TARGET_PREFIX}mbedcrypto")
-
-set(mbedtls_target    ${mbedtls_target}    PARENT_SCOPE)
-set(mbedx509_target   ${mbedx509_target}   PARENT_SCOPE)
-set(mbedcrypto_target ${mbedcrypto_target} PARENT_SCOPE)
-
-if (USE_STATIC_MBEDTLS_LIBRARY)
-    set(mbedtls_static_target    ${mbedtls_target})
-    set(mbedx509_static_target   ${mbedx509_target})
-    set(mbedcrypto_static_target ${mbedcrypto_target})
-endif()
-
-set(target_libraries ${mbedcrypto_target} ${mbedx509_target} ${mbedtls_target})
-
-if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
-    string(APPEND mbedtls_static_target    "_static")
-    string(APPEND mbedx509_static_target   "_static")
-    string(APPEND mbedcrypto_static_target "_static")
-
-    list(APPEND target_libraries
-        ${mbedcrypto_static_target}
-        ${mbedx509_static_target}
-        ${mbedtls_static_target})
-endif()
-
-if(USE_STATIC_MBEDTLS_LIBRARY)
-    add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
-    set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
-    target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs})
-
-    add_library(${mbedx509_static_target} STATIC ${src_x509})
-    set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
-    target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target})
-
-    add_library(${mbedtls_static_target} STATIC ${src_tls})
-    set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
-    target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target})
-endif(USE_STATIC_MBEDTLS_LIBRARY)
-
-if(USE_SHARED_MBEDTLS_LIBRARY)
-    set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
-    add_library(${mbedcrypto_target} SHARED ${src_crypto})
-    set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.2 SOVERSION 7)
-    target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
-
-    add_library(${mbedx509_target} SHARED ${src_x509})
-    set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.2 SOVERSION 1)
-    target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
-
-    add_library(${mbedtls_target} SHARED ${src_tls})
-    set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.2 SOVERSION 14)
-    target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
-endif(USE_SHARED_MBEDTLS_LIBRARY)
-
-foreach(target IN LISTS target_libraries)
-    # Include public header files from /include and other directories
-    # declared by /3rdparty/**/CMakeLists.txt. Include private header files
-    # from /library and others declared by /3rdparty/**/CMakeLists.txt.
-    # /library needs to be listed explicitly when building .c files outside
-    # of /library (which currently means: under /3rdparty).
-    target_include_directories(${target}
-        PUBLIC ${MBEDTLS_DIR}/include/
-        PUBLIC ${thirdparty_inc_public}
-        PRIVATE ${MBEDTLS_DIR}/library/
-        PRIVATE ${thirdparty_inc})
-    target_compile_definitions(${target}
-        PRIVATE ${thirdparty_def})
-    install(TARGETS ${target}
-            DESTINATION ${LIB_INSTALL_DIR}
-            PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
-endforeach(target)
-
-set(lib_target "${MBEDTLS_TARGET_PREFIX}lib")
-
-add_custom_target(${lib_target} DEPENDS ${mbedcrypto_target} ${mbedx509_target} ${mbedtls_target})
-if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
-    add_dependencies(${lib_target} ${mbedcrypto_static_target} ${mbedx509_static_target} ${mbedtls_static_target})
-endif()
diff --git a/Sources/mbedtls/library/Makefile b/Sources/mbedtls/library/Makefile
deleted file mode 100644
index 3b91e25..0000000
--- a/Sources/mbedtls/library/Makefile
+++ /dev/null
@@ -1,295 +0,0 @@
-
-# Also see "include/mbedtls/config.h"
-
-CFLAGS	?= -O2
-WARNING_CFLAGS ?=  -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
-LDFLAGS ?=
-
-# Include ../include for public headers and . for private headers.
-# Note that . needs to be included explicitly for the sake of library
-# files that are not in the /library directory (which currently means
-# under /3rdparty).
-LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -D_FILE_OFFSET_BITS=64
-LOCAL_LDFLAGS =
-
-ifdef DEBUG
-LOCAL_CFLAGS += -g3
-endif
-
-# MicroBlaze specific options:
-# CFLAGS += -mno-xl-soft-mul -mxl-barrel-shift
-
-# To compile on Plan9:
-# CFLAGS += -D_BSD_EXTENSION
-
-# if were running on Windows build for Windows
-ifdef WINDOWS
-WINDOWS_BUILD=1
-else ifeq ($(shell uname -s),Darwin)
-ifeq ($(AR),ar)
-APPLE_BUILD ?= 1
-endif
-endif
-
-# To compile as a shared library:
-ifdef SHARED
-# all code is position-indep with mingw, avoid warning about useless flag
-ifndef WINDOWS_BUILD
-LOCAL_CFLAGS += -fPIC -fpic
-endif
-endif
-
-SOEXT_TLS=so.14
-SOEXT_X509=so.1
-SOEXT_CRYPTO=so.7
-
-# Set AR_DASH= (empty string) to use an ar implementation that does not accept
-# the - prefix for command line options (e.g. llvm-ar)
-AR_DASH ?= -
-
-ARFLAGS = $(AR_DASH)src
-ifdef APPLE_BUILD
-ifneq ($(APPLE_BUILD),0)
-ARFLAGS = $(AR_DASH)Src
-RLFLAGS = -no_warning_for_no_symbols -c
-RL ?= ranlib
-endif
-endif
-
-DLEXT ?= so
-ifdef WINDOWS_BUILD
-# Windows shared library extension:
-DLEXT = dll
-else ifdef APPLE_BUILD
-ifneq ($(APPLE_BUILD),0)
-# Mac OS X shared library extension:
-DLEXT = dylib
-endif
-endif
-
-OBJS_CRYPTO= \
-	     aes.o \
-	     aesni.o \
-	     arc4.o \
-	     aria.o \
-	     asn1parse.o \
-	     asn1write.o \
-	     base64.o \
-	     bignum.o \
-	     blowfish.o \
-	     camellia.o \
-	     ccm.o \
-	     chacha20.o \
-	     chachapoly.o \
-	     cipher.o \
-	     cipher_wrap.o \
-	     cmac.o \
-	     constant_time.o \
-	     ctr_drbg.o \
-	     des.o \
-	     dhm.o \
-	     ecdh.o \
-	     ecdsa.o \
-	     ecjpake.o \
-	     ecp.o \
-	     ecp_curves.o \
-	     entropy.o \
-	     entropy_poll.o \
-	     error.o \
-	     gcm.o \
-	     havege.o \
-	     hkdf.o \
-	     hmac_drbg.o \
-	     md.o \
-	     md2.o \
-	     md4.o \
-	     md5.o \
-	     memory_buffer_alloc.o \
-	     mps_reader.o \
-	     mps_trace.o \
-	     nist_kw.o \
-	     oid.o \
-	     padlock.o \
-	     pem.o \
-	     pk.o \
-	     pk_wrap.o \
-	     pkcs12.o \
-	     pkcs5.o \
-	     pkparse.o \
-	     pkwrite.o \
-	     platform.o \
-	     platform_util.o \
-	     poly1305.o \
-	     psa_crypto.o \
-	     psa_crypto_aead.o \
-	     psa_crypto_cipher.o \
-	     psa_crypto_client.o \
-	     psa_crypto_driver_wrappers.o \
-	     psa_crypto_ecp.o \
-	     psa_crypto_hash.o \
-	     psa_crypto_mac.o \
-	     psa_crypto_rsa.o \
-	     psa_crypto_se.o \
-	     psa_crypto_slot_management.o \
-	     psa_crypto_storage.o \
-	     psa_its_file.o \
-	     ripemd160.o \
-	     rsa.o \
-	     rsa_internal.o \
-	     sha1.o \
-	     sha256.o \
-	     sha512.o \
-	     threading.o \
-	     timing.o \
-	     version.o \
-	     version_features.o \
-	     xtea.o \
-	     # This line is intentionally left blank
-
-include ../3rdparty/Makefile.inc
-LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
-OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS)
-
-OBJS_X509= \
-	   certs.o \
-	   pkcs11.o \
-	   x509.o \
-	   x509_create.o \
-	   x509_crl.o \
-	   x509_crt.o \
-	   x509_csr.o \
-	   x509write_crt.o \
-	   x509write_csr.o \
-	   # This line is intentionally left blank
-
-OBJS_TLS= \
-	  debug.o \
-	  net_sockets.o \
-	  ssl_cache.o \
-	  ssl_ciphersuites.o \
-	  ssl_cli.o \
-	  ssl_cookie.o \
-	  ssl_msg.o \
-	  ssl_srv.o \
-	  ssl_ticket.o \
-	  ssl_tls.o \
-	  ssl_tls13_keys.o \
-	  # This line is intentionally left blank
-
-.SILENT:
-
-.PHONY: all static shared clean
-
-ifndef SHARED
-all: static
-else
-all: shared static
-endif
-
-static: libmbedcrypto.a libmbedx509.a libmbedtls.a
-	cd ../tests && echo "This is a seedfile that contains 64 bytes (65 on Windows)......" > seedfile
-
-shared: libmbedcrypto.$(DLEXT) libmbedx509.$(DLEXT) libmbedtls.$(DLEXT)
-
-# Windows builds under Mingw can fail if make tries to create archives in the same
-# directory at the same time - see https://bugs.launchpad.net/gcc-arm-embedded/+bug/1848002.
-# This forces builds of the .a files to be serialised.
-ifdef WINDOWS
-libmbedtls.a: | libmbedx509.a
-libmbedx509.a: | libmbedcrypto.a
-endif
-
-# tls
-libmbedtls.a: $(OBJS_TLS)
-	echo "  AR    $@"
-	$(AR) $(ARFLAGS) $@ $(OBJS_TLS)
-ifdef APPLE_BUILD
-ifneq ($(APPLE_BUILD),0)
-	echo "  RL    $@"
-	$(RL) $(RLFLAGS) $@
-endif
-endif
-
-libmbedtls.$(SOEXT_TLS): $(OBJS_TLS) libmbedx509.so
-	echo "  LD    $@"
-	$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
-
-libmbedtls.so: libmbedtls.$(SOEXT_TLS)
-	echo "  LN    $@ -> $<"
-	ln -sf $< $@
-
-libmbedtls.dylib: $(OBJS_TLS) libmbedx509.dylib
-	echo "  LD    $@"
-	$(CC) -dynamiclib -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
-
-libmbedtls.dll: $(OBJS_TLS) libmbedx509.dll
-	echo "  LD    $@"
-	$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_TLS) -lws2_32 -lwinmm -lgdi32 -L. -lmbedx509 -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
-
-# x509
-libmbedx509.a: $(OBJS_X509)
-	echo "  AR    $@"
-	$(AR) $(ARFLAGS) $@ $(OBJS_X509)
-ifdef APPLE_BUILD
-ifneq ($(APPLE_BUILD),0)
-	echo "  RL    $@"
-	$(RL) $(RLFLAGS) $@
-endif
-endif
-
-libmbedx509.$(SOEXT_X509): $(OBJS_X509) libmbedcrypto.so
-	echo "  LD    $@"
-	$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_X509) -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
-
-libmbedx509.so: libmbedx509.$(SOEXT_X509)
-	echo "  LN    $@ -> $<"
-	ln -sf $< $@
-
-libmbedx509.dylib: $(OBJS_X509) libmbedcrypto.dylib
-	echo "  LD    $@"
-	$(CC) -dynamiclib -o $@ $(OBJS_X509) -L. -lmbedcrypto  $(LOCAL_LDFLAGS) $(LDFLAGS)
-
-libmbedx509.dll: $(OBJS_X509) libmbedcrypto.dll
-	echo "  LD    $@"
-	$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_X509) -lws2_32 -lwinmm -lgdi32 -L. -lmbedcrypto -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
-
-# crypto
-libmbedcrypto.a: $(OBJS_CRYPTO)
-	echo "  AR    $@"
-	$(AR) $(ARFLAGS) $@ $(OBJS_CRYPTO)
-ifdef APPLE_BUILD
-ifneq ($(APPLE_BUILD),0)
-	echo "  RL    $@"
-	$(RL) $(RLFLAGS) $@
-endif
-endif
-
-libmbedcrypto.$(SOEXT_CRYPTO): $(OBJS_CRYPTO)
-	echo "  LD    $@"
-	$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS)
-
-libmbedcrypto.so: libmbedcrypto.$(SOEXT_CRYPTO)
-	echo "  LN    $@ -> $<"
-	ln -sf $< $@
-
-libmbedcrypto.dylib: $(OBJS_CRYPTO)
-	echo "  LD    $@"
-	$(CC) -dynamiclib -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS)
-
-libmbedcrypto.dll: $(OBJS_CRYPTO)
-	echo "  LD    $@"
-	$(CC) -shared -Wl,-soname,$@ -Wl,--out-implib,$@.a -o $@ $(OBJS_CRYPTO) -lws2_32 -lwinmm -lgdi32 -static-libgcc $(LOCAL_LDFLAGS) $(LDFLAGS)
-
-.c.o:
-	echo "  CC    $<"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
-
-clean:
-ifndef WINDOWS
-	rm -f *.o libmbed*
-	rm -f $(THIRDPARTY_CRYPTO_OBJECTS)
-else
-	if exist *.o del /Q /F *.o
-	if exist libmbed* del /Q /F libmbed*
-	del /Q /F del_errors_out_if_the_file_list_is_empty_but_not_if_a_file_does_not_exist $(subst /,\,$(THIRDPARTY_CRYPTO_OBJECTS))
-endif
diff --git a/Sources/mbedtls/library/aes.c b/Sources/mbedtls/library/aes.c
deleted file mode 100644
index 74ea267..0000000
--- a/Sources/mbedtls/library/aes.c
+++ /dev/null
@@ -1,2183 +0,0 @@
-/*
- *  FIPS-197 compliant AES implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
- *
- *  http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
- *  http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_AES_C)
-
-#include <string.h>
-
-#include "mbedtls/aes.h"
-#include "mbedtls/platform.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-#if defined(MBEDTLS_PADLOCK_C)
-#include "mbedtls/padlock.h"
-#endif
-#if defined(MBEDTLS_AESNI_C)
-#include "mbedtls/aesni.h"
-#endif
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_AES_ALT)
-
-/* Parameter validation macros based on platform_util.h */
-#define AES_VALIDATE_RET( cond )    \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA )
-#define AES_VALIDATE( cond )        \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#if defined(MBEDTLS_PADLOCK_C) &&                      \
-    ( defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16) )
-static int aes_padlock_ace = -1;
-#endif
-
-#if defined(MBEDTLS_AES_ROM_TABLES)
-/*
- * Forward S-box
- */
-static const unsigned char FSb[256] =
-{
-    0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
-    0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
-    0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
-    0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
-    0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC,
-    0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
-    0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A,
-    0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
-    0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
-    0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
-    0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B,
-    0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
-    0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85,
-    0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
-    0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
-    0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
-    0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17,
-    0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
-    0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88,
-    0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
-    0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
-    0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
-    0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9,
-    0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
-    0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6,
-    0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
-    0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
-    0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
-    0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94,
-    0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
-    0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
-    0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
-};
-
-/*
- * Forward tables
- */
-#define FT \
-\
-    V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \
-    V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \
-    V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \
-    V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \
-    V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \
-    V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \
-    V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \
-    V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \
-    V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \
-    V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \
-    V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \
-    V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \
-    V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \
-    V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \
-    V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \
-    V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \
-    V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \
-    V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \
-    V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \
-    V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \
-    V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \
-    V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \
-    V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \
-    V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \
-    V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \
-    V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \
-    V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \
-    V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \
-    V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \
-    V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \
-    V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \
-    V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \
-    V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \
-    V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \
-    V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \
-    V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \
-    V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \
-    V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \
-    V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \
-    V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \
-    V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \
-    V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \
-    V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \
-    V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \
-    V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \
-    V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \
-    V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \
-    V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \
-    V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \
-    V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \
-    V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \
-    V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \
-    V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \
-    V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \
-    V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \
-    V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \
-    V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \
-    V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \
-    V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \
-    V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \
-    V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \
-    V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \
-    V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \
-    V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C)
-
-#define V(a,b,c,d) 0x##a##b##c##d
-static const uint32_t FT0[256] = { FT };
-#undef V
-
-#if !defined(MBEDTLS_AES_FEWER_TABLES)
-
-#define V(a,b,c,d) 0x##b##c##d##a
-static const uint32_t FT1[256] = { FT };
-#undef V
-
-#define V(a,b,c,d) 0x##c##d##a##b
-static const uint32_t FT2[256] = { FT };
-#undef V
-
-#define V(a,b,c,d) 0x##d##a##b##c
-static const uint32_t FT3[256] = { FT };
-#undef V
-
-#endif /* !MBEDTLS_AES_FEWER_TABLES */
-
-#undef FT
-
-/*
- * Reverse S-box
- */
-static const unsigned char RSb[256] =
-{
-    0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
-    0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
-    0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
-    0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
-    0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D,
-    0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
-    0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2,
-    0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
-    0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
-    0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
-    0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA,
-    0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
-    0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A,
-    0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
-    0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
-    0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
-    0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA,
-    0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
-    0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85,
-    0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
-    0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
-    0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
-    0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20,
-    0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
-    0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31,
-    0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
-    0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
-    0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
-    0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0,
-    0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
-    0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
-    0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
-};
-
-/*
- * Reverse tables
- */
-#define RT \
-\
-    V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
-    V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
-    V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
-    V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
-    V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
-    V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
-    V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
-    V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
-    V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
-    V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
-    V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
-    V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
-    V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
-    V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
-    V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
-    V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
-    V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
-    V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
-    V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
-    V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
-    V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
-    V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
-    V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
-    V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
-    V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
-    V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
-    V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
-    V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
-    V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
-    V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
-    V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
-    V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
-    V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
-    V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
-    V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
-    V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
-    V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
-    V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
-    V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
-    V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
-    V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
-    V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
-    V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
-    V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
-    V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
-    V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
-    V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
-    V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
-    V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
-    V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
-    V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
-    V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
-    V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
-    V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
-    V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
-    V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
-    V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
-    V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
-    V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
-    V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
-    V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
-    V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
-    V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
-    V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
-
-#define V(a,b,c,d) 0x##a##b##c##d
-static const uint32_t RT0[256] = { RT };
-#undef V
-
-#if !defined(MBEDTLS_AES_FEWER_TABLES)
-
-#define V(a,b,c,d) 0x##b##c##d##a
-static const uint32_t RT1[256] = { RT };
-#undef V
-
-#define V(a,b,c,d) 0x##c##d##a##b
-static const uint32_t RT2[256] = { RT };
-#undef V
-
-#define V(a,b,c,d) 0x##d##a##b##c
-static const uint32_t RT3[256] = { RT };
-#undef V
-
-#endif /* !MBEDTLS_AES_FEWER_TABLES */
-
-#undef RT
-
-/*
- * Round constants
- */
-static const uint32_t RCON[10] =
-{
-    0x00000001, 0x00000002, 0x00000004, 0x00000008,
-    0x00000010, 0x00000020, 0x00000040, 0x00000080,
-    0x0000001B, 0x00000036
-};
-
-#else /* MBEDTLS_AES_ROM_TABLES */
-
-/*
- * Forward S-box & tables
- */
-static unsigned char FSb[256];
-static uint32_t FT0[256];
-#if !defined(MBEDTLS_AES_FEWER_TABLES)
-static uint32_t FT1[256];
-static uint32_t FT2[256];
-static uint32_t FT3[256];
-#endif /* !MBEDTLS_AES_FEWER_TABLES */
-
-/*
- * Reverse S-box & tables
- */
-static unsigned char RSb[256];
-static uint32_t RT0[256];
-#if !defined(MBEDTLS_AES_FEWER_TABLES)
-static uint32_t RT1[256];
-static uint32_t RT2[256];
-static uint32_t RT3[256];
-#endif /* !MBEDTLS_AES_FEWER_TABLES */
-
-/*
- * Round constants
- */
-static uint32_t RCON[10];
-
-/*
- * Tables generation code
- */
-#define ROTL8(x) ( ( (x) << 8 ) & 0xFFFFFFFF ) | ( (x) >> 24 )
-#define XTIME(x) ( ( (x) << 1 ) ^ ( ( (x) & 0x80 ) ? 0x1B : 0x00 ) )
-#define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 )
-
-static int aes_init_done = 0;
-
-static void aes_gen_tables( void )
-{
-    int i, x, y, z;
-    int pow[256];
-    int log[256];
-
-    /*
-     * compute pow and log tables over GF(2^8)
-     */
-    for( i = 0, x = 1; i < 256; i++ )
-    {
-        pow[i] = x;
-        log[x] = i;
-        x = MBEDTLS_BYTE_0( x ^ XTIME( x ) );
-    }
-
-    /*
-     * calculate the round constants
-     */
-    for( i = 0, x = 1; i < 10; i++ )
-    {
-        RCON[i] = (uint32_t) x;
-        x = MBEDTLS_BYTE_0( XTIME( x ) );
-    }
-
-    /*
-     * generate the forward and reverse S-boxes
-     */
-    FSb[0x00] = 0x63;
-    RSb[0x63] = 0x00;
-
-    for( i = 1; i < 256; i++ )
-    {
-        x = pow[255 - log[i]];
-
-        y  = x; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
-        x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
-        x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
-        x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) );
-        x ^= y ^ 0x63;
-
-        FSb[i] = (unsigned char) x;
-        RSb[x] = (unsigned char) i;
-    }
-
-    /*
-     * generate the forward and reverse tables
-     */
-    for( i = 0; i < 256; i++ )
-    {
-        x = FSb[i];
-        y = MBEDTLS_BYTE_0( XTIME( x ) );
-        z = MBEDTLS_BYTE_0( y ^ x );
-
-        FT0[i] = ( (uint32_t) y       ) ^
-                 ( (uint32_t) x <<  8 ) ^
-                 ( (uint32_t) x << 16 ) ^
-                 ( (uint32_t) z << 24 );
-
-#if !defined(MBEDTLS_AES_FEWER_TABLES)
-        FT1[i] = ROTL8( FT0[i] );
-        FT2[i] = ROTL8( FT1[i] );
-        FT3[i] = ROTL8( FT2[i] );
-#endif /* !MBEDTLS_AES_FEWER_TABLES */
-
-        x = RSb[i];
-
-        RT0[i] = ( (uint32_t) MUL( 0x0E, x )       ) ^
-                 ( (uint32_t) MUL( 0x09, x ) <<  8 ) ^
-                 ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^
-                 ( (uint32_t) MUL( 0x0B, x ) << 24 );
-
-#if !defined(MBEDTLS_AES_FEWER_TABLES)
-        RT1[i] = ROTL8( RT0[i] );
-        RT2[i] = ROTL8( RT1[i] );
-        RT3[i] = ROTL8( RT2[i] );
-#endif /* !MBEDTLS_AES_FEWER_TABLES */
-    }
-}
-
-#undef ROTL8
-
-#endif /* MBEDTLS_AES_ROM_TABLES */
-
-#if defined(MBEDTLS_AES_FEWER_TABLES)
-
-#define ROTL8(x)  ( (uint32_t)( ( x ) <<  8 ) + (uint32_t)( ( x ) >> 24 ) )
-#define ROTL16(x) ( (uint32_t)( ( x ) << 16 ) + (uint32_t)( ( x ) >> 16 ) )
-#define ROTL24(x) ( (uint32_t)( ( x ) << 24 ) + (uint32_t)( ( x ) >>  8 ) )
-
-#define AES_RT0(idx) RT0[idx]
-#define AES_RT1(idx) ROTL8(  RT0[idx] )
-#define AES_RT2(idx) ROTL16( RT0[idx] )
-#define AES_RT3(idx) ROTL24( RT0[idx] )
-
-#define AES_FT0(idx) FT0[idx]
-#define AES_FT1(idx) ROTL8(  FT0[idx] )
-#define AES_FT2(idx) ROTL16( FT0[idx] )
-#define AES_FT3(idx) ROTL24( FT0[idx] )
-
-#else /* MBEDTLS_AES_FEWER_TABLES */
-
-#define AES_RT0(idx) RT0[idx]
-#define AES_RT1(idx) RT1[idx]
-#define AES_RT2(idx) RT2[idx]
-#define AES_RT3(idx) RT3[idx]
-
-#define AES_FT0(idx) FT0[idx]
-#define AES_FT1(idx) FT1[idx]
-#define AES_FT2(idx) FT2[idx]
-#define AES_FT3(idx) FT3[idx]
-
-#endif /* MBEDTLS_AES_FEWER_TABLES */
-
-void mbedtls_aes_init( mbedtls_aes_context *ctx )
-{
-    AES_VALIDATE( ctx != NULL );
-
-    memset( ctx, 0, sizeof( mbedtls_aes_context ) );
-}
-
-void mbedtls_aes_free( mbedtls_aes_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
-{
-    AES_VALIDATE( ctx != NULL );
-
-    mbedtls_aes_init( &ctx->crypt );
-    mbedtls_aes_init( &ctx->tweak );
-}
-
-void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_aes_free( &ctx->crypt );
-    mbedtls_aes_free( &ctx->tweak );
-}
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/*
- * AES key schedule (encryption)
- */
-#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
-int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits )
-{
-    unsigned int i;
-    uint32_t *RK;
-
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( key != NULL );
-
-    switch( keybits )
-    {
-        case 128: ctx->nr = 10; break;
-        case 192: ctx->nr = 12; break;
-        case 256: ctx->nr = 14; break;
-        default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
-    }
-
-#if !defined(MBEDTLS_AES_ROM_TABLES)
-    if( aes_init_done == 0 )
-    {
-        aes_gen_tables();
-        aes_init_done = 1;
-    }
-#endif
-
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
-    if( aes_padlock_ace == -1 )
-        aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
-
-    if( aes_padlock_ace )
-        ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf );
-    else
-#endif
-    ctx->rk = RK = ctx->buf;
-
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
-        return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
-#endif
-
-    for( i = 0; i < ( keybits >> 5 ); i++ )
-    {
-        RK[i] = MBEDTLS_GET_UINT32_LE( key, i << 2 );
-    }
-
-    switch( ctx->nr )
-    {
-        case 10:
-
-            for( i = 0; i < 10; i++, RK += 4 )
-            {
-                RK[4]  = RK[0] ^ RCON[i] ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[3] ) ]       ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[3] ) ] <<  8 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[3] ) ] << 16 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[3] ) ] << 24 );
-
-                RK[5]  = RK[1] ^ RK[4];
-                RK[6]  = RK[2] ^ RK[5];
-                RK[7]  = RK[3] ^ RK[6];
-            }
-            break;
-
-        case 12:
-
-            for( i = 0; i < 8; i++, RK += 6 )
-            {
-                RK[6]  = RK[0] ^ RCON[i] ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[5] ) ]       ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[5] ) ] <<  8 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[5] ) ] << 16 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[5] ) ] << 24 );
-
-                RK[7]  = RK[1] ^ RK[6];
-                RK[8]  = RK[2] ^ RK[7];
-                RK[9]  = RK[3] ^ RK[8];
-                RK[10] = RK[4] ^ RK[9];
-                RK[11] = RK[5] ^ RK[10];
-            }
-            break;
-
-        case 14:
-
-            for( i = 0; i < 7; i++, RK += 8 )
-            {
-                RK[8]  = RK[0] ^ RCON[i] ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[7] ) ]       ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[7] ) ] <<  8 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[7] ) ] << 16 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[7] ) ] << 24 );
-
-                RK[9]  = RK[1] ^ RK[8];
-                RK[10] = RK[2] ^ RK[9];
-                RK[11] = RK[3] ^ RK[10];
-
-                RK[12] = RK[4] ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[11] ) ]       ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[11] ) ] <<  8 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[11] ) ] << 16 ) ^
-                ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[11] ) ] << 24 );
-
-                RK[13] = RK[5] ^ RK[12];
-                RK[14] = RK[6] ^ RK[13];
-                RK[15] = RK[7] ^ RK[14];
-            }
-            break;
-    }
-
-    return( 0 );
-}
-#endif /* !MBEDTLS_AES_SETKEY_ENC_ALT */
-
-/*
- * AES key schedule (decryption)
- */
-#if !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
-int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits )
-{
-    int i, j, ret;
-    mbedtls_aes_context cty;
-    uint32_t *RK;
-    uint32_t *SK;
-
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( key != NULL );
-
-    mbedtls_aes_init( &cty );
-
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
-    if( aes_padlock_ace == -1 )
-        aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
-
-    if( aes_padlock_ace )
-        ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf );
-    else
-#endif
-    ctx->rk = RK = ctx->buf;
-
-    /* Also checks keybits */
-    if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keybits ) ) != 0 )
-        goto exit;
-
-    ctx->nr = cty.nr;
-
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
-    {
-        mbedtls_aesni_inverse_key( (unsigned char *) ctx->rk,
-                           (const unsigned char *) cty.rk, ctx->nr );
-        goto exit;
-    }
-#endif
-
-    SK = cty.rk + cty.nr * 4;
-
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-
-    for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 )
-    {
-        for( j = 0; j < 4; j++, SK++ )
-        {
-            *RK++ = AES_RT0( FSb[ MBEDTLS_BYTE_0( *SK ) ] ) ^
-                    AES_RT1( FSb[ MBEDTLS_BYTE_1( *SK ) ] ) ^
-                    AES_RT2( FSb[ MBEDTLS_BYTE_2( *SK ) ] ) ^
-                    AES_RT3( FSb[ MBEDTLS_BYTE_3( *SK ) ] );
-        }
-    }
-
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-
-exit:
-    mbedtls_aes_free( &cty );
-
-    return( ret );
-}
-#endif /* !MBEDTLS_AES_SETKEY_DEC_ALT */
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-static int mbedtls_aes_xts_decode_keys( const unsigned char *key,
-                                        unsigned int keybits,
-                                        const unsigned char **key1,
-                                        unsigned int *key1bits,
-                                        const unsigned char **key2,
-                                        unsigned int *key2bits )
-{
-    const unsigned int half_keybits = keybits / 2;
-    const unsigned int half_keybytes = half_keybits / 8;
-
-    switch( keybits )
-    {
-        case 256: break;
-        case 512: break;
-        default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
-    }
-
-    *key1bits = half_keybits;
-    *key2bits = half_keybits;
-    *key1 = &key[0];
-    *key2 = &key[half_keybytes];
-
-    return 0;
-}
-
-int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
-                                const unsigned char *key,
-                                unsigned int keybits)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const unsigned char *key1, *key2;
-    unsigned int key1bits, key2bits;
-
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( key != NULL );
-
-    ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
-                                       &key2, &key2bits );
-    if( ret != 0 )
-        return( ret );
-
-    /* Set the tweak key. Always set tweak key for the encryption mode. */
-    ret = mbedtls_aes_setkey_enc( &ctx->tweak, key2, key2bits );
-    if( ret != 0 )
-        return( ret );
-
-    /* Set crypt key for encryption. */
-    return mbedtls_aes_setkey_enc( &ctx->crypt, key1, key1bits );
-}
-
-int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
-                                const unsigned char *key,
-                                unsigned int keybits)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const unsigned char *key1, *key2;
-    unsigned int key1bits, key2bits;
-
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( key != NULL );
-
-    ret = mbedtls_aes_xts_decode_keys( key, keybits, &key1, &key1bits,
-                                       &key2, &key2bits );
-    if( ret != 0 )
-        return( ret );
-
-    /* Set the tweak key. Always set tweak key for encryption. */
-    ret = mbedtls_aes_setkey_enc( &ctx->tweak, key2, key2bits );
-    if( ret != 0 )
-        return( ret );
-
-    /* Set crypt key for decryption. */
-    return mbedtls_aes_setkey_dec( &ctx->crypt, key1, key1bits );
-}
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-#define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3)                 \
-    do                                                      \
-    {                                                       \
-        (X0) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y0 ) ) ^    \
-                       AES_FT1( MBEDTLS_BYTE_1( Y1 ) ) ^    \
-                       AES_FT2( MBEDTLS_BYTE_2( Y2 ) ) ^    \
-                       AES_FT3( MBEDTLS_BYTE_3( Y3 ) );     \
-                                                            \
-        (X1) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y1 ) ) ^    \
-                       AES_FT1( MBEDTLS_BYTE_1( Y2 ) ) ^    \
-                       AES_FT2( MBEDTLS_BYTE_2( Y3 ) ) ^    \
-                       AES_FT3( MBEDTLS_BYTE_3( Y0 ) );     \
-                                                            \
-        (X2) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y2 ) ) ^    \
-                       AES_FT1( MBEDTLS_BYTE_1( Y3 ) ) ^    \
-                       AES_FT2( MBEDTLS_BYTE_2( Y0 ) ) ^    \
-                       AES_FT3( MBEDTLS_BYTE_3( Y1 ) );     \
-                                                            \
-        (X3) = *RK++ ^ AES_FT0( MBEDTLS_BYTE_0( Y3 ) ) ^    \
-                       AES_FT1( MBEDTLS_BYTE_1( Y0 ) ) ^    \
-                       AES_FT2( MBEDTLS_BYTE_2( Y1 ) ) ^    \
-                       AES_FT3( MBEDTLS_BYTE_3( Y2 ) );     \
-    } while( 0 )
-
-#define AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3)                 \
-    do                                                      \
-    {                                                       \
-        (X0) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y0 ) ) ^    \
-                       AES_RT1( MBEDTLS_BYTE_1( Y3 ) ) ^    \
-                       AES_RT2( MBEDTLS_BYTE_2( Y2 ) ) ^    \
-                       AES_RT3( MBEDTLS_BYTE_3( Y1 ) );     \
-                                                            \
-        (X1) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y1 ) ) ^    \
-                       AES_RT1( MBEDTLS_BYTE_1( Y0 ) ) ^    \
-                       AES_RT2( MBEDTLS_BYTE_2( Y3 ) ) ^    \
-                       AES_RT3( MBEDTLS_BYTE_3( Y2 ) );     \
-                                                            \
-        (X2) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y2 ) ) ^    \
-                       AES_RT1( MBEDTLS_BYTE_1( Y1 ) ) ^    \
-                       AES_RT2( MBEDTLS_BYTE_2( Y0 ) ) ^    \
-                       AES_RT3( MBEDTLS_BYTE_3( Y3 ) );     \
-                                                            \
-        (X3) = *RK++ ^ AES_RT0( MBEDTLS_BYTE_0( Y3 ) ) ^    \
-                       AES_RT1( MBEDTLS_BYTE_1( Y2 ) ) ^    \
-                       AES_RT2( MBEDTLS_BYTE_2( Y1 ) ) ^    \
-                       AES_RT3( MBEDTLS_BYTE_3( Y0 ) );     \
-    } while( 0 )
-
-/*
- * AES-ECB block encryption
- */
-#if !defined(MBEDTLS_AES_ENCRYPT_ALT)
-int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
-                                  const unsigned char input[16],
-                                  unsigned char output[16] )
-{
-    int i;
-    uint32_t *RK = ctx->rk;
-    struct
-    {
-        uint32_t X[4];
-        uint32_t Y[4];
-    } t;
-
-    t.X[0] = MBEDTLS_GET_UINT32_LE( input,  0 ); t.X[0] ^= *RK++;
-    t.X[1] = MBEDTLS_GET_UINT32_LE( input,  4 ); t.X[1] ^= *RK++;
-    t.X[2] = MBEDTLS_GET_UINT32_LE( input,  8 ); t.X[2] ^= *RK++;
-    t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
-
-    for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
-    {
-        AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
-        AES_FROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] );
-    }
-
-    AES_FROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
-
-    t.X[0] = *RK++ ^ \
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[0] ) ]       ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] <<  8 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
-
-    t.X[1] = *RK++ ^ \
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[1] ) ]       ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] <<  8 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
-
-    t.X[2] = *RK++ ^ \
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[2] ) ]       ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] <<  8 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
-
-    t.X[3] = *RK++ ^ \
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_0( t.Y[3] ) ]       ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] <<  8 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
-            ( (uint32_t) FSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
-
-    MBEDTLS_PUT_UINT32_LE( t.X[0], output,  0 );
-    MBEDTLS_PUT_UINT32_LE( t.X[1], output,  4 );
-    MBEDTLS_PUT_UINT32_LE( t.X[2], output,  8 );
-    MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
-
-    mbedtls_platform_zeroize( &t, sizeof( t ) );
-
-    return( 0 );
-}
-#endif /* !MBEDTLS_AES_ENCRYPT_ALT */
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
-                          const unsigned char input[16],
-                          unsigned char output[16] )
-{
-    MBEDTLS_IGNORE_RETURN( mbedtls_internal_aes_encrypt( ctx, input, output ) );
-}
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/*
- * AES-ECB block decryption
- */
-#if !defined(MBEDTLS_AES_DECRYPT_ALT)
-int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
-                                  const unsigned char input[16],
-                                  unsigned char output[16] )
-{
-    int i;
-    uint32_t *RK = ctx->rk;
-    struct
-    {
-        uint32_t X[4];
-        uint32_t Y[4];
-    } t;
-
-    t.X[0] = MBEDTLS_GET_UINT32_LE( input,  0 ); t.X[0] ^= *RK++;
-    t.X[1] = MBEDTLS_GET_UINT32_LE( input,  4 ); t.X[1] ^= *RK++;
-    t.X[2] = MBEDTLS_GET_UINT32_LE( input,  8 ); t.X[2] ^= *RK++;
-    t.X[3] = MBEDTLS_GET_UINT32_LE( input, 12 ); t.X[3] ^= *RK++;
-
-    for( i = ( ctx->nr >> 1 ) - 1; i > 0; i-- )
-    {
-        AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
-        AES_RROUND( t.X[0], t.X[1], t.X[2], t.X[3], t.Y[0], t.Y[1], t.Y[2], t.Y[3] );
-    }
-
-    AES_RROUND( t.Y[0], t.Y[1], t.Y[2], t.Y[3], t.X[0], t.X[1], t.X[2], t.X[3] );
-
-    t.X[0] = *RK++ ^ \
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[0] ) ]       ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[3] ) ] <<  8 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[2] ) ] << 16 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[1] ) ] << 24 );
-
-    t.X[1] = *RK++ ^ \
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[1] ) ]       ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[0] ) ] <<  8 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[3] ) ] << 16 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[2] ) ] << 24 );
-
-    t.X[2] = *RK++ ^ \
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[2] ) ]       ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[1] ) ] <<  8 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[0] ) ] << 16 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[3] ) ] << 24 );
-
-    t.X[3] = *RK++ ^ \
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_0( t.Y[3] ) ]       ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_1( t.Y[2] ) ] <<  8 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_2( t.Y[1] ) ] << 16 ) ^
-            ( (uint32_t) RSb[ MBEDTLS_BYTE_3( t.Y[0] ) ] << 24 );
-
-    MBEDTLS_PUT_UINT32_LE( t.X[0], output,  0 );
-    MBEDTLS_PUT_UINT32_LE( t.X[1], output,  4 );
-    MBEDTLS_PUT_UINT32_LE( t.X[2], output,  8 );
-    MBEDTLS_PUT_UINT32_LE( t.X[3], output, 12 );
-
-    mbedtls_platform_zeroize( &t, sizeof( t ) );
-
-    return( 0 );
-}
-#endif /* !MBEDTLS_AES_DECRYPT_ALT */
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
-                          const unsigned char input[16],
-                          unsigned char output[16] )
-{
-    MBEDTLS_IGNORE_RETURN( mbedtls_internal_aes_decrypt( ctx, input, output ) );
-}
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-
-/*
- * AES-ECB block encryption/decryption
- */
-int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
-                           int mode,
-                           const unsigned char input[16],
-                           unsigned char output[16] )
-{
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( input != NULL );
-    AES_VALIDATE_RET( output != NULL );
-    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
-                      mode == MBEDTLS_AES_DECRYPT );
-
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
-        return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
-#endif
-
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
-    if( aes_padlock_ace )
-    {
-        if( mbedtls_padlock_xcryptecb( ctx, mode, input, output ) == 0 )
-            return( 0 );
-
-        // If padlock data misaligned, we just fall back to
-        // unaccelerated mode
-        //
-    }
-#endif
-
-    if( mode == MBEDTLS_AES_ENCRYPT )
-        return( mbedtls_internal_aes_encrypt( ctx, input, output ) );
-    else
-        return( mbedtls_internal_aes_decrypt( ctx, input, output ) );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * AES-CBC buffer encryption/decryption
- */
-int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output )
-{
-    int i;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char temp[16];
-
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
-                      mode == MBEDTLS_AES_DECRYPT );
-    AES_VALIDATE_RET( iv != NULL );
-    AES_VALIDATE_RET( input != NULL );
-    AES_VALIDATE_RET( output != NULL );
-
-    if( length % 16 )
-        return( MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH );
-
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
-    if( aes_padlock_ace )
-    {
-        if( mbedtls_padlock_xcryptcbc( ctx, mode, length, iv, input, output ) == 0 )
-            return( 0 );
-
-        // If padlock data misaligned, we just fall back to
-        // unaccelerated mode
-        //
-    }
-#endif
-
-    if( mode == MBEDTLS_AES_DECRYPT )
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, 16 );
-            ret = mbedtls_aes_crypt_ecb( ctx, mode, input, output );
-            if( ret != 0 )
-                goto exit;
-
-            for( i = 0; i < 16; i++ )
-                output[i] = (unsigned char)( output[i] ^ iv[i] );
-
-            memcpy( iv, temp, 16 );
-
-            input  += 16;
-            output += 16;
-            length -= 16;
-        }
-    }
-    else
-    {
-        while( length > 0 )
-        {
-            for( i = 0; i < 16; i++ )
-                output[i] = (unsigned char)( input[i] ^ iv[i] );
-
-            ret = mbedtls_aes_crypt_ecb( ctx, mode, output, output );
-            if( ret != 0 )
-                goto exit;
-            memcpy( iv, output, 16 );
-
-            input  += 16;
-            output += 16;
-            length -= 16;
-        }
-    }
-    ret = 0;
-
-exit:
-    return( ret );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-
-typedef unsigned char mbedtls_be128[16];
-
-/*
- * GF(2^128) multiplication function
- *
- * This function multiplies a field element by x in the polynomial field
- * representation. It uses 64-bit word operations to gain speed but compensates
- * for machine endianness and hence works correctly on both big and little
- * endian machines.
- */
-static void mbedtls_gf128mul_x_ble( unsigned char r[16],
-                                    const unsigned char x[16] )
-{
-    uint64_t a, b, ra, rb;
-
-    a = MBEDTLS_GET_UINT64_LE( x, 0 );
-    b = MBEDTLS_GET_UINT64_LE( x, 8 );
-
-    ra = ( a << 1 )  ^ 0x0087 >> ( 8 - ( ( b >> 63 ) << 3 ) );
-    rb = ( a >> 63 ) | ( b << 1 );
-
-    MBEDTLS_PUT_UINT64_LE( ra, r, 0 );
-    MBEDTLS_PUT_UINT64_LE( rb, r, 8 );
-}
-
-/*
- * AES-XTS buffer encryption/decryption
- */
-int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
-                           int mode,
-                           size_t length,
-                           const unsigned char data_unit[16],
-                           const unsigned char *input,
-                           unsigned char *output )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t blocks = length / 16;
-    size_t leftover = length % 16;
-    unsigned char tweak[16];
-    unsigned char prev_tweak[16];
-    unsigned char tmp[16];
-
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
-                      mode == MBEDTLS_AES_DECRYPT );
-    AES_VALIDATE_RET( data_unit != NULL );
-    AES_VALIDATE_RET( input != NULL );
-    AES_VALIDATE_RET( output != NULL );
-
-    /* Data units must be at least 16 bytes long. */
-    if( length < 16 )
-        return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
-
-    /* NIST SP 800-38E disallows data units larger than 2**20 blocks. */
-    if( length > ( 1 << 20 ) * 16 )
-        return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
-
-    /* Compute the tweak. */
-    ret = mbedtls_aes_crypt_ecb( &ctx->tweak, MBEDTLS_AES_ENCRYPT,
-                                 data_unit, tweak );
-    if( ret != 0 )
-        return( ret );
-
-    while( blocks-- )
-    {
-        size_t i;
-
-        if( leftover && ( mode == MBEDTLS_AES_DECRYPT ) && blocks == 0 )
-        {
-            /* We are on the last block in a decrypt operation that has
-             * leftover bytes, so we need to use the next tweak for this block,
-             * and this tweak for the leftover bytes. Save the current tweak for
-             * the leftovers and then update the current tweak for use on this,
-             * the last full block. */
-            memcpy( prev_tweak, tweak, sizeof( tweak ) );
-            mbedtls_gf128mul_x_ble( tweak, tweak );
-        }
-
-        for( i = 0; i < 16; i++ )
-            tmp[i] = input[i] ^ tweak[i];
-
-        ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp );
-        if( ret != 0 )
-            return( ret );
-
-        for( i = 0; i < 16; i++ )
-            output[i] = tmp[i] ^ tweak[i];
-
-        /* Update the tweak for the next block. */
-        mbedtls_gf128mul_x_ble( tweak, tweak );
-
-        output += 16;
-        input += 16;
-    }
-
-    if( leftover )
-    {
-        /* If we are on the leftover bytes in a decrypt operation, we need to
-         * use the previous tweak for these bytes (as saved in prev_tweak). */
-        unsigned char *t = mode == MBEDTLS_AES_DECRYPT ? prev_tweak : tweak;
-
-        /* We are now on the final part of the data unit, which doesn't divide
-         * evenly by 16. It's time for ciphertext stealing. */
-        size_t i;
-        unsigned char *prev_output = output - 16;
-
-        /* Copy ciphertext bytes from the previous block to our output for each
-         * byte of ciphertext we won't steal. At the same time, copy the
-         * remainder of the input for this final round (since the loop bounds
-         * are the same). */
-        for( i = 0; i < leftover; i++ )
-        {
-            output[i] = prev_output[i];
-            tmp[i] = input[i] ^ t[i];
-        }
-
-        /* Copy ciphertext bytes from the previous block for input in this
-         * round. */
-        for( ; i < 16; i++ )
-            tmp[i] = prev_output[i] ^ t[i];
-
-        ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp );
-        if( ret != 0 )
-            return ret;
-
-        /* Write the result back to the previous block, overriding the previous
-         * output we copied. */
-        for( i = 0; i < 16; i++ )
-            prev_output[i] = tmp[i] ^ t[i];
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/*
- * AES-CFB128 buffer encryption/decryption
- */
-int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int c;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t n;
-
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
-                      mode == MBEDTLS_AES_DECRYPT );
-    AES_VALIDATE_RET( iv_off != NULL );
-    AES_VALIDATE_RET( iv != NULL );
-    AES_VALIDATE_RET( input != NULL );
-    AES_VALIDATE_RET( output != NULL );
-
-    n = *iv_off;
-
-    if( n > 15 )
-        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
-
-    if( mode == MBEDTLS_AES_DECRYPT )
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-            {
-                ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
-                if( ret != 0 )
-                    goto exit;
-            }
-
-            c = *input++;
-            *output++ = (unsigned char)( c ^ iv[n] );
-            iv[n] = (unsigned char) c;
-
-            n = ( n + 1 ) & 0x0F;
-        }
-    }
-    else
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-            {
-                ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
-                if( ret != 0 )
-                    goto exit;
-            }
-
-            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
-
-            n = ( n + 1 ) & 0x0F;
-        }
-    }
-
-    *iv_off = n;
-    ret = 0;
-
-exit:
-    return( ret );
-}
-
-/*
- * AES-CFB8 buffer encryption/decryption
- */
-int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
-                            int mode,
-                            size_t length,
-                            unsigned char iv[16],
-                            const unsigned char *input,
-                            unsigned char *output )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char c;
-    unsigned char ov[17];
-
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
-                      mode == MBEDTLS_AES_DECRYPT );
-    AES_VALIDATE_RET( iv != NULL );
-    AES_VALIDATE_RET( input != NULL );
-    AES_VALIDATE_RET( output != NULL );
-    while( length-- )
-    {
-        memcpy( ov, iv, 16 );
-        ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
-        if( ret != 0 )
-            goto exit;
-
-        if( mode == MBEDTLS_AES_DECRYPT )
-            ov[16] = *input;
-
-        c = *output++ = (unsigned char)( iv[0] ^ *input++ );
-
-        if( mode == MBEDTLS_AES_ENCRYPT )
-            ov[16] = c;
-
-        memcpy( iv, ov + 1, 16 );
-    }
-    ret = 0;
-
-exit:
-    return( ret );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-/*
- * AES-OFB (Output Feedback Mode) buffer encryption/decryption
- */
-int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
-                           size_t length,
-                           size_t *iv_off,
-                           unsigned char iv[16],
-                           const unsigned char *input,
-                           unsigned char *output )
-{
-    int ret = 0;
-    size_t n;
-
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( iv_off != NULL );
-    AES_VALIDATE_RET( iv != NULL );
-    AES_VALIDATE_RET( input != NULL );
-    AES_VALIDATE_RET( output != NULL );
-
-    n = *iv_off;
-
-    if( n > 15 )
-        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
-
-    while( length-- )
-    {
-        if( n == 0 )
-        {
-            ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
-            if( ret != 0 )
-                goto exit;
-        }
-        *output++ =  *input++ ^ iv[n];
-
-        n = ( n + 1 ) & 0x0F;
-    }
-
-    *iv_off = n;
-
-exit:
-    return( ret );
-}
-#endif /* MBEDTLS_CIPHER_MODE_OFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/*
- * AES-CTR buffer encryption/decryption
- */
-int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int c, i;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t n;
-
-    AES_VALIDATE_RET( ctx != NULL );
-    AES_VALIDATE_RET( nc_off != NULL );
-    AES_VALIDATE_RET( nonce_counter != NULL );
-    AES_VALIDATE_RET( stream_block != NULL );
-    AES_VALIDATE_RET( input != NULL );
-    AES_VALIDATE_RET( output != NULL );
-
-    n = *nc_off;
-
-    if ( n > 0x0F )
-        return( MBEDTLS_ERR_AES_BAD_INPUT_DATA );
-
-    while( length-- )
-    {
-        if( n == 0 ) {
-            ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
-            if( ret != 0 )
-                goto exit;
-
-            for( i = 16; i > 0; i-- )
-                if( ++nonce_counter[i - 1] != 0 )
-                    break;
-        }
-        c = *input++;
-        *output++ = (unsigned char)( c ^ stream_block[n] );
-
-        n = ( n + 1 ) & 0x0F;
-    }
-
-    *nc_off = n;
-    ret = 0;
-
-exit:
-    return( ret );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#endif /* !MBEDTLS_AES_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * AES test vectors from:
- *
- * http://csrc.nist.gov/archive/aes/rijndael/rijndael-vals.zip
- */
-static const unsigned char aes_test_ecb_dec[3][16] =
-{
-    { 0x44, 0x41, 0x6A, 0xC2, 0xD1, 0xF5, 0x3C, 0x58,
-      0x33, 0x03, 0x91, 0x7E, 0x6B, 0xE9, 0xEB, 0xE0 },
-    { 0x48, 0xE3, 0x1E, 0x9E, 0x25, 0x67, 0x18, 0xF2,
-      0x92, 0x29, 0x31, 0x9C, 0x19, 0xF1, 0x5B, 0xA4 },
-    { 0x05, 0x8C, 0xCF, 0xFD, 0xBB, 0xCB, 0x38, 0x2D,
-      0x1F, 0x6F, 0x56, 0x58, 0x5D, 0x8A, 0x4A, 0xDE }
-};
-
-static const unsigned char aes_test_ecb_enc[3][16] =
-{
-    { 0xC3, 0x4C, 0x05, 0x2C, 0xC0, 0xDA, 0x8D, 0x73,
-      0x45, 0x1A, 0xFE, 0x5F, 0x03, 0xBE, 0x29, 0x7F },
-    { 0xF3, 0xF6, 0x75, 0x2A, 0xE8, 0xD7, 0x83, 0x11,
-      0x38, 0xF0, 0x41, 0x56, 0x06, 0x31, 0xB1, 0x14 },
-    { 0x8B, 0x79, 0xEE, 0xCC, 0x93, 0xA0, 0xEE, 0x5D,
-      0xFF, 0x30, 0xB4, 0xEA, 0x21, 0x63, 0x6D, 0xA4 }
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const unsigned char aes_test_cbc_dec[3][16] =
-{
-    { 0xFA, 0xCA, 0x37, 0xE0, 0xB0, 0xC8, 0x53, 0x73,
-      0xDF, 0x70, 0x6E, 0x73, 0xF7, 0xC9, 0xAF, 0x86 },
-    { 0x5D, 0xF6, 0x78, 0xDD, 0x17, 0xBA, 0x4E, 0x75,
-      0xB6, 0x17, 0x68, 0xC6, 0xAD, 0xEF, 0x7C, 0x7B },
-    { 0x48, 0x04, 0xE1, 0x81, 0x8F, 0xE6, 0x29, 0x75,
-      0x19, 0xA3, 0xE8, 0x8C, 0x57, 0x31, 0x04, 0x13 }
-};
-
-static const unsigned char aes_test_cbc_enc[3][16] =
-{
-    { 0x8A, 0x05, 0xFC, 0x5E, 0x09, 0x5A, 0xF4, 0x84,
-      0x8A, 0x08, 0xD3, 0x28, 0xD3, 0x68, 0x8E, 0x3D },
-    { 0x7B, 0xD9, 0x66, 0xD5, 0x3A, 0xD8, 0xC1, 0xBB,
-      0x85, 0xD2, 0xAD, 0xFA, 0xE8, 0x7B, 0xB1, 0x04 },
-    { 0xFE, 0x3C, 0x53, 0x65, 0x3E, 0x2F, 0x45, 0xB5,
-      0x6F, 0xCD, 0x88, 0xB2, 0xCC, 0x89, 0x8F, 0xF0 }
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/*
- * AES-CFB128 test vectors from:
- *
- * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
- */
-static const unsigned char aes_test_cfb128_key[3][32] =
-{
-    { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
-      0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C },
-    { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
-      0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
-      0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B },
-    { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
-      0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
-      0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
-      0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
-};
-
-static const unsigned char aes_test_cfb128_iv[16] =
-{
-    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-};
-
-static const unsigned char aes_test_cfb128_pt[64] =
-{
-    0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
-    0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
-    0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
-    0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51,
-    0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
-    0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF,
-    0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17,
-    0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10
-};
-
-static const unsigned char aes_test_cfb128_ct[3][64] =
-{
-    { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20,
-      0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A,
-      0xC8, 0xA6, 0x45, 0x37, 0xA0, 0xB3, 0xA9, 0x3F,
-      0xCD, 0xE3, 0xCD, 0xAD, 0x9F, 0x1C, 0xE5, 0x8B,
-      0x26, 0x75, 0x1F, 0x67, 0xA3, 0xCB, 0xB1, 0x40,
-      0xB1, 0x80, 0x8C, 0xF1, 0x87, 0xA4, 0xF4, 0xDF,
-      0xC0, 0x4B, 0x05, 0x35, 0x7C, 0x5D, 0x1C, 0x0E,
-      0xEA, 0xC4, 0xC6, 0x6F, 0x9F, 0xF7, 0xF2, 0xE6 },
-    { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB,
-      0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74,
-      0x67, 0xCE, 0x7F, 0x7F, 0x81, 0x17, 0x36, 0x21,
-      0x96, 0x1A, 0x2B, 0x70, 0x17, 0x1D, 0x3D, 0x7A,
-      0x2E, 0x1E, 0x8A, 0x1D, 0xD5, 0x9B, 0x88, 0xB1,
-      0xC8, 0xE6, 0x0F, 0xED, 0x1E, 0xFA, 0xC4, 0xC9,
-      0xC0, 0x5F, 0x9F, 0x9C, 0xA9, 0x83, 0x4F, 0xA0,
-      0x42, 0xAE, 0x8F, 0xBA, 0x58, 0x4B, 0x09, 0xFF },
-    { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B,
-      0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60,
-      0x39, 0xFF, 0xED, 0x14, 0x3B, 0x28, 0xB1, 0xC8,
-      0x32, 0x11, 0x3C, 0x63, 0x31, 0xE5, 0x40, 0x7B,
-      0xDF, 0x10, 0x13, 0x24, 0x15, 0xE5, 0x4B, 0x92,
-      0xA1, 0x3E, 0xD0, 0xA8, 0x26, 0x7A, 0xE2, 0xF9,
-      0x75, 0xA3, 0x85, 0x74, 0x1A, 0xB9, 0xCE, 0xF8,
-      0x20, 0x31, 0x62, 0x3D, 0x55, 0xB1, 0xE4, 0x71 }
-};
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-/*
- * AES-OFB test vectors from:
- *
- * https://csrc.nist.gov/publications/detail/sp/800-38a/final
- */
-static const unsigned char aes_test_ofb_key[3][32] =
-{
-    { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
-      0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C },
-    { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
-      0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
-      0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B },
-    { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
-      0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
-      0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
-      0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
-};
-
-static const unsigned char aes_test_ofb_iv[16] =
-{
-    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
-};
-
-static const unsigned char aes_test_ofb_pt[64] =
-{
-    0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
-    0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
-    0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
-    0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51,
-    0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
-    0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF,
-    0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17,
-    0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10
-};
-
-static const unsigned char aes_test_ofb_ct[3][64] =
-{
-    { 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20,
-      0x33, 0x34, 0x49, 0xF8, 0xE8, 0x3C, 0xFB, 0x4A,
-      0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03,
-      0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25,
-      0x97, 0x40, 0x05, 0x1e, 0x9c, 0x5f, 0xec, 0xf6,
-      0x43, 0x44, 0xf7, 0xa8, 0x22, 0x60, 0xed, 0xcc,
-      0x30, 0x4c, 0x65, 0x28, 0xf6, 0x59, 0xc7, 0x78,
-      0x66, 0xa5, 0x10, 0xd9, 0xc1, 0xd6, 0xae, 0x5e },
-    { 0xCD, 0xC8, 0x0D, 0x6F, 0xDD, 0xF1, 0x8C, 0xAB,
-      0x34, 0xC2, 0x59, 0x09, 0xC9, 0x9A, 0x41, 0x74,
-      0xfc, 0xc2, 0x8b, 0x8d, 0x4c, 0x63, 0x83, 0x7c,
-      0x09, 0xe8, 0x17, 0x00, 0xc1, 0x10, 0x04, 0x01,
-      0x8d, 0x9a, 0x9a, 0xea, 0xc0, 0xf6, 0x59, 0x6f,
-      0x55, 0x9c, 0x6d, 0x4d, 0xaf, 0x59, 0xa5, 0xf2,
-      0x6d, 0x9f, 0x20, 0x08, 0x57, 0xca, 0x6c, 0x3e,
-      0x9c, 0xac, 0x52, 0x4b, 0xd9, 0xac, 0xc9, 0x2a },
-    { 0xDC, 0x7E, 0x84, 0xBF, 0xDA, 0x79, 0x16, 0x4B,
-      0x7E, 0xCD, 0x84, 0x86, 0x98, 0x5D, 0x38, 0x60,
-      0x4f, 0xeb, 0xdc, 0x67, 0x40, 0xd2, 0x0b, 0x3a,
-      0xc8, 0x8f, 0x6a, 0xd8, 0x2a, 0x4f, 0xb0, 0x8d,
-      0x71, 0xab, 0x47, 0xa0, 0x86, 0xe8, 0x6e, 0xed,
-      0xf3, 0x9d, 0x1c, 0x5b, 0xba, 0x97, 0xc4, 0x08,
-      0x01, 0x26, 0x14, 0x1d, 0x67, 0xf3, 0x7b, 0xe8,
-      0x53, 0x8f, 0x5a, 0x8b, 0xe7, 0x40, 0xe4, 0x84 }
-};
-#endif /* MBEDTLS_CIPHER_MODE_OFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/*
- * AES-CTR test vectors from:
- *
- * http://www.faqs.org/rfcs/rfc3686.html
- */
-
-static const unsigned char aes_test_ctr_key[3][16] =
-{
-    { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
-      0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
-    { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
-      0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
-    { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
-      0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
-};
-
-static const unsigned char aes_test_ctr_nonce_counter[3][16] =
-{
-    { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
-    { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
-      0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
-    { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
-      0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
-};
-
-static const unsigned char aes_test_ctr_pt[3][48] =
-{
-    { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
-      0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
-
-    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-      0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
-
-    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-      0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
-      0x20, 0x21, 0x22, 0x23 }
-};
-
-static const unsigned char aes_test_ctr_ct[3][48] =
-{
-    { 0xE4, 0x09, 0x5D, 0x4F, 0xB7, 0xA7, 0xB3, 0x79,
-      0x2D, 0x61, 0x75, 0xA3, 0x26, 0x13, 0x11, 0xB8 },
-    { 0x51, 0x04, 0xA1, 0x06, 0x16, 0x8A, 0x72, 0xD9,
-      0x79, 0x0D, 0x41, 0xEE, 0x8E, 0xDA, 0xD3, 0x88,
-      0xEB, 0x2E, 0x1E, 0xFC, 0x46, 0xDA, 0x57, 0xC8,
-      0xFC, 0xE6, 0x30, 0xDF, 0x91, 0x41, 0xBE, 0x28 },
-    { 0xC1, 0xCF, 0x48, 0xA8, 0x9F, 0x2F, 0xFD, 0xD9,
-      0xCF, 0x46, 0x52, 0xE9, 0xEF, 0xDB, 0x72, 0xD7,
-      0x45, 0x40, 0xA4, 0x2B, 0xDE, 0x6D, 0x78, 0x36,
-      0xD5, 0x9A, 0x5C, 0xEA, 0xAE, 0xF3, 0x10, 0x53,
-      0x25, 0xB2, 0x07, 0x2F }
-};
-
-static const int aes_test_ctr_len[3] =
-    { 16, 32, 36 };
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-/*
- * AES-XTS test vectors from:
- *
- * IEEE P1619/D16 Annex B
- * https://web.archive.org/web/20150629024421/http://grouper.ieee.org/groups/1619/email/pdf00086.pdf
- * (Archived from original at http://grouper.ieee.org/groups/1619/email/pdf00086.pdf)
- */
-static const unsigned char aes_test_xts_key[][32] =
-{
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-    { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-      0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
-      0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
-      0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
-    { 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
-      0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
-      0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
-      0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 },
-};
-
-static const unsigned char aes_test_xts_pt32[][32] =
-{
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-    { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
-      0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
-      0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
-      0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
-    { 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
-      0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
-      0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44,
-      0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44 },
-};
-
-static const unsigned char aes_test_xts_ct32[][32] =
-{
-    { 0x91, 0x7c, 0xf6, 0x9e, 0xbd, 0x68, 0xb2, 0xec,
-      0x9b, 0x9f, 0xe9, 0xa3, 0xea, 0xdd, 0xa6, 0x92,
-      0xcd, 0x43, 0xd2, 0xf5, 0x95, 0x98, 0xed, 0x85,
-      0x8c, 0x02, 0xc2, 0x65, 0x2f, 0xbf, 0x92, 0x2e },
-    { 0xc4, 0x54, 0x18, 0x5e, 0x6a, 0x16, 0x93, 0x6e,
-      0x39, 0x33, 0x40, 0x38, 0xac, 0xef, 0x83, 0x8b,
-      0xfb, 0x18, 0x6f, 0xff, 0x74, 0x80, 0xad, 0xc4,
-      0x28, 0x93, 0x82, 0xec, 0xd6, 0xd3, 0x94, 0xf0 },
-    { 0xaf, 0x85, 0x33, 0x6b, 0x59, 0x7a, 0xfc, 0x1a,
-      0x90, 0x0b, 0x2e, 0xb2, 0x1e, 0xc9, 0x49, 0xd2,
-      0x92, 0xdf, 0x4c, 0x04, 0x7e, 0x0b, 0x21, 0x53,
-      0x21, 0x86, 0xa5, 0x97, 0x1a, 0x22, 0x7a, 0x89 },
-};
-
-static const unsigned char aes_test_xts_data_unit[][16] =
-{
-   { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0x33, 0x33, 0x33, 0x33, 0x33, 0x00, 0x00, 0x00,
-     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-};
-
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-/*
- * Checkup routine
- */
-int mbedtls_aes_self_test( int verbose )
-{
-    int ret = 0, i, j, u, mode;
-    unsigned int keybits;
-    unsigned char key[32];
-    unsigned char buf[64];
-    const unsigned char *aes_tests;
-#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) || \
-    defined(MBEDTLS_CIPHER_MODE_OFB)
-    unsigned char iv[16];
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    unsigned char prv[16];
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR) || defined(MBEDTLS_CIPHER_MODE_CFB) || \
-    defined(MBEDTLS_CIPHER_MODE_OFB)
-    size_t offset;
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR) || defined(MBEDTLS_CIPHER_MODE_XTS)
-    int len;
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    unsigned char nonce_counter[16];
-    unsigned char stream_block[16];
-#endif
-    mbedtls_aes_context ctx;
-
-    memset( key, 0, 32 );
-    mbedtls_aes_init( &ctx );
-
-    /*
-     * ECB mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        keybits = 128 + u * 64;
-        mode = i & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-ECB-%3u (%s): ", keybits,
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
-
-        memset( buf, 0, 16 );
-
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
-            aes_tests = aes_test_ecb_dec[u];
-        }
-        else
-        {
-            ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
-            aes_tests = aes_test_ecb_enc[u];
-        }
-
-        /*
-         * AES-192 is an optional feature that may be unavailable when
-         * there is an alternative underlying implementation i.e. when
-         * MBEDTLS_AES_ALT is defined.
-         */
-        if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
-        {
-            mbedtls_printf( "skipped\n" );
-            continue;
-        }
-        else if( ret != 0 )
-        {
-            goto exit;
-        }
-
-        for( j = 0; j < 10000; j++ )
-        {
-            ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf );
-            if( ret != 0 )
-                goto exit;
-        }
-
-        if( memcmp( buf, aes_tests, 16 ) != 0 )
-        {
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    /*
-     * CBC mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        keybits = 128 + u * 64;
-        mode = i & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-CBC-%3u (%s): ", keybits,
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
-
-        memset( iv , 0, 16 );
-        memset( prv, 0, 16 );
-        memset( buf, 0, 16 );
-
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
-            aes_tests = aes_test_cbc_dec[u];
-        }
-        else
-        {
-            ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
-            aes_tests = aes_test_cbc_enc[u];
-        }
-
-        /*
-         * AES-192 is an optional feature that may be unavailable when
-         * there is an alternative underlying implementation i.e. when
-         * MBEDTLS_AES_ALT is defined.
-         */
-        if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
-        {
-            mbedtls_printf( "skipped\n" );
-            continue;
-        }
-        else if( ret != 0 )
-        {
-            goto exit;
-        }
-
-        for( j = 0; j < 10000; j++ )
-        {
-            if( mode == MBEDTLS_AES_ENCRYPT )
-            {
-                unsigned char tmp[16];
-
-                memcpy( tmp, prv, 16 );
-                memcpy( prv, buf, 16 );
-                memcpy( buf, tmp, 16 );
-            }
-
-            ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf );
-            if( ret != 0 )
-                goto exit;
-
-        }
-
-        if( memcmp( buf, aes_tests, 16 ) != 0 )
-        {
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    /*
-     * CFB128 mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        keybits = 128 + u * 64;
-        mode = i & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-CFB128-%3u (%s): ", keybits,
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( iv,  aes_test_cfb128_iv, 16 );
-        memcpy( key, aes_test_cfb128_key[u], keybits / 8 );
-
-        offset = 0;
-        ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
-        /*
-         * AES-192 is an optional feature that may be unavailable when
-         * there is an alternative underlying implementation i.e. when
-         * MBEDTLS_AES_ALT is defined.
-         */
-        if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
-        {
-            mbedtls_printf( "skipped\n" );
-            continue;
-        }
-        else if( ret != 0 )
-        {
-            goto exit;
-        }
-
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            memcpy( buf, aes_test_cfb128_ct[u], 64 );
-            aes_tests = aes_test_cfb128_pt;
-        }
-        else
-        {
-            memcpy( buf, aes_test_cfb128_pt, 64 );
-            aes_tests = aes_test_cfb128_ct[u];
-        }
-
-        ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf );
-        if( ret != 0 )
-            goto exit;
-
-        if( memcmp( buf, aes_tests, 64 ) != 0 )
-        {
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    /*
-     * OFB mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        keybits = 128 + u * 64;
-        mode = i & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-OFB-%3u (%s): ", keybits,
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( iv,  aes_test_ofb_iv, 16 );
-        memcpy( key, aes_test_ofb_key[u], keybits / 8 );
-
-        offset = 0;
-        ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
-        /*
-         * AES-192 is an optional feature that may be unavailable when
-         * there is an alternative underlying implementation i.e. when
-         * MBEDTLS_AES_ALT is defined.
-         */
-        if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && keybits == 192 )
-        {
-            mbedtls_printf( "skipped\n" );
-            continue;
-        }
-        else if( ret != 0 )
-        {
-            goto exit;
-        }
-
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            memcpy( buf, aes_test_ofb_ct[u], 64 );
-            aes_tests = aes_test_ofb_pt;
-        }
-        else
-        {
-            memcpy( buf, aes_test_ofb_pt, 64 );
-            aes_tests = aes_test_ofb_ct[u];
-        }
-
-        ret = mbedtls_aes_crypt_ofb( &ctx, 64, &offset, iv, buf, buf );
-        if( ret != 0 )
-            goto exit;
-
-        if( memcmp( buf, aes_tests, 64 ) != 0 )
-        {
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-#endif /* MBEDTLS_CIPHER_MODE_OFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    /*
-     * CTR mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        mode = i & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-CTR-128 (%s): ",
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
-        memcpy( key, aes_test_ctr_key[u], 16 );
-
-        offset = 0;
-        if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 )
-            goto exit;
-
-        len = aes_test_ctr_len[u];
-
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            memcpy( buf, aes_test_ctr_ct[u], len );
-            aes_tests = aes_test_ctr_pt[u];
-        }
-        else
-        {
-            memcpy( buf, aes_test_ctr_pt[u], len );
-            aes_tests = aes_test_ctr_ct[u];
-        }
-
-        ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter,
-                                     stream_block, buf, buf );
-        if( ret != 0 )
-            goto exit;
-
-        if( memcmp( buf, aes_tests, len ) != 0 )
-        {
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    {
-    static const int num_tests =
-        sizeof(aes_test_xts_key) / sizeof(*aes_test_xts_key);
-    mbedtls_aes_xts_context ctx_xts;
-
-    /*
-     * XTS mode
-     */
-    mbedtls_aes_xts_init( &ctx_xts );
-
-    for( i = 0; i < num_tests << 1; i++ )
-    {
-        const unsigned char *data_unit;
-        u = i >> 1;
-        mode = i & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  AES-XTS-128 (%s): ",
-                            ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
-
-        memset( key, 0, sizeof( key ) );
-        memcpy( key, aes_test_xts_key[u], 32 );
-        data_unit = aes_test_xts_data_unit[u];
-
-        len = sizeof( *aes_test_xts_ct32 );
-
-        if( mode == MBEDTLS_AES_DECRYPT )
-        {
-            ret = mbedtls_aes_xts_setkey_dec( &ctx_xts, key, 256 );
-            if( ret != 0)
-                goto exit;
-            memcpy( buf, aes_test_xts_ct32[u], len );
-            aes_tests = aes_test_xts_pt32[u];
-        }
-        else
-        {
-            ret = mbedtls_aes_xts_setkey_enc( &ctx_xts, key, 256 );
-            if( ret != 0)
-                goto exit;
-            memcpy( buf, aes_test_xts_pt32[u], len );
-            aes_tests = aes_test_xts_ct32[u];
-        }
-
-
-        ret = mbedtls_aes_crypt_xts( &ctx_xts, mode, len, data_unit,
-                                     buf, buf );
-        if( ret != 0 )
-            goto exit;
-
-        if( memcmp( buf, aes_tests, len ) != 0 )
-        {
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    mbedtls_aes_xts_free( &ctx_xts );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-    ret = 0;
-
-exit:
-    if( ret != 0 && verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-    mbedtls_aes_free( &ctx );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_AES_C */
diff --git a/Sources/mbedtls/library/aesni.c b/Sources/mbedtls/library/aesni.c
deleted file mode 100644
index 996292f..0000000
--- a/Sources/mbedtls/library/aesni.c
+++ /dev/null
@@ -1,464 +0,0 @@
-/*
- *  AES-NI support functions
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- * [AES-WP] http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set
- * [CLMUL-WP] http://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode/
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_AESNI_C)
-
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer)
-#warning "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
-#endif
-#endif
-
-#include "mbedtls/aesni.h"
-
-#include <string.h>
-
-#ifndef asm
-#define asm __asm
-#endif
-
-#if defined(MBEDTLS_HAVE_X86_64)
-
-/*
- * AES-NI support detection routine
- */
-int mbedtls_aesni_has_support( unsigned int what )
-{
-    static int done = 0;
-    static unsigned int c = 0;
-
-    if( ! done )
-    {
-        asm( "movl  $1, %%eax   \n\t"
-             "cpuid             \n\t"
-             : "=c" (c)
-             :
-             : "eax", "ebx", "edx" );
-        done = 1;
-    }
-
-    return( ( c & what ) != 0 );
-}
-
-/*
- * Binutils needs to be at least 2.19 to support AES-NI instructions.
- * Unfortunately, a lot of users have a lower version now (2014-04).
- * Emit bytecode directly in order to support "old" version of gas.
- *
- * Opcodes from the Intel architecture reference manual, vol. 3.
- * We always use registers, so we don't need prefixes for memory operands.
- * Operand macros are in gas order (src, dst) as opposed to Intel order
- * (dst, src) in order to blend better into the surrounding assembly code.
- */
-#define AESDEC      ".byte 0x66,0x0F,0x38,0xDE,"
-#define AESDECLAST  ".byte 0x66,0x0F,0x38,0xDF,"
-#define AESENC      ".byte 0x66,0x0F,0x38,0xDC,"
-#define AESENCLAST  ".byte 0x66,0x0F,0x38,0xDD,"
-#define AESIMC      ".byte 0x66,0x0F,0x38,0xDB,"
-#define AESKEYGENA  ".byte 0x66,0x0F,0x3A,0xDF,"
-#define PCLMULQDQ   ".byte 0x66,0x0F,0x3A,0x44,"
-
-#define xmm0_xmm0   "0xC0"
-#define xmm0_xmm1   "0xC8"
-#define xmm0_xmm2   "0xD0"
-#define xmm0_xmm3   "0xD8"
-#define xmm0_xmm4   "0xE0"
-#define xmm1_xmm0   "0xC1"
-#define xmm1_xmm2   "0xD1"
-
-/*
- * AES-NI AES-ECB block en(de)cryption
- */
-int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
-                     int mode,
-                     const unsigned char input[16],
-                     unsigned char output[16] )
-{
-    asm( "movdqu    (%3), %%xmm0    \n\t" // load input
-         "movdqu    (%1), %%xmm1    \n\t" // load round key 0
-         "pxor      %%xmm1, %%xmm0  \n\t" // round 0
-         "add       $16, %1         \n\t" // point to next round key
-         "subl      $1, %0          \n\t" // normal rounds = nr - 1
-         "test      %2, %2          \n\t" // mode?
-         "jz        2f              \n\t" // 0 = decrypt
-
-         "1:                        \n\t" // encryption loop
-         "movdqu    (%1), %%xmm1    \n\t" // load round key
-         AESENC     xmm1_xmm0      "\n\t" // do round
-         "add       $16, %1         \n\t" // point to next round key
-         "subl      $1, %0          \n\t" // loop
-         "jnz       1b              \n\t"
-         "movdqu    (%1), %%xmm1    \n\t" // load round key
-         AESENCLAST xmm1_xmm0      "\n\t" // last round
-         "jmp       3f              \n\t"
-
-         "2:                        \n\t" // decryption loop
-         "movdqu    (%1), %%xmm1    \n\t"
-         AESDEC     xmm1_xmm0      "\n\t" // do round
-         "add       $16, %1         \n\t"
-         "subl      $1, %0          \n\t"
-         "jnz       2b              \n\t"
-         "movdqu    (%1), %%xmm1    \n\t" // load round key
-         AESDECLAST xmm1_xmm0      "\n\t" // last round
-
-         "3:                        \n\t"
-         "movdqu    %%xmm0, (%4)    \n\t" // export output
-         :
-         : "r" (ctx->nr), "r" (ctx->rk), "r" (mode), "r" (input), "r" (output)
-         : "memory", "cc", "xmm0", "xmm1" );
-
-
-    return( 0 );
-}
-
-/*
- * GCM multiplication: c = a times b in GF(2^128)
- * Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5.
- */
-void mbedtls_aesni_gcm_mult( unsigned char c[16],
-                     const unsigned char a[16],
-                     const unsigned char b[16] )
-{
-    unsigned char aa[16], bb[16], cc[16];
-    size_t i;
-
-    /* The inputs are in big-endian order, so byte-reverse them */
-    for( i = 0; i < 16; i++ )
-    {
-        aa[i] = a[15 - i];
-        bb[i] = b[15 - i];
-    }
-
-    asm( "movdqu (%0), %%xmm0               \n\t" // a1:a0
-         "movdqu (%1), %%xmm1               \n\t" // b1:b0
-
-         /*
-          * Caryless multiplication xmm2:xmm1 = xmm0 * xmm1
-          * using [CLMUL-WP] algorithm 1 (p. 13).
-          */
-         "movdqa %%xmm1, %%xmm2             \n\t" // copy of b1:b0
-         "movdqa %%xmm1, %%xmm3             \n\t" // same
-         "movdqa %%xmm1, %%xmm4             \n\t" // same
-         PCLMULQDQ xmm0_xmm1 ",0x00         \n\t" // a0*b0 = c1:c0
-         PCLMULQDQ xmm0_xmm2 ",0x11         \n\t" // a1*b1 = d1:d0
-         PCLMULQDQ xmm0_xmm3 ",0x10         \n\t" // a0*b1 = e1:e0
-         PCLMULQDQ xmm0_xmm4 ",0x01         \n\t" // a1*b0 = f1:f0
-         "pxor %%xmm3, %%xmm4               \n\t" // e1+f1:e0+f0
-         "movdqa %%xmm4, %%xmm3             \n\t" // same
-         "psrldq $8, %%xmm4                 \n\t" // 0:e1+f1
-         "pslldq $8, %%xmm3                 \n\t" // e0+f0:0
-         "pxor %%xmm4, %%xmm2               \n\t" // d1:d0+e1+f1
-         "pxor %%xmm3, %%xmm1               \n\t" // c1+e0+f1:c0
-
-         /*
-          * Now shift the result one bit to the left,
-          * taking advantage of [CLMUL-WP] eq 27 (p. 20)
-          */
-         "movdqa %%xmm1, %%xmm3             \n\t" // r1:r0
-         "movdqa %%xmm2, %%xmm4             \n\t" // r3:r2
-         "psllq $1, %%xmm1                  \n\t" // r1<<1:r0<<1
-         "psllq $1, %%xmm2                  \n\t" // r3<<1:r2<<1
-         "psrlq $63, %%xmm3                 \n\t" // r1>>63:r0>>63
-         "psrlq $63, %%xmm4                 \n\t" // r3>>63:r2>>63
-         "movdqa %%xmm3, %%xmm5             \n\t" // r1>>63:r0>>63
-         "pslldq $8, %%xmm3                 \n\t" // r0>>63:0
-         "pslldq $8, %%xmm4                 \n\t" // r2>>63:0
-         "psrldq $8, %%xmm5                 \n\t" // 0:r1>>63
-         "por %%xmm3, %%xmm1                \n\t" // r1<<1|r0>>63:r0<<1
-         "por %%xmm4, %%xmm2                \n\t" // r3<<1|r2>>62:r2<<1
-         "por %%xmm5, %%xmm2                \n\t" // r3<<1|r2>>62:r2<<1|r1>>63
-
-         /*
-          * Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1
-          * using [CLMUL-WP] algorithm 5 (p. 20).
-          * Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted).
-          */
-         /* Step 2 (1) */
-         "movdqa %%xmm1, %%xmm3             \n\t" // x1:x0
-         "movdqa %%xmm1, %%xmm4             \n\t" // same
-         "movdqa %%xmm1, %%xmm5             \n\t" // same
-         "psllq $63, %%xmm3                 \n\t" // x1<<63:x0<<63 = stuff:a
-         "psllq $62, %%xmm4                 \n\t" // x1<<62:x0<<62 = stuff:b
-         "psllq $57, %%xmm5                 \n\t" // x1<<57:x0<<57 = stuff:c
-
-         /* Step 2 (2) */
-         "pxor %%xmm4, %%xmm3               \n\t" // stuff:a+b
-         "pxor %%xmm5, %%xmm3               \n\t" // stuff:a+b+c
-         "pslldq $8, %%xmm3                 \n\t" // a+b+c:0
-         "pxor %%xmm3, %%xmm1               \n\t" // x1+a+b+c:x0 = d:x0
-
-         /* Steps 3 and 4 */
-         "movdqa %%xmm1,%%xmm0              \n\t" // d:x0
-         "movdqa %%xmm1,%%xmm4              \n\t" // same
-         "movdqa %%xmm1,%%xmm5              \n\t" // same
-         "psrlq $1, %%xmm0                  \n\t" // e1:x0>>1 = e1:e0'
-         "psrlq $2, %%xmm4                  \n\t" // f1:x0>>2 = f1:f0'
-         "psrlq $7, %%xmm5                  \n\t" // g1:x0>>7 = g1:g0'
-         "pxor %%xmm4, %%xmm0               \n\t" // e1+f1:e0'+f0'
-         "pxor %%xmm5, %%xmm0               \n\t" // e1+f1+g1:e0'+f0'+g0'
-         // e0'+f0'+g0' is almost e0+f0+g0, ex\tcept for some missing
-         // bits carried from d. Now get those\t bits back in.
-         "movdqa %%xmm1,%%xmm3              \n\t" // d:x0
-         "movdqa %%xmm1,%%xmm4              \n\t" // same
-         "movdqa %%xmm1,%%xmm5              \n\t" // same
-         "psllq $63, %%xmm3                 \n\t" // d<<63:stuff
-         "psllq $62, %%xmm4                 \n\t" // d<<62:stuff
-         "psllq $57, %%xmm5                 \n\t" // d<<57:stuff
-         "pxor %%xmm4, %%xmm3               \n\t" // d<<63+d<<62:stuff
-         "pxor %%xmm5, %%xmm3               \n\t" // missing bits of d:stuff
-         "psrldq $8, %%xmm3                 \n\t" // 0:missing bits of d
-         "pxor %%xmm3, %%xmm0               \n\t" // e1+f1+g1:e0+f0+g0
-         "pxor %%xmm1, %%xmm0               \n\t" // h1:h0
-         "pxor %%xmm2, %%xmm0               \n\t" // x3+h1:x2+h0
-
-         "movdqu %%xmm0, (%2)               \n\t" // done
-         :
-         : "r" (aa), "r" (bb), "r" (cc)
-         : "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5" );
-
-    /* Now byte-reverse the outputs */
-    for( i = 0; i < 16; i++ )
-        c[i] = cc[15 - i];
-
-    return;
-}
-
-/*
- * Compute decryption round keys from encryption round keys
- */
-void mbedtls_aesni_inverse_key( unsigned char *invkey,
-                        const unsigned char *fwdkey, int nr )
-{
-    unsigned char *ik = invkey;
-    const unsigned char *fk = fwdkey + 16 * nr;
-
-    memcpy( ik, fk, 16 );
-
-    for( fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16 )
-        asm( "movdqu (%0), %%xmm0       \n\t"
-             AESIMC  xmm0_xmm0         "\n\t"
-             "movdqu %%xmm0, (%1)       \n\t"
-             :
-             : "r" (fk), "r" (ik)
-             : "memory", "xmm0" );
-
-    memcpy( ik, fk, 16 );
-}
-
-/*
- * Key expansion, 128-bit case
- */
-static void aesni_setkey_enc_128( unsigned char *rk,
-                                  const unsigned char *key )
-{
-    asm( "movdqu (%1), %%xmm0               \n\t" // copy the original key
-         "movdqu %%xmm0, (%0)               \n\t" // as round key 0
-         "jmp 2f                            \n\t" // skip auxiliary routine
-
-         /*
-          * Finish generating the next round key.
-          *
-          * On entry xmm0 is r3:r2:r1:r0 and xmm1 is X:stuff:stuff:stuff
-          * with X = rot( sub( r3 ) ) ^ RCON.
-          *
-          * On exit, xmm0 is r7:r6:r5:r4
-          * with r4 = X + r0, r5 = r4 + r1, r6 = r5 + r2, r7 = r6 + r3
-          * and those are written to the round key buffer.
-          */
-         "1:                                \n\t"
-         "pshufd $0xff, %%xmm1, %%xmm1      \n\t" // X:X:X:X
-         "pxor %%xmm0, %%xmm1               \n\t" // X+r3:X+r2:X+r1:r4
-         "pslldq $4, %%xmm0                 \n\t" // r2:r1:r0:0
-         "pxor %%xmm0, %%xmm1               \n\t" // X+r3+r2:X+r2+r1:r5:r4
-         "pslldq $4, %%xmm0                 \n\t" // etc
-         "pxor %%xmm0, %%xmm1               \n\t"
-         "pslldq $4, %%xmm0                 \n\t"
-         "pxor %%xmm1, %%xmm0               \n\t" // update xmm0 for next time!
-         "add $16, %0                       \n\t" // point to next round key
-         "movdqu %%xmm0, (%0)               \n\t" // write it
-         "ret                               \n\t"
-
-         /* Main "loop" */
-         "2:                                \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x01        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x02        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x04        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x08        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x10        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x20        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x40        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x80        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x1B        \n\tcall 1b \n\t"
-         AESKEYGENA xmm0_xmm1 ",0x36        \n\tcall 1b \n\t"
-         :
-         : "r" (rk), "r" (key)
-         : "memory", "cc", "0" );
-}
-
-/*
- * Key expansion, 192-bit case
- */
-static void aesni_setkey_enc_192( unsigned char *rk,
-                                  const unsigned char *key )
-{
-    asm( "movdqu (%1), %%xmm0   \n\t" // copy original round key
-         "movdqu %%xmm0, (%0)   \n\t"
-         "add $16, %0           \n\t"
-         "movq 16(%1), %%xmm1   \n\t"
-         "movq %%xmm1, (%0)     \n\t"
-         "add $8, %0            \n\t"
-         "jmp 2f                \n\t" // skip auxiliary routine
-
-         /*
-          * Finish generating the next 6 quarter-keys.
-          *
-          * On entry xmm0 is r3:r2:r1:r0, xmm1 is stuff:stuff:r5:r4
-          * and xmm2 is stuff:stuff:X:stuff with X = rot( sub( r3 ) ) ^ RCON.
-          *
-          * On exit, xmm0 is r9:r8:r7:r6 and xmm1 is stuff:stuff:r11:r10
-          * and those are written to the round key buffer.
-          */
-         "1:                            \n\t"
-         "pshufd $0x55, %%xmm2, %%xmm2  \n\t" // X:X:X:X
-         "pxor %%xmm0, %%xmm2           \n\t" // X+r3:X+r2:X+r1:r4
-         "pslldq $4, %%xmm0             \n\t" // etc
-         "pxor %%xmm0, %%xmm2           \n\t"
-         "pslldq $4, %%xmm0             \n\t"
-         "pxor %%xmm0, %%xmm2           \n\t"
-         "pslldq $4, %%xmm0             \n\t"
-         "pxor %%xmm2, %%xmm0           \n\t" // update xmm0 = r9:r8:r7:r6
-         "movdqu %%xmm0, (%0)           \n\t"
-         "add $16, %0                   \n\t"
-         "pshufd $0xff, %%xmm0, %%xmm2  \n\t" // r9:r9:r9:r9
-         "pxor %%xmm1, %%xmm2           \n\t" // stuff:stuff:r9+r5:r10
-         "pslldq $4, %%xmm1             \n\t" // r2:r1:r0:0
-         "pxor %%xmm2, %%xmm1           \n\t" // xmm1 = stuff:stuff:r11:r10
-         "movq %%xmm1, (%0)             \n\t"
-         "add $8, %0                    \n\t"
-         "ret                           \n\t"
-
-         "2:                            \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x01    \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x02    \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x04    \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x08    \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x10    \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x20    \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x40    \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x80    \n\tcall 1b \n\t"
-
-         :
-         : "r" (rk), "r" (key)
-         : "memory", "cc", "0" );
-}
-
-/*
- * Key expansion, 256-bit case
- */
-static void aesni_setkey_enc_256( unsigned char *rk,
-                                  const unsigned char *key )
-{
-    asm( "movdqu (%1), %%xmm0           \n\t"
-         "movdqu %%xmm0, (%0)           \n\t"
-         "add $16, %0                   \n\t"
-         "movdqu 16(%1), %%xmm1         \n\t"
-         "movdqu %%xmm1, (%0)           \n\t"
-         "jmp 2f                        \n\t" // skip auxiliary routine
-
-         /*
-          * Finish generating the next two round keys.
-          *
-          * On entry xmm0 is r3:r2:r1:r0, xmm1 is r7:r6:r5:r4 and
-          * xmm2 is X:stuff:stuff:stuff with X = rot( sub( r7 )) ^ RCON
-          *
-          * On exit, xmm0 is r11:r10:r9:r8 and xmm1 is r15:r14:r13:r12
-          * and those have been written to the output buffer.
-          */
-         "1:                                \n\t"
-         "pshufd $0xff, %%xmm2, %%xmm2      \n\t"
-         "pxor %%xmm0, %%xmm2               \n\t"
-         "pslldq $4, %%xmm0                 \n\t"
-         "pxor %%xmm0, %%xmm2               \n\t"
-         "pslldq $4, %%xmm0                 \n\t"
-         "pxor %%xmm0, %%xmm2               \n\t"
-         "pslldq $4, %%xmm0                 \n\t"
-         "pxor %%xmm2, %%xmm0               \n\t"
-         "add $16, %0                       \n\t"
-         "movdqu %%xmm0, (%0)               \n\t"
-
-         /* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 )
-          * and proceed to generate next round key from there */
-         AESKEYGENA xmm0_xmm2 ",0x00        \n\t"
-         "pshufd $0xaa, %%xmm2, %%xmm2      \n\t"
-         "pxor %%xmm1, %%xmm2               \n\t"
-         "pslldq $4, %%xmm1                 \n\t"
-         "pxor %%xmm1, %%xmm2               \n\t"
-         "pslldq $4, %%xmm1                 \n\t"
-         "pxor %%xmm1, %%xmm2               \n\t"
-         "pslldq $4, %%xmm1                 \n\t"
-         "pxor %%xmm2, %%xmm1               \n\t"
-         "add $16, %0                       \n\t"
-         "movdqu %%xmm1, (%0)               \n\t"
-         "ret                               \n\t"
-
-         /*
-          * Main "loop" - Generating one more key than necessary,
-          * see definition of mbedtls_aes_context.buf
-          */
-         "2:                                \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x01        \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x02        \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x04        \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x08        \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x10        \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x20        \n\tcall 1b \n\t"
-         AESKEYGENA xmm1_xmm2 ",0x40        \n\tcall 1b \n\t"
-         :
-         : "r" (rk), "r" (key)
-         : "memory", "cc", "0" );
-}
-
-/*
- * Key expansion, wrapper
- */
-int mbedtls_aesni_setkey_enc( unsigned char *rk,
-                      const unsigned char *key,
-                      size_t bits )
-{
-    switch( bits )
-    {
-        case 128: aesni_setkey_enc_128( rk, key ); break;
-        case 192: aesni_setkey_enc_192( rk, key ); break;
-        case 256: aesni_setkey_enc_256( rk, key ); break;
-        default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
-    }
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_HAVE_X86_64 */
-
-#endif /* MBEDTLS_AESNI_C */
diff --git a/Sources/mbedtls/library/arc4.c b/Sources/mbedtls/library/arc4.c
deleted file mode 100644
index dcc13d5..0000000
--- a/Sources/mbedtls/library/arc4.c
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
- *  An implementation of the ARCFOUR algorithm
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The ARCFOUR algorithm was publicly disclosed on 94/09.
- *
- *  http://groups.google.com/group/sci.crypt/msg/10a300c9d21afca0
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_ARC4_C)
-
-#include "mbedtls/arc4.h"
-#include "mbedtls/platform_util.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_ARC4_ALT)
-
-void mbedtls_arc4_init( mbedtls_arc4_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_arc4_context ) );
-}
-
-void mbedtls_arc4_free( mbedtls_arc4_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) );
-}
-
-/*
- * ARC4 key schedule
- */
-void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
-                 unsigned int keylen )
-{
-    int i, j, a;
-    unsigned int k;
-    unsigned char *m;
-
-    ctx->x = 0;
-    ctx->y = 0;
-    m = ctx->m;
-
-    for( i = 0; i < 256; i++ )
-        m[i] = (unsigned char) i;
-
-    j = k = 0;
-
-    for( i = 0; i < 256; i++, k++ )
-    {
-        if( k >= keylen ) k = 0;
-
-        a = m[i];
-        j = ( j + a + key[k] ) & 0xFF;
-        m[i] = m[j];
-        m[j] = (unsigned char) a;
-    }
-}
-
-/*
- * ARC4 cipher function
- */
-int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
-                unsigned char *output )
-{
-    int x, y, a, b;
-    size_t i;
-    unsigned char *m;
-
-    x = ctx->x;
-    y = ctx->y;
-    m = ctx->m;
-
-    for( i = 0; i < length; i++ )
-    {
-        x = ( x + 1 ) & 0xFF; a = m[x];
-        y = ( y + a ) & 0xFF; b = m[y];
-
-        m[x] = (unsigned char) b;
-        m[y] = (unsigned char) a;
-
-        output[i] = (unsigned char)
-            ( input[i] ^ m[(unsigned char)( a + b )] );
-    }
-
-    ctx->x = x;
-    ctx->y = y;
-
-    return( 0 );
-}
-
-#endif /* !MBEDTLS_ARC4_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * ARC4 tests vectors as posted by Eric Rescorla in sep. 1994:
- *
- * http://groups.google.com/group/comp.security.misc/msg/10a300c9d21afca0
- */
-static const unsigned char arc4_test_key[3][8] =
-{
-    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
-    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-};
-
-static const unsigned char arc4_test_pt[3][8] =
-{
-    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF },
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-};
-
-static const unsigned char arc4_test_ct[3][8] =
-{
-    { 0x75, 0xB7, 0x87, 0x80, 0x99, 0xE0, 0xC5, 0x96 },
-    { 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 },
-    { 0xDE, 0x18, 0x89, 0x41, 0xA3, 0x37, 0x5D, 0x3A }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_arc4_self_test( int verbose )
-{
-    int i, ret = 0;
-    unsigned char ibuf[8];
-    unsigned char obuf[8];
-    mbedtls_arc4_context ctx;
-
-    mbedtls_arc4_init( &ctx );
-
-    for( i = 0; i < 3; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  ARC4 test #%d: ", i + 1 );
-
-        memcpy( ibuf, arc4_test_pt[i], 8 );
-
-        mbedtls_arc4_setup( &ctx, arc4_test_key[i], 8 );
-        mbedtls_arc4_crypt( &ctx, 8, ibuf, obuf );
-
-        if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-exit:
-    mbedtls_arc4_free( &ctx );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_ARC4_C */
diff --git a/Sources/mbedtls/library/aria.c b/Sources/mbedtls/library/aria.c
deleted file mode 100644
index 5e52eea..0000000
--- a/Sources/mbedtls/library/aria.c
+++ /dev/null
@@ -1,1045 +0,0 @@
-/*
- *  ARIA implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- * This implementation is based on the following standards:
- * [1] http://210.104.33.10/ARIA/doc/ARIA-specification-e.pdf
- * [2] https://tools.ietf.org/html/rfc5794
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_ARIA_C)
-
-#include "mbedtls/aria.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_ARIA_ALT)
-
-#include "mbedtls/platform_util.h"
-
-/* Parameter validation macros */
-#define ARIA_VALIDATE_RET( cond )                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA )
-#define ARIA_VALIDATE( cond )                                           \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-/*
- * modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes
- *
- * This is submatrix P1 in [1] Appendix B.1
- *
- * Common compilers fail to translate this to minimal number of instructions,
- * so let's provide asm versions for common platforms with C fallback.
- */
-#if defined(MBEDTLS_HAVE_ASM)
-#if defined(__arm__) /* rev16 available from v6 up */
-/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
-#if defined(__GNUC__) && \
-    ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) && \
-    __ARM_ARCH >= 6
-static inline uint32_t aria_p1( uint32_t x )
-{
-    uint32_t r;
-    __asm( "rev16 %0, %1" : "=l" (r) : "l" (x) );
-    return( r );
-}
-#define ARIA_P1 aria_p1
-#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \
-    ( __TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3 )
-static inline uint32_t aria_p1( uint32_t x )
-{
-    uint32_t r;
-    __asm( "rev16 r, x" );
-    return( r );
-}
-#define ARIA_P1 aria_p1
-#endif
-#endif /* arm */
-#if defined(__GNUC__) && \
-    defined(__i386__) || defined(__amd64__) || defined( __x86_64__)
-/* I couldn't find an Intel equivalent of rev16, so two instructions */
-#define ARIA_P1(x) ARIA_P2( ARIA_P3( x ) )
-#endif /* x86 gnuc */
-#endif /* MBEDTLS_HAVE_ASM && GNUC */
-#if !defined(ARIA_P1)
-#define ARIA_P1(x) ((((x) >> 8) & 0x00FF00FF) ^ (((x) & 0x00FF00FF) << 8))
-#endif
-
-/*
- * modify byte order: ( A B C D ) -> ( C D A B ), i.e. rotate by 16 bits
- *
- * This is submatrix P2 in [1] Appendix B.1
- *
- * Common compilers will translate this to a single instruction.
- */
-#define ARIA_P2(x) (((x) >> 16) ^ ((x) << 16))
-
-/*
- * modify byte order: ( A B C D ) -> ( D C B A ), i.e. change endianness
- *
- * This is submatrix P3 in [1] Appendix B.1
- *
- * Some compilers fail to translate this to a single instruction,
- * so let's provide asm versions for common platforms with C fallback.
- */
-#if defined(MBEDTLS_HAVE_ASM)
-#if defined(__arm__) /* rev available from v6 up */
-/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
-#if defined(__GNUC__) && \
-    ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) && \
-    __ARM_ARCH >= 6
-static inline uint32_t aria_p3( uint32_t x )
-{
-    uint32_t r;
-    __asm( "rev %0, %1" : "=l" (r) : "l" (x) );
-    return( r );
-}
-#define ARIA_P3 aria_p3
-#elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \
-    ( __TARGET_ARCH_ARM >= 6 || __TARGET_ARCH_THUMB >= 3 )
-static inline uint32_t aria_p3( uint32_t x )
-{
-    uint32_t r;
-    __asm( "rev r, x" );
-    return( r );
-}
-#define ARIA_P3 aria_p3
-#endif
-#endif /* arm */
-#if defined(__GNUC__) && \
-    defined(__i386__) || defined(__amd64__) || defined( __x86_64__)
-static inline uint32_t aria_p3( uint32_t x )
-{
-    __asm( "bswap %0" : "=r" (x) : "0" (x) );
-    return( x );
-}
-#define ARIA_P3 aria_p3
-#endif /* x86 gnuc */
-#endif /* MBEDTLS_HAVE_ASM && GNUC */
-#if !defined(ARIA_P3)
-#define ARIA_P3(x) ARIA_P2( ARIA_P1 ( x ) )
-#endif
-
-/*
- * ARIA Affine Transform
- * (a, b, c, d) = state in/out
- *
- * If we denote the first byte of input by 0, ..., the last byte by f,
- * then inputs are: a = 0123, b = 4567, c = 89ab, d = cdef.
- *
- * Reading [1] 2.4 or [2] 2.4.3 in columns and performing simple
- * rearrangements on adjacent pairs, output is:
- *
- * a = 3210 + 4545 + 6767 + 88aa + 99bb + dccd + effe
- *   = 3210 + 4567 + 6745 + 89ab + 98ba + dcfe + efcd
- * b = 0101 + 2323 + 5476 + 8998 + baab + eecc + ffdd
- *   = 0123 + 2301 + 5476 + 89ab + ba98 + efcd + fedc
- * c = 0022 + 1133 + 4554 + 7667 + ab89 + dcdc + fefe
- *   = 0123 + 1032 + 4567 + 7654 + ab89 + dcfe + fedc
- * d = 1001 + 2332 + 6644 + 7755 + 9898 + baba + cdef
- *   = 1032 + 2301 + 6745 + 7654 + 98ba + ba98 + cdef
- *
- * Note: another presentation of the A transform can be found as the first
- * half of App. B.1 in [1] in terms of 4-byte operators P1, P2, P3 and P4.
- * The implementation below uses only P1 and P2 as they are sufficient.
- */
-static inline void aria_a( uint32_t *a, uint32_t *b,
-                           uint32_t *c, uint32_t *d )
-{
-    uint32_t ta, tb, tc;
-    ta  =  *b;                      // 4567
-    *b  =  *a;                      // 0123
-    *a  =  ARIA_P2( ta );           // 6745
-    tb  =  ARIA_P2( *d );           // efcd
-    *d  =  ARIA_P1( *c );           // 98ba
-    *c  =  ARIA_P1( tb );           // fedc
-    ta  ^= *d;                      // 4567+98ba
-    tc  =  ARIA_P2( *b );           // 2301
-    ta  =  ARIA_P1( ta ) ^ tc ^ *c; // 2301+5476+89ab+fedc
-    tb  ^= ARIA_P2( *d );           // ba98+efcd
-    tc  ^= ARIA_P1( *a );           // 2301+7654
-    *b  ^= ta ^ tb;                 // 0123+2301+5476+89ab+ba98+efcd+fedc OUT
-    tb  =  ARIA_P2( tb ) ^ ta;      // 2301+5476+89ab+98ba+cdef+fedc
-    *a  ^= ARIA_P1( tb );           // 3210+4567+6745+89ab+98ba+dcfe+efcd OUT
-    ta  =  ARIA_P2( ta );           // 0123+7654+ab89+dcfe
-    *d  ^= ARIA_P1( ta ) ^ tc;      // 1032+2301+6745+7654+98ba+ba98+cdef OUT
-    tc  =  ARIA_P2( tc );           // 0123+5476
-    *c  ^= ARIA_P1( tc ) ^ ta;      // 0123+1032+4567+7654+ab89+dcfe+fedc OUT
-}
-
-/*
- * ARIA Substitution Layer SL1 / SL2
- * (a, b, c, d) = state in/out
- * (sa, sb, sc, sd) = 256 8-bit S-Boxes (see below)
- *
- * By passing sb1, sb2, is1, is2 as S-Boxes you get SL1
- * By passing is1, is2, sb1, sb2 as S-Boxes you get SL2
- */
-static inline void aria_sl( uint32_t *a, uint32_t *b,
-                            uint32_t *c, uint32_t *d,
-                            const uint8_t sa[256], const uint8_t sb[256],
-                            const uint8_t sc[256], const uint8_t sd[256] )
-{
-    *a = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *a ) ]       ) ^
-         (((uint32_t) sb[ MBEDTLS_BYTE_1( *a ) ]) <<  8) ^
-         (((uint32_t) sc[ MBEDTLS_BYTE_2( *a ) ]) << 16) ^
-         (((uint32_t) sd[ MBEDTLS_BYTE_3( *a ) ]) << 24);
-    *b = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *b ) ]       ) ^
-         (((uint32_t) sb[ MBEDTLS_BYTE_1( *b ) ]) <<  8) ^
-         (((uint32_t) sc[ MBEDTLS_BYTE_2( *b ) ]) << 16) ^
-         (((uint32_t) sd[ MBEDTLS_BYTE_3( *b ) ]) << 24);
-    *c = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *c ) ]       ) ^
-         (((uint32_t) sb[ MBEDTLS_BYTE_1( *c ) ]) <<  8) ^
-         (((uint32_t) sc[ MBEDTLS_BYTE_2( *c ) ]) << 16) ^
-         (((uint32_t) sd[ MBEDTLS_BYTE_3( *c ) ]) << 24);
-    *d = ( (uint32_t) sa[ MBEDTLS_BYTE_0( *d ) ]       ) ^
-         (((uint32_t) sb[ MBEDTLS_BYTE_1( *d ) ]) <<  8) ^
-         (((uint32_t) sc[ MBEDTLS_BYTE_2( *d ) ]) << 16) ^
-         (((uint32_t) sd[ MBEDTLS_BYTE_3( *d ) ]) << 24);
-}
-
-/*
- * S-Boxes
- */
-static const uint8_t aria_sb1[256] =
-{
-    0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B,
-    0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
-    0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 0xB7, 0xFD, 0x93, 0x26,
-    0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
-    0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2,
-    0xEB, 0x27, 0xB2, 0x75, 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
-    0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 0x53, 0xD1, 0x00, 0xED,
-    0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
-    0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F,
-    0x50, 0x3C, 0x9F, 0xA8, 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
-    0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 0xCD, 0x0C, 0x13, 0xEC,
-    0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
-    0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14,
-    0xDE, 0x5E, 0x0B, 0xDB, 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
-    0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 0xE7, 0xC8, 0x37, 0x6D,
-    0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
-    0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F,
-    0x4B, 0xBD, 0x8B, 0x8A, 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
-    0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 0xE1, 0xF8, 0x98, 0x11,
-    0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
-    0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F,
-    0xB0, 0x54, 0xBB, 0x16
-};
-
-static const uint8_t aria_sb2[256] =
-{
-    0xE2, 0x4E, 0x54, 0xFC, 0x94, 0xC2, 0x4A, 0xCC, 0x62, 0x0D, 0x6A, 0x46,
-    0x3C, 0x4D, 0x8B, 0xD1, 0x5E, 0xFA, 0x64, 0xCB, 0xB4, 0x97, 0xBE, 0x2B,
-    0xBC, 0x77, 0x2E, 0x03, 0xD3, 0x19, 0x59, 0xC1, 0x1D, 0x06, 0x41, 0x6B,
-    0x55, 0xF0, 0x99, 0x69, 0xEA, 0x9C, 0x18, 0xAE, 0x63, 0xDF, 0xE7, 0xBB,
-    0x00, 0x73, 0x66, 0xFB, 0x96, 0x4C, 0x85, 0xE4, 0x3A, 0x09, 0x45, 0xAA,
-    0x0F, 0xEE, 0x10, 0xEB, 0x2D, 0x7F, 0xF4, 0x29, 0xAC, 0xCF, 0xAD, 0x91,
-    0x8D, 0x78, 0xC8, 0x95, 0xF9, 0x2F, 0xCE, 0xCD, 0x08, 0x7A, 0x88, 0x38,
-    0x5C, 0x83, 0x2A, 0x28, 0x47, 0xDB, 0xB8, 0xC7, 0x93, 0xA4, 0x12, 0x53,
-    0xFF, 0x87, 0x0E, 0x31, 0x36, 0x21, 0x58, 0x48, 0x01, 0x8E, 0x37, 0x74,
-    0x32, 0xCA, 0xE9, 0xB1, 0xB7, 0xAB, 0x0C, 0xD7, 0xC4, 0x56, 0x42, 0x26,
-    0x07, 0x98, 0x60, 0xD9, 0xB6, 0xB9, 0x11, 0x40, 0xEC, 0x20, 0x8C, 0xBD,
-    0xA0, 0xC9, 0x84, 0x04, 0x49, 0x23, 0xF1, 0x4F, 0x50, 0x1F, 0x13, 0xDC,
-    0xD8, 0xC0, 0x9E, 0x57, 0xE3, 0xC3, 0x7B, 0x65, 0x3B, 0x02, 0x8F, 0x3E,
-    0xE8, 0x25, 0x92, 0xE5, 0x15, 0xDD, 0xFD, 0x17, 0xA9, 0xBF, 0xD4, 0x9A,
-    0x7E, 0xC5, 0x39, 0x67, 0xFE, 0x76, 0x9D, 0x43, 0xA7, 0xE1, 0xD0, 0xF5,
-    0x68, 0xF2, 0x1B, 0x34, 0x70, 0x05, 0xA3, 0x8A, 0xD5, 0x79, 0x86, 0xA8,
-    0x30, 0xC6, 0x51, 0x4B, 0x1E, 0xA6, 0x27, 0xF6, 0x35, 0xD2, 0x6E, 0x24,
-    0x16, 0x82, 0x5F, 0xDA, 0xE6, 0x75, 0xA2, 0xEF, 0x2C, 0xB2, 0x1C, 0x9F,
-    0x5D, 0x6F, 0x80, 0x0A, 0x72, 0x44, 0x9B, 0x6C, 0x90, 0x0B, 0x5B, 0x33,
-    0x7D, 0x5A, 0x52, 0xF3, 0x61, 0xA1, 0xF7, 0xB0, 0xD6, 0x3F, 0x7C, 0x6D,
-    0xED, 0x14, 0xE0, 0xA5, 0x3D, 0x22, 0xB3, 0xF8, 0x89, 0xDE, 0x71, 0x1A,
-    0xAF, 0xBA, 0xB5, 0x81
-};
-
-static const uint8_t aria_is1[256] =
-{
-    0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E,
-    0x81, 0xF3, 0xD7, 0xFB, 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
-    0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, 0x54, 0x7B, 0x94, 0x32,
-    0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
-    0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49,
-    0x6D, 0x8B, 0xD1, 0x25, 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
-    0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, 0x6C, 0x70, 0x48, 0x50,
-    0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
-    0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05,
-    0xB8, 0xB3, 0x45, 0x06, 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
-    0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, 0x3A, 0x91, 0x11, 0x41,
-    0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
-    0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8,
-    0x1C, 0x75, 0xDF, 0x6E, 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
-    0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, 0xFC, 0x56, 0x3E, 0x4B,
-    0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
-    0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59,
-    0x27, 0x80, 0xEC, 0x5F, 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
-    0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, 0xA0, 0xE0, 0x3B, 0x4D,
-    0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
-    0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63,
-    0x55, 0x21, 0x0C, 0x7D
-};
-
-static const uint8_t aria_is2[256] =
-{
-    0x30, 0x68, 0x99, 0x1B, 0x87, 0xB9, 0x21, 0x78, 0x50, 0x39, 0xDB, 0xE1,
-    0x72, 0x09, 0x62, 0x3C, 0x3E, 0x7E, 0x5E, 0x8E, 0xF1, 0xA0, 0xCC, 0xA3,
-    0x2A, 0x1D, 0xFB, 0xB6, 0xD6, 0x20, 0xC4, 0x8D, 0x81, 0x65, 0xF5, 0x89,
-    0xCB, 0x9D, 0x77, 0xC6, 0x57, 0x43, 0x56, 0x17, 0xD4, 0x40, 0x1A, 0x4D,
-    0xC0, 0x63, 0x6C, 0xE3, 0xB7, 0xC8, 0x64, 0x6A, 0x53, 0xAA, 0x38, 0x98,
-    0x0C, 0xF4, 0x9B, 0xED, 0x7F, 0x22, 0x76, 0xAF, 0xDD, 0x3A, 0x0B, 0x58,
-    0x67, 0x88, 0x06, 0xC3, 0x35, 0x0D, 0x01, 0x8B, 0x8C, 0xC2, 0xE6, 0x5F,
-    0x02, 0x24, 0x75, 0x93, 0x66, 0x1E, 0xE5, 0xE2, 0x54, 0xD8, 0x10, 0xCE,
-    0x7A, 0xE8, 0x08, 0x2C, 0x12, 0x97, 0x32, 0xAB, 0xB4, 0x27, 0x0A, 0x23,
-    0xDF, 0xEF, 0xCA, 0xD9, 0xB8, 0xFA, 0xDC, 0x31, 0x6B, 0xD1, 0xAD, 0x19,
-    0x49, 0xBD, 0x51, 0x96, 0xEE, 0xE4, 0xA8, 0x41, 0xDA, 0xFF, 0xCD, 0x55,
-    0x86, 0x36, 0xBE, 0x61, 0x52, 0xF8, 0xBB, 0x0E, 0x82, 0x48, 0x69, 0x9A,
-    0xE0, 0x47, 0x9E, 0x5C, 0x04, 0x4B, 0x34, 0x15, 0x79, 0x26, 0xA7, 0xDE,
-    0x29, 0xAE, 0x92, 0xD7, 0x84, 0xE9, 0xD2, 0xBA, 0x5D, 0xF3, 0xC5, 0xB0,
-    0xBF, 0xA4, 0x3B, 0x71, 0x44, 0x46, 0x2B, 0xFC, 0xEB, 0x6F, 0xD5, 0xF6,
-    0x14, 0xFE, 0x7C, 0x70, 0x5A, 0x7D, 0xFD, 0x2F, 0x18, 0x83, 0x16, 0xA5,
-    0x91, 0x1F, 0x05, 0x95, 0x74, 0xA9, 0xC1, 0x5B, 0x4A, 0x85, 0x6D, 0x13,
-    0x07, 0x4F, 0x4E, 0x45, 0xB2, 0x0F, 0xC9, 0x1C, 0xA6, 0xBC, 0xEC, 0x73,
-    0x90, 0x7B, 0xCF, 0x59, 0x8F, 0xA1, 0xF9, 0x2D, 0xF2, 0xB1, 0x00, 0x94,
-    0x37, 0x9F, 0xD0, 0x2E, 0x9C, 0x6E, 0x28, 0x3F, 0x80, 0xF0, 0x3D, 0xD3,
-    0x25, 0x8A, 0xB5, 0xE7, 0x42, 0xB3, 0xC7, 0xEA, 0xF7, 0x4C, 0x11, 0x33,
-    0x03, 0xA2, 0xAC, 0x60
-};
-
-/*
- * Helper for key schedule: r = FO( p, k ) ^ x
- */
-static void aria_fo_xor( uint32_t r[4], const uint32_t p[4],
-                         const uint32_t k[4], const uint32_t x[4] )
-{
-    uint32_t a, b, c, d;
-
-    a = p[0] ^ k[0];
-    b = p[1] ^ k[1];
-    c = p[2] ^ k[2];
-    d = p[3] ^ k[3];
-
-    aria_sl( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 );
-    aria_a( &a, &b, &c, &d );
-
-    r[0] = a ^ x[0];
-    r[1] = b ^ x[1];
-    r[2] = c ^ x[2];
-    r[3] = d ^ x[3];
-}
-
-/*
- * Helper for key schedule: r = FE( p, k ) ^ x
- */
-static void aria_fe_xor( uint32_t r[4], const uint32_t p[4],
-                         const uint32_t k[4], const uint32_t x[4] )
-{
-    uint32_t a, b, c, d;
-
-    a = p[0] ^ k[0];
-    b = p[1] ^ k[1];
-    c = p[2] ^ k[2];
-    d = p[3] ^ k[3];
-
-    aria_sl( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 );
-    aria_a( &a, &b, &c, &d );
-
-    r[0] = a ^ x[0];
-    r[1] = b ^ x[1];
-    r[2] = c ^ x[2];
-    r[3] = d ^ x[3];
-}
-
-/*
- * Big endian 128-bit rotation: r = a ^ (b <<< n), used only in key setup.
- *
- * We chose to store bytes into 32-bit words in little-endian format (see
- * MBEDTLS_GET_UINT32_LE / MBEDTLS_PUT_UINT32_LE ) so we need to reverse
- * bytes here.
- */
-static void aria_rot128( uint32_t r[4], const uint32_t a[4],
-                         const uint32_t b[4], uint8_t n )
-{
-    uint8_t i, j;
-    uint32_t t, u;
-
-    const uint8_t n1 = n % 32;              // bit offset
-    const uint8_t n2 = n1 ? 32 - n1 : 0;    // reverse bit offset
-
-    j = ( n / 32 ) % 4;                     // initial word offset
-    t = ARIA_P3( b[j] );                    // big endian
-    for( i = 0; i < 4; i++ )
-    {
-        j = ( j + 1 ) % 4;                  // get next word, big endian
-        u = ARIA_P3( b[j] );
-        t <<= n1;                           // rotate
-        t |= u >> n2;
-        t = ARIA_P3( t );                   // back to little endian
-        r[i] = a[i] ^ t;                    // store
-        t = u;                              // move to next word
-    }
-}
-
-/*
- * Set encryption key
- */
-int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
-                             const unsigned char *key, unsigned int keybits )
-{
-    /* round constant masks */
-    const uint32_t rc[3][4] =
-    {
-        {   0xB7C17C51, 0x940A2227, 0xE8AB13FE, 0xE06E9AFA  },
-        {   0xCC4AB16D, 0x20C8219E, 0xD5B128FF, 0xB0E25DEF  },
-        {   0x1D3792DB, 0x70E92621, 0x75972403, 0x0EC9E804  }
-    };
-
-    int i;
-    uint32_t w[4][4], *w2;
-    ARIA_VALIDATE_RET( ctx != NULL );
-    ARIA_VALIDATE_RET( key != NULL );
-
-    if( keybits != 128 && keybits != 192 && keybits != 256 )
-        return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
-
-    /* Copy key to W0 (and potential remainder to W1) */
-    w[0][0] = MBEDTLS_GET_UINT32_LE( key,  0 );
-    w[0][1] = MBEDTLS_GET_UINT32_LE( key,  4 );
-    w[0][2] = MBEDTLS_GET_UINT32_LE( key,  8 );
-    w[0][3] = MBEDTLS_GET_UINT32_LE( key, 12 );
-
-    memset( w[1], 0, 16 );
-    if( keybits >= 192 )
-    {
-        w[1][0] = MBEDTLS_GET_UINT32_LE( key, 16 );  // 192 bit key
-        w[1][1] = MBEDTLS_GET_UINT32_LE( key, 20 );
-    }
-    if( keybits == 256 )
-    {
-        w[1][2] = MBEDTLS_GET_UINT32_LE( key, 24 );  // 256 bit key
-        w[1][3] = MBEDTLS_GET_UINT32_LE( key, 28 );
-    }
-
-    i = ( keybits - 128 ) >> 6;             // index: 0, 1, 2
-    ctx->nr = 12 + 2 * i;                   // no. rounds: 12, 14, 16
-
-    aria_fo_xor( w[1], w[0], rc[i], w[1] ); // W1 = FO(W0, CK1) ^ KR
-    i = i < 2 ? i + 1 : 0;
-    aria_fe_xor( w[2], w[1], rc[i], w[0] ); // W2 = FE(W1, CK2) ^ W0
-    i = i < 2 ? i + 1 : 0;
-    aria_fo_xor( w[3], w[2], rc[i], w[1] ); // W3 = FO(W2, CK3) ^ W1
-
-    for( i = 0; i < 4; i++ )                // create round keys
-    {
-        w2 = w[(i + 1) & 3];
-        aria_rot128( ctx->rk[i     ], w[i], w2, 128 - 19 );
-        aria_rot128( ctx->rk[i +  4], w[i], w2, 128 - 31 );
-        aria_rot128( ctx->rk[i +  8], w[i], w2,       61 );
-        aria_rot128( ctx->rk[i + 12], w[i], w2,       31 );
-    }
-    aria_rot128( ctx->rk[16], w[0], w[1], 19 );
-
-    /* w holds enough info to reconstruct the round keys */
-    mbedtls_platform_zeroize( w, sizeof( w ) );
-
-    return( 0 );
-}
-
-/*
- * Set decryption key
- */
-int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
-                             const unsigned char *key, unsigned int keybits )
-{
-    int i, j, k, ret;
-    ARIA_VALIDATE_RET( ctx != NULL );
-    ARIA_VALIDATE_RET( key != NULL );
-
-    ret = mbedtls_aria_setkey_enc( ctx, key, keybits );
-    if( ret != 0 )
-        return( ret );
-
-    /* flip the order of round keys */
-    for( i = 0, j = ctx->nr; i < j; i++, j-- )
-    {
-        for( k = 0; k < 4; k++ )
-        {
-            uint32_t t = ctx->rk[i][k];
-            ctx->rk[i][k] = ctx->rk[j][k];
-            ctx->rk[j][k] = t;
-        }
-    }
-
-    /* apply affine transform to middle keys */
-    for( i = 1; i < ctx->nr; i++ )
-    {
-        aria_a( &ctx->rk[i][0], &ctx->rk[i][1],
-                &ctx->rk[i][2], &ctx->rk[i][3] );
-    }
-
-    return( 0 );
-}
-
-/*
- * Encrypt a block
- */
-int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
-                            const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
-                            unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] )
-{
-    int i;
-
-    uint32_t a, b, c, d;
-    ARIA_VALIDATE_RET( ctx != NULL );
-    ARIA_VALIDATE_RET( input != NULL );
-    ARIA_VALIDATE_RET( output != NULL );
-
-    a = MBEDTLS_GET_UINT32_LE( input,  0 );
-    b = MBEDTLS_GET_UINT32_LE( input,  4 );
-    c = MBEDTLS_GET_UINT32_LE( input,  8 );
-    d = MBEDTLS_GET_UINT32_LE( input, 12 );
-
-    i = 0;
-    while( 1 )
-    {
-        a ^= ctx->rk[i][0];
-        b ^= ctx->rk[i][1];
-        c ^= ctx->rk[i][2];
-        d ^= ctx->rk[i][3];
-        i++;
-
-        aria_sl( &a, &b, &c, &d, aria_sb1, aria_sb2, aria_is1, aria_is2 );
-        aria_a( &a, &b, &c, &d );
-
-        a ^= ctx->rk[i][0];
-        b ^= ctx->rk[i][1];
-        c ^= ctx->rk[i][2];
-        d ^= ctx->rk[i][3];
-        i++;
-
-        aria_sl( &a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2 );
-        if( i >= ctx->nr )
-            break;
-        aria_a( &a, &b, &c, &d );
-    }
-
-    /* final key mixing */
-    a ^= ctx->rk[i][0];
-    b ^= ctx->rk[i][1];
-    c ^= ctx->rk[i][2];
-    d ^= ctx->rk[i][3];
-
-    MBEDTLS_PUT_UINT32_LE( a, output,  0 );
-    MBEDTLS_PUT_UINT32_LE( b, output,  4 );
-    MBEDTLS_PUT_UINT32_LE( c, output,  8 );
-    MBEDTLS_PUT_UINT32_LE( d, output, 12 );
-
-    return( 0 );
-}
-
-/* Initialize context */
-void mbedtls_aria_init( mbedtls_aria_context *ctx )
-{
-    ARIA_VALIDATE( ctx != NULL );
-    memset( ctx, 0, sizeof( mbedtls_aria_context ) );
-}
-
-/* Clear context */
-void mbedtls_aria_free( mbedtls_aria_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aria_context ) );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * ARIA-CBC buffer encryption/decryption
- */
-int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
-                            int mode,
-                            size_t length,
-                            unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
-                            const unsigned char *input,
-                            unsigned char *output )
-{
-    int i;
-    unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE];
-
-    ARIA_VALIDATE_RET( ctx != NULL );
-    ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT ||
-                       mode == MBEDTLS_ARIA_DECRYPT );
-    ARIA_VALIDATE_RET( length == 0 || input  != NULL );
-    ARIA_VALIDATE_RET( length == 0 || output != NULL );
-    ARIA_VALIDATE_RET( iv != NULL );
-
-    if( length % MBEDTLS_ARIA_BLOCKSIZE )
-        return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH );
-
-    if( mode == MBEDTLS_ARIA_DECRYPT )
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, MBEDTLS_ARIA_BLOCKSIZE );
-            mbedtls_aria_crypt_ecb( ctx, input, output );
-
-            for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ )
-                output[i] = (unsigned char)( output[i] ^ iv[i] );
-
-            memcpy( iv, temp, MBEDTLS_ARIA_BLOCKSIZE );
-
-            input  += MBEDTLS_ARIA_BLOCKSIZE;
-            output += MBEDTLS_ARIA_BLOCKSIZE;
-            length -= MBEDTLS_ARIA_BLOCKSIZE;
-        }
-    }
-    else
-    {
-        while( length > 0 )
-        {
-            for( i = 0; i < MBEDTLS_ARIA_BLOCKSIZE; i++ )
-                output[i] = (unsigned char)( input[i] ^ iv[i] );
-
-            mbedtls_aria_crypt_ecb( ctx, output, output );
-            memcpy( iv, output, MBEDTLS_ARIA_BLOCKSIZE );
-
-            input  += MBEDTLS_ARIA_BLOCKSIZE;
-            output += MBEDTLS_ARIA_BLOCKSIZE;
-            length -= MBEDTLS_ARIA_BLOCKSIZE;
-        }
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/*
- * ARIA-CFB128 buffer encryption/decryption
- */
-int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
-                               int mode,
-                               size_t length,
-                               size_t *iv_off,
-                               unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
-                               const unsigned char *input,
-                               unsigned char *output )
-{
-    unsigned char c;
-    size_t n;
-
-    ARIA_VALIDATE_RET( ctx != NULL );
-    ARIA_VALIDATE_RET( mode == MBEDTLS_ARIA_ENCRYPT ||
-                       mode == MBEDTLS_ARIA_DECRYPT );
-    ARIA_VALIDATE_RET( length == 0 || input  != NULL );
-    ARIA_VALIDATE_RET( length == 0 || output != NULL );
-    ARIA_VALIDATE_RET( iv != NULL );
-    ARIA_VALIDATE_RET( iv_off != NULL );
-
-    n = *iv_off;
-
-    /* An overly large value of n can lead to an unlimited
-     * buffer overflow. Therefore, guard against this
-     * outside of parameter validation. */
-    if( n >= MBEDTLS_ARIA_BLOCKSIZE )
-        return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
-
-    if( mode == MBEDTLS_ARIA_DECRYPT )
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_aria_crypt_ecb( ctx, iv, iv );
-
-            c = *input++;
-            *output++ = c ^ iv[n];
-            iv[n] = c;
-
-            n = ( n + 1 ) & 0x0F;
-        }
-    }
-    else
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_aria_crypt_ecb( ctx, iv, iv );
-
-            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
-
-            n = ( n + 1 ) & 0x0F;
-        }
-    }
-
-    *iv_off = n;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/*
- * ARIA-CTR buffer encryption/decryption
- */
-int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
-                            size_t length,
-                            size_t *nc_off,
-                            unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
-                            unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
-                            const unsigned char *input,
-                            unsigned char *output )
-{
-    int c, i;
-    size_t n;
-
-    ARIA_VALIDATE_RET( ctx != NULL );
-    ARIA_VALIDATE_RET( length == 0 || input  != NULL );
-    ARIA_VALIDATE_RET( length == 0 || output != NULL );
-    ARIA_VALIDATE_RET( nonce_counter != NULL );
-    ARIA_VALIDATE_RET( stream_block  != NULL );
-    ARIA_VALIDATE_RET( nc_off != NULL );
-
-    n = *nc_off;
-    /* An overly large value of n can lead to an unlimited
-     * buffer overflow. Therefore, guard against this
-     * outside of parameter validation. */
-    if( n >= MBEDTLS_ARIA_BLOCKSIZE )
-        return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
-
-    while( length-- )
-    {
-        if( n == 0 ) {
-            mbedtls_aria_crypt_ecb( ctx, nonce_counter,
-                                stream_block );
-
-            for( i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i-- )
-                if( ++nonce_counter[i - 1] != 0 )
-                    break;
-        }
-        c = *input++;
-        *output++ = (unsigned char)( c ^ stream_block[n] );
-
-        n = ( n + 1 ) & 0x0F;
-    }
-
-    *nc_off = n;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-#endif /* !MBEDTLS_ARIA_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * Basic ARIA ECB test vectors from RFC 5794
- */
-static const uint8_t aria_test1_ecb_key[32] =           // test key
-{
-    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,     // 128 bit
-    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,     // 192 bit
-    0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F      // 256 bit
-};
-
-static const uint8_t aria_test1_ecb_pt[MBEDTLS_ARIA_BLOCKSIZE] =            // plaintext
-{
-    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,     // same for all
-    0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF      // key sizes
-};
-
-static const uint8_t aria_test1_ecb_ct[3][MBEDTLS_ARIA_BLOCKSIZE] =         // ciphertext
-{
-    { 0xD7, 0x18, 0xFB, 0xD6, 0xAB, 0x64, 0x4C, 0x73,   // 128 bit
-      0x9D, 0xA9, 0x5F, 0x3B, 0xE6, 0x45, 0x17, 0x78 },
-    { 0x26, 0x44, 0x9C, 0x18, 0x05, 0xDB, 0xE7, 0xAA,   // 192 bit
-      0x25, 0xA4, 0x68, 0xCE, 0x26, 0x3A, 0x9E, 0x79 },
-    { 0xF9, 0x2B, 0xD7, 0xC7, 0x9F, 0xB7, 0x2E, 0x2F,   // 256 bit
-      0x2B, 0x8F, 0x80, 0xC1, 0x97, 0x2D, 0x24, 0xFC }
-};
-
-/*
- * Mode tests from "Test Vectors for ARIA"  Version 1.0
- * http://210.104.33.10/ARIA/doc/ARIA-testvector-e.pdf
- */
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) || \
-    defined(MBEDTLS_CIPHER_MODE_CTR))
-static const uint8_t aria_test2_key[32] =
-{
-    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,     // 128 bit
-    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
-    0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,     // 192 bit
-    0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff      // 256 bit
-};
-
-static const uint8_t aria_test2_pt[48] =
-{
-    0x11, 0x11, 0x11, 0x11, 0xaa, 0xaa, 0xaa, 0xaa,     // same for all
-    0x11, 0x11, 0x11, 0x11, 0xbb, 0xbb, 0xbb, 0xbb,
-    0x11, 0x11, 0x11, 0x11, 0xcc, 0xcc, 0xcc, 0xcc,
-    0x11, 0x11, 0x11, 0x11, 0xdd, 0xdd, 0xdd, 0xdd,
-    0x22, 0x22, 0x22, 0x22, 0xaa, 0xaa, 0xaa, 0xaa,
-    0x22, 0x22, 0x22, 0x22, 0xbb, 0xbb, 0xbb, 0xbb,
-};
-#endif
-
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB))
-static const uint8_t aria_test2_iv[MBEDTLS_ARIA_BLOCKSIZE] =
-{
-    0x0f, 0x1e, 0x2d, 0x3c, 0x4b, 0x5a, 0x69, 0x78,     // same for CBC, CFB
-    0x87, 0x96, 0xa5, 0xb4, 0xc3, 0xd2, 0xe1, 0xf0      // CTR has zero IV
-};
-#endif
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const uint8_t aria_test2_cbc_ct[3][48] =         // CBC ciphertext
-{
-    { 0x49, 0xd6, 0x18, 0x60, 0xb1, 0x49, 0x09, 0x10,   // 128-bit key
-      0x9c, 0xef, 0x0d, 0x22, 0xa9, 0x26, 0x81, 0x34,
-      0xfa, 0xdf, 0x9f, 0xb2, 0x31, 0x51, 0xe9, 0x64,
-      0x5f, 0xba, 0x75, 0x01, 0x8b, 0xdb, 0x15, 0x38,
-      0xb5, 0x33, 0x34, 0x63, 0x4b, 0xbf, 0x7d, 0x4c,
-      0xd4, 0xb5, 0x37, 0x70, 0x33, 0x06, 0x0c, 0x15 },
-    { 0xaf, 0xe6, 0xcf, 0x23, 0x97, 0x4b, 0x53, 0x3c,   // 192-bit key
-      0x67, 0x2a, 0x82, 0x62, 0x64, 0xea, 0x78, 0x5f,
-      0x4e, 0x4f, 0x7f, 0x78, 0x0d, 0xc7, 0xf3, 0xf1,
-      0xe0, 0x96, 0x2b, 0x80, 0x90, 0x23, 0x86, 0xd5,
-      0x14, 0xe9, 0xc3, 0xe7, 0x72, 0x59, 0xde, 0x92,
-      0xdd, 0x11, 0x02, 0xff, 0xab, 0x08, 0x6c, 0x1e },
-    { 0x52, 0x3a, 0x8a, 0x80, 0x6a, 0xe6, 0x21, 0xf1,   // 256-bit key
-      0x55, 0xfd, 0xd2, 0x8d, 0xbc, 0x34, 0xe1, 0xab,
-      0x7b, 0x9b, 0x42, 0x43, 0x2a, 0xd8, 0xb2, 0xef,
-      0xb9, 0x6e, 0x23, 0xb1, 0x3f, 0x0a, 0x6e, 0x52,
-      0xf3, 0x61, 0x85, 0xd5, 0x0a, 0xd0, 0x02, 0xc5,
-      0xf6, 0x01, 0xbe, 0xe5, 0x49, 0x3f, 0x11, 0x8b }
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static const uint8_t aria_test2_cfb_ct[3][48] =         // CFB ciphertext
-{
-    { 0x37, 0x20, 0xe5, 0x3b, 0xa7, 0xd6, 0x15, 0x38,   // 128-bit key
-      0x34, 0x06, 0xb0, 0x9f, 0x0a, 0x05, 0xa2, 0x00,
-      0xc0, 0x7c, 0x21, 0xe6, 0x37, 0x0f, 0x41, 0x3a,
-      0x5d, 0x13, 0x25, 0x00, 0xa6, 0x82, 0x85, 0x01,
-      0x7c, 0x61, 0xb4, 0x34, 0xc7, 0xb7, 0xca, 0x96,
-      0x85, 0xa5, 0x10, 0x71, 0x86, 0x1e, 0x4d, 0x4b },
-    { 0x41, 0x71, 0xf7, 0x19, 0x2b, 0xf4, 0x49, 0x54,   // 192-bit key
-      0x94, 0xd2, 0x73, 0x61, 0x29, 0x64, 0x0f, 0x5c,
-      0x4d, 0x87, 0xa9, 0xa2, 0x13, 0x66, 0x4c, 0x94,
-      0x48, 0x47, 0x7c, 0x6e, 0xcc, 0x20, 0x13, 0x59,
-      0x8d, 0x97, 0x66, 0x95, 0x2d, 0xd8, 0xc3, 0x86,
-      0x8f, 0x17, 0xe3, 0x6e, 0xf6, 0x6f, 0xd8, 0x4b },
-    { 0x26, 0x83, 0x47, 0x05, 0xb0, 0xf2, 0xc0, 0xe2,   // 256-bit key
-      0x58, 0x8d, 0x4a, 0x7f, 0x09, 0x00, 0x96, 0x35,
-      0xf2, 0x8b, 0xb9, 0x3d, 0x8c, 0x31, 0xf8, 0x70,
-      0xec, 0x1e, 0x0b, 0xdb, 0x08, 0x2b, 0x66, 0xfa,
-      0x40, 0x2d, 0xd9, 0xc2, 0x02, 0xbe, 0x30, 0x0c,
-      0x45, 0x17, 0xd1, 0x96, 0xb1, 0x4d, 0x4c, 0xe1 }
-};
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static const uint8_t aria_test2_ctr_ct[3][48] =         // CTR ciphertext
-{
-    { 0xac, 0x5d, 0x7d, 0xe8, 0x05, 0xa0, 0xbf, 0x1c,   // 128-bit key
-      0x57, 0xc8, 0x54, 0x50, 0x1a, 0xf6, 0x0f, 0xa1,
-      0x14, 0x97, 0xe2, 0xa3, 0x45, 0x19, 0xde, 0xa1,
-      0x56, 0x9e, 0x91, 0xe5, 0xb5, 0xcc, 0xae, 0x2f,
-      0xf3, 0xbf, 0xa1, 0xbf, 0x97, 0x5f, 0x45, 0x71,
-      0xf4, 0x8b, 0xe1, 0x91, 0x61, 0x35, 0x46, 0xc3 },
-    { 0x08, 0x62, 0x5c, 0xa8, 0xfe, 0x56, 0x9c, 0x19,   // 192-bit key
-      0xba, 0x7a, 0xf3, 0x76, 0x0a, 0x6e, 0xd1, 0xce,
-      0xf4, 0xd1, 0x99, 0x26, 0x3e, 0x99, 0x9d, 0xde,
-      0x14, 0x08, 0x2d, 0xbb, 0xa7, 0x56, 0x0b, 0x79,
-      0xa4, 0xc6, 0xb4, 0x56, 0xb8, 0x70, 0x7d, 0xce,
-      0x75, 0x1f, 0x98, 0x54, 0xf1, 0x88, 0x93, 0xdf },
-    { 0x30, 0x02, 0x6c, 0x32, 0x96, 0x66, 0x14, 0x17,   // 256-bit key
-      0x21, 0x17, 0x8b, 0x99, 0xc0, 0xa1, 0xf1, 0xb2,
-      0xf0, 0x69, 0x40, 0x25, 0x3f, 0x7b, 0x30, 0x89,
-      0xe2, 0xa3, 0x0e, 0xa8, 0x6a, 0xa3, 0xc8, 0x8f,
-      0x59, 0x40, 0xf0, 0x5a, 0xd7, 0xee, 0x41, 0xd7,
-      0x13, 0x47, 0xbb, 0x72, 0x61, 0xe3, 0x48, 0xf1 }
-};
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#define ARIA_SELF_TEST_ASSERT( cond )                   \
-        do {                                            \
-            if( cond ) {                                \
-                if( verbose )                           \
-                    mbedtls_printf( "failed\n" );       \
-                goto exit;                              \
-            } else {                                    \
-                if( verbose )                           \
-                    mbedtls_printf( "passed\n" );       \
-            }                                           \
-        } while( 0 )
-
-/*
- * Checkup routine
- */
-int mbedtls_aria_self_test( int verbose )
-{
-    int i;
-    uint8_t blk[MBEDTLS_ARIA_BLOCKSIZE];
-    mbedtls_aria_context ctx;
-    int ret = 1;
-
-#if (defined(MBEDTLS_CIPHER_MODE_CFB) || defined(MBEDTLS_CIPHER_MODE_CTR))
-    size_t j;
-#endif
-
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) || \
-     defined(MBEDTLS_CIPHER_MODE_CFB) || \
-     defined(MBEDTLS_CIPHER_MODE_CTR))
-    uint8_t buf[48], iv[MBEDTLS_ARIA_BLOCKSIZE];
-#endif
-
-    mbedtls_aria_init( &ctx );
-
-    /*
-     * Test set 1
-     */
-    for( i = 0; i < 3; i++ )
-    {
-        /* test ECB encryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-ECB-%d (enc): ", 128 + 64 * i );
-        mbedtls_aria_setkey_enc( &ctx, aria_test1_ecb_key, 128 + 64 * i );
-        mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_pt, blk );
-        ARIA_SELF_TEST_ASSERT(
-                memcmp( blk, aria_test1_ecb_ct[i], MBEDTLS_ARIA_BLOCKSIZE )
-                != 0 );
-
-        /* test ECB decryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-ECB-%d (dec): ", 128 + 64 * i );
-        mbedtls_aria_setkey_dec( &ctx, aria_test1_ecb_key, 128 + 64 * i );
-        mbedtls_aria_crypt_ecb( &ctx, aria_test1_ecb_ct[i], blk );
-        ARIA_SELF_TEST_ASSERT(
-                memcmp( blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE )
-                != 0 );
-    }
-    if( verbose )
-        mbedtls_printf( "\n" );
-
-    /*
-     * Test set 2
-     */
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    for( i = 0; i < 3; i++ )
-    {
-        /* Test CBC encryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-CBC-%d (enc): ", 128 + 64 * i );
-        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
-        memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
-        memset( buf, 0x55, sizeof( buf ) );
-        mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, iv,
-            aria_test2_pt, buf );
-        ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cbc_ct[i], 48 )
-                != 0 );
-
-        /* Test CBC decryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-CBC-%d (dec): ", 128 + 64 * i );
-        mbedtls_aria_setkey_dec( &ctx, aria_test2_key, 128 + 64 * i );
-        memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
-        memset( buf, 0xAA, sizeof( buf ) );
-        mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, 48, iv,
-            aria_test2_cbc_ct[i], buf );
-        ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
-    }
-    if( verbose )
-        mbedtls_printf( "\n" );
-
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    for( i = 0; i < 3; i++ )
-    {
-        /* Test CFB encryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-CFB-%d (enc): ", 128 + 64 * i );
-        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
-        memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
-        memset( buf, 0x55, sizeof( buf ) );
-        j = 0;
-        mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, 48, &j, iv,
-            aria_test2_pt, buf );
-        ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_cfb_ct[i], 48 ) != 0 );
-
-        /* Test CFB decryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-CFB-%d (dec): ", 128 + 64 * i );
-        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
-        memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
-        memset( buf, 0xAA, sizeof( buf ) );
-        j = 0;
-        mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, 48, &j,
-            iv, aria_test2_cfb_ct[i], buf );
-        ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
-    }
-    if( verbose )
-        mbedtls_printf( "\n" );
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    for( i = 0; i < 3; i++ )
-    {
-        /* Test CTR encryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-CTR-%d (enc): ", 128 + 64 * i );
-        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
-        memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE );                    // IV = 0
-        memset( buf, 0x55, sizeof( buf ) );
-        j = 0;
-        mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
-            aria_test2_pt, buf );
-        ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_ctr_ct[i], 48 ) != 0 );
-
-        /* Test CTR decryption */
-        if( verbose )
-            mbedtls_printf( "  ARIA-CTR-%d (dec): ", 128 + 64 * i );
-        mbedtls_aria_setkey_enc( &ctx, aria_test2_key, 128 + 64 * i );
-        memset( iv, 0, MBEDTLS_ARIA_BLOCKSIZE );                    // IV = 0
-        memset( buf, 0xAA, sizeof( buf ) );
-        j = 0;
-        mbedtls_aria_crypt_ctr( &ctx, 48, &j, iv, blk,
-            aria_test2_ctr_ct[i], buf );
-        ARIA_SELF_TEST_ASSERT( memcmp( buf, aria_test2_pt, 48 ) != 0 );
-    }
-    if( verbose )
-        mbedtls_printf( "\n" );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-    ret = 0;
-
-exit:
-    mbedtls_aria_free( &ctx );
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_ARIA_C */
diff --git a/Sources/mbedtls/library/asn1parse.c b/Sources/mbedtls/library/asn1parse.c
deleted file mode 100644
index bf97585..0000000
--- a/Sources/mbedtls/library/asn1parse.c
+++ /dev/null
@@ -1,475 +0,0 @@
-/*
- *  Generic ASN.1 parsing
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-
-#include "mbedtls/asn1.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#endif
-
-#include "mbedtls/platform.h"
-
-/*
- * ASN.1 DER decoding routines
- */
-int mbedtls_asn1_get_len( unsigned char **p,
-                  const unsigned char *end,
-                  size_t *len )
-{
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    if( ( **p & 0x80 ) == 0 )
-        *len = *(*p)++;
-    else
-    {
-        switch( **p & 0x7F )
-        {
-        case 1:
-            if( ( end - *p ) < 2 )
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-            *len = (*p)[1];
-            (*p) += 2;
-            break;
-
-        case 2:
-            if( ( end - *p ) < 3 )
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-            *len = ( (size_t)(*p)[1] << 8 ) | (*p)[2];
-            (*p) += 3;
-            break;
-
-        case 3:
-            if( ( end - *p ) < 4 )
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-            *len = ( (size_t)(*p)[1] << 16 ) |
-                   ( (size_t)(*p)[2] << 8  ) | (*p)[3];
-            (*p) += 4;
-            break;
-
-        case 4:
-            if( ( end - *p ) < 5 )
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-            *len = ( (size_t)(*p)[1] << 24 ) | ( (size_t)(*p)[2] << 16 ) |
-                   ( (size_t)(*p)[3] << 8  ) |           (*p)[4];
-            (*p) += 5;
-            break;
-
-        default:
-            return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-        }
-    }
-
-    if( *len > (size_t) ( end - *p ) )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    return( 0 );
-}
-
-int mbedtls_asn1_get_tag( unsigned char **p,
-                  const unsigned char *end,
-                  size_t *len, int tag )
-{
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    if( **p != tag )
-        return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-
-    (*p)++;
-
-    return( mbedtls_asn1_get_len( p, end, len ) );
-}
-
-int mbedtls_asn1_get_bool( unsigned char **p,
-                   const unsigned char *end,
-                   int *val )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 )
-        return( ret );
-
-    if( len != 1 )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-
-    *val = ( **p != 0 ) ? 1 : 0;
-    (*p)++;
-
-    return( 0 );
-}
-
-static int asn1_get_tagged_int( unsigned char **p,
-                                const unsigned char *end,
-                                int tag, int *val )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, tag ) ) != 0 )
-        return( ret );
-
-    /*
-     * len==0 is malformed (0 must be represented as 020100 for INTEGER,
-     * or 0A0100 for ENUMERATED tags
-     */
-    if( len == 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-    /* This is a cryptography library. Reject negative integers. */
-    if( ( **p & 0x80 ) != 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-
-    /* Skip leading zeros. */
-    while( len > 0 && **p == 0 )
-    {
-        ++( *p );
-        --len;
-    }
-
-    /* Reject integers that don't fit in an int. This code assumes that
-     * the int type has no padding bit. */
-    if( len > sizeof( int ) )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-    if( len == sizeof( int ) && ( **p & 0x80 ) != 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-
-    *val = 0;
-    while( len-- > 0 )
-    {
-        *val = ( *val << 8 ) | **p;
-        (*p)++;
-    }
-
-    return( 0 );
-}
-
-int mbedtls_asn1_get_int( unsigned char **p,
-                          const unsigned char *end,
-                          int *val )
-{
-    return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_INTEGER, val) );
-}
-
-int mbedtls_asn1_get_enum( unsigned char **p,
-                           const unsigned char *end,
-                           int *val )
-{
-    return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_ENUMERATED, val) );
-}
-
-#if defined(MBEDTLS_BIGNUM_C)
-int mbedtls_asn1_get_mpi( unsigned char **p,
-                  const unsigned char *end,
-                  mbedtls_mpi *X )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
-        return( ret );
-
-    ret = mbedtls_mpi_read_binary( X, *p, len );
-
-    *p += len;
-
-    return( ret );
-}
-#endif /* MBEDTLS_BIGNUM_C */
-
-int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
-                        mbedtls_asn1_bitstring *bs)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    /* Certificate type is a single byte bitstring */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
-        return( ret );
-
-    /* Check length, subtract one for actual bit string length */
-    if( bs->len < 1 )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-    bs->len -= 1;
-
-    /* Get number of unused bits, ensure unused bits <= 7 */
-    bs->unused_bits = **p;
-    if( bs->unused_bits > 7 )
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-    (*p)++;
-
-    /* Get actual bitstring */
-    bs->p = *p;
-    *p += bs->len;
-
-    if( *p != end )
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-/*
- * Traverse an ASN.1 "SEQUENCE OF <tag>"
- * and call a callback for each entry found.
- */
-int mbedtls_asn1_traverse_sequence_of(
-    unsigned char **p,
-    const unsigned char *end,
-    unsigned char tag_must_mask, unsigned char tag_must_val,
-    unsigned char tag_may_mask, unsigned char tag_may_val,
-    int (*cb)( void *ctx, int tag,
-               unsigned char *start, size_t len ),
-    void *ctx )
-{
-    int ret;
-    size_t len;
-
-    /* Get main sequence tag */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( *p + len != end )
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    while( *p < end )
-    {
-        unsigned char const tag = *(*p)++;
-
-        if( ( tag & tag_must_mask ) != tag_must_val )
-            return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
-
-        if( ( ret = mbedtls_asn1_get_len( p, end, &len ) ) != 0 )
-            return( ret );
-
-        if( ( tag & tag_may_mask ) == tag_may_val )
-        {
-            if( cb != NULL )
-            {
-                ret = cb( ctx, tag, *p, len );
-                if( ret != 0 )
-                    return( ret );
-            }
-        }
-
-        *p += len;
-    }
-
-    return( 0 );
-}
-
-/*
- * Get a bit string without unused bits
- */
-int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
-                             size_t *len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
-        return( ret );
-
-    if( *len == 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
-    --( *len );
-
-    if( **p != 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
-    ++( *p );
-
-    return( 0 );
-}
-
-void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq )
-{
-    while( seq != NULL )
-    {
-        mbedtls_asn1_sequence *next = seq->next;
-        mbedtls_platform_zeroize( seq, sizeof( *seq ) );
-        mbedtls_free( seq );
-        seq = next;
-    }
-}
-
-typedef struct
-{
-    int tag;
-    mbedtls_asn1_sequence *cur;
-} asn1_get_sequence_of_cb_ctx_t;
-
-static int asn1_get_sequence_of_cb( void *ctx,
-                                    int tag,
-                                    unsigned char *start,
-                                    size_t len )
-{
-    asn1_get_sequence_of_cb_ctx_t *cb_ctx =
-        (asn1_get_sequence_of_cb_ctx_t *) ctx;
-    mbedtls_asn1_sequence *cur =
-        cb_ctx->cur;
-
-    if( cur->buf.p != NULL )
-    {
-        cur->next =
-            mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
-
-        if( cur->next == NULL )
-            return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
-
-        cur = cur->next;
-    }
-
-    cur->buf.p = start;
-    cur->buf.len = len;
-    cur->buf.tag = tag;
-
-    cb_ctx->cur = cur;
-    return( 0 );
-}
-
-/*
- *  Parses and splits an ASN.1 "SEQUENCE OF <tag>"
- */
-int mbedtls_asn1_get_sequence_of( unsigned char **p,
-                          const unsigned char *end,
-                          mbedtls_asn1_sequence *cur,
-                          int tag)
-{
-    asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur };
-    memset( cur, 0, sizeof( mbedtls_asn1_sequence ) );
-    return( mbedtls_asn1_traverse_sequence_of(
-                p, end, 0xFF, tag, 0, 0,
-                asn1_get_sequence_of_cb, &cb_ctx ) );
-}
-
-int mbedtls_asn1_get_alg( unsigned char **p,
-                  const unsigned char *end,
-                  mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( ret );
-
-    if( ( end - *p ) < 1 )
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
-
-    alg->tag = **p;
-    end = *p + len;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &alg->len, MBEDTLS_ASN1_OID ) ) != 0 )
-        return( ret );
-
-    alg->p = *p;
-    *p += alg->len;
-
-    if( *p == end )
-    {
-        mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) );
-        return( 0 );
-    }
-
-    params->tag = **p;
-    (*p)++;
-
-    if( ( ret = mbedtls_asn1_get_len( p, end, &params->len ) ) != 0 )
-        return( ret );
-
-    params->p = *p;
-    *p += params->len;
-
-    if( *p != end )
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    return( 0 );
-}
-
-int mbedtls_asn1_get_alg_null( unsigned char **p,
-                       const unsigned char *end,
-                       mbedtls_asn1_buf *alg )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_asn1_buf params;
-
-    memset( &params, 0, sizeof(mbedtls_asn1_buf) );
-
-    if( ( ret = mbedtls_asn1_get_alg( p, end, alg, &params ) ) != 0 )
-        return( ret );
-
-    if( ( params.tag != MBEDTLS_ASN1_NULL && params.tag != 0 ) || params.len != 0 )
-        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
-
-    return( 0 );
-}
-
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur )
-{
-    if( cur == NULL )
-        return;
-
-    mbedtls_free( cur->oid.p );
-    mbedtls_free( cur->val.p );
-
-    mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) );
-}
-
-void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
-{
-    mbedtls_asn1_named_data *cur;
-
-    while( ( cur = *head ) != NULL )
-    {
-        *head = cur->next;
-        mbedtls_asn1_free_named_data( cur );
-        mbedtls_free( cur );
-    }
-}
-
-mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
-                                       const char *oid, size_t len )
-{
-    while( list != NULL )
-    {
-        if( list->oid.len == len &&
-            memcmp( list->oid.p, oid, len ) == 0 )
-        {
-            break;
-        }
-
-        list = list->next;
-    }
-
-    return( list );
-}
-
-#endif /* MBEDTLS_ASN1_PARSE_C */
diff --git a/Sources/mbedtls/library/asn1write.c b/Sources/mbedtls/library/asn1write.c
deleted file mode 100644
index 4b59927..0000000
--- a/Sources/mbedtls/library/asn1write.c
+++ /dev/null
@@ -1,479 +0,0 @@
-/*
- * ASN.1 buffer writing functionality
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_ASN1_WRITE_C)
-
-#include "mbedtls/asn1write.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len )
-{
-    if( len < 0x80 )
-    {
-        if( *p - start < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = (unsigned char) len;
-        return( 1 );
-    }
-
-    if( len <= 0xFF )
-    {
-        if( *p - start < 2 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = (unsigned char) len;
-        *--(*p) = 0x81;
-        return( 2 );
-    }
-
-    if( len <= 0xFFFF )
-    {
-        if( *p - start < 3 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = MBEDTLS_BYTE_0( len );
-        *--(*p) = MBEDTLS_BYTE_1( len );
-        *--(*p) = 0x82;
-        return( 3 );
-    }
-
-    if( len <= 0xFFFFFF )
-    {
-        if( *p - start < 4 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = MBEDTLS_BYTE_0( len );
-        *--(*p) = MBEDTLS_BYTE_1( len );
-        *--(*p) = MBEDTLS_BYTE_2( len );
-        *--(*p) = 0x83;
-        return( 4 );
-    }
-
-    int len_is_valid = 1;
-#if SIZE_MAX > 0xFFFFFFFF
-    len_is_valid = ( len <= 0xFFFFFFFF );
-#endif
-    if( len_is_valid )
-    {
-        if( *p - start < 5 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = MBEDTLS_BYTE_0( len );
-        *--(*p) = MBEDTLS_BYTE_1( len );
-        *--(*p) = MBEDTLS_BYTE_2( len );
-        *--(*p) = MBEDTLS_BYTE_3( len );
-        *--(*p) = 0x84;
-        return( 5 );
-    }
-
-    return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
-}
-
-int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )
-{
-    if( *p - start < 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    *--(*p) = tag;
-
-    return( 1 );
-}
-
-int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
-                           const unsigned char *buf, size_t size )
-{
-    size_t len = 0;
-
-    if( *p < start || (size_t)( *p - start ) < size )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    len = size;
-    (*p) -= len;
-    memcpy( *p, buf, len );
-
-    return( (int) len );
-}
-
-#if defined(MBEDTLS_BIGNUM_C)
-int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-
-    // Write the MPI
-    //
-    len = mbedtls_mpi_size( X );
-
-    /* DER represents 0 with a sign bit (0=nonnegative) and 7 value bits, not
-     * as 0 digits. We need to end up with 020100, not with 0200. */
-    if( len == 0 )
-        len = 1;
-
-    if( *p < start || (size_t)( *p - start ) < len )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    (*p) -= len;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, *p, len ) );
-
-    // DER format assumes 2s complement for numbers, so the leftmost bit
-    // should be 0 for positive numbers and 1 for negative numbers.
-    //
-    if( X->s ==1 && **p & 0x80 )
-    {
-        if( *p - start < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = 0x00;
-        len += 1;
-    }
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) );
-
-    ret = (int) len;
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_BIGNUM_C */
-
-int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-
-    // Write NULL
-    //
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, 0) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_NULL ) );
-
-    return( (int) len );
-}
-
-int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
-                    const char *oid, size_t oid_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
-                                  (const unsigned char *) oid, oid_len ) );
-    MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) );
-
-    return( (int) len );
-}
-
-int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
-                                     const char *oid, size_t oid_len,
-                                     size_t par_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-
-    if( par_len == 0 )
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_null( p, start ) );
-    else
-        len += par_len;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
-                                       MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
-
-    return( (int) len );
-}
-
-int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-
-    if( *p - start < 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    *--(*p) = (boolean) ? 255 : 0;
-    len++;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BOOLEAN ) );
-
-    return( (int) len );
-}
-
-static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int val, int tag )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-
-    do
-    {
-        if( *p - start < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-        len += 1;
-        *--(*p) = val & 0xff;
-        val >>= 8;
-    }
-    while( val > 0 );
-
-    if( **p & 0x80 )
-    {
-        if( *p - start < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-        *--(*p) = 0x00;
-        len += 1;
-    }
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) );
-
-    return( (int) len );
-}
-
-int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
-{
-    return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_INTEGER ) );
-}
-
-int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val )
-{
-    return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_ENUMERATED ) );
-}
-
-int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, int tag,
-    const char *text, size_t text_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
-        (const unsigned char *) text, text_len ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) );
-
-    return( (int) len );
-}
-
-int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start,
-    const char *text, size_t text_len )
-{
-    return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len) );
-}
-
-int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
-                                 const char *text, size_t text_len )
-{
-    return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len) );
-}
-
-int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
-                           const char *text, size_t text_len )
-{
-    return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) );
-}
-
-int mbedtls_asn1_write_named_bitstring( unsigned char **p,
-                                        unsigned char *start,
-                                        const unsigned char *buf,
-                                        size_t bits )
-{
-    size_t unused_bits, byte_len;
-    const unsigned char *cur_byte;
-    unsigned char cur_byte_shifted;
-    unsigned char bit;
-
-    byte_len = ( bits + 7 ) / 8;
-    unused_bits = ( byte_len * 8 ) - bits;
-
-    /*
-     * Named bitstrings require that trailing 0s are excluded in the encoding
-     * of the bitstring. Trailing 0s are considered part of the 'unused' bits
-     * when encoding this value in the first content octet
-     */
-    if( bits != 0 )
-    {
-        cur_byte = buf + byte_len - 1;
-        cur_byte_shifted = *cur_byte >> unused_bits;
-
-        for( ; ; )
-        {
-            bit = cur_byte_shifted & 0x1;
-            cur_byte_shifted >>= 1;
-
-            if( bit != 0 )
-                break;
-
-            bits--;
-            if( bits == 0 )
-                break;
-
-            if( bits % 8 == 0 )
-                cur_byte_shifted = *--cur_byte;
-        }
-    }
-
-    return( mbedtls_asn1_write_bitstring( p, start, buf, bits ) );
-}
-
-int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
-                          const unsigned char *buf, size_t bits )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-    size_t unused_bits, byte_len;
-
-    byte_len = ( bits + 7 ) / 8;
-    unused_bits = ( byte_len * 8 ) - bits;
-
-    if( *p < start || (size_t)( *p - start ) < byte_len + 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    len = byte_len + 1;
-
-    /* Write the bitstring. Ensure the unused bits are zeroed */
-    if( byte_len > 0 )
-    {
-        byte_len--;
-        *--( *p ) = buf[byte_len] & ~( ( 0x1 << unused_bits ) - 1 );
-        ( *p ) -= byte_len;
-        memcpy( *p, buf, byte_len );
-    }
-
-    /* Write unused bits */
-    *--( *p ) = (unsigned char)unused_bits;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
-
-    return( (int) len );
-}
-
-int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
-                             const unsigned char *buf, size_t size )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, buf, size ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) );
-
-    return( (int) len );
-}
-
-
-/* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(),
- * which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */
-static mbedtls_asn1_named_data *asn1_find_named_data(
-                                               mbedtls_asn1_named_data *list,
-                                               const char *oid, size_t len )
-{
-    while( list != NULL )
-    {
-        if( list->oid.len == len &&
-            memcmp( list->oid.p, oid, len ) == 0 )
-        {
-            break;
-        }
-
-        list = list->next;
-    }
-
-    return( list );
-}
-
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
-                                        mbedtls_asn1_named_data **head,
-                                        const char *oid, size_t oid_len,
-                                        const unsigned char *val,
-                                        size_t val_len )
-{
-    mbedtls_asn1_named_data *cur;
-
-    if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
-    {
-        // Add new entry if not present yet based on OID
-        //
-        cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1,
-                                            sizeof(mbedtls_asn1_named_data) );
-        if( cur == NULL )
-            return( NULL );
-
-        cur->oid.len = oid_len;
-        cur->oid.p = mbedtls_calloc( 1, oid_len );
-        if( cur->oid.p == NULL )
-        {
-            mbedtls_free( cur );
-            return( NULL );
-        }
-
-        memcpy( cur->oid.p, oid, oid_len );
-
-        cur->val.len = val_len;
-        if( val_len != 0 )
-        {
-            cur->val.p = mbedtls_calloc( 1, val_len );
-            if( cur->val.p == NULL )
-            {
-                mbedtls_free( cur->oid.p );
-                mbedtls_free( cur );
-                return( NULL );
-            }
-        }
-
-        cur->next = *head;
-        *head = cur;
-    }
-    else if( val_len == 0 )
-    {
-        mbedtls_free( cur->val.p );
-        cur->val.p = NULL;
-    }
-    else if( cur->val.len != val_len )
-    {
-        /*
-         * Enlarge existing value buffer if needed
-         * Preserve old data until the allocation succeeded, to leave list in
-         * a consistent state in case allocation fails.
-         */
-        void *p = mbedtls_calloc( 1, val_len );
-        if( p == NULL )
-            return( NULL );
-
-        mbedtls_free( cur->val.p );
-        cur->val.p = p;
-        cur->val.len = val_len;
-    }
-
-    if( val != NULL && val_len != 0 )
-        memcpy( cur->val.p, val, val_len );
-
-    return( cur );
-}
-#endif /* MBEDTLS_ASN1_WRITE_C */
diff --git a/Sources/mbedtls/library/base64.c b/Sources/mbedtls/library/base64.c
deleted file mode 100644
index 9021a04..0000000
--- a/Sources/mbedtls/library/base64.c
+++ /dev/null
@@ -1,272 +0,0 @@
-/*
- *  RFC 1521 base64 encoding/decoding
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_BASE64_C)
-
-#include "mbedtls/base64.h"
-#include "constant_time_internal.h"
-
-#include <stdint.h>
-
-#if defined(MBEDTLS_SELF_TEST)
-#include <string.h>
-#include "mbedtls/platform.h"
-#endif /* MBEDTLS_SELF_TEST */
-
-#define BASE64_SIZE_T_MAX   ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
-
-/*
- * Encode a buffer into base64 format
- */
-int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
-                   const unsigned char *src, size_t slen )
-{
-    size_t i, n;
-    int C1, C2, C3;
-    unsigned char *p;
-
-    if( slen == 0 )
-    {
-        *olen = 0;
-        return( 0 );
-    }
-
-    n = slen / 3 + ( slen % 3 != 0 );
-
-    if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 )
-    {
-        *olen = BASE64_SIZE_T_MAX;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
-    }
-
-    n *= 4;
-
-    if( ( dlen < n + 1 ) || ( NULL == dst ) )
-    {
-        *olen = n + 1;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
-    }
-
-    n = ( slen / 3 ) * 3;
-
-    for( i = 0, p = dst; i < n; i += 3 )
-    {
-        C1 = *src++;
-        C2 = *src++;
-        C3 = *src++;
-
-        *p++ = mbedtls_ct_base64_enc_char( ( C1 >> 2 ) & 0x3F );
-        *p++ = mbedtls_ct_base64_enc_char( ( ( ( C1 &  3 ) << 4 ) + ( C2 >> 4 ) )
-                                        & 0x3F );
-        *p++ = mbedtls_ct_base64_enc_char( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) )
-                                        & 0x3F );
-        *p++ = mbedtls_ct_base64_enc_char( C3 & 0x3F );
-    }
-
-    if( i < slen )
-    {
-        C1 = *src++;
-        C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
-
-        *p++ = mbedtls_ct_base64_enc_char( ( C1 >> 2 ) & 0x3F );
-        *p++ = mbedtls_ct_base64_enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) )
-                                        & 0x3F );
-
-        if( ( i + 1 ) < slen )
-             *p++ = mbedtls_ct_base64_enc_char( ( ( C2 & 15 ) << 2 ) & 0x3F );
-        else *p++ = '=';
-
-        *p++ = '=';
-    }
-
-    *olen = p - dst;
-    *p = 0;
-
-    return( 0 );
-}
-
-/*
- * Decode a base64-formatted buffer
- */
-int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
-                   const unsigned char *src, size_t slen )
-{
-    size_t i; /* index in source */
-    size_t n; /* number of digits or trailing = in source */
-    uint32_t x; /* value accumulator */
-    unsigned accumulated_digits = 0;
-    unsigned equals = 0;
-    int spaces_present = 0;
-    unsigned char *p;
-
-    /* First pass: check for validity and get output length */
-    for( i = n = 0; i < slen; i++ )
-    {
-        /* Skip spaces before checking for EOL */
-        spaces_present = 0;
-        while( i < slen && src[i] == ' ' )
-        {
-            ++i;
-            spaces_present = 1;
-        }
-
-        /* Spaces at end of buffer are OK */
-        if( i == slen )
-            break;
-
-        if( ( slen - i ) >= 2 &&
-            src[i] == '\r' && src[i + 1] == '\n' )
-            continue;
-
-        if( src[i] == '\n' )
-            continue;
-
-        /* Space inside a line is an error */
-        if( spaces_present )
-            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-
-        if( src[i] > 127 )
-            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-
-        if( src[i] == '=' )
-        {
-            if( ++equals > 2 )
-                return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-        }
-        else
-        {
-            if( equals != 0 )
-                return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-            if( mbedtls_ct_base64_dec_value( src[i] ) < 0 )
-                return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-        }
-        n++;
-    }
-
-    if( n == 0 )
-    {
-        *olen = 0;
-        return( 0 );
-    }
-
-    /* The following expression is to calculate the following formula without
-     * risk of integer overflow in n:
-     *     n = ( ( n * 6 ) + 7 ) >> 3;
-     */
-    n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
-    n -= equals;
-
-    if( dst == NULL || dlen < n )
-    {
-        *olen = n;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
-    }
-
-    equals = 0;
-    for( x = 0, p = dst; i > 0; i--, src++ )
-    {
-        if( *src == '\r' || *src == '\n' || *src == ' ' )
-            continue;
-
-        x = x << 6;
-        if( *src == '=' )
-            ++equals;
-        else
-            x |= mbedtls_ct_base64_dec_value( *src );
-
-        if( ++accumulated_digits == 4 )
-        {
-            accumulated_digits = 0;
-            *p++ = MBEDTLS_BYTE_2( x );
-            if( equals <= 1 ) *p++ = MBEDTLS_BYTE_1( x );
-            if( equals <= 0 ) *p++ = MBEDTLS_BYTE_0( x );
-        }
-    }
-
-    *olen = p - dst;
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SELF_TEST)
-
-static const unsigned char base64_test_dec[64] =
-{
-    0x24, 0x48, 0x6E, 0x56, 0x87, 0x62, 0x5A, 0xBD,
-    0xBF, 0x17, 0xD9, 0xA2, 0xC4, 0x17, 0x1A, 0x01,
-    0x94, 0xED, 0x8F, 0x1E, 0x11, 0xB3, 0xD7, 0x09,
-    0x0C, 0xB6, 0xE9, 0x10, 0x6F, 0x22, 0xEE, 0x13,
-    0xCA, 0xB3, 0x07, 0x05, 0x76, 0xC9, 0xFA, 0x31,
-    0x6C, 0x08, 0x34, 0xFF, 0x8D, 0xC2, 0x6C, 0x38,
-    0x00, 0x43, 0xE9, 0x54, 0x97, 0xAF, 0x50, 0x4B,
-    0xD1, 0x41, 0xBA, 0x95, 0x31, 0x5A, 0x0B, 0x97
-};
-
-static const unsigned char base64_test_enc[] =
-    "JEhuVodiWr2/F9mixBcaAZTtjx4Rs9cJDLbpEG8i7hPK"
-    "swcFdsn6MWwINP+Nwmw4AEPpVJevUEvRQbqVMVoLlw==";
-
-/*
- * Checkup routine
- */
-int mbedtls_base64_self_test( int verbose )
-{
-    size_t len;
-    const unsigned char *src;
-    unsigned char buffer[128];
-
-    if( verbose != 0 )
-        mbedtls_printf( "  Base64 encoding test: " );
-
-    src = base64_test_dec;
-
-    if( mbedtls_base64_encode( buffer, sizeof( buffer ), &len, src, 64 ) != 0 ||
-         memcmp( base64_test_enc, buffer, 88 ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n  Base64 decoding test: " );
-
-    src = base64_test_enc;
-
-    if( mbedtls_base64_decode( buffer, sizeof( buffer ), &len, src, 88 ) != 0 ||
-         memcmp( base64_test_dec, buffer, 64 ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n\n" );
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_BASE64_C */
diff --git a/Sources/mbedtls/library/bignum.c b/Sources/mbedtls/library/bignum.c
deleted file mode 100644
index 37193f5..0000000
--- a/Sources/mbedtls/library/bignum.c
+++ /dev/null
@@ -1,3155 +0,0 @@
-/*
- *  Multi-precision integer library
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- *  The following sources were referenced in the design of this Multi-precision
- *  Integer library:
- *
- *  [1] Handbook of Applied Cryptography - 1997
- *      Menezes, van Oorschot and Vanstone
- *
- *  [2] Multi-Precision Math
- *      Tom St Denis
- *      https://github.com/libtom/libtommath/blob/develop/tommath.pdf
- *
- *  [3] GNU Multi-Precision Arithmetic Library
- *      https://gmplib.org/manual/index.html
- *
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-#include "mbedtls/bignum.h"
-#include "mbedtls/bn_mul.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-#include "constant_time_internal.h"
-
-#include <limits.h>
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#define MPI_VALIDATE_RET( cond )                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA )
-#define MPI_VALIDATE( cond )                                           \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#define ciL    (sizeof(mbedtls_mpi_uint))         /* chars in limb  */
-#define biL    (ciL << 3)               /* bits  in limb  */
-#define biH    (ciL << 2)               /* half limb size */
-
-#define MPI_SIZE_T_MAX  ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
-
-/*
- * Convert between bits/chars and number of limbs
- * Divide first in order to avoid potential overflows
- */
-#define BITS_TO_LIMBS(i)  ( (i) / biL + ( (i) % biL != 0 ) )
-#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) )
-
-/* Implementation that should never be optimized out by the compiler */
-static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n )
-{
-    mbedtls_platform_zeroize( v, ciL * n );
-}
-
-/*
- * Initialize one MPI
- */
-void mbedtls_mpi_init( mbedtls_mpi *X )
-{
-    MPI_VALIDATE( X != NULL );
-
-    X->s = 1;
-    X->n = 0;
-    X->p = NULL;
-}
-
-/*
- * Unallocate one MPI
- */
-void mbedtls_mpi_free( mbedtls_mpi *X )
-{
-    if( X == NULL )
-        return;
-
-    if( X->p != NULL )
-    {
-        mbedtls_mpi_zeroize( X->p, X->n );
-        mbedtls_free( X->p );
-    }
-
-    X->s = 1;
-    X->n = 0;
-    X->p = NULL;
-}
-
-/*
- * Enlarge to the specified number of limbs
- */
-int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs )
-{
-    mbedtls_mpi_uint *p;
-    MPI_VALIDATE_RET( X != NULL );
-
-    if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
-    if( X->n < nblimbs )
-    {
-        if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( nblimbs, ciL ) ) == NULL )
-            return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
-        if( X->p != NULL )
-        {
-            memcpy( p, X->p, X->n * ciL );
-            mbedtls_mpi_zeroize( X->p, X->n );
-            mbedtls_free( X->p );
-        }
-
-        X->n = nblimbs;
-        X->p = p;
-    }
-
-    return( 0 );
-}
-
-/*
- * Resize down as much as possible,
- * while keeping at least the specified number of limbs
- */
-int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs )
-{
-    mbedtls_mpi_uint *p;
-    size_t i;
-    MPI_VALIDATE_RET( X != NULL );
-
-    if( nblimbs > MBEDTLS_MPI_MAX_LIMBS )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
-    /* Actually resize up if there are currently fewer than nblimbs limbs. */
-    if( X->n <= nblimbs )
-        return( mbedtls_mpi_grow( X, nblimbs ) );
-    /* After this point, then X->n > nblimbs and in particular X->n > 0. */
-
-    for( i = X->n - 1; i > 0; i-- )
-        if( X->p[i] != 0 )
-            break;
-    i++;
-
-    if( i < nblimbs )
-        i = nblimbs;
-
-    if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
-    if( X->p != NULL )
-    {
-        memcpy( p, X->p, i * ciL );
-        mbedtls_mpi_zeroize( X->p, X->n );
-        mbedtls_free( X->p );
-    }
-
-    X->n = i;
-    X->p = p;
-
-    return( 0 );
-}
-
-/* Resize X to have exactly n limbs and set it to 0. */
-static int mbedtls_mpi_resize_clear( mbedtls_mpi *X, size_t limbs )
-{
-    if( limbs == 0 )
-    {
-        mbedtls_mpi_free( X );
-        return( 0 );
-    }
-    else if( X->n == limbs )
-    {
-        memset( X->p, 0, limbs * ciL );
-        X->s = 1;
-        return( 0 );
-    }
-    else
-    {
-        mbedtls_mpi_free( X );
-        return( mbedtls_mpi_grow( X, limbs ) );
-    }
-}
-
-/*
- * Copy the contents of Y into X.
- *
- * This function is not constant-time. Leading zeros in Y may be removed.
- *
- * Ensure that X does not shrink. This is not guaranteed by the public API,
- * but some code in the bignum module relies on this property, for example
- * in mbedtls_mpi_exp_mod().
- */
-int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
-{
-    int ret = 0;
-    size_t i;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( Y != NULL );
-
-    if( X == Y )
-        return( 0 );
-
-    if( Y->n == 0 )
-    {
-        if( X->n != 0 )
-        {
-            X->s = 1;
-            memset( X->p, 0, X->n * ciL );
-        }
-        return( 0 );
-    }
-
-    for( i = Y->n - 1; i > 0; i-- )
-        if( Y->p[i] != 0 )
-            break;
-    i++;
-
-    X->s = Y->s;
-
-    if( X->n < i )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) );
-    }
-    else
-    {
-        memset( X->p + i, 0, ( X->n - i ) * ciL );
-    }
-
-    memcpy( X->p, Y->p, i * ciL );
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Swap the contents of X and Y
- */
-void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y )
-{
-    mbedtls_mpi T;
-    MPI_VALIDATE( X != NULL );
-    MPI_VALIDATE( Y != NULL );
-
-    memcpy( &T,  X, sizeof( mbedtls_mpi ) );
-    memcpy(  X,  Y, sizeof( mbedtls_mpi ) );
-    memcpy(  Y, &T, sizeof( mbedtls_mpi ) );
-}
-
-static inline mbedtls_mpi_uint mpi_sint_abs( mbedtls_mpi_sint z )
-{
-    if( z >= 0 )
-        return( z );
-    /* Take care to handle the most negative value (-2^(biL-1)) correctly.
-     * A naive -z would have undefined behavior.
-     * Write this in a way that makes popular compilers happy (GCC, Clang,
-     * MSVC). */
-    return( (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z );
-}
-
-/*
- * Set value from integer
- */
-int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MPI_VALIDATE_RET( X != NULL );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) );
-    memset( X->p, 0, X->n * ciL );
-
-    X->p[0] = mpi_sint_abs( z );
-    X->s    = ( z < 0 ) ? -1 : 1;
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Get a specific bit
- */
-int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos )
-{
-    MPI_VALIDATE_RET( X != NULL );
-
-    if( X->n * biL <= pos )
-        return( 0 );
-
-    return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 );
-}
-
-/* Get a specific byte, without range checks. */
-#define GET_BYTE( X, i )                                \
-    ( ( ( X )->p[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff )
-
-/*
- * Set a bit to a specific value of 0 or 1
- */
-int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val )
-{
-    int ret = 0;
-    size_t off = pos / biL;
-    size_t idx = pos % biL;
-    MPI_VALIDATE_RET( X != NULL );
-
-    if( val != 0 && val != 1 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    if( X->n * biL <= pos )
-    {
-        if( val == 0 )
-            return( 0 );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, off + 1 ) );
-    }
-
-    X->p[off] &= ~( (mbedtls_mpi_uint) 0x01 << idx );
-    X->p[off] |= (mbedtls_mpi_uint) val << idx;
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Return the number of less significant zero-bits
- */
-size_t mbedtls_mpi_lsb( const mbedtls_mpi *X )
-{
-    size_t i, j, count = 0;
-    MBEDTLS_INTERNAL_VALIDATE_RET( X != NULL, 0 );
-
-    for( i = 0; i < X->n; i++ )
-        for( j = 0; j < biL; j++, count++ )
-            if( ( ( X->p[i] >> j ) & 1 ) != 0 )
-                return( count );
-
-    return( 0 );
-}
-
-/*
- * Count leading zero bits in a given integer
- */
-static size_t mbedtls_clz( const mbedtls_mpi_uint x )
-{
-    size_t j;
-    mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1);
-
-    for( j = 0; j < biL; j++ )
-    {
-        if( x & mask ) break;
-
-        mask >>= 1;
-    }
-
-    return j;
-}
-
-/*
- * Return the number of bits
- */
-size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X )
-{
-    size_t i, j;
-
-    if( X->n == 0 )
-        return( 0 );
-
-    for( i = X->n - 1; i > 0; i-- )
-        if( X->p[i] != 0 )
-            break;
-
-    j = biL - mbedtls_clz( X->p[i] );
-
-    return( ( i * biL ) + j );
-}
-
-/*
- * Return the total size in bytes
- */
-size_t mbedtls_mpi_size( const mbedtls_mpi *X )
-{
-    return( ( mbedtls_mpi_bitlen( X ) + 7 ) >> 3 );
-}
-
-/*
- * Convert an ASCII character to digit value
- */
-static int mpi_get_digit( mbedtls_mpi_uint *d, int radix, char c )
-{
-    *d = 255;
-
-    if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30;
-    if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37;
-    if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57;
-
-    if( *d >= (mbedtls_mpi_uint) radix )
-        return( MBEDTLS_ERR_MPI_INVALID_CHARACTER );
-
-    return( 0 );
-}
-
-/*
- * Import from an ASCII string
- */
-int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i, j, slen, n;
-    int sign = 1;
-    mbedtls_mpi_uint d;
-    mbedtls_mpi T;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( s != NULL );
-
-    if( radix < 2 || radix > 16 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &T );
-
-    if( s[0] == 0 )
-    {
-        mbedtls_mpi_free( X );
-        return( 0 );
-    }
-
-    if( s[0] == '-' )
-    {
-        ++s;
-        sign = -1;
-    }
-
-    slen = strlen( s );
-
-    if( radix == 16 )
-    {
-        if( slen > MPI_SIZE_T_MAX >> 2 )
-            return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-        n = BITS_TO_LIMBS( slen << 2 );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
-
-        for( i = slen, j = 0; i > 0; i--, j++ )
-        {
-            MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
-            X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 );
-        }
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
-
-        for( i = 0; i < slen; i++ )
-        {
-            MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
-        }
-    }
-
-    if( sign < 0 && mbedtls_mpi_bitlen( X ) != 0 )
-        X->s = -1;
-
-cleanup:
-
-    mbedtls_mpi_free( &T );
-
-    return( ret );
-}
-
-/*
- * Helper to write the digits high-order first.
- */
-static int mpi_write_hlp( mbedtls_mpi *X, int radix,
-                          char **p, const size_t buflen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi_uint r;
-    size_t length = 0;
-    char *p_end = *p + buflen;
-
-    do
-    {
-        if( length >= buflen )
-        {
-            return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
-        }
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) );
-        /*
-         * Write the residue in the current position, as an ASCII character.
-         */
-        if( r < 0xA )
-            *(--p_end) = (char)( '0' + r );
-        else
-            *(--p_end) = (char)( 'A' + ( r - 0xA ) );
-
-        length++;
-    } while( mbedtls_mpi_cmp_int( X, 0 ) != 0 );
-
-    memmove( *p, p_end, length );
-    *p += length;
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Export into an ASCII string
- */
-int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
-                              char *buf, size_t buflen, size_t *olen )
-{
-    int ret = 0;
-    size_t n;
-    char *p;
-    mbedtls_mpi T;
-    MPI_VALIDATE_RET( X    != NULL );
-    MPI_VALIDATE_RET( olen != NULL );
-    MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
-
-    if( radix < 2 || radix > 16 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    n = mbedtls_mpi_bitlen( X ); /* Number of bits necessary to present `n`. */
-    if( radix >=  4 ) n >>= 1;   /* Number of 4-adic digits necessary to present
-                                  * `n`. If radix > 4, this might be a strict
-                                  * overapproximation of the number of
-                                  * radix-adic digits needed to present `n`. */
-    if( radix >= 16 ) n >>= 1;   /* Number of hexadecimal digits necessary to
-                                  * present `n`. */
-
-    n += 1; /* Terminating null byte */
-    n += 1; /* Compensate for the divisions above, which round down `n`
-             * in case it's not even. */
-    n += 1; /* Potential '-'-sign. */
-    n += ( n & 1 ); /* Make n even to have enough space for hexadecimal writing,
-                     * which always uses an even number of hex-digits. */
-
-    if( buflen < n )
-    {
-        *olen = n;
-        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
-    }
-
-    p = buf;
-    mbedtls_mpi_init( &T );
-
-    if( X->s == -1 )
-    {
-        *p++ = '-';
-        buflen--;
-    }
-
-    if( radix == 16 )
-    {
-        int c;
-        size_t i, j, k;
-
-        for( i = X->n, k = 0; i > 0; i-- )
-        {
-            for( j = ciL; j > 0; j-- )
-            {
-                c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF;
-
-                if( c == 0 && k == 0 && ( i + j ) != 2 )
-                    continue;
-
-                *(p++) = "0123456789ABCDEF" [c / 16];
-                *(p++) = "0123456789ABCDEF" [c % 16];
-                k = 1;
-            }
-        }
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T, X ) );
-
-        if( T.s == -1 )
-            T.s = 1;
-
-        MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p, buflen ) );
-    }
-
-    *p++ = '\0';
-    *olen = p - buf;
-
-cleanup:
-
-    mbedtls_mpi_free( &T );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_FS_IO)
-/*
- * Read X from an opened file
- */
-int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin )
-{
-    mbedtls_mpi_uint d;
-    size_t slen;
-    char *p;
-    /*
-     * Buffer should have space for (short) label and decimal formatted MPI,
-     * newline characters and '\0'
-     */
-    char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
-
-    MPI_VALIDATE_RET( X   != NULL );
-    MPI_VALIDATE_RET( fin != NULL );
-
-    if( radix < 2 || radix > 16 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    memset( s, 0, sizeof( s ) );
-    if( fgets( s, sizeof( s ) - 1, fin ) == NULL )
-        return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
-
-    slen = strlen( s );
-    if( slen == sizeof( s ) - 2 )
-        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
-
-    if( slen > 0 && s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; }
-    if( slen > 0 && s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; }
-
-    p = s + slen;
-    while( p-- > s )
-        if( mpi_get_digit( &d, radix, *p ) != 0 )
-            break;
-
-    return( mbedtls_mpi_read_string( X, radix, p + 1 ) );
-}
-
-/*
- * Write X into an opened file (or stdout if fout == NULL)
- */
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t n, slen, plen;
-    /*
-     * Buffer should have space for (short) label and decimal formatted MPI,
-     * newline characters and '\0'
-     */
-    char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
-    MPI_VALIDATE_RET( X != NULL );
-
-    if( radix < 2 || radix > 16 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    memset( s, 0, sizeof( s ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_string( X, radix, s, sizeof( s ) - 2, &n ) );
-
-    if( p == NULL ) p = "";
-
-    plen = strlen( p );
-    slen = strlen( s );
-    s[slen++] = '\r';
-    s[slen++] = '\n';
-
-    if( fout != NULL )
-    {
-        if( fwrite( p, 1, plen, fout ) != plen ||
-            fwrite( s, 1, slen, fout ) != slen )
-            return( MBEDTLS_ERR_MPI_FILE_IO_ERROR );
-    }
-    else
-        mbedtls_printf( "%s%s", p, s );
-
-cleanup:
-
-    return( ret );
-}
-#endif /* MBEDTLS_FS_IO */
-
-
-/* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint
- * into the storage form used by mbedtls_mpi. */
-
-static mbedtls_mpi_uint mpi_uint_bigendian_to_host_c( mbedtls_mpi_uint x )
-{
-    uint8_t i;
-    unsigned char *x_ptr;
-    mbedtls_mpi_uint tmp = 0;
-
-    for( i = 0, x_ptr = (unsigned char*) &x; i < ciL; i++, x_ptr++ )
-    {
-        tmp <<= CHAR_BIT;
-        tmp |= (mbedtls_mpi_uint) *x_ptr;
-    }
-
-    return( tmp );
-}
-
-static mbedtls_mpi_uint mpi_uint_bigendian_to_host( mbedtls_mpi_uint x )
-{
-#if defined(__BYTE_ORDER__)
-
-/* Nothing to do on bigendian systems. */
-#if ( __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ )
-    return( x );
-#endif /* __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ */
-
-#if ( __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ )
-
-/* For GCC and Clang, have builtins for byte swapping. */
-#if defined(__GNUC__) && defined(__GNUC_PREREQ)
-#if __GNUC_PREREQ(4,3)
-#define have_bswap
-#endif
-#endif
-
-#if defined(__clang__) && defined(__has_builtin)
-#if __has_builtin(__builtin_bswap32)  &&                 \
-    __has_builtin(__builtin_bswap64)
-#define have_bswap
-#endif
-#endif
-
-#if defined(have_bswap)
-    /* The compiler is hopefully able to statically evaluate this! */
-    switch( sizeof(mbedtls_mpi_uint) )
-    {
-        case 4:
-            return( __builtin_bswap32(x) );
-        case 8:
-            return( __builtin_bswap64(x) );
-    }
-#endif
-#endif /* __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ */
-#endif /* __BYTE_ORDER__ */
-
-    /* Fall back to C-based reordering if we don't know the byte order
-     * or we couldn't use a compiler-specific builtin. */
-    return( mpi_uint_bigendian_to_host_c( x ) );
-}
-
-static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs )
-{
-    mbedtls_mpi_uint *cur_limb_left;
-    mbedtls_mpi_uint *cur_limb_right;
-    if( limbs == 0 )
-        return;
-
-    /*
-     * Traverse limbs and
-     * - adapt byte-order in each limb
-     * - swap the limbs themselves.
-     * For that, simultaneously traverse the limbs from left to right
-     * and from right to left, as long as the left index is not bigger
-     * than the right index (it's not a problem if limbs is odd and the
-     * indices coincide in the last iteration).
-     */
-    for( cur_limb_left = p, cur_limb_right = p + ( limbs - 1 );
-         cur_limb_left <= cur_limb_right;
-         cur_limb_left++, cur_limb_right-- )
-    {
-        mbedtls_mpi_uint tmp;
-        /* Note that if cur_limb_left == cur_limb_right,
-         * this code effectively swaps the bytes only once. */
-        tmp             = mpi_uint_bigendian_to_host( *cur_limb_left  );
-        *cur_limb_left  = mpi_uint_bigendian_to_host( *cur_limb_right );
-        *cur_limb_right = tmp;
-    }
-}
-
-/*
- * Import X from unsigned binary data, little endian
- */
-int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
-                                const unsigned char *buf, size_t buflen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i;
-    size_t const limbs = CHARS_TO_LIMBS( buflen );
-
-    /* Ensure that target MPI has exactly the necessary number of limbs */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
-
-    for( i = 0; i < buflen; i++ )
-        X->p[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3);
-
-cleanup:
-
-    /*
-     * This function is also used to import keys. However, wiping the buffers
-     * upon failure is not necessary because failure only can happen before any
-     * input is copied.
-     */
-    return( ret );
-}
-
-/*
- * Import X from unsigned binary data, big endian
- */
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t const limbs    = CHARS_TO_LIMBS( buflen );
-    size_t const overhead = ( limbs * ciL ) - buflen;
-    unsigned char *Xp;
-
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
-
-    /* Ensure that target MPI has exactly the necessary number of limbs */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
-
-    /* Avoid calling `memcpy` with NULL source or destination argument,
-     * even if buflen is 0. */
-    if( buflen != 0 )
-    {
-        Xp = (unsigned char*) X->p;
-        memcpy( Xp + overhead, buf, buflen );
-
-        mpi_bigendian_to_host( X->p, limbs );
-    }
-
-cleanup:
-
-    /*
-     * This function is also used to import keys. However, wiping the buffers
-     * upon failure is not necessary because failure only can happen before any
-     * input is copied.
-     */
-    return( ret );
-}
-
-/*
- * Export X into unsigned binary data, little endian
- */
-int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
-                                 unsigned char *buf, size_t buflen )
-{
-    size_t stored_bytes = X->n * ciL;
-    size_t bytes_to_copy;
-    size_t i;
-
-    if( stored_bytes < buflen )
-    {
-        bytes_to_copy = stored_bytes;
-    }
-    else
-    {
-        bytes_to_copy = buflen;
-
-        /* The output buffer is smaller than the allocated size of X.
-         * However X may fit if its leading bytes are zero. */
-        for( i = bytes_to_copy; i < stored_bytes; i++ )
-        {
-            if( GET_BYTE( X, i ) != 0 )
-                return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
-        }
-    }
-
-    for( i = 0; i < bytes_to_copy; i++ )
-        buf[i] = GET_BYTE( X, i );
-
-    if( stored_bytes < buflen )
-    {
-        /* Write trailing 0 bytes */
-        memset( buf + stored_bytes, 0, buflen - stored_bytes );
-    }
-
-    return( 0 );
-}
-
-/*
- * Export X into unsigned binary data, big endian
- */
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X,
-                              unsigned char *buf, size_t buflen )
-{
-    size_t stored_bytes;
-    size_t bytes_to_copy;
-    unsigned char *p;
-    size_t i;
-
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
-
-    stored_bytes = X->n * ciL;
-
-    if( stored_bytes < buflen )
-    {
-        /* There is enough space in the output buffer. Write initial
-         * null bytes and record the position at which to start
-         * writing the significant bytes. In this case, the execution
-         * trace of this function does not depend on the value of the
-         * number. */
-        bytes_to_copy = stored_bytes;
-        p = buf + buflen - stored_bytes;
-        memset( buf, 0, buflen - stored_bytes );
-    }
-    else
-    {
-        /* The output buffer is smaller than the allocated size of X.
-         * However X may fit if its leading bytes are zero. */
-        bytes_to_copy = buflen;
-        p = buf;
-        for( i = bytes_to_copy; i < stored_bytes; i++ )
-        {
-            if( GET_BYTE( X, i ) != 0 )
-                return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
-        }
-    }
-
-    for( i = 0; i < bytes_to_copy; i++ )
-        p[bytes_to_copy - i - 1] = GET_BYTE( X, i );
-
-    return( 0 );
-}
-
-/*
- * Left-shift: X <<= count
- */
-int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i, v0, t1;
-    mbedtls_mpi_uint r0 = 0, r1;
-    MPI_VALIDATE_RET( X != NULL );
-
-    v0 = count / (biL    );
-    t1 = count & (biL - 1);
-
-    i = mbedtls_mpi_bitlen( X ) + count;
-
-    if( X->n * biL < i )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, BITS_TO_LIMBS( i ) ) );
-
-    ret = 0;
-
-    /*
-     * shift by count / limb_size
-     */
-    if( v0 > 0 )
-    {
-        for( i = X->n; i > v0; i-- )
-            X->p[i - 1] = X->p[i - v0 - 1];
-
-        for( ; i > 0; i-- )
-            X->p[i - 1] = 0;
-    }
-
-    /*
-     * shift by count % limb_size
-     */
-    if( t1 > 0 )
-    {
-        for( i = v0; i < X->n; i++ )
-        {
-            r1 = X->p[i] >> (biL - t1);
-            X->p[i] <<= t1;
-            X->p[i] |= r0;
-            r0 = r1;
-        }
-    }
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Right-shift: X >>= count
- */
-int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count )
-{
-    size_t i, v0, v1;
-    mbedtls_mpi_uint r0 = 0, r1;
-    MPI_VALIDATE_RET( X != NULL );
-
-    v0 = count /  biL;
-    v1 = count & (biL - 1);
-
-    if( v0 > X->n || ( v0 == X->n && v1 > 0 ) )
-        return mbedtls_mpi_lset( X, 0 );
-
-    /*
-     * shift by count / limb_size
-     */
-    if( v0 > 0 )
-    {
-        for( i = 0; i < X->n - v0; i++ )
-            X->p[i] = X->p[i + v0];
-
-        for( ; i < X->n; i++ )
-            X->p[i] = 0;
-    }
-
-    /*
-     * shift by count % limb_size
-     */
-    if( v1 > 0 )
-    {
-        for( i = X->n; i > 0; i-- )
-        {
-            r1 = X->p[i - 1] << (biL - v1);
-            X->p[i - 1] >>= v1;
-            X->p[i - 1] |= r0;
-            r0 = r1;
-        }
-    }
-
-    return( 0 );
-}
-
-/*
- * Compare unsigned values
- */
-int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y )
-{
-    size_t i, j;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( Y != NULL );
-
-    for( i = X->n; i > 0; i-- )
-        if( X->p[i - 1] != 0 )
-            break;
-
-    for( j = Y->n; j > 0; j-- )
-        if( Y->p[j - 1] != 0 )
-            break;
-
-    if( i == 0 && j == 0 )
-        return( 0 );
-
-    if( i > j ) return(  1 );
-    if( j > i ) return( -1 );
-
-    for( ; i > 0; i-- )
-    {
-        if( X->p[i - 1] > Y->p[i - 1] ) return(  1 );
-        if( X->p[i - 1] < Y->p[i - 1] ) return( -1 );
-    }
-
-    return( 0 );
-}
-
-/*
- * Compare signed values
- */
-int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y )
-{
-    size_t i, j;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( Y != NULL );
-
-    for( i = X->n; i > 0; i-- )
-        if( X->p[i - 1] != 0 )
-            break;
-
-    for( j = Y->n; j > 0; j-- )
-        if( Y->p[j - 1] != 0 )
-            break;
-
-    if( i == 0 && j == 0 )
-        return( 0 );
-
-    if( i > j ) return(  X->s );
-    if( j > i ) return( -Y->s );
-
-    if( X->s > 0 && Y->s < 0 ) return(  1 );
-    if( Y->s > 0 && X->s < 0 ) return( -1 );
-
-    for( ; i > 0; i-- )
-    {
-        if( X->p[i - 1] > Y->p[i - 1] ) return(  X->s );
-        if( X->p[i - 1] < Y->p[i - 1] ) return( -X->s );
-    }
-
-    return( 0 );
-}
-
-/*
- * Compare signed values
- */
-int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z )
-{
-    mbedtls_mpi Y;
-    mbedtls_mpi_uint p[1];
-    MPI_VALIDATE_RET( X != NULL );
-
-    *p  = mpi_sint_abs( z );
-    Y.s = ( z < 0 ) ? -1 : 1;
-    Y.n = 1;
-    Y.p = p;
-
-    return( mbedtls_mpi_cmp_mpi( X, &Y ) );
-}
-
-/*
- * Unsigned addition: X = |A| + |B|  (HAC 14.7)
- */
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i, j;
-    mbedtls_mpi_uint *o, *p, c, tmp;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
-
-    if( X == B )
-    {
-        const mbedtls_mpi *T = A; A = X; B = T;
-    }
-
-    if( X != A )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
-
-    /*
-     * X should always be positive as a result of unsigned additions.
-     */
-    X->s = 1;
-
-    for( j = B->n; j > 0; j-- )
-        if( B->p[j - 1] != 0 )
-            break;
-
-    /* Exit early to avoid undefined behavior on NULL+0 when X->n == 0
-     * and B is 0 (of any size). */
-    if( j == 0 )
-        return( 0 );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
-
-    o = B->p; p = X->p; c = 0;
-
-    /*
-     * tmp is used because it might happen that p == o
-     */
-    for( i = 0; i < j; i++, o++, p++ )
-    {
-        tmp= *o;
-        *p +=  c; c  = ( *p <  c );
-        *p += tmp; c += ( *p < tmp );
-    }
-
-    while( c != 0 )
-    {
-        if( i >= X->n )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + 1 ) );
-            p = X->p + i;
-        }
-
-        *p += c; c = ( *p < c ); i++; p++;
-    }
-
-cleanup:
-
-    return( ret );
-}
-
-/**
- * Helper for mbedtls_mpi subtraction.
- *
- * Calculate l - r where l and r have the same size.
- * This function operates modulo (2^ciL)^n and returns the carry
- * (1 if there was a wraparound, i.e. if `l < r`, and 0 otherwise).
- *
- * d may be aliased to l or r.
- *
- * \param n             Number of limbs of \p d, \p l and \p r.
- * \param[out] d        The result of the subtraction.
- * \param[in] l         The left operand.
- * \param[in] r         The right operand.
- *
- * \return              1 if `l < r`.
- *                      0 if `l >= r`.
- */
-static mbedtls_mpi_uint mpi_sub_hlp( size_t n,
-                                     mbedtls_mpi_uint *d,
-                                     const mbedtls_mpi_uint *l,
-                                     const mbedtls_mpi_uint *r )
-{
-    size_t i;
-    mbedtls_mpi_uint c = 0, t, z;
-
-    for( i = 0; i < n; i++ )
-    {
-        z = ( l[i] <  c );    t = l[i] - c;
-        c = ( t < r[i] ) + z; d[i] = t - r[i];
-    }
-
-    return( c );
-}
-
-/*
- * Unsigned subtraction: X = |A| - |B|  (HAC 14.9, 14.10)
- */
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t n;
-    mbedtls_mpi_uint carry;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
-
-    for( n = B->n; n > 0; n-- )
-        if( B->p[n - 1] != 0 )
-            break;
-    if( n > A->n )
-    {
-        /* B >= (2^ciL)^n > A */
-        ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
-        goto cleanup;
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, A->n ) );
-
-    /* Set the high limbs of X to match A. Don't touch the lower limbs
-     * because X might be aliased to B, and we must not overwrite the
-     * significant digits of B. */
-    if( A->n > n )
-        memcpy( X->p + n, A->p + n, ( A->n - n ) * ciL );
-    if( X->n > A->n )
-        memset( X->p + A->n, 0, ( X->n - A->n ) * ciL );
-
-    carry = mpi_sub_hlp( n, X->p, A->p, B->p );
-    if( carry != 0 )
-    {
-        /* Propagate the carry to the first nonzero limb of X. */
-        for( ; n < X->n && X->p[n] == 0; n++ )
-            --X->p[n];
-        /* If we ran out of space for the carry, it means that the result
-         * is negative. */
-        if( n == X->n )
-        {
-            ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
-            goto cleanup;
-        }
-        --X->p[n];
-    }
-
-    /* X should always be positive as a result of unsigned subtractions. */
-    X->s = 1;
-
-cleanup:
-    return( ret );
-}
-
-/* Common function for signed addition and subtraction.
- * Calculate A + B * flip_B where flip_B is 1 or -1.
- */
-static int add_sub_mpi( mbedtls_mpi *X,
-                        const mbedtls_mpi *A, const mbedtls_mpi *B,
-                        int flip_B )
-{
-    int ret, s;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
-
-    s = A->s;
-    if( A->s * B->s * flip_B < 0 )
-    {
-        int cmp = mbedtls_mpi_cmp_abs( A, B );
-        if( cmp >= 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );
-            /* If |A| = |B|, the result is 0 and we must set the sign bit
-             * to +1 regardless of which of A or B was negative. Otherwise,
-             * since |A| > |B|, the sign is the sign of A. */
-            X->s = cmp == 0 ? 1 : s;
-        }
-        else
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) );
-            /* Since |A| < |B|, the sign is the opposite of A. */
-            X->s = -s;
-        }
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) );
-        X->s = s;
-    }
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Signed addition: X = A + B
- */
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    return( add_sub_mpi( X, A, B, 1 ) );
-}
-
-/*
- * Signed subtraction: X = A - B
- */
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    return( add_sub_mpi( X, A, B, -1 ) );
-}
-
-/*
- * Signed addition: X = A + b
- */
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
-{
-    mbedtls_mpi B;
-    mbedtls_mpi_uint p[1];
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-
-    p[0] = mpi_sint_abs( b );
-    B.s = ( b < 0 ) ? -1 : 1;
-    B.n = 1;
-    B.p = p;
-
-    return( mbedtls_mpi_add_mpi( X, A, &B ) );
-}
-
-/*
- * Signed subtraction: X = A - b
- */
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b )
-{
-    mbedtls_mpi B;
-    mbedtls_mpi_uint p[1];
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-
-    p[0] = mpi_sint_abs( b );
-    B.s = ( b < 0 ) ? -1 : 1;
-    B.n = 1;
-    B.p = p;
-
-    return( mbedtls_mpi_sub_mpi( X, A, &B ) );
-}
-
-/** Helper for mbedtls_mpi multiplication.
- *
- * Add \p b * \p s to \p d.
- *
- * \param i             The number of limbs of \p s.
- * \param[in] s         A bignum to multiply, of size \p i.
- *                      It may overlap with \p d, but only if
- *                      \p d <= \p s.
- *                      Its leading limb must not be \c 0.
- * \param[in,out] d     The bignum to add to.
- *                      It must be sufficiently large to store the
- *                      result of the multiplication. This means
- *                      \p i + 1 limbs if \p d[\p i - 1] started as 0 and \p b
- *                      is not known a priori.
- * \param b             A scalar to multiply.
- */
-static
-#if defined(__APPLE__) && defined(__arm__)
-/*
- * Apple LLVM version 4.2 (clang-425.0.24) (based on LLVM 3.2svn)
- * appears to need this to prevent bad ARM code generation at -O3.
- */
-__attribute__ ((noinline))
-#endif
-void mpi_mul_hlp( size_t i,
-                  const mbedtls_mpi_uint *s,
-                  mbedtls_mpi_uint *d,
-                  mbedtls_mpi_uint b )
-{
-    mbedtls_mpi_uint c = 0, t = 0;
-
-#if defined(MULADDC_HUIT)
-    for( ; i >= 8; i -= 8 )
-    {
-        MULADDC_INIT
-        MULADDC_HUIT
-        MULADDC_STOP
-    }
-
-    for( ; i > 0; i-- )
-    {
-        MULADDC_INIT
-        MULADDC_CORE
-        MULADDC_STOP
-    }
-#else /* MULADDC_HUIT */
-    for( ; i >= 16; i -= 16 )
-    {
-        MULADDC_INIT
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_STOP
-    }
-
-    for( ; i >= 8; i -= 8 )
-    {
-        MULADDC_INIT
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_CORE   MULADDC_CORE
-        MULADDC_STOP
-    }
-
-    for( ; i > 0; i-- )
-    {
-        MULADDC_INIT
-        MULADDC_CORE
-        MULADDC_STOP
-    }
-#endif /* MULADDC_HUIT */
-
-    t++;
-
-    while( c != 0 )
-    {
-        *d += c; c = ( *d < c ); d++;
-    }
-}
-
-/*
- * Baseline multiplication: X = A * B  (HAC 14.12)
- */
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i, j;
-    mbedtls_mpi TA, TB;
-    int result_is_zero = 0;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
-
-    mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
-
-    if( X == A ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); A = &TA; }
-    if( X == B ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); B = &TB; }
-
-    for( i = A->n; i > 0; i-- )
-        if( A->p[i - 1] != 0 )
-            break;
-    if( i == 0 )
-        result_is_zero = 1;
-
-    for( j = B->n; j > 0; j-- )
-        if( B->p[j - 1] != 0 )
-            break;
-    if( j == 0 )
-        result_is_zero = 1;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
-
-    for( ; j > 0; j-- )
-        mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] );
-
-    /* If the result is 0, we don't shortcut the operation, which reduces
-     * but does not eliminate side channels leaking the zero-ness. We do
-     * need to take care to set the sign bit properly since the library does
-     * not fully support an MPI object with a value of 0 and s == -1. */
-    if( result_is_zero )
-        X->s = 1;
-    else
-        X->s = A->s * B->s;
-
-cleanup:
-
-    mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TA );
-
-    return( ret );
-}
-
-/*
- * Baseline multiplication: X = A * b
- */
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b )
-{
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-
-    /* mpi_mul_hlp can't deal with a leading 0. */
-    size_t n = A->n;
-    while( n > 0 && A->p[n - 1] == 0 )
-        --n;
-
-    /* The general method below doesn't work if n==0 or b==0. By chance
-     * calculating the result is trivial in those cases. */
-    if( b == 0 || n == 0 )
-    {
-        return( mbedtls_mpi_lset( X, 0 ) );
-    }
-
-    /* Calculate A*b as A + A*(b-1) to take advantage of mpi_mul_hlp */
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    /* In general, A * b requires 1 limb more than b. If
-     * A->p[n - 1] * b / b == A->p[n - 1], then A * b fits in the same
-     * number of limbs as A and the call to grow() is not required since
-     * copy() will take care of the growth if needed. However, experimentally,
-     * making the call to grow() unconditional causes slightly fewer
-     * calls to calloc() in ECP code, presumably because it reuses the
-     * same mpi for a while and this way the mpi is more likely to directly
-     * grow to its final size. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n + 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
-    mpi_mul_hlp( n, A->p, X->p, b - 1 );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Unsigned integer divide - double mbedtls_mpi_uint dividend, u1/u0, and
- * mbedtls_mpi_uint divisor, d
- */
-static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1,
-            mbedtls_mpi_uint u0, mbedtls_mpi_uint d, mbedtls_mpi_uint *r )
-{
-#if defined(MBEDTLS_HAVE_UDBL)
-    mbedtls_t_udbl dividend, quotient;
-#else
-    const mbedtls_mpi_uint radix = (mbedtls_mpi_uint) 1 << biH;
-    const mbedtls_mpi_uint uint_halfword_mask = ( (mbedtls_mpi_uint) 1 << biH ) - 1;
-    mbedtls_mpi_uint d0, d1, q0, q1, rAX, r0, quotient;
-    mbedtls_mpi_uint u0_msw, u0_lsw;
-    size_t s;
-#endif
-
-    /*
-     * Check for overflow
-     */
-    if( 0 == d || u1 >= d )
-    {
-        if (r != NULL) *r = ~0;
-
-        return ( ~0 );
-    }
-
-#if defined(MBEDTLS_HAVE_UDBL)
-    dividend  = (mbedtls_t_udbl) u1 << biL;
-    dividend |= (mbedtls_t_udbl) u0;
-    quotient = dividend / d;
-    if( quotient > ( (mbedtls_t_udbl) 1 << biL ) - 1 )
-        quotient = ( (mbedtls_t_udbl) 1 << biL ) - 1;
-
-    if( r != NULL )
-        *r = (mbedtls_mpi_uint)( dividend - (quotient * d ) );
-
-    return (mbedtls_mpi_uint) quotient;
-#else
-
-    /*
-     * Algorithm D, Section 4.3.1 - The Art of Computer Programming
-     *   Vol. 2 - Seminumerical Algorithms, Knuth
-     */
-
-    /*
-     * Normalize the divisor, d, and dividend, u0, u1
-     */
-    s = mbedtls_clz( d );
-    d = d << s;
-
-    u1 = u1 << s;
-    u1 |= ( u0 >> ( biL - s ) ) & ( -(mbedtls_mpi_sint)s >> ( biL - 1 ) );
-    u0 =  u0 << s;
-
-    d1 = d >> biH;
-    d0 = d & uint_halfword_mask;
-
-    u0_msw = u0 >> biH;
-    u0_lsw = u0 & uint_halfword_mask;
-
-    /*
-     * Find the first quotient and remainder
-     */
-    q1 = u1 / d1;
-    r0 = u1 - d1 * q1;
-
-    while( q1 >= radix || ( q1 * d0 > radix * r0 + u0_msw ) )
-    {
-        q1 -= 1;
-        r0 += d1;
-
-        if ( r0 >= radix ) break;
-    }
-
-    rAX = ( u1 * radix ) + ( u0_msw - q1 * d );
-    q0 = rAX / d1;
-    r0 = rAX - q0 * d1;
-
-    while( q0 >= radix || ( q0 * d0 > radix * r0 + u0_lsw ) )
-    {
-        q0 -= 1;
-        r0 += d1;
-
-        if ( r0 >= radix ) break;
-    }
-
-    if (r != NULL)
-        *r = ( rAX * radix + u0_lsw - q0 * d ) >> s;
-
-    quotient = q1 * radix + q0;
-
-    return quotient;
-#endif
-}
-
-/*
- * Division by mbedtls_mpi: A = Q * B + R  (HAC 14.20)
- */
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i, n, t, k;
-    mbedtls_mpi X, Y, Z, T1, T2;
-    mbedtls_mpi_uint TP2[3];
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
-
-    if( mbedtls_mpi_cmp_int( B, 0 ) == 0 )
-        return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
-
-    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
-    mbedtls_mpi_init( &T1 );
-    /*
-     * Avoid dynamic memory allocations for constant-size T2.
-     *
-     * T2 is used for comparison only and the 3 limbs are assigned explicitly,
-     * so nobody increase the size of the MPI and we're safe to use an on-stack
-     * buffer.
-     */
-    T2.s = 1;
-    T2.n = sizeof( TP2 ) / sizeof( *TP2 );
-    T2.p = TP2;
-
-    if( mbedtls_mpi_cmp_abs( A, B ) < 0 )
-    {
-        if( Q != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_lset( Q, 0 ) );
-        if( R != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, A ) );
-        return( 0 );
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &X, A ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, B ) );
-    X.s = Y.s = 1;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Z, A->n + 2 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Z,  0 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, A->n + 2 ) );
-
-    k = mbedtls_mpi_bitlen( &Y ) % biL;
-    if( k < biL - 1 )
-    {
-        k = biL - 1 - k;
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &X, k ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, k ) );
-    }
-    else k = 0;
-
-    n = X.n - 1;
-    t = Y.n - 1;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, biL * ( n - t ) ) );
-
-    while( mbedtls_mpi_cmp_mpi( &X, &Y ) >= 0 )
-    {
-        Z.p[n - t]++;
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &Y ) );
-    }
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, biL * ( n - t ) ) );
-
-    for( i = n; i > t ; i-- )
-    {
-        if( X.p[i] >= Y.p[t] )
-            Z.p[i - t - 1] = ~0;
-        else
-        {
-            Z.p[i - t - 1] = mbedtls_int_div_int( X.p[i], X.p[i - 1],
-                                                            Y.p[t], NULL);
-        }
-
-        T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2];
-        T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1];
-        T2.p[2] = X.p[i];
-
-        Z.p[i - t - 1]++;
-        do
-        {
-            Z.p[i - t - 1]--;
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T1, 0 ) );
-            T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1];
-            T1.p[1] = Y.p[t];
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) );
-        }
-        while( mbedtls_mpi_cmp_mpi( &T1, &T2 ) > 0 );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1,  biL * ( i - t - 1 ) ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) );
-
-        if( mbedtls_mpi_cmp_int( &X, 0 ) < 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &Y ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &X, &X, &T1 ) );
-            Z.p[i - t - 1]--;
-        }
-    }
-
-    if( Q != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( Q, &Z ) );
-        Q->s = A->s * B->s;
-    }
-
-    if( R != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &X, k ) );
-        X.s = A->s;
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, &X ) );
-
-        if( mbedtls_mpi_cmp_int( R, 0 ) == 0 )
-            R->s = 1;
-    }
-
-cleanup:
-
-    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
-    mbedtls_mpi_free( &T1 );
-    mbedtls_platform_zeroize( TP2, sizeof( TP2 ) );
-
-    return( ret );
-}
-
-/*
- * Division by int: A = Q * b + R
- */
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R,
-                         const mbedtls_mpi *A,
-                         mbedtls_mpi_sint b )
-{
-    mbedtls_mpi B;
-    mbedtls_mpi_uint p[1];
-    MPI_VALIDATE_RET( A != NULL );
-
-    p[0] = mpi_sint_abs( b );
-    B.s = ( b < 0 ) ? -1 : 1;
-    B.n = 1;
-    B.p = p;
-
-    return( mbedtls_mpi_div_mpi( Q, R, A, &B ) );
-}
-
-/*
- * Modulo: R = A mod B
- */
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MPI_VALIDATE_RET( R != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
-
-    if( mbedtls_mpi_cmp_int( B, 0 ) < 0 )
-        return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( NULL, R, A, B ) );
-
-    while( mbedtls_mpi_cmp_int( R, 0 ) < 0 )
-      MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( R, R, B ) );
-
-    while( mbedtls_mpi_cmp_mpi( R, B ) >= 0 )
-      MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( R, R, B ) );
-
-cleanup:
-
-    return( ret );
-}
-
-/*
- * Modulo: r = A mod b
- */
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b )
-{
-    size_t i;
-    mbedtls_mpi_uint x, y, z;
-    MPI_VALIDATE_RET( r != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-
-    if( b == 0 )
-        return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO );
-
-    if( b < 0 )
-        return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE );
-
-    /*
-     * handle trivial cases
-     */
-    if( b == 1 || A->n == 0 )
-    {
-        *r = 0;
-        return( 0 );
-    }
-
-    if( b == 2 )
-    {
-        *r = A->p[0] & 1;
-        return( 0 );
-    }
-
-    /*
-     * general case
-     */
-    for( i = A->n, y = 0; i > 0; i-- )
-    {
-        x  = A->p[i - 1];
-        y  = ( y << biH ) | ( x >> biH );
-        z  = y / b;
-        y -= z * b;
-
-        x <<= biH;
-        y  = ( y << biH ) | ( x >> biH );
-        z  = y / b;
-        y -= z * b;
-    }
-
-    /*
-     * If A is negative, then the current y represents a negative value.
-     * Flipping it to the positive side.
-     */
-    if( A->s < 0 && y != 0 )
-        y = b - y;
-
-    *r = y;
-
-    return( 0 );
-}
-
-/*
- * Fast Montgomery initialization (thanks to Tom St Denis)
- */
-static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N )
-{
-    mbedtls_mpi_uint x, m0 = N->p[0];
-    unsigned int i;
-
-    x  = m0;
-    x += ( ( m0 + 2 ) & 4 ) << 1;
-
-    for( i = biL; i >= 8; i /= 2 )
-        x *= ( 2 - ( m0 * x ) );
-
-    *mm = ~x + 1;
-}
-
-/** Montgomery multiplication: A = A * B * R^-1 mod N  (HAC 14.36)
- *
- * \param[in,out]   A   One of the numbers to multiply.
- *                      It must have at least as many limbs as N
- *                      (A->n >= N->n), and any limbs beyond n are ignored.
- *                      On successful completion, A contains the result of
- *                      the multiplication A * B * R^-1 mod N where
- *                      R = (2^ciL)^n.
- * \param[in]       B   One of the numbers to multiply.
- *                      It must be nonzero and must not have more limbs than N
- *                      (B->n <= N->n).
- * \param[in]       N   The modulo. N must be odd.
- * \param           mm  The value calculated by `mpi_montg_init(&mm, N)`.
- *                      This is -N^-1 mod 2^ciL.
- * \param[in,out]   T   A bignum for temporary storage.
- *                      It must be at least twice the limb size of N plus 2
- *                      (T->n >= 2 * (N->n + 1)).
- *                      Its initial content is unused and
- *                      its final content is indeterminate.
- *                      Note that unlike the usual convention in the library
- *                      for `const mbedtls_mpi*`, the content of T can change.
- */
-static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm,
-                         const mbedtls_mpi *T )
-{
-    size_t i, n, m;
-    mbedtls_mpi_uint u0, u1, *d;
-
-    memset( T->p, 0, T->n * ciL );
-
-    d = T->p;
-    n = N->n;
-    m = ( B->n < n ) ? B->n : n;
-
-    for( i = 0; i < n; i++ )
-    {
-        /*
-         * T = (T + u0*B + u1*N) / 2^biL
-         */
-        u0 = A->p[i];
-        u1 = ( d[0] + u0 * B->p[0] ) * mm;
-
-        mpi_mul_hlp( m, B->p, d, u0 );
-        mpi_mul_hlp( n, N->p, d, u1 );
-
-        *d++ = u0; d[n + 1] = 0;
-    }
-
-    /* At this point, d is either the desired result or the desired result
-     * plus N. We now potentially subtract N, avoiding leaking whether the
-     * subtraction is performed through side channels. */
-
-    /* Copy the n least significant limbs of d to A, so that
-     * A = d if d < N (recall that N has n limbs). */
-    memcpy( A->p, d, n * ciL );
-    /* If d >= N then we want to set A to d - N. To prevent timing attacks,
-     * do the calculation without using conditional tests. */
-    /* Set d to d0 + (2^biL)^n - N where d0 is the current value of d. */
-    d[n] += 1;
-    d[n] -= mpi_sub_hlp( n, d, d, N->p );
-    /* If d0 < N then d < (2^biL)^n
-     * so d[n] == 0 and we want to keep A as it is.
-     * If d0 >= N then d >= (2^biL)^n, and d <= (2^biL)^n + N < 2 * (2^biL)^n
-     * so d[n] == 1 and we want to set A to the result of the subtraction
-     * which is d - (2^biL)^n, i.e. the n least significant limbs of d.
-     * This exactly corresponds to a conditional assignment. */
-    mbedtls_ct_mpi_uint_cond_assign( n, A->p, d, (unsigned char) d[n] );
-}
-
-/*
- * Montgomery reduction: A = A * R^-1 mod N
- *
- * See mpi_montmul() regarding constraints and guarantees on the parameters.
- */
-static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N,
-                         mbedtls_mpi_uint mm, const mbedtls_mpi *T )
-{
-    mbedtls_mpi_uint z = 1;
-    mbedtls_mpi U;
-
-    U.n = U.s = (int) z;
-    U.p = &z;
-
-    mpi_montmul( A, &U, N, mm, T );
-}
-
-/**
- * Select an MPI from a table without leaking the index.
- *
- * This is functionally equivalent to mbedtls_mpi_copy(R, T[idx]) except it
- * reads the entire table in order to avoid leaking the value of idx to an
- * attacker able to observe memory access patterns.
- *
- * \param[out] R        Where to write the selected MPI.
- * \param[in] T         The table to read from.
- * \param[in] T_size    The number of elements in the table.
- * \param[in] idx       The index of the element to select;
- *                      this must satisfy 0 <= idx < T_size.
- *
- * \return \c 0 on success, or a negative error code.
- */
-static int mpi_select( mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_t idx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    for( size_t i = 0; i < T_size; i++ )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( R, &T[i],
-                        (unsigned char) mbedtls_ct_size_bool_eq( i, idx ) ) );
-    }
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Sliding-window exponentiation: X = A^E mod N  (HAC 14.85)
- */
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *E, const mbedtls_mpi *N,
-                         mbedtls_mpi *prec_RR )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t window_bitsize;
-    size_t i, j, nblimbs;
-    size_t bufsize, nbits;
-    mbedtls_mpi_uint ei, mm, state;
-    mbedtls_mpi RR, T, W[ (size_t) 1 << MBEDTLS_MPI_WINDOW_SIZE ], WW, Apos;
-    int neg;
-
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( E != NULL );
-    MPI_VALIDATE_RET( N != NULL );
-
-    if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    if( mbedtls_mpi_cmp_int( E, 0 ) < 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    if( mbedtls_mpi_bitlen( E ) > MBEDTLS_MPI_MAX_BITS ||
-        mbedtls_mpi_bitlen( N ) > MBEDTLS_MPI_MAX_BITS )
-        return ( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    /*
-     * Init temps and window size
-     */
-    mpi_montg_init( &mm, N );
-    mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &T );
-    mbedtls_mpi_init( &Apos );
-    mbedtls_mpi_init( &WW );
-    memset( W, 0, sizeof( W ) );
-
-    i = mbedtls_mpi_bitlen( E );
-
-    window_bitsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 :
-            ( i >  79 ) ? 4 : ( i >  23 ) ? 3 : 1;
-
-#if( MBEDTLS_MPI_WINDOW_SIZE < 6 )
-    if( window_bitsize > MBEDTLS_MPI_WINDOW_SIZE )
-        window_bitsize = MBEDTLS_MPI_WINDOW_SIZE;
-#endif
-
-    const size_t w_table_used_size = (size_t) 1 << window_bitsize;
-
-    /*
-     * This function is not constant-trace: its memory accesses depend on the
-     * exponent value. To defend against timing attacks, callers (such as RSA
-     * and DHM) should use exponent blinding. However this is not enough if the
-     * adversary can find the exponent in a single trace, so this function
-     * takes extra precautions against adversaries who can observe memory
-     * access patterns.
-     *
-     * This function performs a series of multiplications by table elements and
-     * squarings, and we want the prevent the adversary from finding out which
-     * table element was used, and from distinguishing between multiplications
-     * and squarings. Firstly, when multiplying by an element of the window
-     * W[i], we do a constant-trace table lookup to obfuscate i. This leaves
-     * squarings as having a different memory access patterns from other
-     * multiplications. So secondly, we put the accumulator X in the table as
-     * well, and also do a constant-trace table lookup to multiply by X.
-     *
-     * This way, all multiplications take the form of a lookup-and-multiply.
-     * The number of lookup-and-multiply operations inside each iteration of
-     * the main loop still depends on the bits of the exponent, but since the
-     * other operations in the loop don't have an easily recognizable memory
-     * trace, an adversary is unlikely to be able to observe the exact
-     * patterns.
-     *
-     * An adversary may still be able to recover the exponent if they can
-     * observe both memory accesses and branches. However, branch prediction
-     * exploitation typically requires many traces of execution over the same
-     * data, which is defeated by randomized blinding.
-     *
-     * To achieve this, we make a copy of X and we use the table entry in each
-     * calculation from this point on.
-     */
-    const size_t x_index = 0;
-    mbedtls_mpi_init( &W[x_index] );
-    mbedtls_mpi_copy( &W[x_index], X );
-
-    j = N->n + 1;
-    /* All W[i] and X must have at least N->n limbs for the mpi_montmul()
-     * and mpi_montred() calls later. Here we ensure that W[1] and X are
-     * large enough, and later we'll grow other W[i] to the same length.
-     * They must not be shrunk midway through this function!
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[x_index], j ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1],  j ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) );
-
-    /*
-     * Compensate for negative A (and correct at the end)
-     */
-    neg = ( A->s == -1 );
-    if( neg )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Apos, A ) );
-        Apos.s = 1;
-        A = &Apos;
-    }
-
-    /*
-     * If 1st call, pre-compute R^2 mod N
-     */
-    if( prec_RR == NULL || prec_RR->p == NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &RR, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &RR, N->n * 2 * biL ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &RR, &RR, N ) );
-
-        if( prec_RR != NULL )
-            memcpy( prec_RR, &RR, sizeof( mbedtls_mpi ) );
-    }
-    else
-        memcpy( &RR, prec_RR, sizeof( mbedtls_mpi ) );
-
-    /*
-     * W[1] = A * R^2 * R^-1 mod N = A * R mod N
-     */
-    if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) );
-        /* This should be a no-op because W[1] is already that large before
-         * mbedtls_mpi_mod_mpi(), but it's necessary to avoid an overflow
-         * in mpi_montmul() below, so let's make sure. */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], N->n + 1 ) );
-    }
-    else
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
-
-    /* Note that this is safe because W[1] always has at least N->n limbs
-     * (it grew above and was preserved by mbedtls_mpi_copy()). */
-    mpi_montmul( &W[1], &RR, N, mm, &T );
-
-    /*
-     * W[x_index] = R^2 * R^-1 mod N = R mod N
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[x_index], &RR ) );
-    mpi_montred( &W[x_index], N, mm, &T );
-
-
-    if( window_bitsize > 1 )
-    {
-        /*
-         * W[i] = W[1] ^ i
-         *
-         * The first bit of the sliding window is always 1 and therefore we
-         * only need to store the second half of the table.
-         *
-         * (There are two special elements in the table: W[0] for the
-         * accumulator/result and W[1] for A in Montgomery form. Both of these
-         * are already set at this point.)
-         */
-        j = w_table_used_size / 2;
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[j], N->n + 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1]    ) );
-
-        for( i = 0; i < window_bitsize - 1; i++ )
-            mpi_montmul( &W[j], &W[j], N, mm, &T );
-
-        /*
-         * W[i] = W[i - 1] * W[1]
-         */
-        for( i = j + 1; i < w_table_used_size; i++ )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) );
-
-            mpi_montmul( &W[i], &W[1], N, mm, &T );
-        }
-    }
-
-    nblimbs = E->n;
-    bufsize = 0;
-    nbits   = 0;
-    size_t exponent_bits_in_window = 0;
-    state   = 0;
-
-    while( 1 )
-    {
-        if( bufsize == 0 )
-        {
-            if( nblimbs == 0 )
-                break;
-
-            nblimbs--;
-
-            bufsize = sizeof( mbedtls_mpi_uint ) << 3;
-        }
-
-        bufsize--;
-
-        ei = (E->p[nblimbs] >> bufsize) & 1;
-
-        /*
-         * skip leading 0s
-         */
-        if( ei == 0 && state == 0 )
-            continue;
-
-        if( ei == 0 && state == 1 )
-        {
-            /*
-             * out of window, square W[x_index]
-             */
-            MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, x_index ) );
-            mpi_montmul( &W[x_index], &WW, N, mm, &T );
-            continue;
-        }
-
-        /*
-         * add ei to current window
-         */
-        state = 2;
-
-        nbits++;
-        exponent_bits_in_window |= ( ei << ( window_bitsize - nbits ) );
-
-        if( nbits == window_bitsize )
-        {
-            /*
-             * W[x_index] = W[x_index]^window_bitsize R^-1 mod N
-             */
-            for( i = 0; i < window_bitsize; i++ )
-            {
-                MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size,
-                                             x_index ) );
-                mpi_montmul( &W[x_index], &WW, N, mm, &T );
-            }
-
-            /*
-             * W[x_index] = W[x_index] * W[exponent_bits_in_window] R^-1 mod N
-             */
-            MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size,
-                                         exponent_bits_in_window ) );
-            mpi_montmul( &W[x_index], &WW, N, mm, &T );
-
-            state--;
-            nbits = 0;
-            exponent_bits_in_window = 0;
-        }
-    }
-
-    /*
-     * process the remaining bits
-     */
-    for( i = 0; i < nbits; i++ )
-    {
-        MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, x_index ) );
-        mpi_montmul( &W[x_index], &WW, N, mm, &T );
-
-        exponent_bits_in_window <<= 1;
-
-        if( ( exponent_bits_in_window & ( (size_t) 1 << window_bitsize ) ) != 0 )
-        {
-            MBEDTLS_MPI_CHK( mpi_select( &WW, W, w_table_used_size, 1 ) );
-            mpi_montmul( &W[x_index], &WW, N, mm, &T );
-        }
-    }
-
-    /*
-     * W[x_index] = A^E * R * R^-1 mod N = A^E mod N
-     */
-    mpi_montred( &W[x_index], N, mm, &T );
-
-    if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 )
-    {
-        W[x_index].s = -1;
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &W[x_index], N, &W[x_index] ) );
-    }
-
-    /*
-     * Load the result in the output variable.
-     */
-    mbedtls_mpi_copy( X, &W[x_index] );
-
-cleanup:
-
-    /* The first bit of the sliding window is always 1 and therefore the first
-     * half of the table was unused. */
-    for( i = w_table_used_size/2; i < w_table_used_size; i++ )
-        mbedtls_mpi_free( &W[i] );
-
-    mbedtls_mpi_free( &W[x_index] );
-    mbedtls_mpi_free( &W[1] );
-    mbedtls_mpi_free( &T );
-    mbedtls_mpi_free( &Apos );
-    mbedtls_mpi_free( &WW );
-
-    if( prec_RR == NULL || prec_RR->p == NULL )
-        mbedtls_mpi_free( &RR );
-
-    return( ret );
-}
-
-/*
- * Greatest common divisor: G = gcd(A, B)  (HAC 14.54)
- */
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t lz, lzt;
-    mbedtls_mpi TA, TB;
-
-    MPI_VALIDATE_RET( G != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( B != NULL );
-
-    mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
-
-    lz = mbedtls_mpi_lsb( &TA );
-    lzt = mbedtls_mpi_lsb( &TB );
-
-    /* The loop below gives the correct result when A==0 but not when B==0.
-     * So have a special case for B==0. Leverage the fact that we just
-     * calculated the lsb and lsb(B)==0 iff B is odd or 0 to make the test
-     * slightly more efficient than cmp_int(). */
-    if( lzt == 0 && mbedtls_mpi_get_bit( &TB, 0 ) == 0 )
-    {
-        ret = mbedtls_mpi_copy( G, A );
-        goto cleanup;
-    }
-
-    if( lzt < lz )
-        lz = lzt;
-
-    TA.s = TB.s = 1;
-
-    /* We mostly follow the procedure described in HAC 14.54, but with some
-     * minor differences:
-     * - Sequences of multiplications or divisions by 2 are grouped into a
-     *   single shift operation.
-     * - The procedure in HAC assumes that 0 < TB <= TA.
-     *     - The condition TB <= TA is not actually necessary for correctness.
-     *       TA and TB have symmetric roles except for the loop termination
-     *       condition, and the shifts at the beginning of the loop body
-     *       remove any significance from the ordering of TA vs TB before
-     *       the shifts.
-     *     - If TA = 0, the loop goes through 0 iterations and the result is
-     *       correctly TB.
-     *     - The case TB = 0 was short-circuited above.
-     *
-     * For the correctness proof below, decompose the original values of
-     * A and B as
-     *   A = sa * 2^a * A' with A'=0 or A' odd, and sa = +-1
-     *   B = sb * 2^b * B' with B'=0 or B' odd, and sb = +-1
-     * Then gcd(A, B) = 2^{min(a,b)} * gcd(A',B'),
-     * and gcd(A',B') is odd or 0.
-     *
-     * At the beginning, we have TA = |A| and TB = |B| so gcd(A,B) = gcd(TA,TB).
-     * The code maintains the following invariant:
-     *     gcd(A,B) = 2^k * gcd(TA,TB) for some k   (I)
-     */
-
-    /* Proof that the loop terminates:
-     * At each iteration, either the right-shift by 1 is made on a nonzero
-     * value and the nonnegative integer bitlen(TA) + bitlen(TB) decreases
-     * by at least 1, or the right-shift by 1 is made on zero and then
-     * TA becomes 0 which ends the loop (TB cannot be 0 if it is right-shifted
-     * since in that case TB is calculated from TB-TA with the condition TB>TA).
-     */
-    while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 )
-    {
-        /* Divisions by 2 preserve the invariant (I). */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) );
-
-        /* Set either TA or TB to |TA-TB|/2. Since TA and TB are both odd,
-         * TA-TB is even so the division by 2 has an integer result.
-         * Invariant (I) is preserved since any odd divisor of both TA and TB
-         * also divides |TA-TB|/2, and any odd divisor of both TA and |TA-TB|/2
-         * also divides TB, and any odd divisor of both TB and |TA-TB|/2 also
-         * divides TA.
-         */
-        if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, 1 ) );
-        }
-        else
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) );
-        }
-        /* Note that one of TA or TB is still odd. */
-    }
-
-    /* By invariant (I), gcd(A,B) = 2^k * gcd(TA,TB) for some k.
-     * At the loop exit, TA = 0, so gcd(TA,TB) = TB.
-     * - If there was at least one loop iteration, then one of TA or TB is odd,
-     *   and TA = 0, so TB is odd and gcd(TA,TB) = gcd(A',B'). In this case,
-     *   lz = min(a,b) so gcd(A,B) = 2^lz * TB.
-     * - If there was no loop iteration, then A was 0, and gcd(A,B) = B.
-     *   In this case, lz = 0 and B = TB so gcd(A,B) = B = 2^lz * TB as well.
-     */
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) );
-
-cleanup:
-
-    mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TB );
-
-    return( ret );
-}
-
-/* Fill X with n_bytes random bytes.
- * X must already have room for those bytes.
- * The ordering of the bytes returned from the RNG is suitable for
- * deterministic ECDSA (see RFC 6979 §3.3 and mbedtls_mpi_random()).
- * The size and sign of X are unchanged.
- * n_bytes must not be 0.
- */
-static int mpi_fill_random_internal(
-    mbedtls_mpi *X, size_t n_bytes,
-    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const size_t limbs = CHARS_TO_LIMBS( n_bytes );
-    const size_t overhead = ( limbs * ciL ) - n_bytes;
-
-    if( X->n < limbs )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    memset( X->p, 0, overhead );
-    memset( (unsigned char *) X->p + limbs * ciL, 0, ( X->n - limbs ) * ciL );
-    MBEDTLS_MPI_CHK( f_rng( p_rng, (unsigned char *) X->p + overhead, n_bytes ) );
-    mpi_bigendian_to_host( X->p, limbs );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Fill X with size bytes of random.
- *
- * Use a temporary bytes representation to make sure the result is the same
- * regardless of the platform endianness (useful when f_rng is actually
- * deterministic, eg for tests).
- */
-int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t const limbs = CHARS_TO_LIMBS( size );
-
-    MPI_VALIDATE_RET( X     != NULL );
-    MPI_VALIDATE_RET( f_rng != NULL );
-
-    /* Ensure that target MPI has exactly the necessary number of limbs */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
-    if( size == 0 )
-        return( 0 );
-
-    ret = mpi_fill_random_internal( X, size, f_rng, p_rng );
-
-cleanup:
-    return( ret );
-}
-
-int mbedtls_mpi_random( mbedtls_mpi *X,
-                        mbedtls_mpi_sint min,
-                        const mbedtls_mpi *N,
-                        int (*f_rng)(void *, unsigned char *, size_t),
-                        void *p_rng )
-{
-    int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-    int count;
-    unsigned lt_lower = 1, lt_upper = 0;
-    size_t n_bits = mbedtls_mpi_bitlen( N );
-    size_t n_bytes = ( n_bits + 7 ) / 8;
-    mbedtls_mpi lower_bound;
-
-    if( min < 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-    if( mbedtls_mpi_cmp_int( N, min ) <= 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    /*
-     * When min == 0, each try has at worst a probability 1/2 of failing
-     * (the msb has a probability 1/2 of being 0, and then the result will
-     * be < N), so after 30 tries failure probability is a most 2**(-30).
-     *
-     * When N is just below a power of 2, as is the case when generating
-     * a random scalar on most elliptic curves, 1 try is enough with
-     * overwhelming probability. When N is just above a power of 2,
-     * as when generating a random scalar on secp224k1, each try has
-     * a probability of failing that is almost 1/2.
-     *
-     * The probabilities are almost the same if min is nonzero but negligible
-     * compared to N. This is always the case when N is crypto-sized, but
-     * it's convenient to support small N for testing purposes. When N
-     * is small, use a higher repeat count, otherwise the probability of
-     * failure is macroscopic.
-     */
-    count = ( n_bytes > 4 ? 30 : 250 );
-
-    mbedtls_mpi_init( &lower_bound );
-
-    /* Ensure that target MPI has exactly the same number of limbs
-     * as the upper bound, even if the upper bound has leading zeros.
-     * This is necessary for the mbedtls_mpi_lt_mpi_ct() check. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, N->n ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &lower_bound, N->n ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &lower_bound, min ) );
-
-    /*
-     * Match the procedure given in RFC 6979 §3.3 (deterministic ECDSA)
-     * when f_rng is a suitably parametrized instance of HMAC_DRBG:
-     * - use the same byte ordering;
-     * - keep the leftmost n_bits bits of the generated octet string;
-     * - try until result is in the desired range.
-     * This also avoids any bias, which is especially important for ECDSA.
-     */
-    do
-    {
-        MBEDTLS_MPI_CHK( mpi_fill_random_internal( X, n_bytes, f_rng, p_rng ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, 8 * n_bytes - n_bits ) );
-
-        if( --count == 0 )
-        {
-            ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
-            goto cleanup;
-        }
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( X, &lower_bound, &lt_lower ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( X, N, &lt_upper ) );
-    }
-    while( lt_lower != 0 || lt_upper == 0 );
-
-cleanup:
-    mbedtls_mpi_free( &lower_bound );
-    return( ret );
-}
-
-/*
- * Modular inverse: X = A^-1 mod N  (HAC 14.61 / 14.64)
- */
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( A != NULL );
-    MPI_VALIDATE_RET( N != NULL );
-
-    if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TU ); mbedtls_mpi_init( &U1 ); mbedtls_mpi_init( &U2 );
-    mbedtls_mpi_init( &G ); mbedtls_mpi_init( &TB ); mbedtls_mpi_init( &TV );
-    mbedtls_mpi_init( &V1 ); mbedtls_mpi_init( &V2 );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, A, N ) );
-
-    if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
-    {
-        ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
-        goto cleanup;
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, N ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, N ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) );
-
-    do
-    {
-        while( ( TU.p[0] & 1 ) == 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TU, 1 ) );
-
-            if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 )
-            {
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &U1, &U1, &TB ) );
-                MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &TA ) );
-            }
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U1, 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U2, 1 ) );
-        }
-
-        while( ( TV.p[0] & 1 ) == 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TV, 1 ) );
-
-            if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 )
-            {
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, &TB ) );
-                MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &TA ) );
-            }
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V1, 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V2, 1 ) );
-        }
-
-        if( mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0 )
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) );
-        }
-        else
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) );
-        }
-    }
-    while( mbedtls_mpi_cmp_int( &TU, 0 ) != 0 );
-
-    while( mbedtls_mpi_cmp_int( &V1, 0 ) < 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, N ) );
-
-    while( mbedtls_mpi_cmp_mpi( &V1, N ) >= 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) );
-
-cleanup:
-
-    mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TU ); mbedtls_mpi_free( &U1 ); mbedtls_mpi_free( &U2 );
-    mbedtls_mpi_free( &G ); mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TV );
-    mbedtls_mpi_free( &V1 ); mbedtls_mpi_free( &V2 );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_GENPRIME)
-
-static const int small_prime[] =
-{
-        3,    5,    7,   11,   13,   17,   19,   23,
-       29,   31,   37,   41,   43,   47,   53,   59,
-       61,   67,   71,   73,   79,   83,   89,   97,
-      101,  103,  107,  109,  113,  127,  131,  137,
-      139,  149,  151,  157,  163,  167,  173,  179,
-      181,  191,  193,  197,  199,  211,  223,  227,
-      229,  233,  239,  241,  251,  257,  263,  269,
-      271,  277,  281,  283,  293,  307,  311,  313,
-      317,  331,  337,  347,  349,  353,  359,  367,
-      373,  379,  383,  389,  397,  401,  409,  419,
-      421,  431,  433,  439,  443,  449,  457,  461,
-      463,  467,  479,  487,  491,  499,  503,  509,
-      521,  523,  541,  547,  557,  563,  569,  571,
-      577,  587,  593,  599,  601,  607,  613,  617,
-      619,  631,  641,  643,  647,  653,  659,  661,
-      673,  677,  683,  691,  701,  709,  719,  727,
-      733,  739,  743,  751,  757,  761,  769,  773,
-      787,  797,  809,  811,  821,  823,  827,  829,
-      839,  853,  857,  859,  863,  877,  881,  883,
-      887,  907,  911,  919,  929,  937,  941,  947,
-      953,  967,  971,  977,  983,  991,  997, -103
-};
-
-/*
- * Small divisors test (X must be positive)
- *
- * Return values:
- * 0: no small factor (possible prime, more tests needed)
- * 1: certain prime
- * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: certain non-prime
- * other negative: error
- */
-static int mpi_check_small_factors( const mbedtls_mpi *X )
-{
-    int ret = 0;
-    size_t i;
-    mbedtls_mpi_uint r;
-
-    if( ( X->p[0] & 1 ) == 0 )
-        return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
-
-    for( i = 0; small_prime[i] > 0; i++ )
-    {
-        if( mbedtls_mpi_cmp_int( X, small_prime[i] ) <= 0 )
-            return( 1 );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, small_prime[i] ) );
-
-        if( r == 0 )
-            return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
-    }
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Miller-Rabin pseudo-primality test  (HAC 4.24)
- */
-static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng )
-{
-    int ret, count;
-    size_t i, j, k, s;
-    mbedtls_mpi W, R, T, A, RR;
-
-    MPI_VALIDATE_RET( X     != NULL );
-    MPI_VALIDATE_RET( f_rng != NULL );
-
-    mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R );
-    mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A );
-    mbedtls_mpi_init( &RR );
-
-    /*
-     * W = |X| - 1
-     * R = W >> lsb( W )
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &W, X, 1 ) );
-    s = mbedtls_mpi_lsb( &W );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R, &W ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &R, s ) );
-
-    for( i = 0; i < rounds; i++ )
-    {
-        /*
-         * pick a random A, 1 < A < |X| - 1
-         */
-        count = 0;
-        do {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) );
-
-            j = mbedtls_mpi_bitlen( &A );
-            k = mbedtls_mpi_bitlen( &W );
-            if (j > k) {
-                A.p[A.n - 1] &= ( (mbedtls_mpi_uint) 1 << ( k - ( A.n - 1 ) * biL - 1 ) ) - 1;
-            }
-
-            if (count++ > 30) {
-                ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
-                goto cleanup;
-            }
-
-        } while ( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 ||
-                  mbedtls_mpi_cmp_int( &A, 1 )  <= 0    );
-
-        /*
-         * A = A^R mod |X|
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &A, &A, &R, X, &RR ) );
-
-        if( mbedtls_mpi_cmp_mpi( &A, &W ) == 0 ||
-            mbedtls_mpi_cmp_int( &A,  1 ) == 0 )
-            continue;
-
-        j = 1;
-        while( j < s && mbedtls_mpi_cmp_mpi( &A, &W ) != 0 )
-        {
-            /*
-             * A = A * A mod |X|
-             */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &A, &A ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &A, &T, X  ) );
-
-            if( mbedtls_mpi_cmp_int( &A, 1 ) == 0 )
-                break;
-
-            j++;
-        }
-
-        /*
-         * not prime if A != |X| - 1 or A == 1
-         */
-        if( mbedtls_mpi_cmp_mpi( &A, &W ) != 0 ||
-            mbedtls_mpi_cmp_int( &A,  1 ) == 0 )
-        {
-            ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
-            break;
-        }
-    }
-
-cleanup:
-    mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R );
-    mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A );
-    mbedtls_mpi_free( &RR );
-
-    return( ret );
-}
-
-/*
- * Pseudo-primality test: small factors, then Miller-Rabin
- */
-int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi XX;
-    MPI_VALIDATE_RET( X     != NULL );
-    MPI_VALIDATE_RET( f_rng != NULL );
-
-    XX.s = 1;
-    XX.n = X->n;
-    XX.p = X->p;
-
-    if( mbedtls_mpi_cmp_int( &XX, 0 ) == 0 ||
-        mbedtls_mpi_cmp_int( &XX, 1 ) == 0 )
-        return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
-
-    if( mbedtls_mpi_cmp_int( &XX, 2 ) == 0 )
-        return( 0 );
-
-    if( ( ret = mpi_check_small_factors( &XX ) ) != 0 )
-    {
-        if( ret == 1 )
-            return( 0 );
-
-        return( ret );
-    }
-
-    return( mpi_miller_rabin( &XX, rounds, f_rng, p_rng ) );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/*
- * Pseudo-primality test, error probability 2^-80
- */
-int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
-                  int (*f_rng)(void *, unsigned char *, size_t),
-                  void *p_rng )
-{
-    MPI_VALIDATE_RET( X     != NULL );
-    MPI_VALIDATE_RET( f_rng != NULL );
-
-    /*
-     * In the past our key generation aimed for an error rate of at most
-     * 2^-80. Since this function is deprecated, aim for the same certainty
-     * here as well.
-     */
-    return( mbedtls_mpi_is_prime_ext( X, 40, f_rng, p_rng ) );
-}
-#endif
-
-/*
- * Prime number generation
- *
- * To generate an RSA key in a way recommended by FIPS 186-4, both primes must
- * be either 1024 bits or 1536 bits long, and flags must contain
- * MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR.
- */
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
-                   int (*f_rng)(void *, unsigned char *, size_t),
-                   void *p_rng )
-{
-#ifdef MBEDTLS_HAVE_INT64
-// ceil(2^63.5)
-#define CEIL_MAXUINT_DIV_SQRT2 0xb504f333f9de6485ULL
-#else
-// ceil(2^31.5)
-#define CEIL_MAXUINT_DIV_SQRT2 0xb504f334U
-#endif
-    int ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
-    size_t k, n;
-    int rounds;
-    mbedtls_mpi_uint r;
-    mbedtls_mpi Y;
-
-    MPI_VALIDATE_RET( X     != NULL );
-    MPI_VALIDATE_RET( f_rng != NULL );
-
-    if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &Y );
-
-    n = BITS_TO_LIMBS( nbits );
-
-    if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR ) == 0 )
-    {
-        /*
-         * 2^-80 error probability, number of rounds chosen per HAC, table 4.4
-         */
-        rounds = ( ( nbits >= 1300 ) ?  2 : ( nbits >=  850 ) ?  3 :
-                   ( nbits >=  650 ) ?  4 : ( nbits >=  350 ) ?  8 :
-                   ( nbits >=  250 ) ? 12 : ( nbits >=  150 ) ? 18 : 27 );
-    }
-    else
-    {
-        /*
-         * 2^-100 error probability, number of rounds computed based on HAC,
-         * fact 4.48
-         */
-        rounds = ( ( nbits >= 1450 ) ?  4 : ( nbits >=  1150 ) ?  5 :
-                   ( nbits >= 1000 ) ?  6 : ( nbits >=   850 ) ?  7 :
-                   ( nbits >=  750 ) ?  8 : ( nbits >=   500 ) ? 13 :
-                   ( nbits >=  250 ) ? 28 : ( nbits >=   150 ) ? 40 : 51 );
-    }
-
-    while( 1 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) );
-        /* make sure generated number is at least (nbits-1)+0.5 bits (FIPS 186-4 §B.3.3 steps 4.4, 5.5) */
-        if( X->p[n-1] < CEIL_MAXUINT_DIV_SQRT2 ) continue;
-
-        k = n * biL;
-        if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) );
-        X->p[0] |= 1;
-
-        if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) == 0 )
-        {
-            ret = mbedtls_mpi_is_prime_ext( X, rounds, f_rng, p_rng );
-
-            if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
-                goto cleanup;
-        }
-        else
-        {
-            /*
-             * A necessary condition for Y and X = 2Y + 1 to be prime
-             * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3).
-             * Make sure it is satisfied, while keeping X = 3 mod 4
-             */
-
-            X->p[0] |= 2;
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) );
-            if( r == 0 )
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) );
-            else if( r == 1 )
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) );
-
-            /* Set Y = (X-1) / 2, which is X / 2 because X is odd */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) );
-
-            while( 1 )
-            {
-                /*
-                 * First, check small factors for X and Y
-                 * before doing Miller-Rabin on any of them
-                 */
-                if( ( ret = mpi_check_small_factors(  X         ) ) == 0 &&
-                    ( ret = mpi_check_small_factors( &Y         ) ) == 0 &&
-                    ( ret = mpi_miller_rabin(  X, rounds, f_rng, p_rng  ) )
-                                                                    == 0 &&
-                    ( ret = mpi_miller_rabin( &Y, rounds, f_rng, p_rng  ) )
-                                                                    == 0 )
-                    goto cleanup;
-
-                if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
-                    goto cleanup;
-
-                /*
-                 * Next candidates. We want to preserve Y = (X-1) / 2 and
-                 * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3)
-                 * so up Y by 6 and X by 12.
-                 */
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_int(  X,  X, 12 ) );
-                MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6  ) );
-            }
-        }
-    }
-
-cleanup:
-
-    mbedtls_mpi_free( &Y );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_GENPRIME */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#define GCD_PAIR_COUNT  3
-
-static const int gcd_pairs[GCD_PAIR_COUNT][3] =
-{
-    { 693, 609, 21 },
-    { 1764, 868, 28 },
-    { 768454923, 542167814, 1 }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_mpi_self_test( int verbose )
-{
-    int ret, i;
-    mbedtls_mpi A, E, N, X, Y, U, V;
-
-    mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &X );
-    mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &U ); mbedtls_mpi_init( &V );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &A, 16,
-        "EFE021C2645FD1DC586E69184AF4A31E" \
-        "D5F53E93B5F123FA41680867BA110131" \
-        "944FE7952E2517337780CB0DB80E61AA" \
-        "E7C8DDC6C5C6AADEB34EB38A2F40D5E6" ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 16,
-        "B2E7EFD37075B9F03FF989C7C5051C20" \
-        "34D2A323810251127E7BF8625A4F49A5" \
-        "F3E27F4DA8BD59C47D6DAABA4C8127BD" \
-        "5B5C25763222FEFCCFC38B832366C29E" ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &N, 16,
-        "0066A198186C18C10B2F5ED9B522752A" \
-        "9830B69916E535C8F047518A889A43A5" \
-        "94B6BED27A168D31D4A52F88925AA8F5" ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X, &A, &N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
-        "602AB7ECA597A3D6B56FF9829A5E8B85" \
-        "9E857EA95A03512E2BAE7391688D264A" \
-        "A5663B0341DB9CCFD2C4C5F421FEC814" \
-        "8001B72E848A38CAE1C65F78E56ABDEF" \
-        "E12D3C039B8A02D6BE593F0BBBDA56F1" \
-        "ECF677152EF804370C1A305CAF3B5BF1" \
-        "30879B56C61DE584A0F53A2447A51E" ) );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #1 (mul_mpi): " );
-
-    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &X, &Y, &A, &N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
-        "256567336059E52CAE22925474705F39A94" ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &V, 16,
-        "6613F26162223DF488E9CD48CC132C7A" \
-        "0AC93C701B001B092E4E5B9F73BCD27B" \
-        "9EE50D0657C77F374E903CDFA4C642" ) );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #2 (div_mpi): " );
-
-    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ||
-        mbedtls_mpi_cmp_mpi( &Y, &V ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &X, &A, &E, &N, NULL ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
-        "36E139AEA55215609D2816998ED020BB" \
-        "BD96C37890F65171D948E9BC7CBAA4D9" \
-        "325D24D6A3C12710F10A09FA08AB87" ) );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #3 (exp_mod): " );
-
-    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &X, &A, &N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16,
-        "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \
-        "C3DBA76456363A10869622EAC2DD84EC" \
-        "C5B8A74DAC4D09E03B5E0BE779F2DF61" ) );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #4 (inv_mod): " );
-
-    if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MPI test #5 (simple gcd): " );
-
-    for( i = 0; i < GCD_PAIR_COUNT; i++ )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &X, gcd_pairs[i][0] ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Y, gcd_pairs[i][1] ) );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &A, &X, &Y ) );
-
-        if( mbedtls_mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed at %d\n", i );
-
-            ret = 1;
-            goto cleanup;
-        }
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-cleanup:
-
-    if( ret != 0 && verbose != 0 )
-        mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret );
-
-    mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X );
-    mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V );
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_BIGNUM_C */
diff --git a/Sources/mbedtls/library/blowfish.c b/Sources/mbedtls/library/blowfish.c
deleted file mode 100644
index 621e9f7..0000000
--- a/Sources/mbedtls/library/blowfish.c
+++ /dev/null
@@ -1,667 +0,0 @@
-/*
- *  Blowfish implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The Blowfish block cipher was designed by Bruce Schneier in 1993.
- *  http://www.schneier.com/blowfish.html
- *  http://en.wikipedia.org/wiki/Blowfish_%28cipher%29
- *
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_BLOWFISH_C)
-
-#include "mbedtls/blowfish.h"
-#include "mbedtls/platform_util.h"
-
-#include <string.h>
-
-#if !defined(MBEDTLS_BLOWFISH_ALT)
-
-/* Parameter validation macros */
-#define BLOWFISH_VALIDATE_RET( cond )                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA )
-#define BLOWFISH_VALIDATE( cond )                                           \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-static const uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2] = {
-        0x243F6A88L, 0x85A308D3L, 0x13198A2EL, 0x03707344L,
-        0xA4093822L, 0x299F31D0L, 0x082EFA98L, 0xEC4E6C89L,
-        0x452821E6L, 0x38D01377L, 0xBE5466CFL, 0x34E90C6CL,
-        0xC0AC29B7L, 0xC97C50DDL, 0x3F84D5B5L, 0xB5470917L,
-        0x9216D5D9L, 0x8979FB1BL
-};
-
-/* declarations of data at the end of this file */
-static const uint32_t S[4][256];
-
-static uint32_t F( mbedtls_blowfish_context *ctx, uint32_t x )
-{
-   unsigned short a, b, c, d;
-   uint32_t  y;
-
-   d = MBEDTLS_BYTE_0( x );
-   x >>= 8;
-   c = MBEDTLS_BYTE_0( x );
-   x >>= 8;
-   b = MBEDTLS_BYTE_0( x );
-   x >>= 8;
-   a = MBEDTLS_BYTE_0( x );
-   y = ctx->S[0][a] + ctx->S[1][b];
-   y = y ^ ctx->S[2][c];
-   y = y + ctx->S[3][d];
-
-   return( y );
-}
-
-static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
-{
-    uint32_t  Xl, Xr, temp;
-    short i;
-
-    Xl = *xl;
-    Xr = *xr;
-
-    for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i )
-    {
-        Xl = Xl ^ ctx->P[i];
-        Xr = F( ctx, Xl ) ^ Xr;
-
-        temp = Xl;
-        Xl = Xr;
-        Xr = temp;
-    }
-
-    temp = Xl;
-    Xl = Xr;
-    Xr = temp;
-
-    Xr = Xr ^ ctx->P[MBEDTLS_BLOWFISH_ROUNDS];
-    Xl = Xl ^ ctx->P[MBEDTLS_BLOWFISH_ROUNDS + 1];
-
-    *xl = Xl;
-    *xr = Xr;
-}
-
-static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr )
-{
-    uint32_t  Xl, Xr, temp;
-    short i;
-
-    Xl = *xl;
-    Xr = *xr;
-
-    for( i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i )
-    {
-        Xl = Xl ^ ctx->P[i];
-        Xr = F( ctx, Xl ) ^ Xr;
-
-        temp = Xl;
-        Xl = Xr;
-        Xr = temp;
-    }
-
-    temp = Xl;
-    Xl = Xr;
-    Xr = temp;
-
-    Xr = Xr ^ ctx->P[1];
-    Xl = Xl ^ ctx->P[0];
-
-    *xl = Xl;
-    *xr = Xr;
-}
-
-void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx )
-{
-    BLOWFISH_VALIDATE( ctx != NULL );
-    memset( ctx, 0, sizeof( mbedtls_blowfish_context ) );
-}
-
-void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) );
-}
-
-/*
- * Blowfish key schedule
- */
-int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx,
-                             const unsigned char *key,
-                             unsigned int keybits )
-{
-    unsigned int i, j, k;
-    uint32_t data, datal, datar;
-    BLOWFISH_VALIDATE_RET( ctx != NULL );
-    BLOWFISH_VALIDATE_RET( key != NULL );
-
-    if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS    ||
-        keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS    ||
-        keybits % 8 != 0 )
-    {
-        return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
-    }
-
-    keybits >>= 3;
-
-    for( i = 0; i < 4; i++ )
-    {
-        for( j = 0; j < 256; j++ )
-            ctx->S[i][j] = S[i][j];
-    }
-
-    j = 0;
-    for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i )
-    {
-        data = 0x00000000;
-        for( k = 0; k < 4; ++k )
-        {
-            data = ( data << 8 ) | key[j++];
-            if( j >= keybits )
-                j = 0;
-        }
-        ctx->P[i] = P[i] ^ data;
-    }
-
-    datal = 0x00000000;
-    datar = 0x00000000;
-
-    for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2 )
-    {
-        blowfish_enc( ctx, &datal, &datar );
-        ctx->P[i] = datal;
-        ctx->P[i + 1] = datar;
-    }
-
-    for( i = 0; i < 4; i++ )
-    {
-       for( j = 0; j < 256; j += 2 )
-       {
-            blowfish_enc( ctx, &datal, &datar );
-            ctx->S[i][j] = datal;
-            ctx->S[i][j + 1] = datar;
-        }
-    }
-    return( 0 );
-}
-
-/*
- * Blowfish-ECB block encryption/decryption
- */
-int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
-                    int mode,
-                    const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                    unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] )
-{
-    uint32_t X0, X1;
-    BLOWFISH_VALIDATE_RET( ctx != NULL );
-    BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
-                           mode == MBEDTLS_BLOWFISH_DECRYPT );
-    BLOWFISH_VALIDATE_RET( input  != NULL );
-    BLOWFISH_VALIDATE_RET( output != NULL );
-
-    X0 = MBEDTLS_GET_UINT32_BE( input,  0 );
-    X1 = MBEDTLS_GET_UINT32_BE( input,  4 );
-
-    if( mode == MBEDTLS_BLOWFISH_DECRYPT )
-    {
-        blowfish_dec( ctx, &X0, &X1 );
-    }
-    else /* MBEDTLS_BLOWFISH_ENCRYPT */
-    {
-        blowfish_enc( ctx, &X0, &X1 );
-    }
-
-    MBEDTLS_PUT_UINT32_BE( X0, output,  0 );
-    MBEDTLS_PUT_UINT32_BE( X1, output,  4 );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * Blowfish-CBC buffer encryption/decryption
- */
-int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                    const unsigned char *input,
-                    unsigned char *output )
-{
-    int i;
-    unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE];
-    BLOWFISH_VALIDATE_RET( ctx != NULL );
-    BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
-                           mode == MBEDTLS_BLOWFISH_DECRYPT );
-    BLOWFISH_VALIDATE_RET( iv != NULL );
-    BLOWFISH_VALIDATE_RET( length == 0 || input  != NULL );
-    BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
-
-    if( length % MBEDTLS_BLOWFISH_BLOCKSIZE )
-        return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH );
-
-    if( mode == MBEDTLS_BLOWFISH_DECRYPT )
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE );
-            mbedtls_blowfish_crypt_ecb( ctx, mode, input, output );
-
-            for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE;i++ )
-                output[i] = (unsigned char)( output[i] ^ iv[i] );
-
-            memcpy( iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE );
-
-            input  += MBEDTLS_BLOWFISH_BLOCKSIZE;
-            output += MBEDTLS_BLOWFISH_BLOCKSIZE;
-            length -= MBEDTLS_BLOWFISH_BLOCKSIZE;
-        }
-    }
-    else
-    {
-        while( length > 0 )
-        {
-            for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++ )
-                output[i] = (unsigned char)( input[i] ^ iv[i] );
-
-            mbedtls_blowfish_crypt_ecb( ctx, mode, output, output );
-            memcpy( iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE );
-
-            input  += MBEDTLS_BLOWFISH_BLOCKSIZE;
-            output += MBEDTLS_BLOWFISH_BLOCKSIZE;
-            length -= MBEDTLS_BLOWFISH_BLOCKSIZE;
-        }
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/*
- * Blowfish CFB buffer encryption/decryption
- */
-int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int c;
-    size_t n;
-
-    BLOWFISH_VALIDATE_RET( ctx != NULL );
-    BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT ||
-                           mode == MBEDTLS_BLOWFISH_DECRYPT );
-    BLOWFISH_VALIDATE_RET( iv     != NULL );
-    BLOWFISH_VALIDATE_RET( iv_off != NULL );
-    BLOWFISH_VALIDATE_RET( length == 0 || input  != NULL );
-    BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
-
-    n = *iv_off;
-    if( n >= 8 )
-        return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
-
-    if( mode == MBEDTLS_BLOWFISH_DECRYPT )
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv );
-
-            c = *input++;
-            *output++ = (unsigned char)( c ^ iv[n] );
-            iv[n] = (unsigned char) c;
-
-            n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
-        }
-    }
-    else
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv );
-
-            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
-
-            n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
-        }
-    }
-
-    *iv_off = n;
-
-    return( 0 );
-}
-#endif /*MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/*
- * Blowfish CTR buffer encryption/decryption
- */
-int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                       unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int c, i;
-    size_t n;
-    BLOWFISH_VALIDATE_RET( ctx != NULL );
-    BLOWFISH_VALIDATE_RET( nonce_counter != NULL );
-    BLOWFISH_VALIDATE_RET( stream_block  != NULL );
-    BLOWFISH_VALIDATE_RET( nc_off != NULL );
-    BLOWFISH_VALIDATE_RET( length == 0 || input  != NULL );
-    BLOWFISH_VALIDATE_RET( length == 0 || output != NULL );
-
-    n = *nc_off;
-    if( n >= 8 )
-        return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA );
-
-    while( length-- )
-    {
-        if( n == 0 ) {
-            mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter,
-                                stream_block );
-
-            for( i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i-- )
-                if( ++nonce_counter[i - 1] != 0 )
-                    break;
-        }
-        c = *input++;
-        *output++ = (unsigned char)( c ^ stream_block[n] );
-
-        n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE;
-    }
-
-    *nc_off = n;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-static const uint32_t S[4][256] = {
-    {   0xD1310BA6L, 0x98DFB5ACL, 0x2FFD72DBL, 0xD01ADFB7L,
-        0xB8E1AFEDL, 0x6A267E96L, 0xBA7C9045L, 0xF12C7F99L,
-        0x24A19947L, 0xB3916CF7L, 0x0801F2E2L, 0x858EFC16L,
-        0x636920D8L, 0x71574E69L, 0xA458FEA3L, 0xF4933D7EL,
-        0x0D95748FL, 0x728EB658L, 0x718BCD58L, 0x82154AEEL,
-        0x7B54A41DL, 0xC25A59B5L, 0x9C30D539L, 0x2AF26013L,
-        0xC5D1B023L, 0x286085F0L, 0xCA417918L, 0xB8DB38EFL,
-        0x8E79DCB0L, 0x603A180EL, 0x6C9E0E8BL, 0xB01E8A3EL,
-        0xD71577C1L, 0xBD314B27L, 0x78AF2FDAL, 0x55605C60L,
-        0xE65525F3L, 0xAA55AB94L, 0x57489862L, 0x63E81440L,
-        0x55CA396AL, 0x2AAB10B6L, 0xB4CC5C34L, 0x1141E8CEL,
-        0xA15486AFL, 0x7C72E993L, 0xB3EE1411L, 0x636FBC2AL,
-        0x2BA9C55DL, 0x741831F6L, 0xCE5C3E16L, 0x9B87931EL,
-        0xAFD6BA33L, 0x6C24CF5CL, 0x7A325381L, 0x28958677L,
-        0x3B8F4898L, 0x6B4BB9AFL, 0xC4BFE81BL, 0x66282193L,
-        0x61D809CCL, 0xFB21A991L, 0x487CAC60L, 0x5DEC8032L,
-        0xEF845D5DL, 0xE98575B1L, 0xDC262302L, 0xEB651B88L,
-        0x23893E81L, 0xD396ACC5L, 0x0F6D6FF3L, 0x83F44239L,
-        0x2E0B4482L, 0xA4842004L, 0x69C8F04AL, 0x9E1F9B5EL,
-        0x21C66842L, 0xF6E96C9AL, 0x670C9C61L, 0xABD388F0L,
-        0x6A51A0D2L, 0xD8542F68L, 0x960FA728L, 0xAB5133A3L,
-        0x6EEF0B6CL, 0x137A3BE4L, 0xBA3BF050L, 0x7EFB2A98L,
-        0xA1F1651DL, 0x39AF0176L, 0x66CA593EL, 0x82430E88L,
-        0x8CEE8619L, 0x456F9FB4L, 0x7D84A5C3L, 0x3B8B5EBEL,
-        0xE06F75D8L, 0x85C12073L, 0x401A449FL, 0x56C16AA6L,
-        0x4ED3AA62L, 0x363F7706L, 0x1BFEDF72L, 0x429B023DL,
-        0x37D0D724L, 0xD00A1248L, 0xDB0FEAD3L, 0x49F1C09BL,
-        0x075372C9L, 0x80991B7BL, 0x25D479D8L, 0xF6E8DEF7L,
-        0xE3FE501AL, 0xB6794C3BL, 0x976CE0BDL, 0x04C006BAL,
-        0xC1A94FB6L, 0x409F60C4L, 0x5E5C9EC2L, 0x196A2463L,
-        0x68FB6FAFL, 0x3E6C53B5L, 0x1339B2EBL, 0x3B52EC6FL,
-        0x6DFC511FL, 0x9B30952CL, 0xCC814544L, 0xAF5EBD09L,
-        0xBEE3D004L, 0xDE334AFDL, 0x660F2807L, 0x192E4BB3L,
-        0xC0CBA857L, 0x45C8740FL, 0xD20B5F39L, 0xB9D3FBDBL,
-        0x5579C0BDL, 0x1A60320AL, 0xD6A100C6L, 0x402C7279L,
-        0x679F25FEL, 0xFB1FA3CCL, 0x8EA5E9F8L, 0xDB3222F8L,
-        0x3C7516DFL, 0xFD616B15L, 0x2F501EC8L, 0xAD0552ABL,
-        0x323DB5FAL, 0xFD238760L, 0x53317B48L, 0x3E00DF82L,
-        0x9E5C57BBL, 0xCA6F8CA0L, 0x1A87562EL, 0xDF1769DBL,
-        0xD542A8F6L, 0x287EFFC3L, 0xAC6732C6L, 0x8C4F5573L,
-        0x695B27B0L, 0xBBCA58C8L, 0xE1FFA35DL, 0xB8F011A0L,
-        0x10FA3D98L, 0xFD2183B8L, 0x4AFCB56CL, 0x2DD1D35BL,
-        0x9A53E479L, 0xB6F84565L, 0xD28E49BCL, 0x4BFB9790L,
-        0xE1DDF2DAL, 0xA4CB7E33L, 0x62FB1341L, 0xCEE4C6E8L,
-        0xEF20CADAL, 0x36774C01L, 0xD07E9EFEL, 0x2BF11FB4L,
-        0x95DBDA4DL, 0xAE909198L, 0xEAAD8E71L, 0x6B93D5A0L,
-        0xD08ED1D0L, 0xAFC725E0L, 0x8E3C5B2FL, 0x8E7594B7L,
-        0x8FF6E2FBL, 0xF2122B64L, 0x8888B812L, 0x900DF01CL,
-        0x4FAD5EA0L, 0x688FC31CL, 0xD1CFF191L, 0xB3A8C1ADL,
-        0x2F2F2218L, 0xBE0E1777L, 0xEA752DFEL, 0x8B021FA1L,
-        0xE5A0CC0FL, 0xB56F74E8L, 0x18ACF3D6L, 0xCE89E299L,
-        0xB4A84FE0L, 0xFD13E0B7L, 0x7CC43B81L, 0xD2ADA8D9L,
-        0x165FA266L, 0x80957705L, 0x93CC7314L, 0x211A1477L,
-        0xE6AD2065L, 0x77B5FA86L, 0xC75442F5L, 0xFB9D35CFL,
-        0xEBCDAF0CL, 0x7B3E89A0L, 0xD6411BD3L, 0xAE1E7E49L,
-        0x00250E2DL, 0x2071B35EL, 0x226800BBL, 0x57B8E0AFL,
-        0x2464369BL, 0xF009B91EL, 0x5563911DL, 0x59DFA6AAL,
-        0x78C14389L, 0xD95A537FL, 0x207D5BA2L, 0x02E5B9C5L,
-        0x83260376L, 0x6295CFA9L, 0x11C81968L, 0x4E734A41L,
-        0xB3472DCAL, 0x7B14A94AL, 0x1B510052L, 0x9A532915L,
-        0xD60F573FL, 0xBC9BC6E4L, 0x2B60A476L, 0x81E67400L,
-        0x08BA6FB5L, 0x571BE91FL, 0xF296EC6BL, 0x2A0DD915L,
-        0xB6636521L, 0xE7B9F9B6L, 0xFF34052EL, 0xC5855664L,
-        0x53B02D5DL, 0xA99F8FA1L, 0x08BA4799L, 0x6E85076AL   },
-    {   0x4B7A70E9L, 0xB5B32944L, 0xDB75092EL, 0xC4192623L,
-        0xAD6EA6B0L, 0x49A7DF7DL, 0x9CEE60B8L, 0x8FEDB266L,
-        0xECAA8C71L, 0x699A17FFL, 0x5664526CL, 0xC2B19EE1L,
-        0x193602A5L, 0x75094C29L, 0xA0591340L, 0xE4183A3EL,
-        0x3F54989AL, 0x5B429D65L, 0x6B8FE4D6L, 0x99F73FD6L,
-        0xA1D29C07L, 0xEFE830F5L, 0x4D2D38E6L, 0xF0255DC1L,
-        0x4CDD2086L, 0x8470EB26L, 0x6382E9C6L, 0x021ECC5EL,
-        0x09686B3FL, 0x3EBAEFC9L, 0x3C971814L, 0x6B6A70A1L,
-        0x687F3584L, 0x52A0E286L, 0xB79C5305L, 0xAA500737L,
-        0x3E07841CL, 0x7FDEAE5CL, 0x8E7D44ECL, 0x5716F2B8L,
-        0xB03ADA37L, 0xF0500C0DL, 0xF01C1F04L, 0x0200B3FFL,
-        0xAE0CF51AL, 0x3CB574B2L, 0x25837A58L, 0xDC0921BDL,
-        0xD19113F9L, 0x7CA92FF6L, 0x94324773L, 0x22F54701L,
-        0x3AE5E581L, 0x37C2DADCL, 0xC8B57634L, 0x9AF3DDA7L,
-        0xA9446146L, 0x0FD0030EL, 0xECC8C73EL, 0xA4751E41L,
-        0xE238CD99L, 0x3BEA0E2FL, 0x3280BBA1L, 0x183EB331L,
-        0x4E548B38L, 0x4F6DB908L, 0x6F420D03L, 0xF60A04BFL,
-        0x2CB81290L, 0x24977C79L, 0x5679B072L, 0xBCAF89AFL,
-        0xDE9A771FL, 0xD9930810L, 0xB38BAE12L, 0xDCCF3F2EL,
-        0x5512721FL, 0x2E6B7124L, 0x501ADDE6L, 0x9F84CD87L,
-        0x7A584718L, 0x7408DA17L, 0xBC9F9ABCL, 0xE94B7D8CL,
-        0xEC7AEC3AL, 0xDB851DFAL, 0x63094366L, 0xC464C3D2L,
-        0xEF1C1847L, 0x3215D908L, 0xDD433B37L, 0x24C2BA16L,
-        0x12A14D43L, 0x2A65C451L, 0x50940002L, 0x133AE4DDL,
-        0x71DFF89EL, 0x10314E55L, 0x81AC77D6L, 0x5F11199BL,
-        0x043556F1L, 0xD7A3C76BL, 0x3C11183BL, 0x5924A509L,
-        0xF28FE6EDL, 0x97F1FBFAL, 0x9EBABF2CL, 0x1E153C6EL,
-        0x86E34570L, 0xEAE96FB1L, 0x860E5E0AL, 0x5A3E2AB3L,
-        0x771FE71CL, 0x4E3D06FAL, 0x2965DCB9L, 0x99E71D0FL,
-        0x803E89D6L, 0x5266C825L, 0x2E4CC978L, 0x9C10B36AL,
-        0xC6150EBAL, 0x94E2EA78L, 0xA5FC3C53L, 0x1E0A2DF4L,
-        0xF2F74EA7L, 0x361D2B3DL, 0x1939260FL, 0x19C27960L,
-        0x5223A708L, 0xF71312B6L, 0xEBADFE6EL, 0xEAC31F66L,
-        0xE3BC4595L, 0xA67BC883L, 0xB17F37D1L, 0x018CFF28L,
-        0xC332DDEFL, 0xBE6C5AA5L, 0x65582185L, 0x68AB9802L,
-        0xEECEA50FL, 0xDB2F953BL, 0x2AEF7DADL, 0x5B6E2F84L,
-        0x1521B628L, 0x29076170L, 0xECDD4775L, 0x619F1510L,
-        0x13CCA830L, 0xEB61BD96L, 0x0334FE1EL, 0xAA0363CFL,
-        0xB5735C90L, 0x4C70A239L, 0xD59E9E0BL, 0xCBAADE14L,
-        0xEECC86BCL, 0x60622CA7L, 0x9CAB5CABL, 0xB2F3846EL,
-        0x648B1EAFL, 0x19BDF0CAL, 0xA02369B9L, 0x655ABB50L,
-        0x40685A32L, 0x3C2AB4B3L, 0x319EE9D5L, 0xC021B8F7L,
-        0x9B540B19L, 0x875FA099L, 0x95F7997EL, 0x623D7DA8L,
-        0xF837889AL, 0x97E32D77L, 0x11ED935FL, 0x16681281L,
-        0x0E358829L, 0xC7E61FD6L, 0x96DEDFA1L, 0x7858BA99L,
-        0x57F584A5L, 0x1B227263L, 0x9B83C3FFL, 0x1AC24696L,
-        0xCDB30AEBL, 0x532E3054L, 0x8FD948E4L, 0x6DBC3128L,
-        0x58EBF2EFL, 0x34C6FFEAL, 0xFE28ED61L, 0xEE7C3C73L,
-        0x5D4A14D9L, 0xE864B7E3L, 0x42105D14L, 0x203E13E0L,
-        0x45EEE2B6L, 0xA3AAABEAL, 0xDB6C4F15L, 0xFACB4FD0L,
-        0xC742F442L, 0xEF6ABBB5L, 0x654F3B1DL, 0x41CD2105L,
-        0xD81E799EL, 0x86854DC7L, 0xE44B476AL, 0x3D816250L,
-        0xCF62A1F2L, 0x5B8D2646L, 0xFC8883A0L, 0xC1C7B6A3L,
-        0x7F1524C3L, 0x69CB7492L, 0x47848A0BL, 0x5692B285L,
-        0x095BBF00L, 0xAD19489DL, 0x1462B174L, 0x23820E00L,
-        0x58428D2AL, 0x0C55F5EAL, 0x1DADF43EL, 0x233F7061L,
-        0x3372F092L, 0x8D937E41L, 0xD65FECF1L, 0x6C223BDBL,
-        0x7CDE3759L, 0xCBEE7460L, 0x4085F2A7L, 0xCE77326EL,
-        0xA6078084L, 0x19F8509EL, 0xE8EFD855L, 0x61D99735L,
-        0xA969A7AAL, 0xC50C06C2L, 0x5A04ABFCL, 0x800BCADCL,
-        0x9E447A2EL, 0xC3453484L, 0xFDD56705L, 0x0E1E9EC9L,
-        0xDB73DBD3L, 0x105588CDL, 0x675FDA79L, 0xE3674340L,
-        0xC5C43465L, 0x713E38D8L, 0x3D28F89EL, 0xF16DFF20L,
-        0x153E21E7L, 0x8FB03D4AL, 0xE6E39F2BL, 0xDB83ADF7L   },
-    {   0xE93D5A68L, 0x948140F7L, 0xF64C261CL, 0x94692934L,
-        0x411520F7L, 0x7602D4F7L, 0xBCF46B2EL, 0xD4A20068L,
-        0xD4082471L, 0x3320F46AL, 0x43B7D4B7L, 0x500061AFL,
-        0x1E39F62EL, 0x97244546L, 0x14214F74L, 0xBF8B8840L,
-        0x4D95FC1DL, 0x96B591AFL, 0x70F4DDD3L, 0x66A02F45L,
-        0xBFBC09ECL, 0x03BD9785L, 0x7FAC6DD0L, 0x31CB8504L,
-        0x96EB27B3L, 0x55FD3941L, 0xDA2547E6L, 0xABCA0A9AL,
-        0x28507825L, 0x530429F4L, 0x0A2C86DAL, 0xE9B66DFBL,
-        0x68DC1462L, 0xD7486900L, 0x680EC0A4L, 0x27A18DEEL,
-        0x4F3FFEA2L, 0xE887AD8CL, 0xB58CE006L, 0x7AF4D6B6L,
-        0xAACE1E7CL, 0xD3375FECL, 0xCE78A399L, 0x406B2A42L,
-        0x20FE9E35L, 0xD9F385B9L, 0xEE39D7ABL, 0x3B124E8BL,
-        0x1DC9FAF7L, 0x4B6D1856L, 0x26A36631L, 0xEAE397B2L,
-        0x3A6EFA74L, 0xDD5B4332L, 0x6841E7F7L, 0xCA7820FBL,
-        0xFB0AF54EL, 0xD8FEB397L, 0x454056ACL, 0xBA489527L,
-        0x55533A3AL, 0x20838D87L, 0xFE6BA9B7L, 0xD096954BL,
-        0x55A867BCL, 0xA1159A58L, 0xCCA92963L, 0x99E1DB33L,
-        0xA62A4A56L, 0x3F3125F9L, 0x5EF47E1CL, 0x9029317CL,
-        0xFDF8E802L, 0x04272F70L, 0x80BB155CL, 0x05282CE3L,
-        0x95C11548L, 0xE4C66D22L, 0x48C1133FL, 0xC70F86DCL,
-        0x07F9C9EEL, 0x41041F0FL, 0x404779A4L, 0x5D886E17L,
-        0x325F51EBL, 0xD59BC0D1L, 0xF2BCC18FL, 0x41113564L,
-        0x257B7834L, 0x602A9C60L, 0xDFF8E8A3L, 0x1F636C1BL,
-        0x0E12B4C2L, 0x02E1329EL, 0xAF664FD1L, 0xCAD18115L,
-        0x6B2395E0L, 0x333E92E1L, 0x3B240B62L, 0xEEBEB922L,
-        0x85B2A20EL, 0xE6BA0D99L, 0xDE720C8CL, 0x2DA2F728L,
-        0xD0127845L, 0x95B794FDL, 0x647D0862L, 0xE7CCF5F0L,
-        0x5449A36FL, 0x877D48FAL, 0xC39DFD27L, 0xF33E8D1EL,
-        0x0A476341L, 0x992EFF74L, 0x3A6F6EABL, 0xF4F8FD37L,
-        0xA812DC60L, 0xA1EBDDF8L, 0x991BE14CL, 0xDB6E6B0DL,
-        0xC67B5510L, 0x6D672C37L, 0x2765D43BL, 0xDCD0E804L,
-        0xF1290DC7L, 0xCC00FFA3L, 0xB5390F92L, 0x690FED0BL,
-        0x667B9FFBL, 0xCEDB7D9CL, 0xA091CF0BL, 0xD9155EA3L,
-        0xBB132F88L, 0x515BAD24L, 0x7B9479BFL, 0x763BD6EBL,
-        0x37392EB3L, 0xCC115979L, 0x8026E297L, 0xF42E312DL,
-        0x6842ADA7L, 0xC66A2B3BL, 0x12754CCCL, 0x782EF11CL,
-        0x6A124237L, 0xB79251E7L, 0x06A1BBE6L, 0x4BFB6350L,
-        0x1A6B1018L, 0x11CAEDFAL, 0x3D25BDD8L, 0xE2E1C3C9L,
-        0x44421659L, 0x0A121386L, 0xD90CEC6EL, 0xD5ABEA2AL,
-        0x64AF674EL, 0xDA86A85FL, 0xBEBFE988L, 0x64E4C3FEL,
-        0x9DBC8057L, 0xF0F7C086L, 0x60787BF8L, 0x6003604DL,
-        0xD1FD8346L, 0xF6381FB0L, 0x7745AE04L, 0xD736FCCCL,
-        0x83426B33L, 0xF01EAB71L, 0xB0804187L, 0x3C005E5FL,
-        0x77A057BEL, 0xBDE8AE24L, 0x55464299L, 0xBF582E61L,
-        0x4E58F48FL, 0xF2DDFDA2L, 0xF474EF38L, 0x8789BDC2L,
-        0x5366F9C3L, 0xC8B38E74L, 0xB475F255L, 0x46FCD9B9L,
-        0x7AEB2661L, 0x8B1DDF84L, 0x846A0E79L, 0x915F95E2L,
-        0x466E598EL, 0x20B45770L, 0x8CD55591L, 0xC902DE4CL,
-        0xB90BACE1L, 0xBB8205D0L, 0x11A86248L, 0x7574A99EL,
-        0xB77F19B6L, 0xE0A9DC09L, 0x662D09A1L, 0xC4324633L,
-        0xE85A1F02L, 0x09F0BE8CL, 0x4A99A025L, 0x1D6EFE10L,
-        0x1AB93D1DL, 0x0BA5A4DFL, 0xA186F20FL, 0x2868F169L,
-        0xDCB7DA83L, 0x573906FEL, 0xA1E2CE9BL, 0x4FCD7F52L,
-        0x50115E01L, 0xA70683FAL, 0xA002B5C4L, 0x0DE6D027L,
-        0x9AF88C27L, 0x773F8641L, 0xC3604C06L, 0x61A806B5L,
-        0xF0177A28L, 0xC0F586E0L, 0x006058AAL, 0x30DC7D62L,
-        0x11E69ED7L, 0x2338EA63L, 0x53C2DD94L, 0xC2C21634L,
-        0xBBCBEE56L, 0x90BCB6DEL, 0xEBFC7DA1L, 0xCE591D76L,
-        0x6F05E409L, 0x4B7C0188L, 0x39720A3DL, 0x7C927C24L,
-        0x86E3725FL, 0x724D9DB9L, 0x1AC15BB4L, 0xD39EB8FCL,
-        0xED545578L, 0x08FCA5B5L, 0xD83D7CD3L, 0x4DAD0FC4L,
-        0x1E50EF5EL, 0xB161E6F8L, 0xA28514D9L, 0x6C51133CL,
-        0x6FD5C7E7L, 0x56E14EC4L, 0x362ABFCEL, 0xDDC6C837L,
-        0xD79A3234L, 0x92638212L, 0x670EFA8EL, 0x406000E0L  },
-    {   0x3A39CE37L, 0xD3FAF5CFL, 0xABC27737L, 0x5AC52D1BL,
-        0x5CB0679EL, 0x4FA33742L, 0xD3822740L, 0x99BC9BBEL,
-        0xD5118E9DL, 0xBF0F7315L, 0xD62D1C7EL, 0xC700C47BL,
-        0xB78C1B6BL, 0x21A19045L, 0xB26EB1BEL, 0x6A366EB4L,
-        0x5748AB2FL, 0xBC946E79L, 0xC6A376D2L, 0x6549C2C8L,
-        0x530FF8EEL, 0x468DDE7DL, 0xD5730A1DL, 0x4CD04DC6L,
-        0x2939BBDBL, 0xA9BA4650L, 0xAC9526E8L, 0xBE5EE304L,
-        0xA1FAD5F0L, 0x6A2D519AL, 0x63EF8CE2L, 0x9A86EE22L,
-        0xC089C2B8L, 0x43242EF6L, 0xA51E03AAL, 0x9CF2D0A4L,
-        0x83C061BAL, 0x9BE96A4DL, 0x8FE51550L, 0xBA645BD6L,
-        0x2826A2F9L, 0xA73A3AE1L, 0x4BA99586L, 0xEF5562E9L,
-        0xC72FEFD3L, 0xF752F7DAL, 0x3F046F69L, 0x77FA0A59L,
-        0x80E4A915L, 0x87B08601L, 0x9B09E6ADL, 0x3B3EE593L,
-        0xE990FD5AL, 0x9E34D797L, 0x2CF0B7D9L, 0x022B8B51L,
-        0x96D5AC3AL, 0x017DA67DL, 0xD1CF3ED6L, 0x7C7D2D28L,
-        0x1F9F25CFL, 0xADF2B89BL, 0x5AD6B472L, 0x5A88F54CL,
-        0xE029AC71L, 0xE019A5E6L, 0x47B0ACFDL, 0xED93FA9BL,
-        0xE8D3C48DL, 0x283B57CCL, 0xF8D56629L, 0x79132E28L,
-        0x785F0191L, 0xED756055L, 0xF7960E44L, 0xE3D35E8CL,
-        0x15056DD4L, 0x88F46DBAL, 0x03A16125L, 0x0564F0BDL,
-        0xC3EB9E15L, 0x3C9057A2L, 0x97271AECL, 0xA93A072AL,
-        0x1B3F6D9BL, 0x1E6321F5L, 0xF59C66FBL, 0x26DCF319L,
-        0x7533D928L, 0xB155FDF5L, 0x03563482L, 0x8ABA3CBBL,
-        0x28517711L, 0xC20AD9F8L, 0xABCC5167L, 0xCCAD925FL,
-        0x4DE81751L, 0x3830DC8EL, 0x379D5862L, 0x9320F991L,
-        0xEA7A90C2L, 0xFB3E7BCEL, 0x5121CE64L, 0x774FBE32L,
-        0xA8B6E37EL, 0xC3293D46L, 0x48DE5369L, 0x6413E680L,
-        0xA2AE0810L, 0xDD6DB224L, 0x69852DFDL, 0x09072166L,
-        0xB39A460AL, 0x6445C0DDL, 0x586CDECFL, 0x1C20C8AEL,
-        0x5BBEF7DDL, 0x1B588D40L, 0xCCD2017FL, 0x6BB4E3BBL,
-        0xDDA26A7EL, 0x3A59FF45L, 0x3E350A44L, 0xBCB4CDD5L,
-        0x72EACEA8L, 0xFA6484BBL, 0x8D6612AEL, 0xBF3C6F47L,
-        0xD29BE463L, 0x542F5D9EL, 0xAEC2771BL, 0xF64E6370L,
-        0x740E0D8DL, 0xE75B1357L, 0xF8721671L, 0xAF537D5DL,
-        0x4040CB08L, 0x4EB4E2CCL, 0x34D2466AL, 0x0115AF84L,
-        0xE1B00428L, 0x95983A1DL, 0x06B89FB4L, 0xCE6EA048L,
-        0x6F3F3B82L, 0x3520AB82L, 0x011A1D4BL, 0x277227F8L,
-        0x611560B1L, 0xE7933FDCL, 0xBB3A792BL, 0x344525BDL,
-        0xA08839E1L, 0x51CE794BL, 0x2F32C9B7L, 0xA01FBAC9L,
-        0xE01CC87EL, 0xBCC7D1F6L, 0xCF0111C3L, 0xA1E8AAC7L,
-        0x1A908749L, 0xD44FBD9AL, 0xD0DADECBL, 0xD50ADA38L,
-        0x0339C32AL, 0xC6913667L, 0x8DF9317CL, 0xE0B12B4FL,
-        0xF79E59B7L, 0x43F5BB3AL, 0xF2D519FFL, 0x27D9459CL,
-        0xBF97222CL, 0x15E6FC2AL, 0x0F91FC71L, 0x9B941525L,
-        0xFAE59361L, 0xCEB69CEBL, 0xC2A86459L, 0x12BAA8D1L,
-        0xB6C1075EL, 0xE3056A0CL, 0x10D25065L, 0xCB03A442L,
-        0xE0EC6E0EL, 0x1698DB3BL, 0x4C98A0BEL, 0x3278E964L,
-        0x9F1F9532L, 0xE0D392DFL, 0xD3A0342BL, 0x8971F21EL,
-        0x1B0A7441L, 0x4BA3348CL, 0xC5BE7120L, 0xC37632D8L,
-        0xDF359F8DL, 0x9B992F2EL, 0xE60B6F47L, 0x0FE3F11DL,
-        0xE54CDA54L, 0x1EDAD891L, 0xCE6279CFL, 0xCD3E7E6FL,
-        0x1618B166L, 0xFD2C1D05L, 0x848FD2C5L, 0xF6FB2299L,
-        0xF523F357L, 0xA6327623L, 0x93A83531L, 0x56CCCD02L,
-        0xACF08162L, 0x5A75EBB5L, 0x6E163697L, 0x88D273CCL,
-        0xDE966292L, 0x81B949D0L, 0x4C50901BL, 0x71C65614L,
-        0xE6C6C7BDL, 0x327A140AL, 0x45E1D006L, 0xC3F27B9AL,
-        0xC9AA53FDL, 0x62A80F00L, 0xBB25BFE2L, 0x35BDD2F6L,
-        0x71126905L, 0xB2040222L, 0xB6CBCF7CL, 0xCD769C2BL,
-        0x53113EC0L, 0x1640E3D3L, 0x38ABBD60L, 0x2547ADF0L,
-        0xBA38209CL, 0xF746CE76L, 0x77AFA1C5L, 0x20756060L,
-        0x85CBFE4EL, 0x8AE88DD8L, 0x7AAAF9B0L, 0x4CF9AA7EL,
-        0x1948C25CL, 0x02FB8A8CL, 0x01C36AE4L, 0xD6EBE1F9L,
-        0x90D4F869L, 0xA65CDEA0L, 0x3F09252DL, 0xC208E69FL,
-        0xB74E6132L, 0xCE77E25BL, 0x578FDFE3L, 0x3AC372E6L  }
-};
-
-#endif /* !MBEDTLS_BLOWFISH_ALT */
-#endif /* MBEDTLS_BLOWFISH_C */
diff --git a/Sources/mbedtls/library/camellia.c b/Sources/mbedtls/library/camellia.c
deleted file mode 100644
index e90cd7f..0000000
--- a/Sources/mbedtls/library/camellia.c
+++ /dev/null
@@ -1,1080 +0,0 @@
-/*
- *  Camellia implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The Camellia block cipher was designed by NTT and Mitsubishi Electric
- *  Corporation.
- *
- *  http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_CAMELLIA_C)
-
-#include "mbedtls/camellia.h"
-#include "mbedtls/platform_util.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_CAMELLIA_ALT)
-
-/* Parameter validation macros */
-#define CAMELLIA_VALIDATE_RET( cond )                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA )
-#define CAMELLIA_VALIDATE( cond )                                           \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-static const unsigned char SIGMA_CHARS[6][8] =
-{
-    { 0xa0, 0x9e, 0x66, 0x7f, 0x3b, 0xcc, 0x90, 0x8b },
-    { 0xb6, 0x7a, 0xe8, 0x58, 0x4c, 0xaa, 0x73, 0xb2 },
-    { 0xc6, 0xef, 0x37, 0x2f, 0xe9, 0x4f, 0x82, 0xbe },
-    { 0x54, 0xff, 0x53, 0xa5, 0xf1, 0xd3, 0x6f, 0x1c },
-    { 0x10, 0xe5, 0x27, 0xfa, 0xde, 0x68, 0x2d, 0x1d },
-    { 0xb0, 0x56, 0x88, 0xc2, 0xb3, 0xe6, 0xc1, 0xfd }
-};
-
-#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
-
-static const unsigned char FSb[256] =
-{
-    112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65,
-     35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,
-    134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,
-    166,225, 57,202,213, 71, 93, 61,217,  1, 90,214, 81, 86,108, 77,
-    139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,
-    223, 76,203,194, 52,126,118,  5,109,183,169, 49,209, 23,  4,215,
-     20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,
-    254, 68,207,178,195,181,122,145, 36,  8,232,168, 96,252,105, 80,
-    170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210,
-     16,196,  0, 72,163,247,117,219,138,  3,230,218,  9, 63,221,148,
-    135, 92,131,  2,205, 74,144, 51,115,103,246,243,157,127,191,226,
-     82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,
-    233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,
-    120,152,  6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,
-    114,  7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164,
-     64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158
-};
-
-#define SBOX1(n) FSb[(n)]
-#define SBOX2(n) (unsigned char)((FSb[(n)] >> 7 ^ FSb[(n)] << 1) & 0xff)
-#define SBOX3(n) (unsigned char)((FSb[(n)] >> 1 ^ FSb[(n)] << 7) & 0xff)
-#define SBOX4(n) FSb[((n) << 1 ^ (n) >> 7) &0xff]
-
-#else /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
-
-static const unsigned char FSb[256] =
-{
- 112, 130,  44, 236, 179,  39, 192, 229, 228, 133,  87,  53, 234,  12, 174,  65,
-  35, 239, 107, 147,  69,  25, 165,  33, 237,  14,  79,  78,  29, 101, 146, 189,
- 134, 184, 175, 143, 124, 235,  31, 206,  62,  48, 220,  95,  94, 197,  11,  26,
- 166, 225,  57, 202, 213,  71,  93,  61, 217,   1,  90, 214,  81,  86, 108,  77,
- 139,  13, 154, 102, 251, 204, 176,  45, 116,  18,  43,  32, 240, 177, 132, 153,
- 223,  76, 203, 194,  52, 126, 118,   5, 109, 183, 169,  49, 209,  23,   4, 215,
-  20,  88,  58,  97, 222,  27,  17,  28,  50,  15, 156,  22,  83,  24, 242,  34,
- 254,  68, 207, 178, 195, 181, 122, 145,  36,   8, 232, 168,  96, 252, 105,  80,
- 170, 208, 160, 125, 161, 137,  98, 151,  84,  91,  30, 149, 224, 255, 100, 210,
-  16, 196,   0,  72, 163, 247, 117, 219, 138,   3, 230, 218,   9,  63, 221, 148,
- 135,  92, 131,   2, 205,  74, 144,  51, 115, 103, 246, 243, 157, 127, 191, 226,
-  82, 155, 216,  38, 200,  55, 198,  59, 129, 150, 111,  75,  19, 190,  99,  46,
- 233, 121, 167, 140, 159, 110, 188, 142,  41, 245, 249, 182,  47, 253, 180,  89,
- 120, 152,   6, 106, 231,  70, 113, 186, 212,  37, 171,  66, 136, 162, 141, 250,
- 114,   7, 185,  85, 248, 238, 172,  10,  54,  73,  42, 104,  60,  56, 241, 164,
- 64,  40, 211, 123, 187, 201,  67, 193,  21, 227, 173, 244, 119, 199, 128, 158
-};
-
-static const unsigned char FSb2[256] =
-{
- 224,   5,  88, 217, 103,  78, 129, 203, 201,  11, 174, 106, 213,  24,  93, 130,
-  70, 223, 214,  39, 138,  50,  75,  66, 219,  28, 158, 156,  58, 202,  37, 123,
-  13, 113,  95,  31, 248, 215,  62, 157, 124,  96, 185, 190, 188, 139,  22,  52,
-  77, 195, 114, 149, 171, 142, 186, 122, 179,   2, 180, 173, 162, 172, 216, 154,
-  23,  26,  53, 204, 247, 153,  97,  90, 232,  36,  86,  64, 225,  99,   9,  51,
- 191, 152, 151, 133, 104, 252, 236,  10, 218, 111,  83,  98, 163,  46,   8, 175,
-  40, 176, 116, 194, 189,  54,  34,  56, 100,  30,  57,  44, 166,  48, 229,  68,
- 253, 136, 159, 101, 135, 107, 244,  35,  72,  16, 209,  81, 192, 249, 210, 160,
-  85, 161,  65, 250,  67,  19, 196,  47, 168, 182,  60,  43, 193, 255, 200, 165,
-  32, 137,   0, 144,  71, 239, 234, 183,  21,   6, 205, 181,  18, 126, 187,  41,
-  15, 184,   7,   4, 155, 148,  33, 102, 230, 206, 237, 231,  59, 254, 127, 197,
- 164,  55, 177,  76, 145, 110, 141, 118,   3,  45, 222, 150,  38, 125, 198,  92,
- 211, 242,  79,  25,  63, 220, 121,  29,  82, 235, 243, 109,  94, 251, 105, 178,
- 240,  49,  12, 212, 207, 140, 226, 117, 169,  74,  87, 132,  17,  69,  27, 245,
- 228,  14, 115, 170, 241, 221,  89,  20, 108, 146,  84, 208, 120, 112, 227,  73,
- 128,  80, 167, 246, 119, 147, 134, 131,  42, 199,  91, 233, 238, 143,   1,  61
-};
-
-static const unsigned char FSb3[256] =
-{
-  56,  65,  22, 118, 217, 147,  96, 242, 114, 194, 171, 154, 117,   6,  87, 160,
- 145, 247, 181, 201, 162, 140, 210, 144, 246,   7, 167,  39, 142, 178,  73, 222,
-  67,  92, 215, 199,  62, 245, 143, 103,  31,  24, 110, 175,  47, 226, 133,  13,
-  83, 240, 156, 101, 234, 163, 174, 158, 236, 128,  45, 107, 168,  43,  54, 166,
- 197, 134,  77,  51, 253, 102,  88, 150,  58,   9, 149,  16, 120, 216,  66, 204,
- 239,  38, 229,  97,  26,  63,  59, 130, 182, 219, 212, 152, 232, 139,   2, 235,
-  10,  44,  29, 176, 111, 141, 136,  14,  25, 135,  78,  11, 169,  12, 121,  17,
- 127,  34, 231,  89, 225, 218,  61, 200,  18,   4, 116,  84,  48, 126, 180,  40,
-  85, 104,  80, 190, 208, 196,  49, 203,  42, 173,  15, 202, 112, 255,  50, 105,
-   8,  98,   0,  36, 209, 251, 186, 237,  69, 129, 115, 109, 132, 159, 238,  74,
- 195,  46, 193,   1, 230,  37,  72, 153, 185, 179, 123, 249, 206, 191, 223, 113,
-  41, 205, 108,  19, 100, 155,  99, 157, 192,  75, 183, 165, 137,  95, 177,  23,
- 244, 188, 211,  70, 207,  55,  94,  71, 148, 250, 252,  91, 151, 254,  90, 172,
-  60,  76,   3,  53, 243,  35, 184,  93, 106, 146, 213,  33,  68,  81, 198, 125,
-  57, 131, 220, 170, 124, 119,  86,   5,  27, 164,  21,  52,  30,  28, 248,  82,
-  32,  20, 233, 189, 221, 228, 161, 224, 138, 241, 214, 122, 187, 227,  64,  79
-};
-
-static const unsigned char FSb4[256] =
-{
- 112,  44, 179, 192, 228,  87, 234, 174,  35, 107,  69, 165, 237,  79,  29, 146,
- 134, 175, 124,  31,  62, 220,  94,  11, 166,  57, 213,  93, 217,  90,  81, 108,
- 139, 154, 251, 176, 116,  43, 240, 132, 223, 203,  52, 118, 109, 169, 209,   4,
-  20,  58, 222,  17,  50, 156,  83, 242, 254, 207, 195, 122,  36, 232,  96, 105,
- 170, 160, 161,  98,  84,  30, 224, 100,  16,   0, 163, 117, 138, 230,   9, 221,
- 135, 131, 205, 144, 115, 246, 157, 191,  82, 216, 200, 198, 129, 111,  19,  99,
- 233, 167, 159, 188,  41, 249,  47, 180, 120,   6, 231, 113, 212, 171, 136, 141,
- 114, 185, 248, 172,  54,  42,  60, 241,  64, 211, 187,  67,  21, 173, 119, 128,
- 130, 236,  39, 229, 133,  53,  12,  65, 239, 147,  25,  33,  14,  78, 101, 189,
- 184, 143, 235, 206,  48,  95, 197,  26, 225, 202,  71,  61,   1, 214,  86,  77,
-  13, 102, 204,  45,  18,  32, 177, 153,  76, 194, 126,   5, 183,  49,  23, 215,
-  88,  97,  27,  28,  15,  22,  24,  34,  68, 178, 181, 145,   8, 168, 252,  80,
- 208, 125, 137, 151,  91, 149, 255, 210, 196,  72, 247, 219,   3, 218,  63, 148,
-  92,   2,  74,  51, 103, 243, 127, 226, 155,  38,  55,  59, 150,  75, 190,  46,
- 121, 140, 110, 142, 245, 182, 253,  89, 152, 106,  70, 186,  37,  66, 162, 250,
-  7,  85, 238,  10,  73, 104,  56, 164,  40, 123, 201, 193, 227, 244, 199, 158
-};
-
-#define SBOX1(n) FSb[(n)]
-#define SBOX2(n) FSb2[(n)]
-#define SBOX3(n) FSb3[(n)]
-#define SBOX4(n) FSb4[(n)]
-
-#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
-
-static const unsigned char shifts[2][4][4] =
-{
-    {
-        { 1, 1, 1, 1 }, /* KL */
-        { 0, 0, 0, 0 }, /* KR */
-        { 1, 1, 1, 1 }, /* KA */
-        { 0, 0, 0, 0 }  /* KB */
-    },
-    {
-        { 1, 0, 1, 1 }, /* KL */
-        { 1, 1, 0, 1 }, /* KR */
-        { 1, 1, 1, 0 }, /* KA */
-        { 1, 1, 0, 1 }  /* KB */
-    }
-};
-
-static const signed char indexes[2][4][20] =
-{
-    {
-        {  0,  1,  2,  3,  8,  9, 10, 11, 38, 39,
-          36, 37, 23, 20, 21, 22, 27, -1, -1, 26 }, /* KL -> RK */
-        { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-          -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }, /* KR -> RK */
-        {  4,  5,  6,  7, 12, 13, 14, 15, 16, 17,
-          18, 19, -1, 24, 25, -1, 31, 28, 29, 30 }, /* KA -> RK */
-        { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-          -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 }  /* KB -> RK */
-    },
-    {
-        {  0,  1,  2,  3, 61, 62, 63, 60, -1, -1,
-          -1, -1, 27, 24, 25, 26, 35, 32, 33, 34 }, /* KL -> RK */
-        { -1, -1, -1, -1,  8,  9, 10, 11, 16, 17,
-          18, 19, -1, -1, -1, -1, 39, 36, 37, 38 }, /* KR -> RK */
-        { -1, -1, -1, -1, 12, 13, 14, 15, 58, 59,
-          56, 57, 31, 28, 29, 30, -1, -1, -1, -1 }, /* KA -> RK */
-        {  4,  5,  6,  7, 65, 66, 67, 64, 20, 21,
-          22, 23, -1, -1, -1, -1, 43, 40, 41, 42 }  /* KB -> RK */
-    }
-};
-
-static const signed char transposes[2][20] =
-{
-    {
-        21, 22, 23, 20,
-        -1, -1, -1, -1,
-        18, 19, 16, 17,
-        11,  8,  9, 10,
-        15, 12, 13, 14
-    },
-    {
-        25, 26, 27, 24,
-        29, 30, 31, 28,
-        18, 19, 16, 17,
-        -1, -1, -1, -1,
-        -1, -1, -1, -1
-    }
-};
-
-/* Shift macro for 128 bit strings with rotation smaller than 32 bits (!) */
-#define ROTL(DEST, SRC, SHIFT)                                      \
-{                                                                   \
-    (DEST)[0] = (SRC)[0] << (SHIFT) ^ (SRC)[1] >> (32 - (SHIFT));   \
-    (DEST)[1] = (SRC)[1] << (SHIFT) ^ (SRC)[2] >> (32 - (SHIFT));   \
-    (DEST)[2] = (SRC)[2] << (SHIFT) ^ (SRC)[3] >> (32 - (SHIFT));   \
-    (DEST)[3] = (SRC)[3] << (SHIFT) ^ (SRC)[0] >> (32 - (SHIFT));   \
-}
-
-#define FL(XL, XR, KL, KR)                                          \
-{                                                                   \
-    (XR) = ((((XL) & (KL)) << 1) | (((XL) & (KL)) >> 31)) ^ (XR);   \
-    (XL) = ((XR) | (KR)) ^ (XL);                                    \
-}
-
-#define FLInv(YL, YR, KL, KR)                                       \
-{                                                                   \
-    (YL) = ((YR) | (KR)) ^ (YL);                                    \
-    (YR) = ((((YL) & (KL)) << 1) | (((YL) & (KL)) >> 31)) ^ (YR);   \
-}
-
-#define SHIFT_AND_PLACE(INDEX, OFFSET)                      \
-{                                                           \
-    TK[0] = KC[(OFFSET) * 4 + 0];                           \
-    TK[1] = KC[(OFFSET) * 4 + 1];                           \
-    TK[2] = KC[(OFFSET) * 4 + 2];                           \
-    TK[3] = KC[(OFFSET) * 4 + 3];                           \
-                                                            \
-    for( i = 1; i <= 4; i++ )                               \
-        if( shifts[(INDEX)][(OFFSET)][i -1] )               \
-            ROTL(TK + i * 4, TK, ( 15 * i ) % 32);          \
-                                                            \
-    for( i = 0; i < 20; i++ )                               \
-        if( indexes[(INDEX)][(OFFSET)][i] != -1 ) {         \
-            RK[indexes[(INDEX)][(OFFSET)][i]] = TK[ i ];    \
-        }                                                   \
-}
-
-static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
-                              uint32_t z[2])
-{
-    uint32_t I0, I1;
-    I0 = x[0] ^ k[0];
-    I1 = x[1] ^ k[1];
-
-    I0 = ((uint32_t) SBOX1( MBEDTLS_BYTE_3( I0 )) << 24) |
-         ((uint32_t) SBOX2( MBEDTLS_BYTE_2( I0 )) << 16) |
-         ((uint32_t) SBOX3( MBEDTLS_BYTE_1( I0 )) <<  8) |
-         ((uint32_t) SBOX4( MBEDTLS_BYTE_0( I0 ))      );
-    I1 = ((uint32_t) SBOX2( MBEDTLS_BYTE_3( I1 )) << 24) |
-         ((uint32_t) SBOX3( MBEDTLS_BYTE_2( I1 )) << 16) |
-         ((uint32_t) SBOX4( MBEDTLS_BYTE_1( I1 )) <<  8) |
-         ((uint32_t) SBOX1( MBEDTLS_BYTE_0( I1 ))      );
-
-    I0 ^= (I1 << 8) | (I1 >> 24);
-    I1 ^= (I0 << 16) | (I0 >> 16);
-    I0 ^= (I1 >> 8) | (I1 << 24);
-    I1 ^= (I0 >> 8) | (I0 << 24);
-
-    z[0] ^= I1;
-    z[1] ^= I0;
-}
-
-void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
-{
-    CAMELLIA_VALIDATE( ctx != NULL );
-    memset( ctx, 0, sizeof( mbedtls_camellia_context ) );
-}
-
-void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_camellia_context ) );
-}
-
-/*
- * Camellia key schedule (encryption)
- */
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
-                                 const unsigned char *key,
-                                 unsigned int keybits )
-{
-    int idx;
-    size_t i;
-    uint32_t *RK;
-    unsigned char t[64];
-    uint32_t SIGMA[6][2];
-    uint32_t KC[16];
-    uint32_t TK[20];
-
-    CAMELLIA_VALIDATE_RET( ctx != NULL );
-    CAMELLIA_VALIDATE_RET( key != NULL );
-
-    RK = ctx->rk;
-
-    memset( t, 0, 64 );
-    memset( RK, 0, sizeof(ctx->rk) );
-
-    switch( keybits )
-    {
-        case 128: ctx->nr = 3; idx = 0; break;
-        case 192:
-        case 256: ctx->nr = 4; idx = 1; break;
-        default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
-    }
-
-    for( i = 0; i < keybits / 8; ++i )
-        t[i] = key[i];
-
-    if( keybits == 192 ) {
-        for( i = 0; i < 8; i++ )
-            t[24 + i] = ~t[16 + i];
-    }
-
-    /*
-     * Prepare SIGMA values
-     */
-    for( i = 0; i < 6; i++ ) {
-        SIGMA[i][0] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 0 );
-        SIGMA[i][1] = MBEDTLS_GET_UINT32_BE( SIGMA_CHARS[i], 4 );
-    }
-
-    /*
-     * Key storage in KC
-     * Order: KL, KR, KA, KB
-     */
-    memset( KC, 0, sizeof(KC) );
-
-    /* Store KL, KR */
-    for( i = 0; i < 8; i++ )
-        KC[i] = MBEDTLS_GET_UINT32_BE( t, i * 4 );
-
-    /* Generate KA */
-    for( i = 0; i < 4; ++i )
-        KC[8 + i] = KC[i] ^ KC[4 + i];
-
-    camellia_feistel( KC + 8, SIGMA[0], KC + 10 );
-    camellia_feistel( KC + 10, SIGMA[1], KC + 8 );
-
-    for( i = 0; i < 4; ++i )
-        KC[8 + i] ^= KC[i];
-
-    camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
-    camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
-
-    if( keybits > 128 ) {
-        /* Generate KB */
-        for( i = 0; i < 4; ++i )
-            KC[12 + i] = KC[4 + i] ^ KC[8 + i];
-
-        camellia_feistel( KC + 12, SIGMA[4], KC + 14 );
-        camellia_feistel( KC + 14, SIGMA[5], KC + 12 );
-    }
-
-    /*
-     * Generating subkeys
-     */
-
-    /* Manipulating KL */
-    SHIFT_AND_PLACE( idx, 0 );
-
-    /* Manipulating KR */
-    if( keybits > 128 ) {
-        SHIFT_AND_PLACE( idx, 1 );
-    }
-
-    /* Manipulating KA */
-    SHIFT_AND_PLACE( idx, 2 );
-
-    /* Manipulating KB */
-    if( keybits > 128 ) {
-        SHIFT_AND_PLACE( idx, 3 );
-    }
-
-    /* Do transpositions */
-    for( i = 0; i < 20; i++ ) {
-        if( transposes[idx][i] != -1 ) {
-            RK[32 + 12 * idx + i] = RK[transposes[idx][i]];
-        }
-    }
-
-    return( 0 );
-}
-
-/*
- * Camellia key schedule (decryption)
- */
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
-                                 const unsigned char *key,
-                                 unsigned int keybits )
-{
-    int idx, ret;
-    size_t i;
-    mbedtls_camellia_context cty;
-    uint32_t *RK;
-    uint32_t *SK;
-    CAMELLIA_VALIDATE_RET( ctx != NULL );
-    CAMELLIA_VALIDATE_RET( key != NULL );
-
-    mbedtls_camellia_init( &cty );
-
-    /* Also checks keybits */
-    if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )
-        goto exit;
-
-    ctx->nr = cty.nr;
-    idx = ( ctx->nr == 4 );
-
-    RK = ctx->rk;
-    SK = cty.rk + 24 * 2 + 8 * idx * 2;
-
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-
-    for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
-    {
-        *RK++ = *SK++;
-        *RK++ = *SK++;
-    }
-
-    SK -= 2;
-
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-    *RK++ = *SK++;
-
-exit:
-    mbedtls_camellia_free( &cty );
-
-    return( ret );
-}
-
-/*
- * Camellia-ECB block encryption/decryption
- */
-int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
-                    int mode,
-                    const unsigned char input[16],
-                    unsigned char output[16] )
-{
-    int NR;
-    uint32_t *RK, X[4];
-    CAMELLIA_VALIDATE_RET( ctx != NULL );
-    CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
-                           mode == MBEDTLS_CAMELLIA_DECRYPT );
-    CAMELLIA_VALIDATE_RET( input  != NULL );
-    CAMELLIA_VALIDATE_RET( output != NULL );
-
-    ( (void) mode );
-
-    NR = ctx->nr;
-    RK = ctx->rk;
-
-    X[0] = MBEDTLS_GET_UINT32_BE( input,  0 );
-    X[1] = MBEDTLS_GET_UINT32_BE( input,  4 );
-    X[2] = MBEDTLS_GET_UINT32_BE( input,  8 );
-    X[3] = MBEDTLS_GET_UINT32_BE( input, 12 );
-
-    X[0] ^= *RK++;
-    X[1] ^= *RK++;
-    X[2] ^= *RK++;
-    X[3] ^= *RK++;
-
-    while( NR ) {
-        --NR;
-        camellia_feistel( X, RK, X + 2 );
-        RK += 2;
-        camellia_feistel( X + 2, RK, X );
-        RK += 2;
-        camellia_feistel( X, RK, X + 2 );
-        RK += 2;
-        camellia_feistel( X + 2, RK, X );
-        RK += 2;
-        camellia_feistel( X, RK, X + 2 );
-        RK += 2;
-        camellia_feistel( X + 2, RK, X );
-        RK += 2;
-
-        if( NR ) {
-            FL(X[0], X[1], RK[0], RK[1]);
-            RK += 2;
-            FLInv(X[2], X[3], RK[0], RK[1]);
-            RK += 2;
-        }
-    }
-
-    X[2] ^= *RK++;
-    X[3] ^= *RK++;
-    X[0] ^= *RK++;
-    X[1] ^= *RK++;
-
-    MBEDTLS_PUT_UINT32_BE( X[2], output,  0 );
-    MBEDTLS_PUT_UINT32_BE( X[3], output,  4 );
-    MBEDTLS_PUT_UINT32_BE( X[0], output,  8 );
-    MBEDTLS_PUT_UINT32_BE( X[1], output, 12 );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * Camellia-CBC buffer encryption/decryption
- */
-int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
-                                int mode,
-                                size_t length,
-                                unsigned char iv[16],
-                                const unsigned char *input,
-                                unsigned char *output )
-{
-    int i;
-    unsigned char temp[16];
-    CAMELLIA_VALIDATE_RET( ctx != NULL );
-    CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
-                           mode == MBEDTLS_CAMELLIA_DECRYPT );
-    CAMELLIA_VALIDATE_RET( iv != NULL );
-    CAMELLIA_VALIDATE_RET( length == 0 || input  != NULL );
-    CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
-
-    if( length % 16 )
-        return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
-
-    if( mode == MBEDTLS_CAMELLIA_DECRYPT )
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, 16 );
-            mbedtls_camellia_crypt_ecb( ctx, mode, input, output );
-
-            for( i = 0; i < 16; i++ )
-                output[i] = (unsigned char)( output[i] ^ iv[i] );
-
-            memcpy( iv, temp, 16 );
-
-            input  += 16;
-            output += 16;
-            length -= 16;
-        }
-    }
-    else
-    {
-        while( length > 0 )
-        {
-            for( i = 0; i < 16; i++ )
-                output[i] = (unsigned char)( input[i] ^ iv[i] );
-
-            mbedtls_camellia_crypt_ecb( ctx, mode, output, output );
-            memcpy( iv, output, 16 );
-
-            input  += 16;
-            output += 16;
-            length -= 16;
-        }
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-/*
- * Camellia-CFB128 buffer encryption/decryption
- */
-int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int c;
-    size_t n;
-    CAMELLIA_VALIDATE_RET( ctx != NULL );
-    CAMELLIA_VALIDATE_RET( mode == MBEDTLS_CAMELLIA_ENCRYPT ||
-                           mode == MBEDTLS_CAMELLIA_DECRYPT );
-    CAMELLIA_VALIDATE_RET( iv     != NULL );
-    CAMELLIA_VALIDATE_RET( iv_off != NULL );
-    CAMELLIA_VALIDATE_RET( length == 0 || input  != NULL );
-    CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
-
-    n = *iv_off;
-    if( n >= 16 )
-        return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
-
-    if( mode == MBEDTLS_CAMELLIA_DECRYPT )
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
-
-            c = *input++;
-            *output++ = (unsigned char)( c ^ iv[n] );
-            iv[n] = (unsigned char) c;
-
-            n = ( n + 1 ) & 0x0F;
-        }
-    }
-    else
-    {
-        while( length-- )
-        {
-            if( n == 0 )
-                mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv );
-
-            iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
-
-            n = ( n + 1 ) & 0x0F;
-        }
-    }
-
-    *iv_off = n;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/*
- * Camellia-CTR buffer encryption/decryption
- */
-int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int c, i;
-    size_t n;
-    CAMELLIA_VALIDATE_RET( ctx != NULL );
-    CAMELLIA_VALIDATE_RET( nonce_counter != NULL );
-    CAMELLIA_VALIDATE_RET( stream_block  != NULL );
-    CAMELLIA_VALIDATE_RET( nc_off != NULL );
-    CAMELLIA_VALIDATE_RET( length == 0 || input  != NULL );
-    CAMELLIA_VALIDATE_RET( length == 0 || output != NULL );
-
-    n = *nc_off;
-    if( n >= 16 )
-        return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
-
-    while( length-- )
-    {
-        if( n == 0 ) {
-            mbedtls_camellia_crypt_ecb( ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
-                                stream_block );
-
-            for( i = 16; i > 0; i-- )
-                if( ++nonce_counter[i - 1] != 0 )
-                    break;
-        }
-        c = *input++;
-        *output++ = (unsigned char)( c ^ stream_block[n] );
-
-        n = ( n + 1 ) & 0x0F;
-    }
-
-    *nc_off = n;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-#endif /* !MBEDTLS_CAMELLIA_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * Camellia test vectors from:
- *
- * http://info.isl.ntt.co.jp/crypt/eng/camellia/technology.html:
- *   http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/intermediate.txt
- *   http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/cryptrec/t_camellia.txt
- *                      (For each bitlength: Key 0, Nr 39)
- */
-#define CAMELLIA_TESTS_ECB  2
-
-static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
-{
-    {
-        { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-          0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
-        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-    },
-    {
-        { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-          0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-          0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
-        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-    },
-    {
-        { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-          0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
-          0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-          0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
-        { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-    },
-};
-
-static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
-{
-    { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
-      0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 },
-    { 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-};
-
-static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
-{
-    {
-        { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
-          0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 },
-        { 0x38, 0x3C, 0x6C, 0x2A, 0xAB, 0xEF, 0x7F, 0xDE,
-          0x25, 0xCD, 0x47, 0x0B, 0xF7, 0x74, 0xA3, 0x31 }
-    },
-    {
-        { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
-          0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 },
-        { 0xD1, 0x76, 0x3F, 0xC0, 0x19, 0xD7, 0x7C, 0xC9,
-          0x30, 0xBF, 0xF2, 0xA5, 0x6F, 0x7C, 0x93, 0x64 }
-    },
-    {
-        { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
-          0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 },
-        { 0x05, 0x03, 0xFB, 0x10, 0xAB, 0x24, 0x1E, 0x7C,
-          0xF4, 0x5D, 0x8C, 0xDE, 0xEE, 0x47, 0x43, 0x35 }
-    }
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define CAMELLIA_TESTS_CBC  3
-
-static const unsigned char camellia_test_cbc_key[3][32] =
-{
-        { 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
-          0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C }
-    ,
-        { 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
-          0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
-          0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B }
-    ,
-        { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
-          0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
-          0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
-          0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }
-};
-
-static const unsigned char camellia_test_cbc_iv[16] =
-
-    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }
-;
-
-static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
-{
-    { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
-      0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A },
-    { 0xAE, 0x2D, 0x8A, 0x57, 0x1E, 0x03, 0xAC, 0x9C,
-      0x9E, 0xB7, 0x6F, 0xAC, 0x45, 0xAF, 0x8E, 0x51 },
-    { 0x30, 0xC8, 0x1C, 0x46, 0xA3, 0x5C, 0xE4, 0x11,
-      0xE5, 0xFB, 0xC1, 0x19, 0x1A, 0x0A, 0x52, 0xEF }
-
-};
-
-static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
-{
-    {
-        { 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
-          0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB },
-        { 0xA2, 0xF2, 0xCF, 0x67, 0x16, 0x29, 0xEF, 0x78,
-          0x40, 0xC5, 0xA5, 0xDF, 0xB5, 0x07, 0x48, 0x87 },
-        { 0x0F, 0x06, 0x16, 0x50, 0x08, 0xCF, 0x8B, 0x8B,
-          0x5A, 0x63, 0x58, 0x63, 0x62, 0x54, 0x3E, 0x54 }
-    },
-    {
-        { 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
-          0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 },
-        { 0x5D, 0x5A, 0x86, 0x9B, 0xD1, 0x4C, 0xE5, 0x42,
-          0x64, 0xF8, 0x92, 0xA6, 0xDD, 0x2E, 0xC3, 0xD5 },
-        { 0x37, 0xD3, 0x59, 0xC3, 0x34, 0x98, 0x36, 0xD8,
-          0x84, 0xE3, 0x10, 0xAD, 0xDF, 0x68, 0xC4, 0x49 }
-    },
-    {
-        { 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
-          0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA },
-        { 0x36, 0xCB, 0xEB, 0x73, 0xBD, 0x50, 0x4B, 0x40,
-          0x70, 0xB1, 0xB7, 0xDE, 0x2B, 0x21, 0xEB, 0x50 },
-        { 0xE3, 0x1A, 0x60, 0x55, 0x29, 0x7D, 0x96, 0xCA,
-          0x33, 0x30, 0xCD, 0xF1, 0xB1, 0x86, 0x0A, 0x83 }
-    }
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-/*
- * Camellia-CTR test vectors from:
- *
- * http://www.faqs.org/rfcs/rfc5528.html
- */
-
-static const unsigned char camellia_test_ctr_key[3][16] =
-{
-    { 0xAE, 0x68, 0x52, 0xF8, 0x12, 0x10, 0x67, 0xCC,
-      0x4B, 0xF7, 0xA5, 0x76, 0x55, 0x77, 0xF3, 0x9E },
-    { 0x7E, 0x24, 0x06, 0x78, 0x17, 0xFA, 0xE0, 0xD7,
-      0x43, 0xD6, 0xCE, 0x1F, 0x32, 0x53, 0x91, 0x63 },
-    { 0x76, 0x91, 0xBE, 0x03, 0x5E, 0x50, 0x20, 0xA8,
-      0xAC, 0x6E, 0x61, 0x85, 0x29, 0xF9, 0xA0, 0xDC }
-};
-
-static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
-{
-    { 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
-    { 0x00, 0x6C, 0xB6, 0xDB, 0xC0, 0x54, 0x3B, 0x59,
-      0xDA, 0x48, 0xD9, 0x0B, 0x00, 0x00, 0x00, 0x01 },
-    { 0x00, 0xE0, 0x01, 0x7B, 0x27, 0x77, 0x7F, 0x3F,
-      0x4A, 0x17, 0x86, 0xF0, 0x00, 0x00, 0x00, 0x01 }
-};
-
-static const unsigned char camellia_test_ctr_pt[3][48] =
-{
-    { 0x53, 0x69, 0x6E, 0x67, 0x6C, 0x65, 0x20, 0x62,
-      0x6C, 0x6F, 0x63, 0x6B, 0x20, 0x6D, 0x73, 0x67 },
-
-    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-      0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F },
-
-    { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-      0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-      0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
-      0x20, 0x21, 0x22, 0x23 }
-};
-
-static const unsigned char camellia_test_ctr_ct[3][48] =
-{
-    { 0xD0, 0x9D, 0xC2, 0x9A, 0x82, 0x14, 0x61, 0x9A,
-      0x20, 0x87, 0x7C, 0x76, 0xDB, 0x1F, 0x0B, 0x3F },
-    { 0xDB, 0xF3, 0xC7, 0x8D, 0xC0, 0x83, 0x96, 0xD4,
-      0xDA, 0x7C, 0x90, 0x77, 0x65, 0xBB, 0xCB, 0x44,
-      0x2B, 0x8E, 0x8E, 0x0F, 0x31, 0xF0, 0xDC, 0xA7,
-      0x2C, 0x74, 0x17, 0xE3, 0x53, 0x60, 0xE0, 0x48 },
-    { 0xB1, 0x9D, 0x1F, 0xCD, 0xCB, 0x75, 0xEB, 0x88,
-      0x2F, 0x84, 0x9C, 0xE2, 0x4D, 0x85, 0xCF, 0x73,
-      0x9C, 0xE6, 0x4B, 0x2B, 0x5C, 0x9D, 0x73, 0xF1,
-      0x4F, 0x2D, 0x5D, 0x9D, 0xCE, 0x98, 0x89, 0xCD,
-      0xDF, 0x50, 0x86, 0x96 }
-};
-
-static const int camellia_test_ctr_len[3] =
-    { 16, 32, 36 };
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-/*
- * Checkup routine
- */
-int mbedtls_camellia_self_test( int verbose )
-{
-    int i, j, u, v;
-    unsigned char key[32];
-    unsigned char buf[64];
-    unsigned char src[16];
-    unsigned char dst[16];
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    unsigned char iv[16];
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    size_t offset, len;
-    unsigned char nonce_counter[16];
-    unsigned char stream_block[16];
-#endif
-    int ret = 1;
-
-    mbedtls_camellia_context ctx;
-
-    mbedtls_camellia_init( &ctx );
-    memset( key, 0, 32 );
-
-    for( j = 0; j < 6; j++ ) {
-        u = j >> 1;
-    v = j & 1;
-
-    if( verbose != 0 )
-        mbedtls_printf( "  CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
-                         (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
-
-    for( i = 0; i < CAMELLIA_TESTS_ECB; i++ ) {
-        memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
-
-        if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
-            mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
-            memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
-            memcpy( dst, camellia_test_ecb_plain[i], 16 );
-        } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
-            mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
-            memcpy( src, camellia_test_ecb_plain[i], 16 );
-            memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
-        }
-
-        mbedtls_camellia_crypt_ecb( &ctx, v, src, buf );
-
-        if( memcmp( buf, dst, 16 ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-            goto exit;
-        }
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    /*
-     * CBC mode
-     */
-    for( j = 0; j < 6; j++ )
-    {
-        u = j >> 1;
-        v = j  & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
-                             ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( src, camellia_test_cbc_iv, 16 );
-        memcpy( dst, camellia_test_cbc_iv, 16 );
-        memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
-
-        if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
-            mbedtls_camellia_setkey_dec( &ctx, key, 128 + u * 64 );
-        } else {
-            mbedtls_camellia_setkey_enc( &ctx, key, 128 + u * 64 );
-        }
-
-        for( i = 0; i < CAMELLIA_TESTS_CBC; i++ ) {
-
-            if( v == MBEDTLS_CAMELLIA_DECRYPT ) {
-                memcpy( iv , src, 16 );
-                memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
-                memcpy( dst, camellia_test_cbc_plain[i], 16 );
-            } else { /* MBEDTLS_CAMELLIA_ENCRYPT */
-                memcpy( iv , dst, 16 );
-                memcpy( src, camellia_test_cbc_plain[i], 16 );
-                memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
-            }
-
-            mbedtls_camellia_crypt_cbc( &ctx, v, 16, iv, src, buf );
-
-            if( memcmp( buf, dst, 16 ) != 0 )
-            {
-                if( verbose != 0 )
-                    mbedtls_printf( "failed\n" );
-                goto exit;
-            }
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    /*
-     * CTR mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        v = i  & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  CAMELLIA-CTR-128 (%s): ",
-                             ( v == MBEDTLS_CAMELLIA_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
-        memcpy( key, camellia_test_ctr_key[u], 16 );
-
-        offset = 0;
-        mbedtls_camellia_setkey_enc( &ctx, key, 128 );
-
-        if( v == MBEDTLS_CAMELLIA_DECRYPT )
-        {
-            len = camellia_test_ctr_len[u];
-            memcpy( buf, camellia_test_ctr_ct[u], len );
-
-            mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
-                                buf, buf );
-
-            if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
-            {
-                if( verbose != 0 )
-                    mbedtls_printf( "failed\n" );
-                goto exit;
-            }
-        }
-        else
-        {
-            len = camellia_test_ctr_len[u];
-            memcpy( buf, camellia_test_ctr_pt[u], len );
-
-            mbedtls_camellia_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
-                                buf, buf );
-
-            if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
-            {
-                if( verbose != 0 )
-                    mbedtls_printf( "failed\n" );
-                goto exit;
-            }
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-    ret = 0;
-
-exit:
-    mbedtls_camellia_free( &ctx );
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_CAMELLIA_C */
diff --git a/Sources/mbedtls/library/ccm.c b/Sources/mbedtls/library/ccm.c
deleted file mode 100644
index e0d4333..0000000
--- a/Sources/mbedtls/library/ccm.c
+++ /dev/null
@@ -1,539 +0,0 @@
-/*
- *  NIST SP800-38C compliant CCM implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- * Definition of CCM:
- * http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf
- * RFC 3610 "Counter with CBC-MAC (CCM)"
- *
- * Related:
- * RFC 5116 "An Interface and Algorithms for Authenticated Encryption"
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_CCM_C)
-
-#include "mbedtls/ccm.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_CCM_ALT)
-
-#define CCM_VALIDATE_RET( cond ) \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT )
-#define CCM_VALIDATE( cond ) \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#define CCM_ENCRYPT 0
-#define CCM_DECRYPT 1
-
-/*
- * Initialize context
- */
-void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
-{
-    CCM_VALIDATE( ctx != NULL );
-    memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
-}
-
-int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
-                        mbedtls_cipher_id_t cipher,
-                        const unsigned char *key,
-                        unsigned int keybits )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const mbedtls_cipher_info_t *cipher_info;
-
-    CCM_VALIDATE_RET( ctx != NULL );
-    CCM_VALIDATE_RET( key != NULL );
-
-    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
-                                                   MBEDTLS_MODE_ECB );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    if( cipher_info->block_size != 16 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-
-    if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
-                               MBEDTLS_ENCRYPT ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    return( 0 );
-}
-
-/*
- * Free context
- */
-void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
-}
-
-/*
- * Macros for common operations.
- * Results in smaller compiled code than static inline functions.
- */
-
-/*
- * Update the CBC-MAC state in y using a block in b
- * (Always using b as the source helps the compiler optimise a bit better.)
- */
-#define UPDATE_CBC_MAC                                                      \
-    for( i = 0; i < 16; i++ )                                               \
-        y[i] ^= b[i];                                                       \
-                                                                            \
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, y, 16, y, &olen ) ) != 0 ) \
-        return( ret );
-
-/*
- * Encrypt or decrypt a partial block with CTR
- * Warning: using b for temporary storage! src and dst must not be b!
- * This avoids allocating one more 16 bytes buffer while allowing src == dst.
- */
-#define CTR_CRYPT( dst, src, len  )                                            \
-    do                                                                  \
-    {                                                                   \
-        if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctr,       \
-                                           16, b, &olen ) ) != 0 )      \
-        {                                                               \
-            return( ret );                                              \
-        }                                                               \
-                                                                        \
-        for( i = 0; i < (len); i++ )                                    \
-            (dst)[i] = (src)[i] ^ b[i];                                 \
-    } while( 0 )
-
-/*
- * Authenticated encryption or decryption
- */
-static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
-                           const unsigned char *iv, size_t iv_len,
-                           const unsigned char *add, size_t add_len,
-                           const unsigned char *input, unsigned char *output,
-                           unsigned char *tag, size_t tag_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char i;
-    unsigned char q;
-    size_t len_left, olen;
-    unsigned char b[16];
-    unsigned char y[16];
-    unsigned char ctr[16];
-    const unsigned char *src;
-    unsigned char *dst;
-
-    /*
-     * Check length requirements: SP800-38C A.1
-     * Additional requirement: a < 2^16 - 2^8 to simplify the code.
-     * 'length' checked later (when writing it to the first block)
-     *
-     * Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4).
-     */
-    if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    /* Also implies q is within bounds */
-    if( iv_len < 7 || iv_len > 13 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    if( add_len >= 0xFF00 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    q = 16 - 1 - (unsigned char) iv_len;
-
-    /*
-     * First block B_0:
-     * 0        .. 0        flags
-     * 1        .. iv_len   nonce (aka iv)
-     * iv_len+1 .. 15       length
-     *
-     * With flags as (bits):
-     * 7        0
-     * 6        add present?
-     * 5 .. 3   (t - 2) / 2
-     * 2 .. 0   q - 1
-     */
-    b[0] = 0;
-    b[0] |= ( add_len > 0 ) << 6;
-    b[0] |= ( ( tag_len - 2 ) / 2 ) << 3;
-    b[0] |= q - 1;
-
-    memcpy( b + 1, iv, iv_len );
-
-    for( i = 0, len_left = length; i < q; i++, len_left >>= 8 )
-        b[15-i] = MBEDTLS_BYTE_0( len_left );
-
-    if( len_left > 0 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-
-    /* Start CBC-MAC with first block */
-    memset( y, 0, 16 );
-    UPDATE_CBC_MAC;
-
-    /*
-     * If there is additional data, update CBC-MAC with
-     * add_len, add, 0 (padding to a block boundary)
-     */
-    if( add_len > 0 )
-    {
-        size_t use_len;
-        len_left = add_len;
-        src = add;
-
-        memset( b, 0, 16 );
-        MBEDTLS_PUT_UINT16_BE( add_len, b, 0 );
-
-        use_len = len_left < 16 - 2 ? len_left : 16 - 2;
-        memcpy( b + 2, src, use_len );
-        len_left -= use_len;
-        src += use_len;
-
-        UPDATE_CBC_MAC;
-
-        while( len_left > 0 )
-        {
-            use_len = len_left > 16 ? 16 : len_left;
-
-            memset( b, 0, 16 );
-            memcpy( b, src, use_len );
-            UPDATE_CBC_MAC;
-
-            len_left -= use_len;
-            src += use_len;
-        }
-    }
-
-    /*
-     * Prepare counter block for encryption:
-     * 0        .. 0        flags
-     * 1        .. iv_len   nonce (aka iv)
-     * iv_len+1 .. 15       counter (initially 1)
-     *
-     * With flags as (bits):
-     * 7 .. 3   0
-     * 2 .. 0   q - 1
-     */
-    ctr[0] = q - 1;
-    memcpy( ctr + 1, iv, iv_len );
-    memset( ctr + 1 + iv_len, 0, q );
-    ctr[15] = 1;
-
-    /*
-     * Authenticate and {en,de}crypt the message.
-     *
-     * The only difference between encryption and decryption is
-     * the respective order of authentication and {en,de}cryption.
-     */
-    len_left = length;
-    src = input;
-    dst = output;
-
-    while( len_left > 0 )
-    {
-        size_t use_len = len_left > 16 ? 16 : len_left;
-
-        if( mode == CCM_ENCRYPT )
-        {
-            memset( b, 0, 16 );
-            memcpy( b, src, use_len );
-            UPDATE_CBC_MAC;
-        }
-
-        CTR_CRYPT( dst, src, use_len );
-
-        if( mode == CCM_DECRYPT )
-        {
-            memset( b, 0, 16 );
-            memcpy( b, dst, use_len );
-            UPDATE_CBC_MAC;
-        }
-
-        dst += use_len;
-        src += use_len;
-        len_left -= use_len;
-
-        /*
-         * Increment counter.
-         * No need to check for overflow thanks to the length check above.
-         */
-        for( i = 0; i < q; i++ )
-            if( ++ctr[15-i] != 0 )
-                break;
-    }
-
-    /*
-     * Authentication: reset counter and crypt/mask internal tag
-     */
-    for( i = 0; i < q; i++ )
-        ctr[15-i] = 0;
-
-    CTR_CRYPT( y, y, 16 );
-    memcpy( tag, y, tag_len );
-
-    return( 0 );
-}
-
-/*
- * Authenticated encryption
- */
-int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *add, size_t add_len,
-                         const unsigned char *input, unsigned char *output,
-                         unsigned char *tag, size_t tag_len )
-{
-    CCM_VALIDATE_RET( ctx != NULL );
-    CCM_VALIDATE_RET( iv != NULL );
-    CCM_VALIDATE_RET( add_len == 0 || add != NULL );
-    CCM_VALIDATE_RET( length == 0 || input != NULL );
-    CCM_VALIDATE_RET( length == 0 || output != NULL );
-    CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
-    return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
-                            add, add_len, input, output, tag, tag_len ) );
-}
-
-int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *add, size_t add_len,
-                         const unsigned char *input, unsigned char *output,
-                         unsigned char *tag, size_t tag_len )
-{
-    CCM_VALIDATE_RET( ctx != NULL );
-    CCM_VALIDATE_RET( iv != NULL );
-    CCM_VALIDATE_RET( add_len == 0 || add != NULL );
-    CCM_VALIDATE_RET( length == 0 || input != NULL );
-    CCM_VALIDATE_RET( length == 0 || output != NULL );
-    CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
-    if( tag_len == 0 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    return( mbedtls_ccm_star_encrypt_and_tag( ctx, length, iv, iv_len, add,
-                add_len, input, output, tag, tag_len ) );
-}
-
-/*
- * Authenticated decryption
- */
-int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
-                      const unsigned char *iv, size_t iv_len,
-                      const unsigned char *add, size_t add_len,
-                      const unsigned char *input, unsigned char *output,
-                      const unsigned char *tag, size_t tag_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char check_tag[16];
-    unsigned char i;
-    int diff;
-
-    CCM_VALIDATE_RET( ctx != NULL );
-    CCM_VALIDATE_RET( iv != NULL );
-    CCM_VALIDATE_RET( add_len == 0 || add != NULL );
-    CCM_VALIDATE_RET( length == 0 || input != NULL );
-    CCM_VALIDATE_RET( length == 0 || output != NULL );
-    CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
-
-    if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
-                                iv, iv_len, add, add_len,
-                                input, output, check_tag, tag_len ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /* Check tag in "constant-time" */
-    for( diff = 0, i = 0; i < tag_len; i++ )
-        diff |= tag[i] ^ check_tag[i];
-
-    if( diff != 0 )
-    {
-        mbedtls_platform_zeroize( output, length );
-        return( MBEDTLS_ERR_CCM_AUTH_FAILED );
-    }
-
-    return( 0 );
-}
-
-int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
-                      const unsigned char *iv, size_t iv_len,
-                      const unsigned char *add, size_t add_len,
-                      const unsigned char *input, unsigned char *output,
-                      const unsigned char *tag, size_t tag_len )
-{
-    CCM_VALIDATE_RET( ctx != NULL );
-    CCM_VALIDATE_RET( iv != NULL );
-    CCM_VALIDATE_RET( add_len == 0 || add != NULL );
-    CCM_VALIDATE_RET( length == 0 || input != NULL );
-    CCM_VALIDATE_RET( length == 0 || output != NULL );
-    CCM_VALIDATE_RET( tag_len == 0 || tag != NULL );
-
-    if( tag_len == 0 )
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
-
-    return( mbedtls_ccm_star_auth_decrypt( ctx, length, iv, iv_len, add,
-                add_len, input, output, tag, tag_len ) );
-}
-#endif /* !MBEDTLS_CCM_ALT */
-
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
-/*
- * Examples 1 to 3 from SP800-38C Appendix C
- */
-
-#define NB_TESTS 3
-#define CCM_SELFTEST_PT_MAX_LEN 24
-#define CCM_SELFTEST_CT_MAX_LEN 32
-/*
- * The data is the same for all tests, only the used length changes
- */
-static const unsigned char key_test_data[] = {
-    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
-    0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
-};
-
-static const unsigned char iv_test_data[] = {
-    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-    0x18, 0x19, 0x1a, 0x1b
-};
-
-static const unsigned char ad_test_data[] = {
-    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-    0x10, 0x11, 0x12, 0x13
-};
-
-static const unsigned char msg_test_data[CCM_SELFTEST_PT_MAX_LEN] = {
-    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
-    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
-    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-};
-
-static const size_t iv_len_test_data [NB_TESTS] = { 7, 8,  12 };
-static const size_t add_len_test_data[NB_TESTS] = { 8, 16, 20 };
-static const size_t msg_len_test_data[NB_TESTS] = { 4, 16, 24 };
-static const size_t tag_len_test_data[NB_TESTS] = { 4, 6,  8  };
-
-static const unsigned char res_test_data[NB_TESTS][CCM_SELFTEST_CT_MAX_LEN] = {
-    {   0x71, 0x62, 0x01, 0x5b, 0x4d, 0xac, 0x25, 0x5d },
-    {   0xd2, 0xa1, 0xf0, 0xe0, 0x51, 0xea, 0x5f, 0x62,
-        0x08, 0x1a, 0x77, 0x92, 0x07, 0x3d, 0x59, 0x3d,
-        0x1f, 0xc6, 0x4f, 0xbf, 0xac, 0xcd },
-    {   0xe3, 0xb2, 0x01, 0xa9, 0xf5, 0xb7, 0x1a, 0x7a,
-        0x9b, 0x1c, 0xea, 0xec, 0xcd, 0x97, 0xe7, 0x0b,
-        0x61, 0x76, 0xaa, 0xd9, 0xa4, 0x42, 0x8a, 0xa5,
-        0x48, 0x43, 0x92, 0xfb, 0xc1, 0xb0, 0x99, 0x51 }
-};
-
-int mbedtls_ccm_self_test( int verbose )
-{
-    mbedtls_ccm_context ctx;
-    /*
-     * Some hardware accelerators require the input and output buffers
-     * would be in RAM, because the flash is not accessible.
-     * Use buffers on the stack to hold the test vectors data.
-     */
-    unsigned char plaintext[CCM_SELFTEST_PT_MAX_LEN];
-    unsigned char ciphertext[CCM_SELFTEST_CT_MAX_LEN];
-    size_t i;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    mbedtls_ccm_init( &ctx );
-
-    if( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
-                            8 * sizeof key_test_data ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  CCM: setup failed" );
-
-        return( 1 );
-    }
-
-    for( i = 0; i < NB_TESTS; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  CCM-AES #%u: ", (unsigned int) i + 1 );
-
-        memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
-        memset( ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN );
-        memcpy( plaintext, msg_test_data, msg_len_test_data[i] );
-
-        ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len_test_data[i],
-                                           iv_test_data, iv_len_test_data[i],
-                                           ad_test_data, add_len_test_data[i],
-                                           plaintext, ciphertext,
-                                           ciphertext + msg_len_test_data[i],
-                                           tag_len_test_data[i] );
-
-        if( ret != 0 ||
-            memcmp( ciphertext, res_test_data[i],
-                    msg_len_test_data[i] + tag_len_test_data[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            return( 1 );
-        }
-        memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN );
-
-        ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len_test_data[i],
-                                        iv_test_data, iv_len_test_data[i],
-                                        ad_test_data, add_len_test_data[i],
-                                        ciphertext, plaintext,
-                                        ciphertext + msg_len_test_data[i],
-                                        tag_len_test_data[i] );
-
-        if( ret != 0 ||
-            memcmp( plaintext, msg_test_data, msg_len_test_data[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            return( 1 );
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    mbedtls_ccm_free( &ctx );
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-
-#endif /* MBEDTLS_CCM_C */
diff --git a/Sources/mbedtls/library/certs.c b/Sources/mbedtls/library/certs.c
deleted file mode 100644
index a5695e3..0000000
--- a/Sources/mbedtls/library/certs.c
+++ /dev/null
@@ -1,1746 +0,0 @@
-/*
- *  X.509 test certificates
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#include "mbedtls/certs.h"
-
-#if defined(MBEDTLS_CERTS_C)
-
-/*
- * Test CA Certificates
- *
- * We define test CA certificates for each choice of the following parameters:
- * - PEM or DER encoding
- * - SHA-1 or SHA-256 hash
- * - RSA or EC key
- *
- * Things to add:
- * - multiple EC curve types
- *
- */
-
-/* This is taken from tests/data_files/test-ca2.crt */
-/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */
-#define TEST_CA_CRT_EC_PEM                                                 \
-    "-----BEGIN CERTIFICATE-----\r\n"                                      \
-    "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \
-    "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \
-    "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \
-    "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \
-    "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \
-    "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \
-    "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \
-    "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \
-    "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \
-    "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \
-    "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n"         \
-    "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */
-/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */
-#define TEST_CA_CRT_EC_DER {                                                 \
-  0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01,    \
-  0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8,    \
-  0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,    \
-  0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,    \
-  0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55,    \
-  0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c,    \
-  0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50,    \
-  0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74,    \
-  0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39,    \
-  0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17,    \
-  0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30,    \
-  0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,    \
-  0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55,    \
-  0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c,    \
-  0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50,    \
-  0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74,    \
-  0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07,    \
-  0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04,    \
-  0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37,    \
-  0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e,    \
-  0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4,    \
-  0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc,    \
-  0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf,    \
-  0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca,    \
-  0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75,    \
-  0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20,    \
-  0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c,    \
-  0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff,    \
-  0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d,    \
-  0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc,    \
-  0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55,    \
-  0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24,    \
-  0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9,    \
-  0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,    \
-  0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02,    \
-  0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a,    \
-  0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99,    \
-  0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7,    \
-  0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3,    \
-  0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99,    \
-  0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59,    \
-  0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08,    \
-  0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65,    \
-  0xf5, 0xae, 0x1c, 0x42                                                     \
-}
-/* END FILE */
-
-/* This is taken from tests/data_files/test-ca2.key.enc */
-/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM tests/data_files/test-ca2.key.enc */
-#define TEST_CA_KEY_EC_PEM                                                 \
-    "-----BEGIN EC PRIVATE KEY-----\r\n"                                   \
-    "Proc-Type: 4,ENCRYPTED\r\n"                                           \
-    "DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n"                          \
-    "\r\n"                                                                 \
-    "IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n" \
-    "ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n" \
-    "UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n" \
-    "a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n"                                 \
-    "-----END EC PRIVATE KEY-----\r\n"
-/* END FILE */
-
-#define TEST_CA_PWD_EC_PEM "PolarSSLTest"
-
-/* This is generated from tests/data_files/test-ca2.key.der using `xxd -i`. */
-/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER tests/data_files/test-ca2.key.der */
-#define TEST_CA_KEY_EC_DER {                                                 \
-    0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e,  \
-    0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6,  \
-    0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f,  \
-    0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85,  \
-    0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05,  \
-    0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3,  \
-    0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89,  \
-    0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33,  \
-    0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f,  \
-    0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87,  \
-    0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3,  \
-    0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad,  \
-    0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55,  \
-    0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e         \
-}
-/* END FILE */
-
-/* This is taken from tests/data_files/test-ca-sha256.crt. */
-/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM tests/data_files/test-ca-sha256.crt */
-#define TEST_CA_CRT_RSA_SHA256_PEM                                         \
-    "-----BEGIN CERTIFICATE-----\r\n"                                      \
-    "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \
-    "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
-    "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \
-    "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \
-    "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \
-    "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \
-    "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \
-    "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \
-    "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \
-    "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \
-    "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \
-    "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA\r\n" \
-    "A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl\r\n" \
-    "oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW\r\n" \
-    "5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb\r\n" \
-    "+EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL\r\n" \
-    "yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4\r\n" \
-    "/anT1dVxr/BtwJfiESoK3/4CeXR1\r\n"                                     \
-    "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is generated from tests/data_files/test-ca-sha256.crt.der
- * using `xxd -i`. */
-/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER tests/data_files/test-ca-sha256.crt.der */
-#define TEST_CA_CRT_RSA_SHA256_DER {                                         \
-  0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01,    \
-  0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,    \
-  0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30,    \
-  0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11,    \
-  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c,    \
-  0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55,    \
-  0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c,    \
-  0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d,    \
-  0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30,    \
-  0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34,    \
-  0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,    \
-  0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06,    \
-  0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53,    \
-  0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,    \
-  0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65,    \
-  0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06,    \
-  0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00,    \
-  0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01,    \
-  0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f,    \
-  0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1,    \
-  0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec,    \
-  0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b,    \
-  0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9,    \
-  0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2,    \
-  0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40,    \
-  0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8,    \
-  0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1,    \
-  0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27,    \
-  0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84,    \
-  0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5,    \
-  0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e,    \
-  0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb,    \
-  0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab,    \
-  0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62,    \
-  0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37,    \
-  0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e,    \
-  0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64,    \
-  0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b,    \
-  0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32,    \
-  0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,    \
-  0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05,    \
-  0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,    \
-  0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52,    \
-  0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff,    \
-  0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,    \
-  0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5,    \
-  0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06,    \
-  0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,    \
-  0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa,    \
-  0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5,    \
-  0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1,    \
-  0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5,    \
-  0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f,    \
-  0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb,    \
-  0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19,    \
-  0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56,    \
-  0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b,    \
-  0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81,    \
-  0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb,    \
-  0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b,    \
-  0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7,    \
-  0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17,    \
-  0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11,    \
-  0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb,    \
-  0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08,    \
-  0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c,    \
-  0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38,    \
-  0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38,    \
-  0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2,    \
-  0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75                       \
-}
-/* END FILE */
-
-/* This is taken from tests/data_files/test-ca-sha1.crt. */
-/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM tests/data_files/test-ca-sha1.crt */
-#define TEST_CA_CRT_RSA_SHA1_PEM                                           \
-    "-----BEGIN CERTIFICATE-----\r\n"                                      \
-    "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
-    "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
-    "MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \
-    "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \
-    "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \
-    "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \
-    "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \
-    "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \
-    "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \
-    "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \
-    "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \
-    "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA\r\n" \
-    "A4IBAQABE3OEPfEd/bcJW5ZdU3/VgPNS4tMzh8gnJP/V2FcvFtGylMpQq6YnEBYI\r\n" \
-    "yBHAL4DRvlMY5rnXGBp3ODR8MpqHC6AquRTCLzjS57iYff//4QFQqW9n92zctspv\r\n" \
-    "czkaPKgjqo1No3Uq0Xaz10rcxyTUPrf5wNVRZ2V0KvllvAAVSzbI4mpdUXztjhST\r\n" \
-    "S5A2BeWQAAOr0zq1F7TSRVJpJs7jmB2ai/igkh1IAjcuwV6VwlP+sbw0gjQ0NpGM\r\n" \
-    "iHpnlzRAi/tIbtOvMIGOBU2TIfax/5jq1agUx5aPmT5TWAiJPOOP6l5xXnDwxeYS\r\n" \
-    "NWqiX9GyusBZjezaCaHabjDLU0qQ\r\n"                                     \
-    "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is taken from tests/data_files/test-ca-sha1.crt.der. */
-/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER tests/data_files/test-ca-sha1.crt.der */
-#define TEST_CA_CRT_RSA_SHA1_DER {                                           \
-    0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01,  \
-    0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,  \
-    0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30,  \
-    0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11,  \
-    0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c,  \
-    0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55,  \
-    0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c,  \
-    0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d,  \
-    0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30,  \
-    0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34,  \
-    0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,  \
-    0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06,  \
-    0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53,  \
-    0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,  \
-    0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65,  \
-    0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06,  \
-    0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00,  \
-    0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01,  \
-    0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f,  \
-    0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1,  \
-    0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec,  \
-    0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b,  \
-    0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9,  \
-    0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2,  \
-    0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40,  \
-    0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8,  \
-    0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1,  \
-    0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27,  \
-    0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84,  \
-    0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5,  \
-    0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e,  \
-    0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb,  \
-    0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab,  \
-    0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62,  \
-    0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37,  \
-    0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e,  \
-    0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64,  \
-    0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b,  \
-    0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32,  \
-    0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,  \
-    0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05,  \
-    0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,  \
-    0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52,  \
-    0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff,  \
-    0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,  \
-    0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5,  \
-    0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06,  \
-    0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,  \
-    0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x13, 0x73, 0x84, 0x3d, 0xf1, 0x1d,  \
-    0xfd, 0xb7, 0x09, 0x5b, 0x96, 0x5d, 0x53, 0x7f, 0xd5, 0x80, 0xf3, 0x52,  \
-    0xe2, 0xd3, 0x33, 0x87, 0xc8, 0x27, 0x24, 0xff, 0xd5, 0xd8, 0x57, 0x2f,  \
-    0x16, 0xd1, 0xb2, 0x94, 0xca, 0x50, 0xab, 0xa6, 0x27, 0x10, 0x16, 0x08,  \
-    0xc8, 0x11, 0xc0, 0x2f, 0x80, 0xd1, 0xbe, 0x53, 0x18, 0xe6, 0xb9, 0xd7,  \
-    0x18, 0x1a, 0x77, 0x38, 0x34, 0x7c, 0x32, 0x9a, 0x87, 0x0b, 0xa0, 0x2a,  \
-    0xb9, 0x14, 0xc2, 0x2f, 0x38, 0xd2, 0xe7, 0xb8, 0x98, 0x7d, 0xff, 0xff,  \
-    0xe1, 0x01, 0x50, 0xa9, 0x6f, 0x67, 0xf7, 0x6c, 0xdc, 0xb6, 0xca, 0x6f,  \
-    0x73, 0x39, 0x1a, 0x3c, 0xa8, 0x23, 0xaa, 0x8d, 0x4d, 0xa3, 0x75, 0x2a,  \
-    0xd1, 0x76, 0xb3, 0xd7, 0x4a, 0xdc, 0xc7, 0x24, 0xd4, 0x3e, 0xb7, 0xf9,  \
-    0xc0, 0xd5, 0x51, 0x67, 0x65, 0x74, 0x2a, 0xf9, 0x65, 0xbc, 0x00, 0x15,  \
-    0x4b, 0x36, 0xc8, 0xe2, 0x6a, 0x5d, 0x51, 0x7c, 0xed, 0x8e, 0x14, 0x93,  \
-    0x4b, 0x90, 0x36, 0x05, 0xe5, 0x90, 0x00, 0x03, 0xab, 0xd3, 0x3a, 0xb5,  \
-    0x17, 0xb4, 0xd2, 0x45, 0x52, 0x69, 0x26, 0xce, 0xe3, 0x98, 0x1d, 0x9a,  \
-    0x8b, 0xf8, 0xa0, 0x92, 0x1d, 0x48, 0x02, 0x37, 0x2e, 0xc1, 0x5e, 0x95,  \
-    0xc2, 0x53, 0xfe, 0xb1, 0xbc, 0x34, 0x82, 0x34, 0x34, 0x36, 0x91, 0x8c,  \
-    0x88, 0x7a, 0x67, 0x97, 0x34, 0x40, 0x8b, 0xfb, 0x48, 0x6e, 0xd3, 0xaf,  \
-    0x30, 0x81, 0x8e, 0x05, 0x4d, 0x93, 0x21, 0xf6, 0xb1, 0xff, 0x98, 0xea,  \
-    0xd5, 0xa8, 0x14, 0xc7, 0x96, 0x8f, 0x99, 0x3e, 0x53, 0x58, 0x08, 0x89,  \
-    0x3c, 0xe3, 0x8f, 0xea, 0x5e, 0x71, 0x5e, 0x70, 0xf0, 0xc5, 0xe6, 0x12,  \
-    0x35, 0x6a, 0xa2, 0x5f, 0xd1, 0xb2, 0xba, 0xc0, 0x59, 0x8d, 0xec, 0xda,  \
-    0x09, 0xa1, 0xda, 0x6e, 0x30, 0xcb, 0x53, 0x4a, 0x90                     \
-}
-/* END FILE */
-
-/* This is taken from tests/data_files/test-ca.key */
-/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM tests/data_files/test-ca.key */
-#define TEST_CA_KEY_RSA_PEM                                                \
-    "-----BEGIN RSA PRIVATE KEY-----\r\n"                                  \
-    "Proc-Type: 4,ENCRYPTED\r\n"                                           \
-    "DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n"                          \
-    "\r\n"                                                                 \
-    "9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA\r\n" \
-    "7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq\r\n" \
-    "Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo\r\n" \
-    "PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb\r\n" \
-    "GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9\r\n" \
-    "gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq\r\n" \
-    "QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w\r\n" \
-    "PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x\r\n" \
-    "vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU\r\n" \
-    "WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X\r\n" \
-    "JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR\r\n" \
-    "KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe\r\n" \
-    "Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J\r\n" \
-    "9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2\r\n" \
-    "iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/\r\n" \
-    "tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT\r\n" \
-    "P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL\r\n" \
-    "1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb\r\n" \
-    "nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5\r\n" \
-    "X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq\r\n" \
-    "rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz\r\n" \
-    "L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l\r\n" \
-    "I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR\r\n" \
-    "wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n" \
-    "P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n" \
-    "-----END RSA PRIVATE KEY-----\r\n"
-/* END FILE */
-
-#define TEST_CA_PWD_RSA_PEM "PolarSSLTest"
-
-/* This was generated from test-ca.key.der using `xxd -i`. */
-/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER tests/data_files/test-ca.key.der */
-#define TEST_CA_KEY_RSA_DER {                                                \
-    0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,  \
-    0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde,  \
-    0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4,  \
-    0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5,  \
-    0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d,  \
-    0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8,  \
-    0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40,  \
-    0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e,  \
-    0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00,  \
-    0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83,  \
-    0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3,  \
-    0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe,  \
-    0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5,  \
-    0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2,  \
-    0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1,  \
-    0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79,  \
-    0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27,  \
-    0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30,  \
-    0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1,  \
-    0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea,  \
-    0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab,  \
-    0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99,  \
-    0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,  \
-    0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84,  \
-    0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35,  \
-    0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7,  \
-    0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38,  \
-    0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c,  \
-    0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5,  \
-    0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab,  \
-    0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08,  \
-    0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10,  \
-    0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0,  \
-    0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e,  \
-    0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1,  \
-    0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88,  \
-    0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec,  \
-    0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02,  \
-    0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e,  \
-    0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76,  \
-    0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0,  \
-    0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f,  \
-    0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64,  \
-    0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50,  \
-    0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e,  \
-    0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3,  \
-    0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44,  \
-    0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd,  \
-    0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65,  \
-    0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d,  \
-    0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7,  \
-    0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd,  \
-    0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3,  \
-    0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16,  \
-    0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a,  \
-    0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b,  \
-    0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31,  \
-    0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3,  \
-    0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c,  \
-    0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79,  \
-    0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b,  \
-    0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13,  \
-    0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77,  \
-    0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79,  \
-    0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71,  \
-    0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7,  \
-    0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a,  \
-    0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75,  \
-    0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17,  \
-    0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf,  \
-    0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05,  \
-    0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14,  \
-    0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70,  \
-    0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7,  \
-    0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54,  \
-    0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a,  \
-    0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0,  \
-    0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90,  \
-    0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83,  \
-    0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22,  \
-    0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c,  \
-    0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23,  \
-    0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09,  \
-    0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab,  \
-    0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8,  \
-    0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b,  \
-    0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b,  \
-    0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c,  \
-    0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2,  \
-    0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68,  \
-    0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec,  \
-    0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32,  \
-    0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36,  \
-    0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30,  \
-    0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53,  \
-    0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32,  \
-    0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22,  \
-    0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0,  \
-    0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69,  \
-    0xa8, 0xc2, 0x8f, 0x0d                                                   \
-}
-/* END FILE */
-
-/*
- * Test server Certificates
- *
- * Test server certificates are defined for each choice
- * of the following parameters:
- * - PEM or DER encoding
- * - SHA-1 or SHA-256 hash
- * - RSA or EC key
- *
- * Things to add:
- * - multiple EC curve types
- */
-
-/* This is taken from tests/data_files/server5.crt. */
-/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */
-#define TEST_SRV_CRT_EC_PEM                                                \
-    "-----BEGIN CERTIFICATE-----\r\n"                                      \
-    "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \
-    "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \
-    "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
-    "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \
-    "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \
-    "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \
-    "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \
-    "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \
-    "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \
-    "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \
-    "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \
-    "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n"                                     \
-    "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */
-/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */
-#define TEST_SRV_CRT_EC_DER {                                                \
-    0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01,  \
-    0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,  \
-    0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,  \
-    0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06,  \
-    0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53,  \
-    0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,  \
-    0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65,  \
-    0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d,  \
-    0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34,  \
-    0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35,  \
-    0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,  \
-    0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06,  \
-    0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53,  \
-    0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,  \
-    0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59,  \
-    0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06,  \
-    0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00,  \
-    0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7,  \
-    0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0,  \
-    0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00,  \
-    0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd,  \
-    0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa,  \
-    0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30,  \
-    0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d,  \
-    0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5,  \
-    0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c,  \
-    0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23,  \
-    0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01,  \
-    0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb,  \
-    0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09,  \
-    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30,  \
-    0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61,  \
-    0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04,  \
-    0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20,  \
-    0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09,  \
-    0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06,  \
-    0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00,  \
-    0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2,  \
-    0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31,  \
-    0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92,  \
-    0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29,  \
-    0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6,  \
-    0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1,  \
-    0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15,  \
-    0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00,  \
-    0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5                                 \
-}
-/* END FILE */
-
-/* This is taken from tests/data_files/server5.key. */
-/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM tests/data_files/server5.key */
-#define TEST_SRV_KEY_EC_PEM                                                \
-    "-----BEGIN EC PRIVATE KEY-----\r\n"                                   \
-    "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n" \
-    "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n" \
-    "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n"                             \
-    "-----END EC PRIVATE KEY-----\r\n"
-/* END FILE */
-
-/* This is generated from tests/data_files/server5.key.der using `xxd -i`. */
-/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER tests/data_files/server5.key.der */
-#define TEST_SRV_KEY_EC_DER {                                                \
-    0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76,  \
-    0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a,  \
-    0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f,  \
-    0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,  \
-    0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56,  \
-    0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20,  \
-    0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7,  \
-    0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff,  \
-    0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b,  \
-    0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed,  \
-    0xff                                                                     \
-}
-/* END FILE */
-
-/* This is taken from tests/data_files/server2-sha256.crt. */
-/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM tests/data_files/server2-sha256.crt */
-#define TEST_SRV_CRT_RSA_SHA256_PEM                                        \
-    "-----BEGIN CERTIFICATE-----\r\n"                                      \
-    "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \
-    "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
-    "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
-    "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \
-    "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \
-    "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \
-    "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \
-    "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \
-    "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \
-    "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \
-    "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \
-    "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \
-    "Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \
-    "HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \
-    "1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \
-    "a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \
-    "e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \
-    "pMZqLmbBm/7WPLc=\r\n"                                                 \
-    "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is taken from tests/data_files/server2-sha256.crt.der. */
-/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER tests/data_files/server2-sha256.crt.der */
-#define TEST_SRV_CRT_RSA_SHA256_DER {                                        \
-  0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01,    \
-  0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,    \
-  0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30,    \
-  0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11,    \
-  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c,    \
-  0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55,    \
-  0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c,    \
-  0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d,    \
-  0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36,    \
-  0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34,    \
-  0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,    \
-  0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06,    \
-  0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53,    \
-  0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,    \
-  0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82,    \
-  0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,    \
-  0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,    \
-  0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7,    \
-  0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78,    \
-  0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd,    \
-  0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90,    \
-  0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24,    \
-  0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda,    \
-  0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3,    \
-  0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4,    \
-  0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d,    \
-  0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49,    \
-  0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c,    \
-  0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b,    \
-  0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08,    \
-  0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa,    \
-  0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f,    \
-  0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7,    \
-  0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5,    \
-  0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde,    \
-  0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a,    \
-  0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96,    \
-  0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0,    \
-  0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02,    \
-  0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03,    \
-  0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55,    \
-  0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc,    \
-  0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b,    \
-  0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,    \
-  0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6,    \
-  0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30,    \
-  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,    \
-  0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61,    \
-  0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3,    \
-  0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca,    \
-  0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba,    \
-  0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94,    \
-  0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b,    \
-  0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9,    \
-  0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45,    \
-  0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd,    \
-  0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f,    \
-  0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc,    \
-  0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb,    \
-  0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f,    \
-  0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e,    \
-  0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b,    \
-  0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce,    \
-  0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4,    \
-  0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05,    \
-  0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a,    \
-  0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92,    \
-  0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8,    \
-  0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7           \
-}
-/* END FILE */
-
-/* This is taken from tests/data_files/server2.crt. */
-/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM tests/data_files/server2.crt */
-#define TEST_SRV_CRT_RSA_SHA1_PEM                                       \
-"-----BEGIN CERTIFICATE-----\r\n"                                       \
-"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"  \
-"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"  \
-"MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"  \
-"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n"  \
-"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n"  \
-"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n"  \
-"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n"  \
-"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n"  \
-"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n"  \
-"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n"  \
-"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n"  \
-"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n"  \
-"cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n"  \
-"O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n"  \
-"KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n"  \
-"iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n"  \
-"HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n"  \
-"Awgk0+4m0T25cNs=\r\n"                                                  \
-"-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is taken from tests/data_files/server2.crt.der. */
-/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER tests/data_files/server2.crt.der */
-#define TEST_SRV_CRT_RSA_SHA1_DER {                                          \
-    0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01,  \
-    0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,  \
-    0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30,  \
-    0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11,  \
-    0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c,  \
-    0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55,  \
-    0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c,  \
-    0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d,  \
-    0x31, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36,  \
-    0x5a, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x32, 0x31, 0x34, 0x34,  \
-    0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,  \
-    0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06,  \
-    0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53,  \
-    0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,  \
-    0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82,  \
-    0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,  \
-    0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,  \
-    0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7,  \
-    0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78,  \
-    0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd,  \
-    0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90,  \
-    0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24,  \
-    0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda,  \
-    0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3,  \
-    0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4,  \
-    0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d,  \
-    0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49,  \
-    0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c,  \
-    0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b,  \
-    0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08,  \
-    0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa,  \
-    0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f,  \
-    0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7,  \
-    0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5,  \
-    0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde,  \
-    0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a,  \
-    0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96,  \
-    0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0,  \
-    0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02,  \
-    0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03,  \
-    0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55,  \
-    0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc,  \
-    0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b,  \
-    0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,  \
-    0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6,  \
-    0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30,  \
-    0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,  \
-    0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x73, 0x0b, 0x4a, 0xc5,  \
-    0xcb, 0xa0, 0xde, 0xf1, 0x63, 0x1c, 0x76, 0x04, 0x2b, 0x13, 0x0d, 0xc0,  \
-    0x84, 0x11, 0xc5, 0x8f, 0x3a, 0xa7, 0xc5, 0x9c, 0x35, 0x7a, 0x77, 0xb8,  \
-    0x20, 0x14, 0x82, 0xee, 0x54, 0xf0, 0xf2, 0xb0, 0x52, 0xcb, 0x78, 0xce,  \
-    0x59, 0x07, 0x4f, 0x51, 0x69, 0xfe, 0xd3, 0x2f, 0xe9, 0x09, 0xe7, 0x85,  \
-    0x92, 0xd8, 0xba, 0xb1, 0xeb, 0xc5, 0x76, 0x5d, 0x61, 0x2d, 0xe9, 0x86,  \
-    0xb5, 0xde, 0x2a, 0xf9, 0x3f, 0x53, 0x28, 0x42, 0x86, 0x83, 0x73, 0x43,  \
-    0xe0, 0x04, 0x5f, 0x07, 0x90, 0x14, 0x65, 0x9f, 0x6e, 0x10, 0x7a, 0xbc,  \
-    0x58, 0x19, 0x22, 0xc2, 0xeb, 0x39, 0x72, 0x51, 0x92, 0xd7, 0xb4, 0x1d,  \
-    0x75, 0x2f, 0xd3, 0x3a, 0x2b, 0x01, 0xe7, 0xdb, 0x50, 0xae, 0xe2, 0xf1,  \
-    0xd4, 0x4d, 0x5b, 0x3c, 0xbb, 0x41, 0x2b, 0x2a, 0xa4, 0xe2, 0x4a, 0x02,  \
-    0xe5, 0x60, 0x14, 0x2c, 0x9c, 0x1f, 0xa6, 0xcc, 0x06, 0x4b, 0x25, 0x89,  \
-    0x4e, 0x96, 0x30, 0x22, 0x9c, 0x5c, 0x58, 0x4d, 0xc3, 0xda, 0xd0, 0x6e,  \
-    0x50, 0x1e, 0x8c, 0x65, 0xf5, 0xd9, 0x17, 0x35, 0xa6, 0x58, 0x43, 0xb2,  \
-    0x29, 0xb7, 0xa8, 0x5e, 0x35, 0xde, 0xf0, 0x60, 0x42, 0x1a, 0x01, 0xcb,  \
-    0xcb, 0x0b, 0xd8, 0x0e, 0xc1, 0x90, 0xdf, 0xa1, 0xd2, 0x1a, 0xd1, 0x2c,  \
-    0x02, 0xf4, 0x76, 0x41, 0xa4, 0xcb, 0x4b, 0x15, 0x98, 0x71, 0xf9, 0x35,  \
-    0x7d, 0xb0, 0xe7, 0xe2, 0x34, 0x96, 0x91, 0xbe, 0x32, 0x67, 0x2d, 0x6b,  \
-    0xd3, 0x55, 0x04, 0x8a, 0x01, 0x50, 0xb4, 0xe3, 0x62, 0x78, 0x6c, 0x11,  \
-    0x15, 0xa5, 0x2a, 0x11, 0xc1, 0x49, 0x1c, 0x9b, 0xc4, 0x10, 0x65, 0x60,  \
-    0x87, 0xd9, 0x1e, 0x69, 0x59, 0x4e, 0x8f, 0x6b, 0xeb, 0xc1, 0xfe, 0x6b,  \
-    0xe2, 0x63, 0x78, 0x95, 0x6e, 0xe0, 0x2d, 0xd7, 0xa7, 0x37, 0xa8         \
-}
-/* END FILE */
-
-/* This is taken from tests/data_files/server2.key. */
-/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM tests/data_files/server2.key */
-#define TEST_SRV_KEY_RSA_PEM                                               \
-    "-----BEGIN RSA PRIVATE KEY-----\r\n"                                  \
-    "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" \
-    "lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n" \
-    "2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n" \
-    "Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n" \
-    "GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n" \
-    "y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n" \
-    "++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n" \
-    "Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n" \
-    "/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n" \
-    "WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n" \
-    "GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n" \
-    "TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n" \
-    "CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n" \
-    "nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n" \
-    "AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n" \
-    "sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n" \
-    "mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n" \
-    "BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n" \
-    "whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n" \
-    "vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n" \
-    "3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n" \
-    "3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n" \
-    "ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n" \
-    "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n" \
-    "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n"         \
-    "-----END RSA PRIVATE KEY-----\r\n"
-/* END FILE */
-
-/* This was generated from tests/data_files/server2.key.der using `xxd -i`. */
-/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER tests/data_files/server2.key.der */
-#define TEST_SRV_KEY_RSA_DER {                                               \
-    0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,  \
-    0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72,  \
-    0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13,  \
-    0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b,  \
-    0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a,  \
-    0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c,  \
-    0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc,  \
-    0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76,  \
-    0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa,  \
-    0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0,  \
-    0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8,  \
-    0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10,  \
-    0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61,  \
-    0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2,  \
-    0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a,  \
-    0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2,  \
-    0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3,  \
-    0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8,  \
-    0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d,  \
-    0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b,  \
-    0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69,  \
-    0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea,  \
-    0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,  \
-    0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59,  \
-    0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c,  \
-    0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7,  \
-    0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42,  \
-    0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86,  \
-    0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d,  \
-    0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf,  \
-    0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84,  \
-    0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19,  \
-    0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a,  \
-    0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8,  \
-    0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c,  \
-    0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26,  \
-    0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c,  \
-    0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5,  \
-    0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b,  \
-    0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde,  \
-    0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83,  \
-    0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4,  \
-    0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66,  \
-    0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a,  \
-    0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a,  \
-    0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba,  \
-    0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8,  \
-    0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc,  \
-    0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8,  \
-    0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca,  \
-    0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f,  \
-    0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a,  \
-    0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83,  \
-    0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8,  \
-    0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4,  \
-    0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae,  \
-    0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b,  \
-    0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7,  \
-    0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7,  \
-    0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20,  \
-    0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44,  \
-    0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86,  \
-    0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02,  \
-    0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac,  \
-    0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43,  \
-    0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42,  \
-    0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79,  \
-    0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c,  \
-    0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57,  \
-    0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c,  \
-    0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e,  \
-    0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f,  \
-    0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61,  \
-    0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb,  \
-    0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b,  \
-    0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb,  \
-    0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4,  \
-    0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47,  \
-    0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a,  \
-    0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c,  \
-    0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02,  \
-    0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26,  \
-    0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02,  \
-    0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f,  \
-    0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd,  \
-    0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73,  \
-    0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88,  \
-    0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03,  \
-    0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71,  \
-    0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00,  \
-    0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2,  \
-    0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47,  \
-    0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67,  \
-    0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2,  \
-    0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde,  \
-    0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4,  \
-    0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7,  \
-    0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c,  \
-    0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f,  \
-    0x06, 0x21, 0x2e, 0x56                                                   \
-}
-/* END FILE */
-
-/*
- * Test client Certificates
- *
- * Test client certificates are defined for each choice
- * of the following parameters:
- * - PEM or DER encoding
- * - RSA or EC key
- *
- * Things to add:
- * - hash type
- * - multiple EC curve types
- */
-
-/* This is taken from tests/data_files/cli2.crt. */
-/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli2.crt */
-#define TEST_CLI_CRT_EC_PEM                                                \
-    "-----BEGIN CERTIFICATE-----\r\n"                                      \
-    "MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw\r\n" \
-    "DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJTU0wgVGVzdCBFQyBDQTAe\r\n" \
-    "Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMEExCzAJBgNVBAYTAk5MMREw\r\n" \
-    "DwYDVQQKDAhQb2xhclNTTDEfMB0GA1UEAwwWUG9sYXJTU0wgVGVzdCBDbGllbnQg\r\n" \
-    "MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFflrrFz39Osu5O4gf8Sru7mU6zO\r\n" \
-    "VVP2NA7MLuNjJQvfmOLzXGA2lsDVGBRw5X+f1UtFGOWwbNVc+JaPh3Cj5MejTTBL\r\n" \
-    "MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMB8GA1Ud\r\n" \
-    "IwQYMBaAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAwGCCqGSM49BAMCBQADaAAwZQIx\r\n" \
-    "AMqme4DKMldUlplDET9Q6Eptre7uUWKhsLOF+zPkKDlfzpIkJYEFgcloDHGYw80u\r\n" \
-    "IgIwNftyPXsabTqMM7iEHgVpX/GRozKklY9yQI/5eoA6gGW7Y+imuGR/oao5ySOb\r\n" \
-    "a9Vk\r\n"       \
-    "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is generated from tests/data_files/cli2.crt.der using `xxd -i`. */
-/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER tests/data_files/cli2.crt.der */
-#define TEST_CLI_CRT_EC_DER {                                                \
-    0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01,  \
-    0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,  \
-    0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09,  \
-    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30,  \
-    0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61,  \
-    0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04,  \
-    0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20,  \
-    0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e,  \
-    0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34,  \
-    0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31,  \
-    0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09,  \
-    0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30,  \
-    0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61,  \
-    0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04,  \
-    0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20,  \
-    0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20,  \
-    0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d,  \
-    0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,  \
-    0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac,  \
-    0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce,  \
-    0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf,  \
-    0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70,  \
-    0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c,  \
-    0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b,  \
-    0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30,  \
-    0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00,  \
-    0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6,  \
-    0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,  \
-    0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49,  \
-    0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb,  \
-    0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,  \
-    0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31,  \
-    0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43,  \
-    0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1,  \
-    0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24,  \
-    0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e,  \
-    0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c,  \
-    0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4,  \
-    0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb,  \
-    0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b,  \
-    0x6b, 0xd5, 0x64                           \
-}
-/* END FILE */
-
-/* This is taken from tests/data_files/cli2.key. */
-/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM tests/data_files/cli2.key */
-#define TEST_CLI_KEY_EC_PEM                                                \
-    "-----BEGIN EC PRIVATE KEY-----\r\n"                                   \
-    "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n" \
-    "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n" \
-    "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n"                             \
-    "-----END EC PRIVATE KEY-----\r\n"
-/* END FILE */
-
-/* This is generated from tests/data_files/cli2.key.der using `xxd -i`. */
-/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER tests/data_files/cli2.key.der */
-#define TEST_CLI_KEY_EC_DER {                                                \
-    0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1,  \
-    0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0,  \
-    0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61,  \
-    0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,  \
-    0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae,  \
-    0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae,  \
-    0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e,  \
-    0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96,  \
-    0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18,  \
-    0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4,  \
-    0xc7                                                                     \
-}
-/* END FILE */
-
-/* This is taken from tests/data_files/cli-rsa-sha256.crt. */
-/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM tests/data_files/cli-rsa-sha256.crt */
-#define TEST_CLI_CRT_RSA_PEM                                               \
-    "-----BEGIN CERTIFICATE-----\r\n"                                      \
-    "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \
-    "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
-    "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" \
-    "A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n" \
-    "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n" \
-    "M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n" \
-    "1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n" \
-    "MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n" \
-    "4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n" \
-    "/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n" \
-    "o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n" \
-    "BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC\r\n" \
-    "AQEAXidv1d4pLlBiKWED95rMycBdgDcgyNqJxakFkRfRyA2y1mlyTn7uBXRkNLY5\r\n" \
-    "ZFzK82GCjk2Q2OD4RZSCPAJJqLpHHU34t71ciffvy2KK81YvrxczRhMAE64i+qna\r\n" \
-    "yP3Td2XuWJR05PVPoSemsNELs9gWttdnYy3ce+EY2Y0n7Rsi7982EeLIAA7H6ca4\r\n" \
-    "2Es/NUH//JZJT32OP0doMxeDRA+vplkKqTLLWf7dX26LIriBkBaRCgR5Yv9LBPFc\r\n" \
-    "NOtpzu/LbrY7QFXKJMI+JXDudCsOn8KCmiA4d6Emisqfh3V3485l7HEQNcvLTxlD\r\n" \
-    "6zDQyi0/ykYUYZkwQTK1N2Nvlw==\r\n"                                     \
-    "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This was generated from tests/data_files/cli-rsa-sha256.crt.der
-   using `xxd -i.` */
-/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER tests/data_files/cli-rsa-sha256.crt.der */
-#define TEST_CLI_CRT_RSA_DER {                                               \
-  0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01,   \
-  0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,   \
-  0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30,   \
-  0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11,   \
-  0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c,   \
-  0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55,   \
-  0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c,   \
-  0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d,   \
-  0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36,   \
-  0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34,   \
-  0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03,   \
-  0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06,   \
-  0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53,   \
-  0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,   \
-  0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c,   \
-  0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,   \
-  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,   \
-  0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,   \
-  0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9,   \
-  0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f,   \
-  0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9,   \
-  0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63,   \
-  0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10,   \
-  0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e,   \
-  0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95,   \
-  0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed,   \
-  0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4,   \
-  0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30,   \
-  0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2,   \
-  0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d,   \
-  0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2,   \
-  0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f,   \
-  0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34,   \
-  0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a,   \
-  0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe,   \
-  0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f,   \
-  0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d,   \
-  0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4,   \
-  0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8,   \
-  0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01,   \
-  0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04,   \
-  0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,   \
-  0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e,   \
-  0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f,   \
-  0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4,   \
-  0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95,   \
-  0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a,   \
-  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,   \
-  0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62,   \
-  0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20,   \
-  0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2,   \
-  0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39,   \
-  0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8,   \
-  0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8,   \
-  0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f,   \
-  0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda,   \
-  0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f,   \
-  0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67,   \
-  0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22,   \
-  0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8,   \
-  0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e,   \
-  0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a,   \
-  0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81,   \
-  0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c,   \
-  0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca,   \
-  0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82,   \
-  0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77,   \
-  0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43,   \
-  0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30,   \
-  0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97                                  \
-}
-/* END FILE */
-
-/* This is taken from tests/data_files/cli-rsa.key. */
-/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM tests/data_files/cli-rsa.key */
-#define TEST_CLI_KEY_RSA_PEM                                               \
-    "-----BEGIN RSA PRIVATE KEY-----\r\n"                                  \
-    "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" \
-    "B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n" \
-    "bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n" \
-    "Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n" \
-    "7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n" \
-    "dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n" \
-    "yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n" \
-    "4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n" \
-    "ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n" \
-    "zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n" \
-    "l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n" \
-    "DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n" \
-    "VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n" \
-    "Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n" \
-    "wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n" \
-    "c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n" \
-    "33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n" \
-    "ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n" \
-    "BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n" \
-    "KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n" \
-    "UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n" \
-    "7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n" \
-    "gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n" \
-    "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" \
-    "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n"         \
-    "-----END RSA PRIVATE KEY-----\r\n"/* END FILE */
-
-/* This was generated from tests/data_files/cli-rsa.key.der using `xxd -i`. */
-/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER tests/data_files/cli-rsa.key.der */
-#define TEST_CLI_KEY_RSA_DER {                                               \
-    0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,  \
-    0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14,  \
-    0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d,  \
-    0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85,  \
-    0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e,  \
-    0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49,  \
-    0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77,  \
-    0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5,  \
-    0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea,  \
-    0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9,  \
-    0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5,  \
-    0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d,  \
-    0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c,  \
-    0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad,  \
-    0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8,  \
-    0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7,  \
-    0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4,  \
-    0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35,  \
-    0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b,  \
-    0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf,  \
-    0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71,  \
-    0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd,  \
-    0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,  \
-    0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d,  \
-    0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c,  \
-    0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86,  \
-    0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97,  \
-    0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3,  \
-    0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d,  \
-    0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15,  \
-    0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6,  \
-    0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad,  \
-    0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1,  \
-    0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4,  \
-    0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e,  \
-    0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80,  \
-    0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40,  \
-    0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42,  \
-    0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2,  \
-    0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d,  \
-    0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54,  \
-    0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61,  \
-    0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea,  \
-    0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f,  \
-    0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf,  \
-    0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6,  \
-    0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67,  \
-    0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13,  \
-    0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda,  \
-    0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a,  \
-    0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42,  \
-    0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b,  \
-    0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36,  \
-    0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b,  \
-    0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f,  \
-    0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb,  \
-    0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee,  \
-    0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2,  \
-    0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48,  \
-    0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac,  \
-    0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92,  \
-    0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5,  \
-    0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e,  \
-    0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22,  \
-    0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2,  \
-    0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba,  \
-    0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7,  \
-    0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4,  \
-    0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61,  \
-    0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8,  \
-    0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4,  \
-    0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74,  \
-    0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f,  \
-    0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f,  \
-    0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc,  \
-    0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6,  \
-    0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91,  \
-    0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0,  \
-    0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23,  \
-    0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe,  \
-    0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb,  \
-    0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2,  \
-    0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34,  \
-    0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc,  \
-    0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39,  \
-    0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b,  \
-    0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69,  \
-    0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a,  \
-    0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6,  \
-    0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d,  \
-    0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c,  \
-    0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e,  \
-    0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6,  \
-    0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11,  \
-    0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02,  \
-    0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf,  \
-    0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65,  \
-    0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e,  \
-    0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64,  \
-    0x8b, 0x87, 0xc3, 0x00                                                   \
-}
-/* END FILE */
-
-/*
- *
- * Test certificates and keys as C variables
- *
- */
-
-/*
- * CA
- */
-
-const char mbedtls_test_ca_crt_ec_pem[]           = TEST_CA_CRT_EC_PEM;
-const char mbedtls_test_ca_key_ec_pem[]           = TEST_CA_KEY_EC_PEM;
-const char mbedtls_test_ca_pwd_ec_pem[]           = TEST_CA_PWD_EC_PEM;
-const char mbedtls_test_ca_key_rsa_pem[]          = TEST_CA_KEY_RSA_PEM;
-const char mbedtls_test_ca_pwd_rsa_pem[]          = TEST_CA_PWD_RSA_PEM;
-const char mbedtls_test_ca_crt_rsa_sha1_pem[]     = TEST_CA_CRT_RSA_SHA1_PEM;
-const char mbedtls_test_ca_crt_rsa_sha256_pem[]   = TEST_CA_CRT_RSA_SHA256_PEM;
-
-const unsigned char mbedtls_test_ca_crt_ec_der[]   = TEST_CA_CRT_EC_DER;
-const unsigned char mbedtls_test_ca_key_ec_der[]   = TEST_CA_KEY_EC_DER;
-const unsigned char mbedtls_test_ca_key_rsa_der[]  = TEST_CA_KEY_RSA_DER;
-const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[]   =
-    TEST_CA_CRT_RSA_SHA1_DER;
-const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[] =
-    TEST_CA_CRT_RSA_SHA256_DER;
-
-const size_t mbedtls_test_ca_crt_ec_pem_len =
-    sizeof( mbedtls_test_ca_crt_ec_pem );
-const size_t mbedtls_test_ca_key_ec_pem_len =
-    sizeof( mbedtls_test_ca_key_ec_pem );
-const size_t mbedtls_test_ca_pwd_ec_pem_len =
-    sizeof( mbedtls_test_ca_pwd_ec_pem ) - 1;
-const size_t mbedtls_test_ca_key_rsa_pem_len =
-    sizeof( mbedtls_test_ca_key_rsa_pem );
-const size_t mbedtls_test_ca_pwd_rsa_pem_len =
-    sizeof( mbedtls_test_ca_pwd_rsa_pem ) - 1;
-const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len =
-    sizeof( mbedtls_test_ca_crt_rsa_sha1_pem );
-const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len =
-    sizeof( mbedtls_test_ca_crt_rsa_sha256_pem );
-
-const size_t mbedtls_test_ca_crt_ec_der_len =
-    sizeof( mbedtls_test_ca_crt_ec_der );
-const size_t mbedtls_test_ca_key_ec_der_len =
-    sizeof( mbedtls_test_ca_key_ec_der );
-const size_t mbedtls_test_ca_pwd_ec_der_len = 0;
-const size_t mbedtls_test_ca_key_rsa_der_len =
-    sizeof( mbedtls_test_ca_key_rsa_der );
-const size_t mbedtls_test_ca_pwd_rsa_der_len = 0;
-const size_t mbedtls_test_ca_crt_rsa_sha1_der_len =
-    sizeof( mbedtls_test_ca_crt_rsa_sha1_der );
-const size_t mbedtls_test_ca_crt_rsa_sha256_der_len =
-    sizeof( mbedtls_test_ca_crt_rsa_sha256_der );
-
-/*
- * Server
- */
-
-const char mbedtls_test_srv_crt_ec_pem[]           = TEST_SRV_CRT_EC_PEM;
-const char mbedtls_test_srv_key_ec_pem[]           = TEST_SRV_KEY_EC_PEM;
-const char mbedtls_test_srv_pwd_ec_pem[]           = "";
-const char mbedtls_test_srv_key_rsa_pem[]          = TEST_SRV_KEY_RSA_PEM;
-const char mbedtls_test_srv_pwd_rsa_pem[]          = "";
-const char mbedtls_test_srv_crt_rsa_sha1_pem[]     = TEST_SRV_CRT_RSA_SHA1_PEM;
-const char mbedtls_test_srv_crt_rsa_sha256_pem[]   = TEST_SRV_CRT_RSA_SHA256_PEM;
-
-const unsigned char mbedtls_test_srv_crt_ec_der[]   = TEST_SRV_CRT_EC_DER;
-const unsigned char mbedtls_test_srv_key_ec_der[]   = TEST_SRV_KEY_EC_DER;
-const unsigned char mbedtls_test_srv_key_rsa_der[]  = TEST_SRV_KEY_RSA_DER;
-const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[]   =
-    TEST_SRV_CRT_RSA_SHA1_DER;
-const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[] =
-    TEST_SRV_CRT_RSA_SHA256_DER;
-
-const size_t mbedtls_test_srv_crt_ec_pem_len =
-    sizeof( mbedtls_test_srv_crt_ec_pem );
-const size_t mbedtls_test_srv_key_ec_pem_len =
-    sizeof( mbedtls_test_srv_key_ec_pem );
-const size_t mbedtls_test_srv_pwd_ec_pem_len =
-    sizeof( mbedtls_test_srv_pwd_ec_pem ) - 1;
-const size_t mbedtls_test_srv_key_rsa_pem_len =
-    sizeof( mbedtls_test_srv_key_rsa_pem );
-const size_t mbedtls_test_srv_pwd_rsa_pem_len =
-    sizeof( mbedtls_test_srv_pwd_rsa_pem ) - 1;
-const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len =
-    sizeof( mbedtls_test_srv_crt_rsa_sha1_pem );
-const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len =
-    sizeof( mbedtls_test_srv_crt_rsa_sha256_pem );
-
-const size_t mbedtls_test_srv_crt_ec_der_len =
-    sizeof( mbedtls_test_srv_crt_ec_der );
-const size_t mbedtls_test_srv_key_ec_der_len =
-    sizeof( mbedtls_test_srv_key_ec_der );
-const size_t mbedtls_test_srv_pwd_ec_der_len = 0;
-const size_t mbedtls_test_srv_key_rsa_der_len =
-    sizeof( mbedtls_test_srv_key_rsa_der );
-const size_t mbedtls_test_srv_pwd_rsa_der_len = 0;
-const size_t mbedtls_test_srv_crt_rsa_sha1_der_len =
-    sizeof( mbedtls_test_srv_crt_rsa_sha1_der );
-const size_t mbedtls_test_srv_crt_rsa_sha256_der_len =
-    sizeof( mbedtls_test_srv_crt_rsa_sha256_der );
-
-/*
- * Client
- */
-
-const char mbedtls_test_cli_crt_ec_pem[]   = TEST_CLI_CRT_EC_PEM;
-const char mbedtls_test_cli_key_ec_pem[]   = TEST_CLI_KEY_EC_PEM;
-const char mbedtls_test_cli_pwd_ec_pem[]   = "";
-const char mbedtls_test_cli_key_rsa_pem[]  = TEST_CLI_KEY_RSA_PEM;
-const char mbedtls_test_cli_pwd_rsa_pem[]  = "";
-const char mbedtls_test_cli_crt_rsa_pem[]  = TEST_CLI_CRT_RSA_PEM;
-
-const unsigned char mbedtls_test_cli_crt_ec_der[]   = TEST_CLI_CRT_EC_DER;
-const unsigned char mbedtls_test_cli_key_ec_der[]   = TEST_CLI_KEY_EC_DER;
-const unsigned char mbedtls_test_cli_key_rsa_der[]  = TEST_CLI_KEY_RSA_DER;
-const unsigned char mbedtls_test_cli_crt_rsa_der[]  = TEST_CLI_CRT_RSA_DER;
-
-const size_t mbedtls_test_cli_crt_ec_pem_len =
-    sizeof( mbedtls_test_cli_crt_ec_pem );
-const size_t mbedtls_test_cli_key_ec_pem_len =
-    sizeof( mbedtls_test_cli_key_ec_pem );
-const size_t mbedtls_test_cli_pwd_ec_pem_len =
-    sizeof( mbedtls_test_cli_pwd_ec_pem ) - 1;
-const size_t mbedtls_test_cli_key_rsa_pem_len =
-    sizeof( mbedtls_test_cli_key_rsa_pem );
-const size_t mbedtls_test_cli_pwd_rsa_pem_len =
-    sizeof( mbedtls_test_cli_pwd_rsa_pem ) - 1;
-const size_t mbedtls_test_cli_crt_rsa_pem_len =
-    sizeof( mbedtls_test_cli_crt_rsa_pem );
-
-const size_t mbedtls_test_cli_crt_ec_der_len =
-    sizeof( mbedtls_test_cli_crt_ec_der );
-const size_t mbedtls_test_cli_key_ec_der_len =
-    sizeof( mbedtls_test_cli_key_ec_der );
-const size_t mbedtls_test_cli_key_rsa_der_len =
-    sizeof( mbedtls_test_cli_key_rsa_der );
-const size_t mbedtls_test_cli_crt_rsa_der_len =
-    sizeof( mbedtls_test_cli_crt_rsa_der );
-
-/*
- *
- * Definitions of test CRTs without specification of all parameters, choosing
- * them automatically according to the config. For example, mbedtls_test_ca_crt
- * is one of mbedtls_test_ca_crt_{rsa|ec}_{sha1|sha256}_{pem|der}.
- *
- */
-
-/*
- * Dispatch between PEM and DER according to config
- */
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-
-/* PEM encoded test CA certificates and keys */
-
-#define TEST_CA_KEY_RSA        TEST_CA_KEY_RSA_PEM
-#define TEST_CA_PWD_RSA        TEST_CA_PWD_RSA_PEM
-#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_PEM
-#define TEST_CA_CRT_RSA_SHA1   TEST_CA_CRT_RSA_SHA1_PEM
-#define TEST_CA_KEY_EC         TEST_CA_KEY_EC_PEM
-#define TEST_CA_PWD_EC         TEST_CA_PWD_EC_PEM
-#define TEST_CA_CRT_EC         TEST_CA_CRT_EC_PEM
-
-/* PEM encoded test server certificates and keys */
-
-#define TEST_SRV_KEY_RSA        TEST_SRV_KEY_RSA_PEM
-#define TEST_SRV_PWD_RSA        ""
-#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_PEM
-#define TEST_SRV_CRT_RSA_SHA1   TEST_SRV_CRT_RSA_SHA1_PEM
-#define TEST_SRV_KEY_EC         TEST_SRV_KEY_EC_PEM
-#define TEST_SRV_PWD_EC         ""
-#define TEST_SRV_CRT_EC         TEST_SRV_CRT_EC_PEM
-
-/* PEM encoded test client certificates and keys */
-
-#define TEST_CLI_KEY_RSA  TEST_CLI_KEY_RSA_PEM
-#define TEST_CLI_PWD_RSA  ""
-#define TEST_CLI_CRT_RSA  TEST_CLI_CRT_RSA_PEM
-#define TEST_CLI_KEY_EC   TEST_CLI_KEY_EC_PEM
-#define TEST_CLI_PWD_EC   ""
-#define TEST_CLI_CRT_EC   TEST_CLI_CRT_EC_PEM
-
-#else /* MBEDTLS_PEM_PARSE_C */
-
-/* DER encoded test CA certificates and keys */
-
-#define TEST_CA_KEY_RSA        TEST_CA_KEY_RSA_DER
-#define TEST_CA_PWD_RSA        ""
-#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_DER
-#define TEST_CA_CRT_RSA_SHA1   TEST_CA_CRT_RSA_SHA1_DER
-#define TEST_CA_KEY_EC         TEST_CA_KEY_EC_DER
-#define TEST_CA_PWD_EC         ""
-#define TEST_CA_CRT_EC         TEST_CA_CRT_EC_DER
-
-/* DER encoded test server certificates and keys */
-
-#define TEST_SRV_KEY_RSA        TEST_SRV_KEY_RSA_DER
-#define TEST_SRV_PWD_RSA        ""
-#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_DER
-#define TEST_SRV_CRT_RSA_SHA1   TEST_SRV_CRT_RSA_SHA1_DER
-#define TEST_SRV_KEY_EC         TEST_SRV_KEY_EC_DER
-#define TEST_SRV_PWD_EC         ""
-#define TEST_SRV_CRT_EC         TEST_SRV_CRT_EC_DER
-
-/* DER encoded test client certificates and keys */
-
-#define TEST_CLI_KEY_RSA  TEST_CLI_KEY_RSA_DER
-#define TEST_CLI_PWD_RSA  ""
-#define TEST_CLI_CRT_RSA  TEST_CLI_CRT_RSA_DER
-#define TEST_CLI_KEY_EC   TEST_CLI_KEY_EC_DER
-#define TEST_CLI_PWD_EC   ""
-#define TEST_CLI_CRT_EC   TEST_CLI_CRT_EC_DER
-
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-const char mbedtls_test_ca_key_rsa[]         = TEST_CA_KEY_RSA;
-const char mbedtls_test_ca_pwd_rsa[]         = TEST_CA_PWD_RSA;
-const char mbedtls_test_ca_crt_rsa_sha256[]  = TEST_CA_CRT_RSA_SHA256;
-const char mbedtls_test_ca_crt_rsa_sha1[]    = TEST_CA_CRT_RSA_SHA1;
-const char mbedtls_test_ca_key_ec[]          = TEST_CA_KEY_EC;
-const char mbedtls_test_ca_pwd_ec[]          = TEST_CA_PWD_EC;
-const char mbedtls_test_ca_crt_ec[]          = TEST_CA_CRT_EC;
-
-const char mbedtls_test_srv_key_rsa[]        = TEST_SRV_KEY_RSA;
-const char mbedtls_test_srv_pwd_rsa[]        = TEST_SRV_PWD_RSA;
-const char mbedtls_test_srv_crt_rsa_sha256[] = TEST_SRV_CRT_RSA_SHA256;
-const char mbedtls_test_srv_crt_rsa_sha1[]   = TEST_SRV_CRT_RSA_SHA1;
-const char mbedtls_test_srv_key_ec[]         = TEST_SRV_KEY_EC;
-const char mbedtls_test_srv_pwd_ec[]         = TEST_SRV_PWD_EC;
-const char mbedtls_test_srv_crt_ec[]         = TEST_SRV_CRT_EC;
-
-const char mbedtls_test_cli_key_rsa[]        = TEST_CLI_KEY_RSA;
-const char mbedtls_test_cli_pwd_rsa[]        = TEST_CLI_PWD_RSA;
-const char mbedtls_test_cli_crt_rsa[]        = TEST_CLI_CRT_RSA;
-const char mbedtls_test_cli_key_ec[]         = TEST_CLI_KEY_EC;
-const char mbedtls_test_cli_pwd_ec[]         = TEST_CLI_PWD_EC;
-const char mbedtls_test_cli_crt_ec[]         = TEST_CLI_CRT_EC;
-
-const size_t mbedtls_test_ca_key_rsa_len =
-    sizeof( mbedtls_test_ca_key_rsa );
-const size_t mbedtls_test_ca_pwd_rsa_len =
-    sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
-const size_t mbedtls_test_ca_crt_rsa_sha256_len =
-    sizeof( mbedtls_test_ca_crt_rsa_sha256 );
-const size_t mbedtls_test_ca_crt_rsa_sha1_len =
-    sizeof( mbedtls_test_ca_crt_rsa_sha1 );
-const size_t mbedtls_test_ca_key_ec_len =
-    sizeof( mbedtls_test_ca_key_ec );
-const size_t mbedtls_test_ca_pwd_ec_len =
-    sizeof( mbedtls_test_ca_pwd_ec ) - 1;
-const size_t mbedtls_test_ca_crt_ec_len =
-    sizeof( mbedtls_test_ca_crt_ec );
-
-const size_t mbedtls_test_srv_key_rsa_len =
-    sizeof( mbedtls_test_srv_key_rsa );
-const size_t mbedtls_test_srv_pwd_rsa_len =
-    sizeof( mbedtls_test_srv_pwd_rsa ) -1;
-const size_t mbedtls_test_srv_crt_rsa_sha256_len =
-    sizeof( mbedtls_test_srv_crt_rsa_sha256 );
-const size_t mbedtls_test_srv_crt_rsa_sha1_len =
-    sizeof( mbedtls_test_srv_crt_rsa_sha1 );
-const size_t mbedtls_test_srv_key_ec_len =
-    sizeof( mbedtls_test_srv_key_ec );
-const size_t mbedtls_test_srv_pwd_ec_len =
-    sizeof( mbedtls_test_srv_pwd_ec ) - 1;
-const size_t mbedtls_test_srv_crt_ec_len =
-    sizeof( mbedtls_test_srv_crt_ec );
-
-const size_t mbedtls_test_cli_key_rsa_len =
-    sizeof( mbedtls_test_cli_key_rsa );
-const size_t mbedtls_test_cli_pwd_rsa_len =
-    sizeof( mbedtls_test_cli_pwd_rsa ) - 1;
-const size_t mbedtls_test_cli_crt_rsa_len =
-    sizeof( mbedtls_test_cli_crt_rsa );
-const size_t mbedtls_test_cli_key_ec_len =
-    sizeof( mbedtls_test_cli_key_ec );
-const size_t mbedtls_test_cli_pwd_ec_len =
-    sizeof( mbedtls_test_cli_pwd_ec ) - 1;
-const size_t mbedtls_test_cli_crt_ec_len =
-    sizeof( mbedtls_test_cli_crt_ec );
-
-/*
- * Dispatch between SHA-1 and SHA-256
- */
-
-#if defined(MBEDTLS_SHA256_C)
-#define TEST_CA_CRT_RSA  TEST_CA_CRT_RSA_SHA256
-#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA256
-#else
-#define TEST_CA_CRT_RSA  TEST_CA_CRT_RSA_SHA1
-#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA1
-#endif /* MBEDTLS_SHA256_C */
-
-const char mbedtls_test_ca_crt_rsa[]  = TEST_CA_CRT_RSA;
-const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA;
-
-const size_t mbedtls_test_ca_crt_rsa_len =
-    sizeof( mbedtls_test_ca_crt_rsa );
-const size_t mbedtls_test_srv_crt_rsa_len =
-    sizeof( mbedtls_test_srv_crt_rsa );
-
-/*
- * Dispatch between RSA and EC
- */
-
-#if defined(MBEDTLS_RSA_C)
-
-#define TEST_CA_KEY TEST_CA_KEY_RSA
-#define TEST_CA_PWD TEST_CA_PWD_RSA
-#define TEST_CA_CRT TEST_CA_CRT_RSA
-
-#define TEST_SRV_KEY TEST_SRV_KEY_RSA
-#define TEST_SRV_PWD TEST_SRV_PWD_RSA
-#define TEST_SRV_CRT TEST_SRV_CRT_RSA
-
-#define TEST_CLI_KEY TEST_CLI_KEY_RSA
-#define TEST_CLI_PWD TEST_CLI_PWD_RSA
-#define TEST_CLI_CRT TEST_CLI_CRT_RSA
-
-#else /* no RSA, so assume ECDSA */
-
-#define TEST_CA_KEY TEST_CA_KEY_EC
-#define TEST_CA_PWD TEST_CA_PWD_EC
-#define TEST_CA_CRT TEST_CA_CRT_EC
-
-#define TEST_SRV_KEY TEST_SRV_KEY_EC
-#define TEST_SRV_PWD TEST_SRV_PWD_EC
-#define TEST_SRV_CRT TEST_SRV_CRT_EC
-
-#define TEST_CLI_KEY TEST_CLI_KEY_EC
-#define TEST_CLI_PWD TEST_CLI_PWD_EC
-#define TEST_CLI_CRT TEST_CLI_CRT_EC
-#endif /* MBEDTLS_RSA_C */
-
-/* API stability forces us to declare
- *   mbedtls_test_{ca|srv|cli}_{key|pwd|crt}
- * as pointers. */
-static const char test_ca_key[] = TEST_CA_KEY;
-static const char test_ca_pwd[] = TEST_CA_PWD;
-static const char test_ca_crt[] = TEST_CA_CRT;
-
-static const char test_srv_key[] = TEST_SRV_KEY;
-static const char test_srv_pwd[] = TEST_SRV_PWD;
-static const char test_srv_crt[] = TEST_SRV_CRT;
-
-static const char test_cli_key[] = TEST_CLI_KEY;
-static const char test_cli_pwd[] = TEST_CLI_PWD;
-static const char test_cli_crt[] = TEST_CLI_CRT;
-
-const char *mbedtls_test_ca_key = test_ca_key;
-const char *mbedtls_test_ca_pwd = test_ca_pwd;
-const char *mbedtls_test_ca_crt = test_ca_crt;
-
-const char *mbedtls_test_srv_key = test_srv_key;
-const char *mbedtls_test_srv_pwd = test_srv_pwd;
-const char *mbedtls_test_srv_crt = test_srv_crt;
-
-const char *mbedtls_test_cli_key = test_cli_key;
-const char *mbedtls_test_cli_pwd = test_cli_pwd;
-const char *mbedtls_test_cli_crt = test_cli_crt;
-
-const size_t mbedtls_test_ca_key_len =
-    sizeof( test_ca_key );
-const size_t mbedtls_test_ca_pwd_len =
-    sizeof( test_ca_pwd ) - 1;
-const size_t mbedtls_test_ca_crt_len =
-    sizeof( test_ca_crt );
-
-const size_t mbedtls_test_srv_key_len =
-    sizeof( test_srv_key );
-const size_t mbedtls_test_srv_pwd_len =
-    sizeof( test_srv_pwd ) - 1;
-const size_t mbedtls_test_srv_crt_len =
-    sizeof( test_srv_crt );
-
-const size_t mbedtls_test_cli_key_len =
-    sizeof( test_cli_key );
-const size_t mbedtls_test_cli_pwd_len =
-    sizeof( test_cli_pwd ) - 1;
-const size_t mbedtls_test_cli_crt_len =
-    sizeof( test_cli_crt );
-
-/*
- *
- * Lists of certificates
- *
- */
-
-/* List of CAs in PEM or DER, depending on config */
-const char * mbedtls_test_cas[] = {
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C)
-    mbedtls_test_ca_crt_rsa_sha1,
-#endif
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
-    mbedtls_test_ca_crt_rsa_sha256,
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-    mbedtls_test_ca_crt_ec,
-#endif
-    NULL
-};
-const size_t mbedtls_test_cas_len[] = {
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C)
-    sizeof( mbedtls_test_ca_crt_rsa_sha1 ),
-#endif
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
-    sizeof( mbedtls_test_ca_crt_rsa_sha256 ),
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-    sizeof( mbedtls_test_ca_crt_ec ),
-#endif
-    0
-};
-
-/* List of all available CA certificates in DER format */
-const unsigned char * mbedtls_test_cas_der[] = {
-#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_SHA256_C)
-    mbedtls_test_ca_crt_rsa_sha256_der,
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA1_C)
-    mbedtls_test_ca_crt_rsa_sha1_der,
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECDSA_C)
-    mbedtls_test_ca_crt_ec_der,
-#endif /* MBEDTLS_ECDSA_C */
-    NULL
-};
-
-const size_t mbedtls_test_cas_der_len[] = {
-#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_SHA256_C)
-    sizeof( mbedtls_test_ca_crt_rsa_sha256_der ),
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA1_C)
-    sizeof( mbedtls_test_ca_crt_rsa_sha1_der ),
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECDSA_C)
-    sizeof( mbedtls_test_ca_crt_ec_der ),
-#endif /* MBEDTLS_ECDSA_C */
-    0
-};
-
-/* Concatenation of all available CA certificates in PEM format */
-#if defined(MBEDTLS_PEM_PARSE_C)
-const char mbedtls_test_cas_pem[] =
-#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_SHA256_C)
-    TEST_CA_CRT_RSA_SHA256_PEM
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA1_C)
-    TEST_CA_CRT_RSA_SHA1_PEM
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECDSA_C)
-    TEST_CA_CRT_EC_PEM
-#endif /* MBEDTLS_ECDSA_C */
-    "";
-const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem );
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-#endif /* MBEDTLS_CERTS_C */
diff --git a/Sources/mbedtls/library/chacha20.c b/Sources/mbedtls/library/chacha20.c
deleted file mode 100644
index bd07014..0000000
--- a/Sources/mbedtls/library/chacha20.c
+++ /dev/null
@@ -1,546 +0,0 @@
-/**
- * \file chacha20.c
- *
- * \brief ChaCha20 cipher.
- *
- * \author Daniel King <damaki.gh@gmail.com>
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_CHACHA20_C)
-
-#include "mbedtls/chacha20.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <stddef.h>
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_CHACHA20_ALT)
-
-/* Parameter validation macros */
-#define CHACHA20_VALIDATE_RET( cond )                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
-#define CHACHA20_VALIDATE( cond )                                           \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#define ROTL32( value, amount ) \
-    ( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) )
-
-#define CHACHA20_CTR_INDEX ( 12U )
-
-#define CHACHA20_BLOCK_SIZE_BYTES ( 4U * 16U )
-
-/**
- * \brief           ChaCha20 quarter round operation.
- *
- *                  The quarter round is defined as follows (from RFC 7539):
- *                      1.  a += b; d ^= a; d <<<= 16;
- *                      2.  c += d; b ^= c; b <<<= 12;
- *                      3.  a += b; d ^= a; d <<<= 8;
- *                      4.  c += d; b ^= c; b <<<= 7;
- *
- * \param state     ChaCha20 state to modify.
- * \param a         The index of 'a' in the state.
- * \param b         The index of 'b' in the state.
- * \param c         The index of 'c' in the state.
- * \param d         The index of 'd' in the state.
- */
-static inline void chacha20_quarter_round( uint32_t state[16],
-                                           size_t a,
-                                           size_t b,
-                                           size_t c,
-                                           size_t d )
-{
-    /* a += b; d ^= a; d <<<= 16; */
-    state[a] += state[b];
-    state[d] ^= state[a];
-    state[d] = ROTL32( state[d], 16 );
-
-    /* c += d; b ^= c; b <<<= 12 */
-    state[c] += state[d];
-    state[b] ^= state[c];
-    state[b] = ROTL32( state[b], 12 );
-
-    /* a += b; d ^= a; d <<<= 8; */
-    state[a] += state[b];
-    state[d] ^= state[a];
-    state[d] = ROTL32( state[d], 8 );
-
-    /* c += d; b ^= c; b <<<= 7; */
-    state[c] += state[d];
-    state[b] ^= state[c];
-    state[b] = ROTL32( state[b], 7 );
-}
-
-/**
- * \brief           Perform the ChaCha20 inner block operation.
- *
- *                  This function performs two rounds: the column round and the
- *                  diagonal round.
- *
- * \param state     The ChaCha20 state to update.
- */
-static void chacha20_inner_block( uint32_t state[16] )
-{
-    chacha20_quarter_round( state, 0, 4, 8,  12 );
-    chacha20_quarter_round( state, 1, 5, 9,  13 );
-    chacha20_quarter_round( state, 2, 6, 10, 14 );
-    chacha20_quarter_round( state, 3, 7, 11, 15 );
-
-    chacha20_quarter_round( state, 0, 5, 10, 15 );
-    chacha20_quarter_round( state, 1, 6, 11, 12 );
-    chacha20_quarter_round( state, 2, 7, 8,  13 );
-    chacha20_quarter_round( state, 3, 4, 9,  14 );
-}
-
-/**
- * \brief               Generates a keystream block.
- *
- * \param initial_state The initial ChaCha20 state (key, nonce, counter).
- * \param keystream     Generated keystream bytes are written to this buffer.
- */
-static void chacha20_block( const uint32_t initial_state[16],
-                            unsigned char keystream[64] )
-{
-    uint32_t working_state[16];
-    size_t i;
-
-    memcpy( working_state,
-            initial_state,
-            CHACHA20_BLOCK_SIZE_BYTES );
-
-    for( i = 0U; i < 10U; i++ )
-        chacha20_inner_block( working_state );
-
-    working_state[ 0] += initial_state[ 0];
-    working_state[ 1] += initial_state[ 1];
-    working_state[ 2] += initial_state[ 2];
-    working_state[ 3] += initial_state[ 3];
-    working_state[ 4] += initial_state[ 4];
-    working_state[ 5] += initial_state[ 5];
-    working_state[ 6] += initial_state[ 6];
-    working_state[ 7] += initial_state[ 7];
-    working_state[ 8] += initial_state[ 8];
-    working_state[ 9] += initial_state[ 9];
-    working_state[10] += initial_state[10];
-    working_state[11] += initial_state[11];
-    working_state[12] += initial_state[12];
-    working_state[13] += initial_state[13];
-    working_state[14] += initial_state[14];
-    working_state[15] += initial_state[15];
-
-    for( i = 0U; i < 16; i++ )
-    {
-        size_t offset = i * 4U;
-
-        MBEDTLS_PUT_UINT32_LE(working_state[i], keystream, offset);
-    }
-
-    mbedtls_platform_zeroize( working_state, sizeof( working_state ) );
-}
-
-void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
-{
-    CHACHA20_VALIDATE( ctx != NULL );
-
-    mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
-    mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
-
-    /* Initially, there's no keystream bytes available */
-    ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
-}
-
-void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
-{
-    if( ctx != NULL )
-    {
-        mbedtls_platform_zeroize( ctx, sizeof( mbedtls_chacha20_context ) );
-    }
-}
-
-int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
-                            const unsigned char key[32] )
-{
-    CHACHA20_VALIDATE_RET( ctx != NULL );
-    CHACHA20_VALIDATE_RET( key != NULL );
-
-    /* ChaCha20 constants - the string "expand 32-byte k" */
-    ctx->state[0] = 0x61707865;
-    ctx->state[1] = 0x3320646e;
-    ctx->state[2] = 0x79622d32;
-    ctx->state[3] = 0x6b206574;
-
-    /* Set key */
-    ctx->state[4]  = MBEDTLS_GET_UINT32_LE( key, 0 );
-    ctx->state[5]  = MBEDTLS_GET_UINT32_LE( key, 4 );
-    ctx->state[6]  = MBEDTLS_GET_UINT32_LE( key, 8 );
-    ctx->state[7]  = MBEDTLS_GET_UINT32_LE( key, 12 );
-    ctx->state[8]  = MBEDTLS_GET_UINT32_LE( key, 16 );
-    ctx->state[9]  = MBEDTLS_GET_UINT32_LE( key, 20 );
-    ctx->state[10] = MBEDTLS_GET_UINT32_LE( key, 24 );
-    ctx->state[11] = MBEDTLS_GET_UINT32_LE( key, 28 );
-
-    return( 0 );
-}
-
-int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
-                             const unsigned char nonce[12],
-                             uint32_t counter )
-{
-    CHACHA20_VALIDATE_RET( ctx != NULL );
-    CHACHA20_VALIDATE_RET( nonce != NULL );
-
-    /* Counter */
-    ctx->state[12] = counter;
-
-    /* Nonce */
-    ctx->state[13] = MBEDTLS_GET_UINT32_LE( nonce, 0 );
-    ctx->state[14] = MBEDTLS_GET_UINT32_LE( nonce, 4 );
-    ctx->state[15] = MBEDTLS_GET_UINT32_LE( nonce, 8 );
-
-    mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
-
-    /* Initially, there's no keystream bytes available */
-    ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
-
-    return( 0 );
-}
-
-int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
-                              size_t size,
-                              const unsigned char *input,
-                              unsigned char *output )
-{
-    size_t offset = 0U;
-    size_t i;
-
-    CHACHA20_VALIDATE_RET( ctx != NULL );
-    CHACHA20_VALIDATE_RET( size == 0 || input  != NULL );
-    CHACHA20_VALIDATE_RET( size == 0 || output != NULL );
-
-    /* Use leftover keystream bytes, if available */
-    while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
-    {
-        output[offset] = input[offset]
-                       ^ ctx->keystream8[ctx->keystream_bytes_used];
-
-        ctx->keystream_bytes_used++;
-        offset++;
-        size--;
-    }
-
-    /* Process full blocks */
-    while( size >= CHACHA20_BLOCK_SIZE_BYTES )
-    {
-        /* Generate new keystream block and increment counter */
-        chacha20_block( ctx->state, ctx->keystream8 );
-        ctx->state[CHACHA20_CTR_INDEX]++;
-
-        for( i = 0U; i < 64U; i += 8U )
-        {
-            output[offset + i  ] = input[offset + i  ] ^ ctx->keystream8[i  ];
-            output[offset + i+1] = input[offset + i+1] ^ ctx->keystream8[i+1];
-            output[offset + i+2] = input[offset + i+2] ^ ctx->keystream8[i+2];
-            output[offset + i+3] = input[offset + i+3] ^ ctx->keystream8[i+3];
-            output[offset + i+4] = input[offset + i+4] ^ ctx->keystream8[i+4];
-            output[offset + i+5] = input[offset + i+5] ^ ctx->keystream8[i+5];
-            output[offset + i+6] = input[offset + i+6] ^ ctx->keystream8[i+6];
-            output[offset + i+7] = input[offset + i+7] ^ ctx->keystream8[i+7];
-        }
-
-        offset += CHACHA20_BLOCK_SIZE_BYTES;
-        size   -= CHACHA20_BLOCK_SIZE_BYTES;
-    }
-
-    /* Last (partial) block */
-    if( size > 0U )
-    {
-        /* Generate new keystream block and increment counter */
-        chacha20_block( ctx->state, ctx->keystream8 );
-        ctx->state[CHACHA20_CTR_INDEX]++;
-
-        for( i = 0U; i < size; i++)
-        {
-            output[offset + i] = input[offset + i] ^ ctx->keystream8[i];
-        }
-
-        ctx->keystream_bytes_used = size;
-
-    }
-
-    return( 0 );
-}
-
-int mbedtls_chacha20_crypt( const unsigned char key[32],
-                            const unsigned char nonce[12],
-                            uint32_t counter,
-                            size_t data_len,
-                            const unsigned char* input,
-                            unsigned char* output )
-{
-    mbedtls_chacha20_context ctx;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    CHACHA20_VALIDATE_RET( key != NULL );
-    CHACHA20_VALIDATE_RET( nonce != NULL );
-    CHACHA20_VALIDATE_RET( data_len == 0 || input  != NULL );
-    CHACHA20_VALIDATE_RET( data_len == 0 || output != NULL );
-
-    mbedtls_chacha20_init( &ctx );
-
-    ret = mbedtls_chacha20_setkey( &ctx, key );
-    if( ret != 0 )
-        goto cleanup;
-
-    ret = mbedtls_chacha20_starts( &ctx, nonce, counter );
-    if( ret != 0 )
-        goto cleanup;
-
-    ret = mbedtls_chacha20_update( &ctx, data_len, input, output );
-
-cleanup:
-    mbedtls_chacha20_free( &ctx );
-    return( ret );
-}
-
-#endif /* !MBEDTLS_CHACHA20_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-static const unsigned char test_keys[2][32] =
-{
-    {
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-    },
-    {
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01
-    }
-};
-
-static const unsigned char test_nonces[2][12] =
-{
-    {
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00
-    },
-    {
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x02
-    }
-};
-
-static const uint32_t test_counters[2] =
-{
-    0U,
-    1U
-};
-
-static const unsigned char test_input[2][375] =
-{
-    {
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-    },
-    {
-        0x41, 0x6e, 0x79, 0x20, 0x73, 0x75, 0x62, 0x6d,
-        0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x20, 0x74,
-        0x6f, 0x20, 0x74, 0x68, 0x65, 0x20, 0x49, 0x45,
-        0x54, 0x46, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x6e,
-        0x64, 0x65, 0x64, 0x20, 0x62, 0x79, 0x20, 0x74,
-        0x68, 0x65, 0x20, 0x43, 0x6f, 0x6e, 0x74, 0x72,
-        0x69, 0x62, 0x75, 0x74, 0x6f, 0x72, 0x20, 0x66,
-        0x6f, 0x72, 0x20, 0x70, 0x75, 0x62, 0x6c, 0x69,
-        0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x61,
-        0x73, 0x20, 0x61, 0x6c, 0x6c, 0x20, 0x6f, 0x72,
-        0x20, 0x70, 0x61, 0x72, 0x74, 0x20, 0x6f, 0x66,
-        0x20, 0x61, 0x6e, 0x20, 0x49, 0x45, 0x54, 0x46,
-        0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65,
-        0x74, 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x20,
-        0x6f, 0x72, 0x20, 0x52, 0x46, 0x43, 0x20, 0x61,
-        0x6e, 0x64, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x73,
-        0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e, 0x74,
-        0x20, 0x6d, 0x61, 0x64, 0x65, 0x20, 0x77, 0x69,
-        0x74, 0x68, 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65,
-        0x20, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74,
-        0x20, 0x6f, 0x66, 0x20, 0x61, 0x6e, 0x20, 0x49,
-        0x45, 0x54, 0x46, 0x20, 0x61, 0x63, 0x74, 0x69,
-        0x76, 0x69, 0x74, 0x79, 0x20, 0x69, 0x73, 0x20,
-        0x63, 0x6f, 0x6e, 0x73, 0x69, 0x64, 0x65, 0x72,
-        0x65, 0x64, 0x20, 0x61, 0x6e, 0x20, 0x22, 0x49,
-        0x45, 0x54, 0x46, 0x20, 0x43, 0x6f, 0x6e, 0x74,
-        0x72, 0x69, 0x62, 0x75, 0x74, 0x69, 0x6f, 0x6e,
-        0x22, 0x2e, 0x20, 0x53, 0x75, 0x63, 0x68, 0x20,
-        0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e,
-        0x74, 0x73, 0x20, 0x69, 0x6e, 0x63, 0x6c, 0x75,
-        0x64, 0x65, 0x20, 0x6f, 0x72, 0x61, 0x6c, 0x20,
-        0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, 0x6e,
-        0x74, 0x73, 0x20, 0x69, 0x6e, 0x20, 0x49, 0x45,
-        0x54, 0x46, 0x20, 0x73, 0x65, 0x73, 0x73, 0x69,
-        0x6f, 0x6e, 0x73, 0x2c, 0x20, 0x61, 0x73, 0x20,
-        0x77, 0x65, 0x6c, 0x6c, 0x20, 0x61, 0x73, 0x20,
-        0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x20,
-        0x61, 0x6e, 0x64, 0x20, 0x65, 0x6c, 0x65, 0x63,
-        0x74, 0x72, 0x6f, 0x6e, 0x69, 0x63, 0x20, 0x63,
-        0x6f, 0x6d, 0x6d, 0x75, 0x6e, 0x69, 0x63, 0x61,
-        0x74, 0x69, 0x6f, 0x6e, 0x73, 0x20, 0x6d, 0x61,
-        0x64, 0x65, 0x20, 0x61, 0x74, 0x20, 0x61, 0x6e,
-        0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20, 0x6f,
-        0x72, 0x20, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x2c,
-        0x20, 0x77, 0x68, 0x69, 0x63, 0x68, 0x20, 0x61,
-        0x72, 0x65, 0x20, 0x61, 0x64, 0x64, 0x72, 0x65,
-        0x73, 0x73, 0x65, 0x64, 0x20, 0x74, 0x6f
-    }
-};
-
-static const unsigned char test_output[2][375] =
-{
-    {
-        0x76, 0xb8, 0xe0, 0xad, 0xa0, 0xf1, 0x3d, 0x90,
-        0x40, 0x5d, 0x6a, 0xe5, 0x53, 0x86, 0xbd, 0x28,
-        0xbd, 0xd2, 0x19, 0xb8, 0xa0, 0x8d, 0xed, 0x1a,
-        0xa8, 0x36, 0xef, 0xcc, 0x8b, 0x77, 0x0d, 0xc7,
-        0xda, 0x41, 0x59, 0x7c, 0x51, 0x57, 0x48, 0x8d,
-        0x77, 0x24, 0xe0, 0x3f, 0xb8, 0xd8, 0x4a, 0x37,
-        0x6a, 0x43, 0xb8, 0xf4, 0x15, 0x18, 0xa1, 0x1c,
-        0xc3, 0x87, 0xb6, 0x69, 0xb2, 0xee, 0x65, 0x86
-    },
-    {
-        0xa3, 0xfb, 0xf0, 0x7d, 0xf3, 0xfa, 0x2f, 0xde,
-        0x4f, 0x37, 0x6c, 0xa2, 0x3e, 0x82, 0x73, 0x70,
-        0x41, 0x60, 0x5d, 0x9f, 0x4f, 0x4f, 0x57, 0xbd,
-        0x8c, 0xff, 0x2c, 0x1d, 0x4b, 0x79, 0x55, 0xec,
-        0x2a, 0x97, 0x94, 0x8b, 0xd3, 0x72, 0x29, 0x15,
-        0xc8, 0xf3, 0xd3, 0x37, 0xf7, 0xd3, 0x70, 0x05,
-        0x0e, 0x9e, 0x96, 0xd6, 0x47, 0xb7, 0xc3, 0x9f,
-        0x56, 0xe0, 0x31, 0xca, 0x5e, 0xb6, 0x25, 0x0d,
-        0x40, 0x42, 0xe0, 0x27, 0x85, 0xec, 0xec, 0xfa,
-        0x4b, 0x4b, 0xb5, 0xe8, 0xea, 0xd0, 0x44, 0x0e,
-        0x20, 0xb6, 0xe8, 0xdb, 0x09, 0xd8, 0x81, 0xa7,
-        0xc6, 0x13, 0x2f, 0x42, 0x0e, 0x52, 0x79, 0x50,
-        0x42, 0xbd, 0xfa, 0x77, 0x73, 0xd8, 0xa9, 0x05,
-        0x14, 0x47, 0xb3, 0x29, 0x1c, 0xe1, 0x41, 0x1c,
-        0x68, 0x04, 0x65, 0x55, 0x2a, 0xa6, 0xc4, 0x05,
-        0xb7, 0x76, 0x4d, 0x5e, 0x87, 0xbe, 0xa8, 0x5a,
-        0xd0, 0x0f, 0x84, 0x49, 0xed, 0x8f, 0x72, 0xd0,
-        0xd6, 0x62, 0xab, 0x05, 0x26, 0x91, 0xca, 0x66,
-        0x42, 0x4b, 0xc8, 0x6d, 0x2d, 0xf8, 0x0e, 0xa4,
-        0x1f, 0x43, 0xab, 0xf9, 0x37, 0xd3, 0x25, 0x9d,
-        0xc4, 0xb2, 0xd0, 0xdf, 0xb4, 0x8a, 0x6c, 0x91,
-        0x39, 0xdd, 0xd7, 0xf7, 0x69, 0x66, 0xe9, 0x28,
-        0xe6, 0x35, 0x55, 0x3b, 0xa7, 0x6c, 0x5c, 0x87,
-        0x9d, 0x7b, 0x35, 0xd4, 0x9e, 0xb2, 0xe6, 0x2b,
-        0x08, 0x71, 0xcd, 0xac, 0x63, 0x89, 0x39, 0xe2,
-        0x5e, 0x8a, 0x1e, 0x0e, 0xf9, 0xd5, 0x28, 0x0f,
-        0xa8, 0xca, 0x32, 0x8b, 0x35, 0x1c, 0x3c, 0x76,
-        0x59, 0x89, 0xcb, 0xcf, 0x3d, 0xaa, 0x8b, 0x6c,
-        0xcc, 0x3a, 0xaf, 0x9f, 0x39, 0x79, 0xc9, 0x2b,
-        0x37, 0x20, 0xfc, 0x88, 0xdc, 0x95, 0xed, 0x84,
-        0xa1, 0xbe, 0x05, 0x9c, 0x64, 0x99, 0xb9, 0xfd,
-        0xa2, 0x36, 0xe7, 0xe8, 0x18, 0xb0, 0x4b, 0x0b,
-        0xc3, 0x9c, 0x1e, 0x87, 0x6b, 0x19, 0x3b, 0xfe,
-        0x55, 0x69, 0x75, 0x3f, 0x88, 0x12, 0x8c, 0xc0,
-        0x8a, 0xaa, 0x9b, 0x63, 0xd1, 0xa1, 0x6f, 0x80,
-        0xef, 0x25, 0x54, 0xd7, 0x18, 0x9c, 0x41, 0x1f,
-        0x58, 0x69, 0xca, 0x52, 0xc5, 0xb8, 0x3f, 0xa3,
-        0x6f, 0xf2, 0x16, 0xb9, 0xc1, 0xd3, 0x00, 0x62,
-        0xbe, 0xbc, 0xfd, 0x2d, 0xc5, 0xbc, 0xe0, 0x91,
-        0x19, 0x34, 0xfd, 0xa7, 0x9a, 0x86, 0xf6, 0xe6,
-        0x98, 0xce, 0xd7, 0x59, 0xc3, 0xff, 0x9b, 0x64,
-        0x77, 0x33, 0x8f, 0x3d, 0xa4, 0xf9, 0xcd, 0x85,
-        0x14, 0xea, 0x99, 0x82, 0xcc, 0xaf, 0xb3, 0x41,
-        0xb2, 0x38, 0x4d, 0xd9, 0x02, 0xf3, 0xd1, 0xab,
-        0x7a, 0xc6, 0x1d, 0xd2, 0x9c, 0x6f, 0x21, 0xba,
-        0x5b, 0x86, 0x2f, 0x37, 0x30, 0xe3, 0x7c, 0xfd,
-        0xc4, 0xfd, 0x80, 0x6c, 0x22, 0xf2, 0x21
-    }
-};
-
-static const size_t test_lengths[2] =
-{
-    64U,
-    375U
-};
-
-/* Make sure no other definition is already present. */
-#undef ASSERT
-
-#define ASSERT( cond, args )            \
-    do                                  \
-    {                                   \
-        if( ! ( cond ) )                \
-        {                               \
-            if( verbose != 0 )          \
-                mbedtls_printf args;    \
-                                        \
-            return( -1 );               \
-        }                               \
-    }                                   \
-    while( 0 )
-
-int mbedtls_chacha20_self_test( int verbose )
-{
-    unsigned char output[381];
-    unsigned i;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    for( i = 0U; i < 2U; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  ChaCha20 test %u ", i );
-
-        ret = mbedtls_chacha20_crypt( test_keys[i],
-                                      test_nonces[i],
-                                      test_counters[i],
-                                      test_lengths[i],
-                                      test_input[i],
-                                      output );
-
-        ASSERT( 0 == ret, ( "error code: %i\n", ret ) );
-
-        ASSERT( 0 == memcmp( output, test_output[i], test_lengths[i] ),
-                ( "failed (output)\n" ) );
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* !MBEDTLS_CHACHA20_C */
diff --git a/Sources/mbedtls/library/chachapoly.c b/Sources/mbedtls/library/chachapoly.c
deleted file mode 100644
index 4adf846..0000000
--- a/Sources/mbedtls/library/chachapoly.c
+++ /dev/null
@@ -1,517 +0,0 @@
-/**
- * \file chachapoly.c
- *
- * \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539.
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#include "common.h"
-
-#if defined(MBEDTLS_CHACHAPOLY_C)
-
-#include "mbedtls/chachapoly.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_CHACHAPOLY_ALT)
-
-/* Parameter validation macros */
-#define CHACHAPOLY_VALIDATE_RET( cond )                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
-#define CHACHAPOLY_VALIDATE( cond )                                           \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#define CHACHAPOLY_STATE_INIT       ( 0 )
-#define CHACHAPOLY_STATE_AAD        ( 1 )
-#define CHACHAPOLY_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */
-#define CHACHAPOLY_STATE_FINISHED   ( 3 )
-
-/**
- * \brief           Adds nul bytes to pad the AAD for Poly1305.
- *
- * \param ctx       The ChaCha20-Poly1305 context.
- */
-static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
-{
-    uint32_t partial_block_len = (uint32_t) ( ctx->aad_len % 16U );
-    unsigned char zeroes[15];
-
-    if( partial_block_len == 0U )
-        return( 0 );
-
-    memset( zeroes, 0, sizeof( zeroes ) );
-
-    return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
-                                     zeroes,
-                                     16U - partial_block_len ) );
-}
-
-/**
- * \brief           Adds nul bytes to pad the ciphertext for Poly1305.
- *
- * \param ctx       The ChaCha20-Poly1305 context.
- */
-static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
-{
-    uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U );
-    unsigned char zeroes[15];
-
-    if( partial_block_len == 0U )
-        return( 0 );
-
-    memset( zeroes, 0, sizeof( zeroes ) );
-    return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
-                                     zeroes,
-                                     16U - partial_block_len ) );
-}
-
-void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
-{
-    CHACHAPOLY_VALIDATE( ctx != NULL );
-
-    mbedtls_chacha20_init( &ctx->chacha20_ctx );
-    mbedtls_poly1305_init( &ctx->poly1305_ctx );
-    ctx->aad_len        = 0U;
-    ctx->ciphertext_len = 0U;
-    ctx->state          = CHACHAPOLY_STATE_INIT;
-    ctx->mode           = MBEDTLS_CHACHAPOLY_ENCRYPT;
-}
-
-void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_chacha20_free( &ctx->chacha20_ctx );
-    mbedtls_poly1305_free( &ctx->poly1305_ctx );
-    ctx->aad_len        = 0U;
-    ctx->ciphertext_len = 0U;
-    ctx->state          = CHACHAPOLY_STATE_INIT;
-    ctx->mode           = MBEDTLS_CHACHAPOLY_ENCRYPT;
-}
-
-int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
-                               const unsigned char key[32] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    CHACHAPOLY_VALIDATE_RET( ctx != NULL );
-    CHACHAPOLY_VALIDATE_RET( key != NULL );
-
-    ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
-
-    return( ret );
-}
-
-int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
-                               const unsigned char nonce[12],
-                               mbedtls_chachapoly_mode_t mode  )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char poly1305_key[64];
-    CHACHAPOLY_VALIDATE_RET( ctx != NULL );
-    CHACHAPOLY_VALIDATE_RET( nonce != NULL );
-
-    /* Set counter = 0, will be update to 1 when generating Poly1305 key */
-    ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
-    if( ret != 0 )
-        goto cleanup;
-
-    /* Generate the Poly1305 key by getting the ChaCha20 keystream output with
-     * counter = 0.  This is the same as encrypting a buffer of zeroes.
-     * Only the first 256-bits (32 bytes) of the key is used for Poly1305.
-     * The other 256 bits are discarded.
-     */
-    memset( poly1305_key, 0, sizeof( poly1305_key ) );
-    ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ),
-                                      poly1305_key, poly1305_key );
-    if( ret != 0 )
-        goto cleanup;
-
-    ret = mbedtls_poly1305_starts( &ctx->poly1305_ctx, poly1305_key );
-
-    if( ret == 0 )
-    {
-        ctx->aad_len        = 0U;
-        ctx->ciphertext_len = 0U;
-        ctx->state          = CHACHAPOLY_STATE_AAD;
-        ctx->mode           = mode;
-    }
-
-cleanup:
-    mbedtls_platform_zeroize( poly1305_key, 64U );
-    return( ret );
-}
-
-int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
-                                   const unsigned char *aad,
-                                   size_t aad_len )
-{
-    CHACHAPOLY_VALIDATE_RET( ctx != NULL );
-    CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
-
-    if( ctx->state != CHACHAPOLY_STATE_AAD )
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
-
-    ctx->aad_len += aad_len;
-
-    return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad, aad_len ) );
-}
-
-int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
-                               size_t len,
-                               const unsigned char *input,
-                               unsigned char *output )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    CHACHAPOLY_VALIDATE_RET( ctx != NULL );
-    CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL );
-    CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL );
-
-    if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
-        ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
-    {
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
-    }
-
-    if( ctx->state == CHACHAPOLY_STATE_AAD )
-    {
-        ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
-
-        ret = chachapoly_pad_aad( ctx );
-        if( ret != 0 )
-            return( ret );
-    }
-
-    ctx->ciphertext_len += len;
-
-    if( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT )
-    {
-        ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
-        if( ret != 0 )
-            return( ret );
-
-        ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, output, len );
-        if( ret != 0 )
-            return( ret );
-    }
-    else /* DECRYPT */
-    {
-        ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, input, len );
-        if( ret != 0 )
-            return( ret );
-
-        ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
-        if( ret != 0 )
-            return( ret );
-    }
-
-    return( 0 );
-}
-
-int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
-                               unsigned char mac[16] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char len_block[16];
-    CHACHAPOLY_VALIDATE_RET( ctx != NULL );
-    CHACHAPOLY_VALIDATE_RET( mac != NULL );
-
-    if( ctx->state == CHACHAPOLY_STATE_INIT )
-    {
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
-    }
-
-    if( ctx->state == CHACHAPOLY_STATE_AAD )
-    {
-        ret = chachapoly_pad_aad( ctx );
-        if( ret != 0 )
-            return( ret );
-    }
-    else if( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
-    {
-        ret = chachapoly_pad_ciphertext( ctx );
-        if( ret != 0 )
-            return( ret );
-    }
-
-    ctx->state = CHACHAPOLY_STATE_FINISHED;
-
-    /* The lengths of the AAD and ciphertext are processed by
-     * Poly1305 as the final 128-bit block, encoded as little-endian integers.
-     */
-    MBEDTLS_PUT_UINT64_LE(ctx->aad_len, len_block, 0);
-    MBEDTLS_PUT_UINT64_LE(ctx->ciphertext_len, len_block, 8);
-
-    ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
-    if( ret != 0 )
-        return( ret );
-
-    ret = mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac );
-
-    return( ret );
-}
-
-static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
-                                     mbedtls_chachapoly_mode_t mode,
-                                     size_t length,
-                                     const unsigned char nonce[12],
-                                     const unsigned char *aad,
-                                     size_t aad_len,
-                                     const unsigned char *input,
-                                     unsigned char *output,
-                                     unsigned char tag[16] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    ret = mbedtls_chachapoly_starts( ctx, nonce, mode );
-    if( ret != 0 )
-        goto cleanup;
-
-    ret = mbedtls_chachapoly_update_aad( ctx, aad, aad_len );
-    if( ret != 0 )
-        goto cleanup;
-
-    ret = mbedtls_chachapoly_update( ctx, length, input, output );
-    if( ret != 0 )
-        goto cleanup;
-
-    ret = mbedtls_chachapoly_finish( ctx, tag );
-
-cleanup:
-    return( ret );
-}
-
-int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
-                                        size_t length,
-                                        const unsigned char nonce[12],
-                                        const unsigned char *aad,
-                                        size_t aad_len,
-                                        const unsigned char *input,
-                                        unsigned char *output,
-                                        unsigned char tag[16] )
-{
-    CHACHAPOLY_VALIDATE_RET( ctx   != NULL );
-    CHACHAPOLY_VALIDATE_RET( nonce != NULL );
-    CHACHAPOLY_VALIDATE_RET( tag   != NULL );
-    CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad    != NULL );
-    CHACHAPOLY_VALIDATE_RET( length  == 0 || input  != NULL );
-    CHACHAPOLY_VALIDATE_RET( length  == 0 || output != NULL );
-
-    return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
-                                      length, nonce, aad, aad_len,
-                                      input, output, tag ) );
-}
-
-int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
-                                     size_t length,
-                                     const unsigned char nonce[12],
-                                     const unsigned char *aad,
-                                     size_t aad_len,
-                                     const unsigned char tag[16],
-                                     const unsigned char *input,
-                                     unsigned char *output )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char check_tag[16];
-    size_t i;
-    int diff;
-    CHACHAPOLY_VALIDATE_RET( ctx   != NULL );
-    CHACHAPOLY_VALIDATE_RET( nonce != NULL );
-    CHACHAPOLY_VALIDATE_RET( tag   != NULL );
-    CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad    != NULL );
-    CHACHAPOLY_VALIDATE_RET( length  == 0 || input  != NULL );
-    CHACHAPOLY_VALIDATE_RET( length  == 0 || output != NULL );
-
-    if( ( ret = chachapoly_crypt_and_tag( ctx,
-                        MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
-                        aad, aad_len, input, output, check_tag ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /* Check tag in "constant-time" */
-    for( diff = 0, i = 0; i < sizeof( check_tag ); i++ )
-        diff |= tag[i] ^ check_tag[i];
-
-    if( diff != 0 )
-    {
-        mbedtls_platform_zeroize( output, length );
-        return( MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED );
-    }
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_CHACHAPOLY_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-static const unsigned char test_key[1][32] =
-{
-    {
-        0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
-        0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
-        0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
-        0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
-    }
-};
-
-static const unsigned char test_nonce[1][12] =
-{
-    {
-        0x07, 0x00, 0x00, 0x00,                         /* 32-bit common part */
-        0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47  /* 64-bit IV */
-    }
-};
-
-static const unsigned char test_aad[1][12] =
-{
-    {
-        0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
-        0xc4, 0xc5, 0xc6, 0xc7
-    }
-};
-
-static const size_t test_aad_len[1] =
-{
-    12U
-};
-
-static const unsigned char test_input[1][114] =
-{
-    {
-        0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
-        0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
-        0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
-        0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
-        0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
-        0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
-        0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
-        0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
-        0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
-        0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
-        0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
-        0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
-        0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
-        0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
-        0x74, 0x2e
-    }
-};
-
-static const unsigned char test_output[1][114] =
-{
-    {
-        0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
-        0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
-        0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
-        0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
-        0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
-        0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
-        0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
-        0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
-        0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
-        0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
-        0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
-        0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
-        0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
-        0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
-        0x61, 0x16
-    }
-};
-
-static const size_t test_input_len[1] =
-{
-    114U
-};
-
-static const unsigned char test_mac[1][16] =
-{
-    {
-        0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
-        0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
-    }
-};
-
-/* Make sure no other definition is already present. */
-#undef ASSERT
-
-#define ASSERT( cond, args )            \
-    do                                  \
-    {                                   \
-        if( ! ( cond ) )                \
-        {                               \
-            if( verbose != 0 )          \
-                mbedtls_printf args;    \
-                                        \
-            return( -1 );               \
-        }                               \
-    }                                   \
-    while( 0 )
-
-int mbedtls_chachapoly_self_test( int verbose )
-{
-    mbedtls_chachapoly_context ctx;
-    unsigned i;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char output[200];
-    unsigned char mac[16];
-
-    for( i = 0U; i < 1U; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  ChaCha20-Poly1305 test %u ", i );
-
-        mbedtls_chachapoly_init( &ctx );
-
-        ret = mbedtls_chachapoly_setkey( &ctx, test_key[i] );
-        ASSERT( 0 == ret, ( "setkey() error code: %i\n", ret ) );
-
-        ret = mbedtls_chachapoly_encrypt_and_tag( &ctx,
-                                                  test_input_len[i],
-                                                  test_nonce[i],
-                                                  test_aad[i],
-                                                  test_aad_len[i],
-                                                  test_input[i],
-                                                  output,
-                                                  mac );
-
-        ASSERT( 0 == ret, ( "crypt_and_tag() error code: %i\n", ret ) );
-
-        ASSERT( 0 == memcmp( output, test_output[i], test_input_len[i] ),
-                ( "failure (wrong output)\n" ) );
-
-        ASSERT( 0 == memcmp( mac, test_mac[i], 16U ),
-                ( "failure (wrong MAC)\n" ) );
-
-        mbedtls_chachapoly_free( &ctx );
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_CHACHAPOLY_C */
diff --git a/Sources/mbedtls/library/check_crypto_config.h b/Sources/mbedtls/library/check_crypto_config.h
deleted file mode 100644
index d7ad16a..0000000
--- a/Sources/mbedtls/library/check_crypto_config.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * \file check_crypto_config.h
- *
- * \brief Consistency checks for PSA configuration options
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- * It is recommended to include this file from your crypto_config.h
- * in order to catch dependency issues early.
- */
-
-#ifndef MBEDTLS_CHECK_CRYPTO_CONFIG_H
-#define MBEDTLS_CHECK_CRYPTO_CONFIG_H
-
-#if defined(PSA_WANT_ALG_CCM) && \
-    !( defined(PSA_WANT_KEY_TYPE_AES) || \
-       defined(PSA_WANT_KEY_TYPE_CAMELLIA) )
-#error "PSA_WANT_ALG_CCM defined, but not all prerequisites"
-#endif
-
-#if defined(PSA_WANT_ALG_CMAC) && \
-    !( defined(PSA_WANT_KEY_TYPE_AES) || \
-       defined(PSA_WANT_KEY_TYPE_CAMELLIA) || \
-       defined(PSA_WANT_KEY_TYPE_DES) )
-#error "PSA_WANT_ALG_CMAC defined, but not all prerequisites"
-#endif
-
-#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \
-    !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
-       defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) )
-#error "PSA_WANT_ALG_DETERMINISTIC_ECDSA defined, but not all prerequisites"
-#endif
-
-#if defined(PSA_WANT_ALG_ECDSA) && \
-    !( defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) || \
-       defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) )
-#error "PSA_WANT_ALG_ECDSA defined, but not all prerequisites"
-#endif
-
-#if defined(PSA_WANT_ALG_GCM) && \
-    !( defined(PSA_WANT_KEY_TYPE_AES) || \
-       defined(PSA_WANT_KEY_TYPE_CAMELLIA) )
-#error "PSA_WANT_ALG_GCM defined, but not all prerequisites"
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) && \
-    !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
-       defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
-#error "PSA_WANT_ALG_RSA_PKCS1V15_CRYPT defined, but not all prerequisites"
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) && \
-    !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
-       defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
-#error "PSA_WANT_ALG_RSA_PKCS1V15_SIGN defined, but not all prerequisites"
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_OAEP) && \
-    !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
-       defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
-#error "PSA_WANT_ALG_RSA_OAEP defined, but not all prerequisites"
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PSS) && \
-    !( defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) || \
-       defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) )
-#error "PSA_WANT_ALG_RSA_PSS defined, but not all prerequisites"
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \
-    !defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#error "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR defined, but not all prerequisites"
-#endif
-
-#endif /* MBEDTLS_CHECK_CRYPTO_CONFIG_H */
diff --git a/Sources/mbedtls/library/cipher.c b/Sources/mbedtls/library/cipher.c
deleted file mode 100644
index 67e3274..0000000
--- a/Sources/mbedtls/library/cipher.c
+++ /dev/null
@@ -1,1632 +0,0 @@
-/**
- * \file cipher.c
- *
- * \brief Generic cipher wrapper for mbed TLS
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_CIPHER_C)
-
-#include "mbedtls/cipher.h"
-#include "mbedtls/cipher_internal.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-#include "mbedtls/constant_time.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-#if defined(MBEDTLS_CHACHAPOLY_C)
-#include "mbedtls/chachapoly.h"
-#endif
-
-#if defined(MBEDTLS_GCM_C)
-#include "mbedtls/gcm.h"
-#endif
-
-#if defined(MBEDTLS_CCM_C)
-#include "mbedtls/ccm.h"
-#endif
-
-#if defined(MBEDTLS_CHACHA20_C)
-#include "mbedtls/chacha20.h"
-#endif
-
-#if defined(MBEDTLS_CMAC_C)
-#include "mbedtls/cmac.h"
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#include "mbedtls/psa_util.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_NIST_KW_C)
-#include "mbedtls/nist_kw.h"
-#endif
-
-#include "mbedtls/platform.h"
-
-#define CIPHER_VALIDATE_RET( cond )    \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA )
-#define CIPHER_VALIDATE( cond )        \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-static int supported_init = 0;
-
-const int *mbedtls_cipher_list( void )
-{
-    const mbedtls_cipher_definition_t *def;
-    int *type;
-
-    if( ! supported_init )
-    {
-        def = mbedtls_cipher_definitions;
-        type = mbedtls_cipher_supported;
-
-        while( def->type != 0 )
-            *type++ = (*def++).type;
-
-        *type = 0;
-
-        supported_init = 1;
-    }
-
-    return( mbedtls_cipher_supported );
-}
-
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type(
-    const mbedtls_cipher_type_t cipher_type )
-{
-    const mbedtls_cipher_definition_t *def;
-
-    for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
-        if( def->type == cipher_type )
-            return( def->info );
-
-    return( NULL );
-}
-
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string(
-    const char *cipher_name )
-{
-    const mbedtls_cipher_definition_t *def;
-
-    if( NULL == cipher_name )
-        return( NULL );
-
-    for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
-        if( !  strcmp( def->info->name, cipher_name ) )
-            return( def->info );
-
-    return( NULL );
-}
-
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values(
-    const mbedtls_cipher_id_t cipher_id,
-    int key_bitlen,
-    const mbedtls_cipher_mode_t mode )
-{
-    const mbedtls_cipher_definition_t *def;
-
-    for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
-        if( def->info->base->cipher == cipher_id &&
-            def->info->key_bitlen == (unsigned) key_bitlen &&
-            def->info->mode == mode )
-            return( def->info );
-
-    return( NULL );
-}
-
-void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx )
-{
-    CIPHER_VALIDATE( ctx != NULL );
-    memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
-}
-
-void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
-        if( ctx->cipher_ctx != NULL )
-        {
-            mbedtls_cipher_context_psa * const cipher_psa =
-                (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
-
-            if( cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED )
-            {
-                /* xxx_free() doesn't allow to return failures. */
-                (void) psa_destroy_key( cipher_psa->slot );
-            }
-
-            mbedtls_platform_zeroize( cipher_psa, sizeof( *cipher_psa ) );
-            mbedtls_free( cipher_psa );
-        }
-
-        mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
-        return;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_CMAC_C)
-    if( ctx->cmac_ctx )
-    {
-       mbedtls_platform_zeroize( ctx->cmac_ctx,
-                                 sizeof( mbedtls_cmac_context_t ) );
-       mbedtls_free( ctx->cmac_ctx );
-    }
-#endif
-
-    if( ctx->cipher_ctx )
-        ctx->cipher_info->base->ctx_free_func( ctx->cipher_ctx );
-
-    mbedtls_platform_zeroize( ctx, sizeof(mbedtls_cipher_context_t) );
-}
-
-int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
-                          const mbedtls_cipher_info_t *cipher_info )
-{
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
-
-    if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) )
-        return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
-
-    ctx->cipher_info = cipher_info;
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-    /*
-     * Ignore possible errors caused by a cipher mode that doesn't use padding
-     */
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-    (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_PKCS7 );
-#else
-    (void) mbedtls_cipher_set_padding_mode( ctx, MBEDTLS_PADDING_NONE );
-#endif
-#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
-                              const mbedtls_cipher_info_t *cipher_info,
-                              size_t taglen )
-{
-    psa_algorithm_t alg;
-    mbedtls_cipher_context_psa *cipher_psa;
-
-    if( NULL == cipher_info || NULL == ctx )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    /* Check that the underlying cipher mode and cipher type are
-     * supported by the underlying PSA Crypto implementation. */
-    alg = mbedtls_psa_translate_cipher_mode( cipher_info->mode, taglen );
-    if( alg == 0 )
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-    if( mbedtls_psa_translate_cipher_type( cipher_info->type ) == 0 )
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-
-    memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) );
-
-    cipher_psa = mbedtls_calloc( 1, sizeof(mbedtls_cipher_context_psa ) );
-    if( cipher_psa == NULL )
-        return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
-    cipher_psa->alg  = alg;
-    ctx->cipher_ctx  = cipher_psa;
-    ctx->cipher_info = cipher_info;
-    ctx->psa_enabled = 1;
-    return( 0 );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
-                           const unsigned char *key,
-                           int key_bitlen,
-                           const mbedtls_operation_t operation )
-{
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( key != NULL );
-    CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT ||
-                         operation == MBEDTLS_DECRYPT );
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
-        mbedtls_cipher_context_psa * const cipher_psa =
-            (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
-
-        size_t const key_bytelen = ( (size_t) key_bitlen + 7 ) / 8;
-
-        psa_status_t status;
-        psa_key_type_t key_type;
-        psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
-        /* PSA Crypto API only accepts byte-aligned keys. */
-        if( key_bitlen % 8 != 0 )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-        /* Don't allow keys to be set multiple times. */
-        if( cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-        key_type = mbedtls_psa_translate_cipher_type(
-            ctx->cipher_info->type );
-        if( key_type == 0 )
-            return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-        psa_set_key_type( &attributes, key_type );
-
-        /* Mbed TLS' cipher layer doesn't enforce the mode of operation
-         * (encrypt vs. decrypt): it is possible to setup a key for encryption
-         * and use it for AEAD decryption. Until tests relying on this
-         * are changed, allow any usage in PSA. */
-        psa_set_key_usage_flags( &attributes,
-                                 /* mbedtls_psa_translate_cipher_operation( operation ); */
-                                 PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
-        psa_set_key_algorithm( &attributes, cipher_psa->alg );
-
-        status = psa_import_key( &attributes, key, key_bytelen,
-                                 &cipher_psa->slot );
-        switch( status )
-        {
-            case PSA_SUCCESS:
-                break;
-            case PSA_ERROR_INSUFFICIENT_MEMORY:
-                return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
-            case PSA_ERROR_NOT_SUPPORTED:
-                return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-            default:
-                return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
-        }
-        /* Indicate that we own the key slot and need to
-         * destroy it in mbedtls_cipher_free(). */
-        cipher_psa->slot_state = MBEDTLS_CIPHER_PSA_KEY_OWNED;
-
-        ctx->key_bitlen = key_bitlen;
-        ctx->operation = operation;
-        return( 0 );
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
-        (int) ctx->cipher_info->key_bitlen != key_bitlen )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-    ctx->key_bitlen = key_bitlen;
-    ctx->operation = operation;
-
-    /*
-     * For OFB, CFB and CTR mode always use the encryption key schedule
-     */
-    if( MBEDTLS_ENCRYPT == operation ||
-        MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
-        MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
-        MBEDTLS_MODE_CTR == ctx->cipher_info->mode )
-    {
-        return( ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key,
-                                                         ctx->key_bitlen ) );
-    }
-
-    if( MBEDTLS_DECRYPT == operation )
-        return( ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key,
-                                                         ctx->key_bitlen ) );
-
-    return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-}
-
-int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
-                           const unsigned char *iv,
-                           size_t iv_len )
-{
-    size_t actual_iv_size;
-
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
-        /* While PSA Crypto has an API for multipart
-         * operations, we currently don't make it
-         * accessible through the cipher layer. */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    /* avoid buffer overflow in ctx->iv */
-    if( iv_len > MBEDTLS_MAX_IV_LENGTH )
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-
-    if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN ) != 0 )
-        actual_iv_size = iv_len;
-    else
-    {
-        actual_iv_size = ctx->cipher_info->iv_size;
-
-        /* avoid reading past the end of input buffer */
-        if( actual_iv_size > iv_len )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-#if defined(MBEDTLS_CHACHA20_C)
-    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20 )
-    {
-        /* Even though the actual_iv_size is overwritten with a correct value
-         * of 12 from the cipher info, return an error to indicate that
-         * the input iv_len is wrong. */
-        if( iv_len != 12 )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-        if ( 0 != mbedtls_chacha20_starts( (mbedtls_chacha20_context*)ctx->cipher_ctx,
-                                           iv,
-                                           0U ) ) /* Initial counter value */
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-        }
-    }
-#if defined(MBEDTLS_CHACHAPOLY_C)
-    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 &&
-         iv_len != 12 )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-#endif
-#endif
-
-    if ( actual_iv_size != 0 )
-    {
-        memcpy( ctx->iv, iv, actual_iv_size );
-        ctx->iv_size = actual_iv_size;
-    }
-
-    return( 0 );
-}
-
-int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx )
-{
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
-        /* We don't support resetting PSA-based
-         * cipher contexts, yet. */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    ctx->unprocessed_len = 0;
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
-                      const unsigned char *ad, size_t ad_len )
-{
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
-        /* While PSA Crypto has an API for multipart
-         * operations, we currently don't make it
-         * accessible through the cipher layer. */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_GCM_C)
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-    {
-        return( mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, ctx->operation,
-                                    ctx->iv, ctx->iv_size, ad, ad_len ) );
-    }
-#endif
-
-#if defined(MBEDTLS_CHACHAPOLY_C)
-    if (MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
-    {
-        int result;
-        mbedtls_chachapoly_mode_t mode;
-
-        mode = ( ctx->operation == MBEDTLS_ENCRYPT )
-                ? MBEDTLS_CHACHAPOLY_ENCRYPT
-                : MBEDTLS_CHACHAPOLY_DECRYPT;
-
-        result = mbedtls_chachapoly_starts( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                                        ctx->iv,
-                                                        mode );
-        if ( result != 0 )
-            return( result );
-
-        return( mbedtls_chachapoly_update_aad( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                               ad, ad_len ) );
-    }
-#endif
-
-    return( 0 );
-}
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
-
-int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
-                   size_t ilen, unsigned char *output, size_t *olen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t block_size;
-
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
-    CIPHER_VALIDATE_RET( output != NULL );
-    CIPHER_VALIDATE_RET( olen != NULL );
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
-        /* While PSA Crypto has an API for multipart
-         * operations, we currently don't make it
-         * accessible through the cipher layer. */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    *olen = 0;
-    block_size = mbedtls_cipher_get_block_size( ctx );
-    if ( 0 == block_size )
-    {
-        return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT );
-    }
-
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB )
-    {
-        if( ilen != block_size )
-            return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
-
-        *olen = ilen;
-
-        if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx,
-                    ctx->operation, input, output ) ) )
-        {
-            return( ret );
-        }
-
-        return( 0 );
-    }
-
-#if defined(MBEDTLS_GCM_C)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM )
-    {
-        *olen = ilen;
-        return( mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, ilen, input,
-                                    output ) );
-    }
-#endif
-
-#if defined(MBEDTLS_CHACHAPOLY_C)
-    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 )
-    {
-        *olen = ilen;
-        return( mbedtls_chachapoly_update( (mbedtls_chachapoly_context*) ctx->cipher_ctx,
-                                           ilen, input, output ) );
-    }
-#endif
-
-    if( input == output &&
-       ( ctx->unprocessed_len != 0 || ilen % block_size ) )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC )
-    {
-        size_t copy_len = 0;
-
-        /*
-         * If there is not enough data for a full block, cache it.
-         */
-        if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding &&
-                ilen <= block_size - ctx->unprocessed_len ) ||
-            ( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&
-                ilen < block_size - ctx->unprocessed_len ) ||
-             ( ctx->operation == MBEDTLS_ENCRYPT &&
-                ilen < block_size - ctx->unprocessed_len ) )
-        {
-            memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
-                    ilen );
-
-            ctx->unprocessed_len += ilen;
-            return( 0 );
-        }
-
-        /*
-         * Process cached data first
-         */
-        if( 0 != ctx->unprocessed_len )
-        {
-            copy_len = block_size - ctx->unprocessed_len;
-
-            memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
-                    copy_len );
-
-            if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
-                    ctx->operation, block_size, ctx->iv,
-                    ctx->unprocessed_data, output ) ) )
-            {
-                return( ret );
-            }
-
-            *olen += block_size;
-            output += block_size;
-            ctx->unprocessed_len = 0;
-
-            input += copy_len;
-            ilen -= copy_len;
-        }
-
-        /*
-         * Cache final, incomplete block
-         */
-        if( 0 != ilen )
-        {
-            /* Encryption: only cache partial blocks
-             * Decryption w/ padding: always keep at least one whole block
-             * Decryption w/o padding: only cache partial blocks
-             */
-            copy_len = ilen % block_size;
-            if( copy_len == 0 &&
-                ctx->operation == MBEDTLS_DECRYPT &&
-                NULL != ctx->add_padding)
-            {
-                copy_len = block_size;
-            }
-
-            memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
-                    copy_len );
-
-            ctx->unprocessed_len += copy_len;
-            ilen -= copy_len;
-        }
-
-        /*
-         * Process remaining full blocks
-         */
-        if( ilen )
-        {
-            if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
-                    ctx->operation, ilen, ctx->iv, input, output ) ) )
-            {
-                return( ret );
-            }
-
-            *olen += ilen;
-        }
-
-        return( 0 );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_CFB )
-    {
-        if( 0 != ( ret = ctx->cipher_info->base->cfb_func( ctx->cipher_ctx,
-                ctx->operation, ilen, &ctx->unprocessed_len, ctx->iv,
-                input, output ) ) )
-        {
-            return( ret );
-        }
-
-        *olen = ilen;
-
-        return( 0 );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_OFB )
-    {
-        if( 0 != ( ret = ctx->cipher_info->base->ofb_func( ctx->cipher_ctx,
-                ilen, &ctx->unprocessed_len, ctx->iv, input, output ) ) )
-        {
-            return( ret );
-        }
-
-        *olen = ilen;
-
-        return( 0 );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_OFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_CTR )
-    {
-        if( 0 != ( ret = ctx->cipher_info->base->ctr_func( ctx->cipher_ctx,
-                ilen, &ctx->unprocessed_len, ctx->iv,
-                ctx->unprocessed_data, input, output ) ) )
-        {
-            return( ret );
-        }
-
-        *olen = ilen;
-
-        return( 0 );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_XTS )
-    {
-        if( ctx->unprocessed_len > 0 ) {
-            /* We can only process an entire data unit at a time. */
-            return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-        }
-
-        ret = ctx->cipher_info->base->xts_func( ctx->cipher_ctx,
-                ctx->operation, ilen, ctx->iv, input, output );
-        if( ret != 0 )
-        {
-            return( ret );
-        }
-
-        *olen = ilen;
-
-        return( 0 );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    if( ctx->cipher_info->mode == MBEDTLS_MODE_STREAM )
-    {
-        if( 0 != ( ret = ctx->cipher_info->base->stream_func( ctx->cipher_ctx,
-                                                    ilen, input, output ) ) )
-        {
-            return( ret );
-        }
-
-        *olen = ilen;
-
-        return( 0 );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_STREAM */
-
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-/*
- * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
- */
-static void add_pkcs_padding( unsigned char *output, size_t output_len,
-        size_t data_len )
-{
-    size_t padding_len = output_len - data_len;
-    unsigned char i;
-
-    for( i = 0; i < padding_len; i++ )
-        output[data_len + i] = (unsigned char) padding_len;
-}
-
-static int get_pkcs_padding( unsigned char *input, size_t input_len,
-        size_t *data_len )
-{
-    size_t i, pad_idx;
-    unsigned char padding_len, bad = 0;
-
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    padding_len = input[input_len - 1];
-    *data_len = input_len - padding_len;
-
-    /* Avoid logical || since it results in a branch */
-    bad |= padding_len > input_len;
-    bad |= padding_len == 0;
-
-    /* The number of bytes checked must be independent of padding_len,
-     * so pick input_len, which is usually 8 or 16 (one block) */
-    pad_idx = input_len - padding_len;
-    for( i = 0; i < input_len; i++ )
-        bad |= ( input[i] ^ padding_len ) * ( i >= pad_idx );
-
-    return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
-}
-#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
-
-#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
-/*
- * One and zeros padding: fill with 80 00 ... 00
- */
-static void add_one_and_zeros_padding( unsigned char *output,
-                                       size_t output_len, size_t data_len )
-{
-    size_t padding_len = output_len - data_len;
-    unsigned char i = 0;
-
-    output[data_len] = 0x80;
-    for( i = 1; i < padding_len; i++ )
-        output[data_len + i] = 0x00;
-}
-
-static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
-                                      size_t *data_len )
-{
-    size_t i;
-    unsigned char done = 0, prev_done, bad;
-
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    bad = 0x80;
-    *data_len = 0;
-    for( i = input_len; i > 0; i-- )
-    {
-        prev_done = done;
-        done |= ( input[i - 1] != 0 );
-        *data_len |= ( i - 1 ) * ( done != prev_done );
-        bad ^= input[i - 1] * ( done != prev_done );
-    }
-
-    return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
-
-}
-#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
-
-#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
-/*
- * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
- */
-static void add_zeros_and_len_padding( unsigned char *output,
-                                       size_t output_len, size_t data_len )
-{
-    size_t padding_len = output_len - data_len;
-    unsigned char i = 0;
-
-    for( i = 1; i < padding_len; i++ )
-        output[data_len + i - 1] = 0x00;
-    output[output_len - 1] = (unsigned char) padding_len;
-}
-
-static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
-                                      size_t *data_len )
-{
-    size_t i, pad_idx;
-    unsigned char padding_len, bad = 0;
-
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    padding_len = input[input_len - 1];
-    *data_len = input_len - padding_len;
-
-    /* Avoid logical || since it results in a branch */
-    bad |= padding_len > input_len;
-    bad |= padding_len == 0;
-
-    /* The number of bytes checked must be independent of padding_len */
-    pad_idx = input_len - padding_len;
-    for( i = 0; i < input_len - 1; i++ )
-        bad |= input[i] * ( i >= pad_idx );
-
-    return( MBEDTLS_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
-}
-#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
-
-#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
-/*
- * Zero padding: fill with 00 ... 00
- */
-static void add_zeros_padding( unsigned char *output,
-                               size_t output_len, size_t data_len )
-{
-    size_t i;
-
-    for( i = data_len; i < output_len; i++ )
-        output[i] = 0x00;
-}
-
-static int get_zeros_padding( unsigned char *input, size_t input_len,
-                              size_t *data_len )
-{
-    size_t i;
-    unsigned char done = 0, prev_done;
-
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    *data_len = 0;
-    for( i = input_len; i > 0; i-- )
-    {
-        prev_done = done;
-        done |= ( input[i-1] != 0 );
-        *data_len |= i * ( done != prev_done );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
-
-/*
- * No padding: don't pad :)
- *
- * There is no add_padding function (check for NULL in mbedtls_cipher_finish)
- * but a trivial get_padding function
- */
-static int get_no_padding( unsigned char *input, size_t input_len,
-                              size_t *data_len )
-{
-    if( NULL == input || NULL == data_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    *data_len = input_len;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-
-int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
-                   unsigned char *output, size_t *olen )
-{
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( output != NULL );
-    CIPHER_VALIDATE_RET( olen != NULL );
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
-        /* While PSA Crypto has an API for multipart
-         * operations, we currently don't make it
-         * accessible through the cipher layer. */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    *olen = 0;
-
-    if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode ||
-        MBEDTLS_MODE_OFB == ctx->cipher_info->mode ||
-        MBEDTLS_MODE_CTR == ctx->cipher_info->mode ||
-        MBEDTLS_MODE_GCM == ctx->cipher_info->mode ||
-        MBEDTLS_MODE_XTS == ctx->cipher_info->mode ||
-        MBEDTLS_MODE_STREAM == ctx->cipher_info->mode )
-    {
-        return( 0 );
-    }
-
-    if ( ( MBEDTLS_CIPHER_CHACHA20          == ctx->cipher_info->type ) ||
-         ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) )
-    {
-        return( 0 );
-    }
-
-    if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode )
-    {
-        if( ctx->unprocessed_len != 0 )
-            return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
-
-        return( 0 );
-    }
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    if( MBEDTLS_MODE_CBC == ctx->cipher_info->mode )
-    {
-        int ret = 0;
-
-        if( MBEDTLS_ENCRYPT == ctx->operation )
-        {
-            /* check for 'no padding' mode */
-            if( NULL == ctx->add_padding )
-            {
-                if( 0 != ctx->unprocessed_len )
-                    return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
-
-                return( 0 );
-            }
-
-            ctx->add_padding( ctx->unprocessed_data, mbedtls_cipher_get_iv_size( ctx ),
-                    ctx->unprocessed_len );
-        }
-        else if( mbedtls_cipher_get_block_size( ctx ) != ctx->unprocessed_len )
-        {
-            /*
-             * For decrypt operations, expect a full block,
-             * or an empty block if no padding
-             */
-            if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len )
-                return( 0 );
-
-            return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
-        }
-
-        /* cipher block */
-        if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
-                ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv,
-                ctx->unprocessed_data, output ) ) )
-        {
-            return( ret );
-        }
-
-        /* Set output size for decryption */
-        if( MBEDTLS_DECRYPT == ctx->operation )
-            return( ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ),
-                                      olen ) );
-
-        /* Set output size for encryption */
-        *olen = mbedtls_cipher_get_block_size( ctx );
-        return( 0 );
-    }
-#else
-    ((void) output);
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
-                                     mbedtls_cipher_padding_t mode )
-{
-    CIPHER_VALIDATE_RET( ctx != NULL );
-
-    if( NULL == ctx->cipher_info || MBEDTLS_MODE_CBC != ctx->cipher_info->mode )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
-        /* While PSA Crypto knows about CBC padding
-         * schemes, we currently don't make them
-         * accessible through the cipher layer. */
-        if( mode != MBEDTLS_PADDING_NONE )
-            return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-
-        return( 0 );
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    switch( mode )
-    {
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-    case MBEDTLS_PADDING_PKCS7:
-        ctx->add_padding = add_pkcs_padding;
-        ctx->get_padding = get_pkcs_padding;
-        break;
-#endif
-#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
-    case MBEDTLS_PADDING_ONE_AND_ZEROS:
-        ctx->add_padding = add_one_and_zeros_padding;
-        ctx->get_padding = get_one_and_zeros_padding;
-        break;
-#endif
-#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
-    case MBEDTLS_PADDING_ZEROS_AND_LEN:
-        ctx->add_padding = add_zeros_and_len_padding;
-        ctx->get_padding = get_zeros_and_len_padding;
-        break;
-#endif
-#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
-    case MBEDTLS_PADDING_ZEROS:
-        ctx->add_padding = add_zeros_padding;
-        ctx->get_padding = get_zeros_padding;
-        break;
-#endif
-    case MBEDTLS_PADDING_NONE:
-        ctx->add_padding = NULL;
-        ctx->get_padding = get_no_padding;
-        break;
-
-    default:
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
-                      unsigned char *tag, size_t tag_len )
-{
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    if( MBEDTLS_ENCRYPT != ctx->operation )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
-        /* While PSA Crypto has an API for multipart
-         * operations, we currently don't make it
-         * accessible through the cipher layer. */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_GCM_C)
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-        return( mbedtls_gcm_finish( (mbedtls_gcm_context *) ctx->cipher_ctx,
-                                    tag, tag_len ) );
-#endif
-
-#if defined(MBEDTLS_CHACHAPOLY_C)
-    if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
-    {
-        /* Don't allow truncated MAC for Poly1305 */
-        if ( tag_len != 16U )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-        return( mbedtls_chachapoly_finish(
-                    (mbedtls_chachapoly_context*) ctx->cipher_ctx, tag ) );
-    }
-#endif
-
-    return( 0 );
-}
-
-int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
-                      const unsigned char *tag, size_t tag_len )
-{
-    unsigned char check_tag[16];
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
-    if( ctx->cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    if( MBEDTLS_DECRYPT != ctx->operation )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
-        /* While PSA Crypto has an API for multipart
-         * operations, we currently don't make it
-         * accessible through the cipher layer. */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    /* Status to return on a non-authenticated algorithm. It would make sense
-     * to return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT or perhaps
-     * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, but at the time I write this our
-     * unit tests assume 0. */
-    ret = 0;
-
-#if defined(MBEDTLS_GCM_C)
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-    {
-        if( tag_len > sizeof( check_tag ) )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-        if( 0 != ( ret = mbedtls_gcm_finish(
-                       (mbedtls_gcm_context *) ctx->cipher_ctx,
-                       check_tag, tag_len ) ) )
-        {
-            return( ret );
-        }
-
-        /* Check the tag in "constant-time" */
-        if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
-        {
-            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
-            goto exit;
-        }
-    }
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CHACHAPOLY_C)
-    if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
-    {
-        /* Don't allow truncated MAC for Poly1305 */
-        if ( tag_len != sizeof( check_tag ) )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-        ret = mbedtls_chachapoly_finish(
-            (mbedtls_chachapoly_context*) ctx->cipher_ctx, check_tag );
-        if ( ret != 0 )
-        {
-            return( ret );
-        }
-
-        /* Check the tag in "constant-time" */
-        if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
-        {
-            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
-            goto exit;
-        }
-    }
-#endif /* MBEDTLS_CHACHAPOLY_C */
-
-exit:
-    mbedtls_platform_zeroize( check_tag, tag_len );
-    return( ret );
-}
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
-
-/*
- * Packet-oriented wrapper for non-AEAD modes
- */
-int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
-                  const unsigned char *iv, size_t iv_len,
-                  const unsigned char *input, size_t ilen,
-                  unsigned char *output, size_t *olen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t finish_olen;
-
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
-    CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
-    CIPHER_VALIDATE_RET( output != NULL );
-    CIPHER_VALIDATE_RET( olen != NULL );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
-        /* As in the non-PSA case, we don't check that
-         * a key has been set. If not, the key slot will
-         * still be in its default state of 0, which is
-         * guaranteed to be invalid, hence the PSA-call
-         * below will gracefully fail. */
-        mbedtls_cipher_context_psa * const cipher_psa =
-            (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
-
-        psa_status_t status;
-        psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
-        size_t part_len;
-
-        if( ctx->operation == MBEDTLS_DECRYPT )
-        {
-            status = psa_cipher_decrypt_setup( &cipher_op,
-                                               cipher_psa->slot,
-                                               cipher_psa->alg );
-        }
-        else if( ctx->operation == MBEDTLS_ENCRYPT )
-        {
-            status = psa_cipher_encrypt_setup( &cipher_op,
-                                               cipher_psa->slot,
-                                               cipher_psa->alg );
-        }
-        else
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-        /* In the following, we can immediately return on an error,
-         * because the PSA Crypto API guarantees that cipher operations
-         * are terminated by unsuccessful calls to psa_cipher_update(),
-         * and by any call to psa_cipher_finish(). */
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
-
-        if( ctx->cipher_info->mode != MBEDTLS_MODE_ECB )
-        {
-            status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
-            if( status != PSA_SUCCESS )
-                return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
-        }
-
-        status = psa_cipher_update( &cipher_op,
-                                    input, ilen,
-                                    output, ilen, olen );
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
-
-        status = psa_cipher_finish( &cipher_op,
-                                    output + *olen, ilen - *olen,
-                                    &part_len );
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
-
-        *olen += part_len;
-        return( 0 );
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_reset( ctx ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_update( ctx, input, ilen,
-                                       output, olen ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_finish( ctx, output + *olen,
-                                       &finish_olen ) ) != 0 )
-        return( ret );
-
-    *olen += finish_olen;
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_AEAD)
-/*
- * Packet-oriented encryption for AEAD modes: internal function shared by
- * mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext().
- */
-static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen,
-                         unsigned char *tag, size_t tag_len )
-{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
-        /* As in the non-PSA case, we don't check that
-         * a key has been set. If not, the key slot will
-         * still be in its default state of 0, which is
-         * guaranteed to be invalid, hence the PSA-call
-         * below will gracefully fail. */
-        mbedtls_cipher_context_psa * const cipher_psa =
-            (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
-
-        psa_status_t status;
-
-        /* PSA Crypto API always writes the authentication tag
-         * at the end of the encrypted message. */
-        if( output == NULL || tag != output + ilen )
-            return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-
-        status = psa_aead_encrypt( cipher_psa->slot,
-                                   cipher_psa->alg,
-                                   iv, iv_len,
-                                   ad, ad_len,
-                                   input, ilen,
-                                   output, ilen + tag_len, olen );
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
-
-        *olen -= tag_len;
-        return( 0 );
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_GCM_C)
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-    {
-        *olen = ilen;
-        return( mbedtls_gcm_crypt_and_tag( ctx->cipher_ctx, MBEDTLS_GCM_ENCRYPT,
-                                           ilen, iv, iv_len, ad, ad_len,
-                                           input, output, tag_len, tag ) );
-    }
-#endif /* MBEDTLS_GCM_C */
-#if defined(MBEDTLS_CCM_C)
-    if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
-    {
-        *olen = ilen;
-        return( mbedtls_ccm_encrypt_and_tag( ctx->cipher_ctx, ilen,
-                                     iv, iv_len, ad, ad_len, input, output,
-                                     tag, tag_len ) );
-    }
-#endif /* MBEDTLS_CCM_C */
-#if defined(MBEDTLS_CHACHAPOLY_C)
-    if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
-    {
-        /* ChachaPoly has fixed length nonce and MAC (tag) */
-        if ( ( iv_len != ctx->cipher_info->iv_size ) ||
-             ( tag_len != 16U ) )
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-        }
-
-        *olen = ilen;
-        return( mbedtls_chachapoly_encrypt_and_tag( ctx->cipher_ctx,
-                                ilen, iv, ad, ad_len, input, output, tag ) );
-    }
-#endif /* MBEDTLS_CHACHAPOLY_C */
-
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-}
-
-/*
- * Packet-oriented encryption for AEAD modes: internal function shared by
- * mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext().
- */
-static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen,
-                         const unsigned char *tag, size_t tag_len )
-{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ctx->psa_enabled == 1 )
-    {
-        /* As in the non-PSA case, we don't check that
-         * a key has been set. If not, the key slot will
-         * still be in its default state of 0, which is
-         * guaranteed to be invalid, hence the PSA-call
-         * below will gracefully fail. */
-        mbedtls_cipher_context_psa * const cipher_psa =
-            (mbedtls_cipher_context_psa *) ctx->cipher_ctx;
-
-        psa_status_t status;
-
-        /* PSA Crypto API always writes the authentication tag
-         * at the end of the encrypted message. */
-        if( input == NULL || tag != input + ilen )
-            return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-
-        status = psa_aead_decrypt( cipher_psa->slot,
-                                   cipher_psa->alg,
-                                   iv, iv_len,
-                                   ad, ad_len,
-                                   input, ilen + tag_len,
-                                   output, ilen, olen );
-        if( status == PSA_ERROR_INVALID_SIGNATURE )
-            return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
-        else if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
-
-        return( 0 );
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_GCM_C)
-    if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode )
-    {
-        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-        *olen = ilen;
-        ret = mbedtls_gcm_auth_decrypt( ctx->cipher_ctx, ilen,
-                                iv, iv_len, ad, ad_len,
-                                tag, tag_len, input, output );
-
-        if( ret == MBEDTLS_ERR_GCM_AUTH_FAILED )
-            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
-
-        return( ret );
-    }
-#endif /* MBEDTLS_GCM_C */
-#if defined(MBEDTLS_CCM_C)
-    if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode )
-    {
-        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-        *olen = ilen;
-        ret = mbedtls_ccm_auth_decrypt( ctx->cipher_ctx, ilen,
-                                iv, iv_len, ad, ad_len,
-                                input, output, tag, tag_len );
-
-        if( ret == MBEDTLS_ERR_CCM_AUTH_FAILED )
-            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
-
-        return( ret );
-    }
-#endif /* MBEDTLS_CCM_C */
-#if defined(MBEDTLS_CHACHAPOLY_C)
-    if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type )
-    {
-        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-        /* ChachaPoly has fixed length nonce and MAC (tag) */
-        if ( ( iv_len != ctx->cipher_info->iv_size ) ||
-             ( tag_len != 16U ) )
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-        }
-
-        *olen = ilen;
-        ret = mbedtls_chachapoly_auth_decrypt( ctx->cipher_ctx, ilen,
-                                iv, ad, ad_len, tag, input, output );
-
-        if( ret == MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED )
-            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
-
-        return( ret );
-    }
-#endif /* MBEDTLS_CHACHAPOLY_C */
-
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/*
- * Packet-oriented encryption for AEAD modes: public legacy function.
- */
-int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen,
-                         unsigned char *tag, size_t tag_len )
-{
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
-    CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
-    CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
-    CIPHER_VALIDATE_RET( ilen == 0 || output != NULL );
-    CIPHER_VALIDATE_RET( olen != NULL );
-    CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
-
-    return( mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len,
-                                         input, ilen, output, olen,
-                                         tag, tag_len ) );
-}
-
-/*
- * Packet-oriented decryption for AEAD modes: public legacy function.
- */
-int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t *olen,
-                         const unsigned char *tag, size_t tag_len )
-{
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
-    CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
-    CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
-    CIPHER_VALIDATE_RET( ilen == 0 || output != NULL );
-    CIPHER_VALIDATE_RET( olen != NULL );
-    CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
-
-    return( mbedtls_cipher_aead_decrypt( ctx, iv, iv_len, ad, ad_len,
-                                         input, ilen, output, olen,
-                                         tag, tag_len ) );
-}
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_CIPHER_MODE_AEAD */
-
-#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
-/*
- * Packet-oriented encryption for AEAD/NIST_KW: public function.
- */
-int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t output_len,
-                         size_t *olen, size_t tag_len )
-{
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
-    CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
-    CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
-    CIPHER_VALIDATE_RET( output != NULL );
-    CIPHER_VALIDATE_RET( olen != NULL );
-
-#if defined(MBEDTLS_NIST_KW_C)
-    if(
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-        ctx->psa_enabled == 0 &&
-#endif
-        ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
-          MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) )
-    {
-        mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ?
-                                        MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
-
-        /* There is no iv, tag or ad associated with KW and KWP,
-         * so these length should be 0 as documented. */
-        if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-        (void) iv;
-        (void) ad;
-
-        return( mbedtls_nist_kw_wrap( ctx->cipher_ctx, mode, input, ilen,
-                                      output, olen, output_len ) );
-    }
-#endif /* MBEDTLS_NIST_KW_C */
-
-#if defined(MBEDTLS_CIPHER_MODE_AEAD)
-    /* AEAD case: check length before passing on to shared function */
-    if( output_len < ilen + tag_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    int ret = mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len,
-                                       input, ilen, output, olen,
-                                       output + ilen, tag_len );
-    *olen += tag_len;
-    return( ret );
-#else
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-#endif /* MBEDTLS_CIPHER_MODE_AEAD */
-}
-
-/*
- * Packet-oriented decryption for AEAD/NIST_KW: public function.
- */
-int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t output_len,
-                         size_t *olen, size_t tag_len )
-{
-    CIPHER_VALIDATE_RET( ctx != NULL );
-    CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL );
-    CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL );
-    CIPHER_VALIDATE_RET( ilen == 0 || input != NULL );
-    CIPHER_VALIDATE_RET( output_len == 0 || output != NULL );
-    CIPHER_VALIDATE_RET( olen != NULL );
-
-#if defined(MBEDTLS_NIST_KW_C)
-    if(
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-        ctx->psa_enabled == 0 &&
-#endif
-        ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
-          MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) )
-    {
-        mbedtls_nist_kw_mode_t mode = ( MBEDTLS_MODE_KW == ctx->cipher_info->mode ) ?
-                                        MBEDTLS_KW_MODE_KW : MBEDTLS_KW_MODE_KWP;
-
-        /* There is no iv, tag or ad associated with KW and KWP,
-         * so these length should be 0 as documented. */
-        if( iv_len != 0 || tag_len != 0 || ad_len != 0 )
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-        (void) iv;
-        (void) ad;
-
-        return( mbedtls_nist_kw_unwrap( ctx->cipher_ctx, mode, input, ilen,
-                                        output, olen, output_len ) );
-    }
-#endif /* MBEDTLS_NIST_KW_C */
-
-#if defined(MBEDTLS_CIPHER_MODE_AEAD)
-    /* AEAD case: check length before passing on to shared function */
-    if( ilen < tag_len || output_len < ilen - tag_len )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    return( mbedtls_cipher_aead_decrypt( ctx, iv, iv_len, ad, ad_len,
-                                         input, ilen - tag_len, output, olen,
-                                         input + ilen - tag_len, tag_len ) );
-#else
-    return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-#endif /* MBEDTLS_CIPHER_MODE_AEAD */
-}
-#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
-
-#endif /* MBEDTLS_CIPHER_C */
diff --git a/Sources/mbedtls/library/cipher_wrap.c b/Sources/mbedtls/library/cipher_wrap.c
deleted file mode 100644
index c76bdcc..0000000
--- a/Sources/mbedtls/library/cipher_wrap.c
+++ /dev/null
@@ -1,2400 +0,0 @@
-/**
- * \file cipher_wrap.c
- *
- * \brief Generic cipher wrapper for mbed TLS
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_CIPHER_C)
-
-#include "mbedtls/cipher_internal.h"
-#include "mbedtls/error.h"
-
-#if defined(MBEDTLS_CHACHAPOLY_C)
-#include "mbedtls/chachapoly.h"
-#endif
-
-#if defined(MBEDTLS_AES_C)
-#include "mbedtls/aes.h"
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
-#include "mbedtls/arc4.h"
-#endif
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#include "mbedtls/camellia.h"
-#endif
-
-#if defined(MBEDTLS_ARIA_C)
-#include "mbedtls/aria.h"
-#endif
-
-#if defined(MBEDTLS_DES_C)
-#include "mbedtls/des.h"
-#endif
-
-#if defined(MBEDTLS_BLOWFISH_C)
-#include "mbedtls/blowfish.h"
-#endif
-
-#if defined(MBEDTLS_CHACHA20_C)
-#include "mbedtls/chacha20.h"
-#endif
-
-#if defined(MBEDTLS_GCM_C)
-#include "mbedtls/gcm.h"
-#endif
-
-#if defined(MBEDTLS_CCM_C)
-#include "mbedtls/ccm.h"
-#endif
-
-#if defined(MBEDTLS_NIST_KW_C)
-#include "mbedtls/nist_kw.h"
-#endif
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#include <string.h>
-#endif
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_GCM_C)
-/* shared by all GCM ciphers */
-static void *gcm_ctx_alloc( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_gcm_context ) );
-
-    if( ctx != NULL )
-        mbedtls_gcm_init( (mbedtls_gcm_context *) ctx );
-
-    return( ctx );
-}
-
-static void gcm_ctx_free( void *ctx )
-{
-    mbedtls_gcm_free( ctx );
-    mbedtls_free( ctx );
-}
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CCM_C)
-/* shared by all CCM ciphers */
-static void *ccm_ctx_alloc( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ccm_context ) );
-
-    if( ctx != NULL )
-        mbedtls_ccm_init( (mbedtls_ccm_context *) ctx );
-
-    return( ctx );
-}
-
-static void ccm_ctx_free( void *ctx )
-{
-    mbedtls_ccm_free( ctx );
-    mbedtls_free( ctx );
-}
-#endif /* MBEDTLS_CCM_C */
-
-#if defined(MBEDTLS_AES_C)
-
-static int aes_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_aes_crypt_ecb( (mbedtls_aes_context *) ctx, operation, input, output );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int aes_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
-        unsigned char *iv, const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_aes_crypt_cbc( (mbedtls_aes_context *) ctx, operation, length, iv, input,
-                          output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int aes_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, size_t *iv_off, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_aes_crypt_cfb128( (mbedtls_aes_context *) ctx, operation, length, iv_off, iv,
-                             input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-static int aes_crypt_ofb_wrap( void *ctx, size_t length, size_t *iv_off,
-        unsigned char *iv, const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_aes_crypt_ofb( (mbedtls_aes_context *) ctx, length, iv_off,
-                                    iv, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_OFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int aes_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
-        unsigned char *nonce_counter, unsigned char *stream_block,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_aes_crypt_ctr( (mbedtls_aes_context *) ctx, length, nc_off, nonce_counter,
-                          stream_block, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-static int aes_crypt_xts_wrap( void *ctx, mbedtls_operation_t operation,
-                               size_t length,
-                               const unsigned char data_unit[16],
-                               const unsigned char *input,
-                               unsigned char *output )
-{
-    mbedtls_aes_xts_context *xts_ctx = ctx;
-    int mode;
-
-    switch( operation )
-    {
-        case MBEDTLS_ENCRYPT:
-            mode = MBEDTLS_AES_ENCRYPT;
-            break;
-        case MBEDTLS_DECRYPT:
-            mode = MBEDTLS_AES_DECRYPT;
-            break;
-        default:
-            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
-    }
-
-    return mbedtls_aes_crypt_xts( xts_ctx, mode, length,
-                                  data_unit, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-static int aes_setkey_dec_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
-{
-    return mbedtls_aes_setkey_dec( (mbedtls_aes_context *) ctx, key, key_bitlen );
-}
-
-static int aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
-{
-    return mbedtls_aes_setkey_enc( (mbedtls_aes_context *) ctx, key, key_bitlen );
-}
-
-static void * aes_ctx_alloc( void )
-{
-    mbedtls_aes_context *aes = mbedtls_calloc( 1, sizeof( mbedtls_aes_context ) );
-
-    if( aes == NULL )
-        return( NULL );
-
-    mbedtls_aes_init( aes );
-
-    return( aes );
-}
-
-static void aes_ctx_free( void *ctx )
-{
-    mbedtls_aes_free( (mbedtls_aes_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t aes_info = {
-    MBEDTLS_CIPHER_ID_AES,
-    aes_crypt_ecb_wrap,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    aes_crypt_cbc_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    aes_crypt_cfb128_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    aes_crypt_ofb_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    aes_crypt_ctr_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    aes_setkey_enc_wrap,
-    aes_setkey_dec_wrap,
-    aes_ctx_alloc,
-    aes_ctx_free
-};
-
-static const mbedtls_cipher_info_t aes_128_ecb_info = {
-    MBEDTLS_CIPHER_AES_128_ECB,
-    MBEDTLS_MODE_ECB,
-    128,
-    "AES-128-ECB",
-    0,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_ecb_info = {
-    MBEDTLS_CIPHER_AES_192_ECB,
-    MBEDTLS_MODE_ECB,
-    192,
-    "AES-192-ECB",
-    0,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_ecb_info = {
-    MBEDTLS_CIPHER_AES_256_ECB,
-    MBEDTLS_MODE_ECB,
-    256,
-    "AES-256-ECB",
-    0,
-    0,
-    16,
-    &aes_info
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const mbedtls_cipher_info_t aes_128_cbc_info = {
-    MBEDTLS_CIPHER_AES_128_CBC,
-    MBEDTLS_MODE_CBC,
-    128,
-    "AES-128-CBC",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_cbc_info = {
-    MBEDTLS_CIPHER_AES_192_CBC,
-    MBEDTLS_MODE_CBC,
-    192,
-    "AES-192-CBC",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_cbc_info = {
-    MBEDTLS_CIPHER_AES_256_CBC,
-    MBEDTLS_MODE_CBC,
-    256,
-    "AES-256-CBC",
-    16,
-    0,
-    16,
-    &aes_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static const mbedtls_cipher_info_t aes_128_cfb128_info = {
-    MBEDTLS_CIPHER_AES_128_CFB128,
-    MBEDTLS_MODE_CFB,
-    128,
-    "AES-128-CFB128",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_cfb128_info = {
-    MBEDTLS_CIPHER_AES_192_CFB128,
-    MBEDTLS_MODE_CFB,
-    192,
-    "AES-192-CFB128",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_cfb128_info = {
-    MBEDTLS_CIPHER_AES_256_CFB128,
-    MBEDTLS_MODE_CFB,
-    256,
-    "AES-256-CFB128",
-    16,
-    0,
-    16,
-    &aes_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-static const mbedtls_cipher_info_t aes_128_ofb_info = {
-    MBEDTLS_CIPHER_AES_128_OFB,
-    MBEDTLS_MODE_OFB,
-    128,
-    "AES-128-OFB",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_ofb_info = {
-    MBEDTLS_CIPHER_AES_192_OFB,
-    MBEDTLS_MODE_OFB,
-    192,
-    "AES-192-OFB",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_ofb_info = {
-    MBEDTLS_CIPHER_AES_256_OFB,
-    MBEDTLS_MODE_OFB,
-    256,
-    "AES-256-OFB",
-    16,
-    0,
-    16,
-    &aes_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_OFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static const mbedtls_cipher_info_t aes_128_ctr_info = {
-    MBEDTLS_CIPHER_AES_128_CTR,
-    MBEDTLS_MODE_CTR,
-    128,
-    "AES-128-CTR",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_ctr_info = {
-    MBEDTLS_CIPHER_AES_192_CTR,
-    MBEDTLS_MODE_CTR,
-    192,
-    "AES-192-CTR",
-    16,
-    0,
-    16,
-    &aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_ctr_info = {
-    MBEDTLS_CIPHER_AES_256_CTR,
-    MBEDTLS_MODE_CTR,
-    256,
-    "AES-256-CTR",
-    16,
-    0,
-    16,
-    &aes_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-static int xts_aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
-                                    unsigned int key_bitlen )
-{
-    mbedtls_aes_xts_context *xts_ctx = ctx;
-    return( mbedtls_aes_xts_setkey_enc( xts_ctx, key, key_bitlen ) );
-}
-
-static int xts_aes_setkey_dec_wrap( void *ctx, const unsigned char *key,
-                                    unsigned int key_bitlen )
-{
-    mbedtls_aes_xts_context *xts_ctx = ctx;
-    return( mbedtls_aes_xts_setkey_dec( xts_ctx, key, key_bitlen ) );
-}
-
-static void *xts_aes_ctx_alloc( void )
-{
-    mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc( 1, sizeof( *xts_ctx ) );
-
-    if( xts_ctx != NULL )
-        mbedtls_aes_xts_init( xts_ctx );
-
-    return( xts_ctx );
-}
-
-static void xts_aes_ctx_free( void *ctx )
-{
-    mbedtls_aes_xts_context *xts_ctx = ctx;
-
-    if( xts_ctx == NULL )
-        return;
-
-    mbedtls_aes_xts_free( xts_ctx );
-    mbedtls_free( xts_ctx );
-}
-
-static const mbedtls_cipher_base_t xts_aes_info = {
-    MBEDTLS_CIPHER_ID_AES,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    aes_crypt_xts_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    xts_aes_setkey_enc_wrap,
-    xts_aes_setkey_dec_wrap,
-    xts_aes_ctx_alloc,
-    xts_aes_ctx_free
-};
-
-static const mbedtls_cipher_info_t aes_128_xts_info = {
-    MBEDTLS_CIPHER_AES_128_XTS,
-    MBEDTLS_MODE_XTS,
-    256,
-    "AES-128-XTS",
-    16,
-    0,
-    16,
-    &xts_aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_xts_info = {
-    MBEDTLS_CIPHER_AES_256_XTS,
-    MBEDTLS_MODE_XTS,
-    512,
-    "AES-256-XTS",
-    16,
-    0,
-    16,
-    &xts_aes_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
-
-#if defined(MBEDTLS_GCM_C)
-static int gcm_aes_setkey_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
-{
-    return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
-                     key, key_bitlen );
-}
-
-static const mbedtls_cipher_base_t gcm_aes_info = {
-    MBEDTLS_CIPHER_ID_AES,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    gcm_aes_setkey_wrap,
-    gcm_aes_setkey_wrap,
-    gcm_ctx_alloc,
-    gcm_ctx_free,
-};
-
-static const mbedtls_cipher_info_t aes_128_gcm_info = {
-    MBEDTLS_CIPHER_AES_128_GCM,
-    MBEDTLS_MODE_GCM,
-    128,
-    "AES-128-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_gcm_info = {
-    MBEDTLS_CIPHER_AES_192_GCM,
-    MBEDTLS_MODE_GCM,
-    192,
-    "AES-192-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_gcm_info = {
-    MBEDTLS_CIPHER_AES_256_GCM,
-    MBEDTLS_MODE_GCM,
-    256,
-    "AES-256-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_aes_info
-};
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CCM_C)
-static int ccm_aes_setkey_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
-{
-    return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
-                     key, key_bitlen );
-}
-
-static const mbedtls_cipher_base_t ccm_aes_info = {
-    MBEDTLS_CIPHER_ID_AES,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    ccm_aes_setkey_wrap,
-    ccm_aes_setkey_wrap,
-    ccm_ctx_alloc,
-    ccm_ctx_free,
-};
-
-static const mbedtls_cipher_info_t aes_128_ccm_info = {
-    MBEDTLS_CIPHER_AES_128_CCM,
-    MBEDTLS_MODE_CCM,
-    128,
-    "AES-128-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_ccm_info = {
-    MBEDTLS_CIPHER_AES_192_CCM,
-    MBEDTLS_MODE_CCM,
-    192,
-    "AES-192-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_ccm_info = {
-    MBEDTLS_CIPHER_AES_256_CCM,
-    MBEDTLS_MODE_CCM,
-    256,
-    "AES-256-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_aes_info
-};
-#endif /* MBEDTLS_CCM_C */
-
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-
-static int camellia_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_camellia_crypt_ecb( (mbedtls_camellia_context *) ctx, operation, input,
-                               output );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int camellia_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_camellia_crypt_cbc( (mbedtls_camellia_context *) ctx, operation, length, iv,
-                               input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int camellia_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, size_t *iv_off, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_camellia_crypt_cfb128( (mbedtls_camellia_context *) ctx, operation, length,
-                                  iv_off, iv, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int camellia_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
-        unsigned char *nonce_counter, unsigned char *stream_block,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_camellia_crypt_ctr( (mbedtls_camellia_context *) ctx, length, nc_off,
-                               nonce_counter, stream_block, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-static int camellia_setkey_dec_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
-{
-    return mbedtls_camellia_setkey_dec( (mbedtls_camellia_context *) ctx, key, key_bitlen );
-}
-
-static int camellia_setkey_enc_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
-{
-    return mbedtls_camellia_setkey_enc( (mbedtls_camellia_context *) ctx, key, key_bitlen );
-}
-
-static void * camellia_ctx_alloc( void )
-{
-    mbedtls_camellia_context *ctx;
-    ctx = mbedtls_calloc( 1, sizeof( mbedtls_camellia_context ) );
-
-    if( ctx == NULL )
-        return( NULL );
-
-    mbedtls_camellia_init( ctx );
-
-    return( ctx );
-}
-
-static void camellia_ctx_free( void *ctx )
-{
-    mbedtls_camellia_free( (mbedtls_camellia_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t camellia_info = {
-    MBEDTLS_CIPHER_ID_CAMELLIA,
-    camellia_crypt_ecb_wrap,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    camellia_crypt_cbc_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    camellia_crypt_cfb128_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    camellia_crypt_ctr_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    camellia_setkey_enc_wrap,
-    camellia_setkey_dec_wrap,
-    camellia_ctx_alloc,
-    camellia_ctx_free
-};
-
-static const mbedtls_cipher_info_t camellia_128_ecb_info = {
-    MBEDTLS_CIPHER_CAMELLIA_128_ECB,
-    MBEDTLS_MODE_ECB,
-    128,
-    "CAMELLIA-128-ECB",
-    0,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_192_ecb_info = {
-    MBEDTLS_CIPHER_CAMELLIA_192_ECB,
-    MBEDTLS_MODE_ECB,
-    192,
-    "CAMELLIA-192-ECB",
-    0,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_256_ecb_info = {
-    MBEDTLS_CIPHER_CAMELLIA_256_ECB,
-    MBEDTLS_MODE_ECB,
-    256,
-    "CAMELLIA-256-ECB",
-    0,
-    0,
-    16,
-    &camellia_info
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const mbedtls_cipher_info_t camellia_128_cbc_info = {
-    MBEDTLS_CIPHER_CAMELLIA_128_CBC,
-    MBEDTLS_MODE_CBC,
-    128,
-    "CAMELLIA-128-CBC",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_192_cbc_info = {
-    MBEDTLS_CIPHER_CAMELLIA_192_CBC,
-    MBEDTLS_MODE_CBC,
-    192,
-    "CAMELLIA-192-CBC",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_256_cbc_info = {
-    MBEDTLS_CIPHER_CAMELLIA_256_CBC,
-    MBEDTLS_MODE_CBC,
-    256,
-    "CAMELLIA-256-CBC",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static const mbedtls_cipher_info_t camellia_128_cfb128_info = {
-    MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
-    MBEDTLS_MODE_CFB,
-    128,
-    "CAMELLIA-128-CFB128",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_192_cfb128_info = {
-    MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
-    MBEDTLS_MODE_CFB,
-    192,
-    "CAMELLIA-192-CFB128",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_256_cfb128_info = {
-    MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
-    MBEDTLS_MODE_CFB,
-    256,
-    "CAMELLIA-256-CFB128",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static const mbedtls_cipher_info_t camellia_128_ctr_info = {
-    MBEDTLS_CIPHER_CAMELLIA_128_CTR,
-    MBEDTLS_MODE_CTR,
-    128,
-    "CAMELLIA-128-CTR",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_192_ctr_info = {
-    MBEDTLS_CIPHER_CAMELLIA_192_CTR,
-    MBEDTLS_MODE_CTR,
-    192,
-    "CAMELLIA-192-CTR",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_256_ctr_info = {
-    MBEDTLS_CIPHER_CAMELLIA_256_CTR,
-    MBEDTLS_MODE_CTR,
-    256,
-    "CAMELLIA-256-CTR",
-    16,
-    0,
-    16,
-    &camellia_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_GCM_C)
-static int gcm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
-{
-    return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
-                     key, key_bitlen );
-}
-
-static const mbedtls_cipher_base_t gcm_camellia_info = {
-    MBEDTLS_CIPHER_ID_CAMELLIA,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    gcm_camellia_setkey_wrap,
-    gcm_camellia_setkey_wrap,
-    gcm_ctx_alloc,
-    gcm_ctx_free,
-};
-
-static const mbedtls_cipher_info_t camellia_128_gcm_info = {
-    MBEDTLS_CIPHER_CAMELLIA_128_GCM,
-    MBEDTLS_MODE_GCM,
-    128,
-    "CAMELLIA-128-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_192_gcm_info = {
-    MBEDTLS_CIPHER_CAMELLIA_192_GCM,
-    MBEDTLS_MODE_GCM,
-    192,
-    "CAMELLIA-192-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_256_gcm_info = {
-    MBEDTLS_CIPHER_CAMELLIA_256_GCM,
-    MBEDTLS_MODE_GCM,
-    256,
-    "CAMELLIA-256-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_camellia_info
-};
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CCM_C)
-static int ccm_camellia_setkey_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
-{
-    return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_CAMELLIA,
-                     key, key_bitlen );
-}
-
-static const mbedtls_cipher_base_t ccm_camellia_info = {
-    MBEDTLS_CIPHER_ID_CAMELLIA,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    ccm_camellia_setkey_wrap,
-    ccm_camellia_setkey_wrap,
-    ccm_ctx_alloc,
-    ccm_ctx_free,
-};
-
-static const mbedtls_cipher_info_t camellia_128_ccm_info = {
-    MBEDTLS_CIPHER_CAMELLIA_128_CCM,
-    MBEDTLS_MODE_CCM,
-    128,
-    "CAMELLIA-128-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_192_ccm_info = {
-    MBEDTLS_CIPHER_CAMELLIA_192_CCM,
-    MBEDTLS_MODE_CCM,
-    192,
-    "CAMELLIA-192-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_camellia_info
-};
-
-static const mbedtls_cipher_info_t camellia_256_ccm_info = {
-    MBEDTLS_CIPHER_CAMELLIA_256_CCM,
-    MBEDTLS_MODE_CCM,
-    256,
-    "CAMELLIA-256-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_camellia_info
-};
-#endif /* MBEDTLS_CCM_C */
-
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_ARIA_C)
-
-static int aria_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
-{
-    (void) operation;
-    return mbedtls_aria_crypt_ecb( (mbedtls_aria_context *) ctx, input,
-                               output );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int aria_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_aria_crypt_cbc( (mbedtls_aria_context *) ctx, operation, length, iv,
-                               input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int aria_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, size_t *iv_off, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_aria_crypt_cfb128( (mbedtls_aria_context *) ctx, operation, length,
-                                  iv_off, iv, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int aria_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
-        unsigned char *nonce_counter, unsigned char *stream_block,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_aria_crypt_ctr( (mbedtls_aria_context *) ctx, length, nc_off,
-                               nonce_counter, stream_block, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-static int aria_setkey_dec_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
-{
-    return mbedtls_aria_setkey_dec( (mbedtls_aria_context *) ctx, key, key_bitlen );
-}
-
-static int aria_setkey_enc_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
-{
-    return mbedtls_aria_setkey_enc( (mbedtls_aria_context *) ctx, key, key_bitlen );
-}
-
-static void * aria_ctx_alloc( void )
-{
-    mbedtls_aria_context *ctx;
-    ctx = mbedtls_calloc( 1, sizeof( mbedtls_aria_context ) );
-
-    if( ctx == NULL )
-        return( NULL );
-
-    mbedtls_aria_init( ctx );
-
-    return( ctx );
-}
-
-static void aria_ctx_free( void *ctx )
-{
-    mbedtls_aria_free( (mbedtls_aria_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t aria_info = {
-    MBEDTLS_CIPHER_ID_ARIA,
-    aria_crypt_ecb_wrap,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    aria_crypt_cbc_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    aria_crypt_cfb128_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    aria_crypt_ctr_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    aria_setkey_enc_wrap,
-    aria_setkey_dec_wrap,
-    aria_ctx_alloc,
-    aria_ctx_free
-};
-
-static const mbedtls_cipher_info_t aria_128_ecb_info = {
-    MBEDTLS_CIPHER_ARIA_128_ECB,
-    MBEDTLS_MODE_ECB,
-    128,
-    "ARIA-128-ECB",
-    0,
-    0,
-    16,
-    &aria_info
-};
-
-static const mbedtls_cipher_info_t aria_192_ecb_info = {
-    MBEDTLS_CIPHER_ARIA_192_ECB,
-    MBEDTLS_MODE_ECB,
-    192,
-    "ARIA-192-ECB",
-    0,
-    0,
-    16,
-    &aria_info
-};
-
-static const mbedtls_cipher_info_t aria_256_ecb_info = {
-    MBEDTLS_CIPHER_ARIA_256_ECB,
-    MBEDTLS_MODE_ECB,
-    256,
-    "ARIA-256-ECB",
-    0,
-    0,
-    16,
-    &aria_info
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const mbedtls_cipher_info_t aria_128_cbc_info = {
-    MBEDTLS_CIPHER_ARIA_128_CBC,
-    MBEDTLS_MODE_CBC,
-    128,
-    "ARIA-128-CBC",
-    16,
-    0,
-    16,
-    &aria_info
-};
-
-static const mbedtls_cipher_info_t aria_192_cbc_info = {
-    MBEDTLS_CIPHER_ARIA_192_CBC,
-    MBEDTLS_MODE_CBC,
-    192,
-    "ARIA-192-CBC",
-    16,
-    0,
-    16,
-    &aria_info
-};
-
-static const mbedtls_cipher_info_t aria_256_cbc_info = {
-    MBEDTLS_CIPHER_ARIA_256_CBC,
-    MBEDTLS_MODE_CBC,
-    256,
-    "ARIA-256-CBC",
-    16,
-    0,
-    16,
-    &aria_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static const mbedtls_cipher_info_t aria_128_cfb128_info = {
-    MBEDTLS_CIPHER_ARIA_128_CFB128,
-    MBEDTLS_MODE_CFB,
-    128,
-    "ARIA-128-CFB128",
-    16,
-    0,
-    16,
-    &aria_info
-};
-
-static const mbedtls_cipher_info_t aria_192_cfb128_info = {
-    MBEDTLS_CIPHER_ARIA_192_CFB128,
-    MBEDTLS_MODE_CFB,
-    192,
-    "ARIA-192-CFB128",
-    16,
-    0,
-    16,
-    &aria_info
-};
-
-static const mbedtls_cipher_info_t aria_256_cfb128_info = {
-    MBEDTLS_CIPHER_ARIA_256_CFB128,
-    MBEDTLS_MODE_CFB,
-    256,
-    "ARIA-256-CFB128",
-    16,
-    0,
-    16,
-    &aria_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static const mbedtls_cipher_info_t aria_128_ctr_info = {
-    MBEDTLS_CIPHER_ARIA_128_CTR,
-    MBEDTLS_MODE_CTR,
-    128,
-    "ARIA-128-CTR",
-    16,
-    0,
-    16,
-    &aria_info
-};
-
-static const mbedtls_cipher_info_t aria_192_ctr_info = {
-    MBEDTLS_CIPHER_ARIA_192_CTR,
-    MBEDTLS_MODE_CTR,
-    192,
-    "ARIA-192-CTR",
-    16,
-    0,
-    16,
-    &aria_info
-};
-
-static const mbedtls_cipher_info_t aria_256_ctr_info = {
-    MBEDTLS_CIPHER_ARIA_256_CTR,
-    MBEDTLS_MODE_CTR,
-    256,
-    "ARIA-256-CTR",
-    16,
-    0,
-    16,
-    &aria_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-#if defined(MBEDTLS_GCM_C)
-static int gcm_aria_setkey_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
-{
-    return mbedtls_gcm_setkey( (mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
-                     key, key_bitlen );
-}
-
-static const mbedtls_cipher_base_t gcm_aria_info = {
-    MBEDTLS_CIPHER_ID_ARIA,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    gcm_aria_setkey_wrap,
-    gcm_aria_setkey_wrap,
-    gcm_ctx_alloc,
-    gcm_ctx_free,
-};
-
-static const mbedtls_cipher_info_t aria_128_gcm_info = {
-    MBEDTLS_CIPHER_ARIA_128_GCM,
-    MBEDTLS_MODE_GCM,
-    128,
-    "ARIA-128-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_aria_info
-};
-
-static const mbedtls_cipher_info_t aria_192_gcm_info = {
-    MBEDTLS_CIPHER_ARIA_192_GCM,
-    MBEDTLS_MODE_GCM,
-    192,
-    "ARIA-192-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_aria_info
-};
-
-static const mbedtls_cipher_info_t aria_256_gcm_info = {
-    MBEDTLS_CIPHER_ARIA_256_GCM,
-    MBEDTLS_MODE_GCM,
-    256,
-    "ARIA-256-GCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &gcm_aria_info
-};
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CCM_C)
-static int ccm_aria_setkey_wrap( void *ctx, const unsigned char *key,
-                                     unsigned int key_bitlen )
-{
-    return mbedtls_ccm_setkey( (mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_ARIA,
-                     key, key_bitlen );
-}
-
-static const mbedtls_cipher_base_t ccm_aria_info = {
-    MBEDTLS_CIPHER_ID_ARIA,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    ccm_aria_setkey_wrap,
-    ccm_aria_setkey_wrap,
-    ccm_ctx_alloc,
-    ccm_ctx_free,
-};
-
-static const mbedtls_cipher_info_t aria_128_ccm_info = {
-    MBEDTLS_CIPHER_ARIA_128_CCM,
-    MBEDTLS_MODE_CCM,
-    128,
-    "ARIA-128-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_aria_info
-};
-
-static const mbedtls_cipher_info_t aria_192_ccm_info = {
-    MBEDTLS_CIPHER_ARIA_192_CCM,
-    MBEDTLS_MODE_CCM,
-    192,
-    "ARIA-192-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_aria_info
-};
-
-static const mbedtls_cipher_info_t aria_256_ccm_info = {
-    MBEDTLS_CIPHER_ARIA_256_CCM,
-    MBEDTLS_MODE_CCM,
-    256,
-    "ARIA-256-CCM",
-    12,
-    MBEDTLS_CIPHER_VARIABLE_IV_LEN,
-    16,
-    &ccm_aria_info
-};
-#endif /* MBEDTLS_CCM_C */
-
-#endif /* MBEDTLS_ARIA_C */
-
-#if defined(MBEDTLS_DES_C)
-
-static int des_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
-{
-    ((void) operation);
-    return mbedtls_des_crypt_ecb( (mbedtls_des_context *) ctx, input, output );
-}
-
-static int des3_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
-{
-    ((void) operation);
-    return mbedtls_des3_crypt_ecb( (mbedtls_des3_context *) ctx, input, output );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int des_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
-        unsigned char *iv, const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_des_crypt_cbc( (mbedtls_des_context *) ctx, operation, length, iv, input,
-                          output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int des3_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length,
-        unsigned char *iv, const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_des3_crypt_cbc( (mbedtls_des3_context *) ctx, operation, length, iv, input,
-                           output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-static int des_setkey_dec_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
-{
-    ((void) key_bitlen);
-
-    return mbedtls_des_setkey_dec( (mbedtls_des_context *) ctx, key );
-}
-
-static int des_setkey_enc_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
-{
-    ((void) key_bitlen);
-
-    return mbedtls_des_setkey_enc( (mbedtls_des_context *) ctx, key );
-}
-
-static int des3_set2key_dec_wrap( void *ctx, const unsigned char *key,
-                                  unsigned int key_bitlen )
-{
-    ((void) key_bitlen);
-
-    return mbedtls_des3_set2key_dec( (mbedtls_des3_context *) ctx, key );
-}
-
-static int des3_set2key_enc_wrap( void *ctx, const unsigned char *key,
-                                  unsigned int key_bitlen )
-{
-    ((void) key_bitlen);
-
-    return mbedtls_des3_set2key_enc( (mbedtls_des3_context *) ctx, key );
-}
-
-static int des3_set3key_dec_wrap( void *ctx, const unsigned char *key,
-                                  unsigned int key_bitlen )
-{
-    ((void) key_bitlen);
-
-    return mbedtls_des3_set3key_dec( (mbedtls_des3_context *) ctx, key );
-}
-
-static int des3_set3key_enc_wrap( void *ctx, const unsigned char *key,
-                                  unsigned int key_bitlen )
-{
-    ((void) key_bitlen);
-
-    return mbedtls_des3_set3key_enc( (mbedtls_des3_context *) ctx, key );
-}
-
-static void * des_ctx_alloc( void )
-{
-    mbedtls_des_context *des = mbedtls_calloc( 1, sizeof( mbedtls_des_context ) );
-
-    if( des == NULL )
-        return( NULL );
-
-    mbedtls_des_init( des );
-
-    return( des );
-}
-
-static void des_ctx_free( void *ctx )
-{
-    mbedtls_des_free( (mbedtls_des_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static void * des3_ctx_alloc( void )
-{
-    mbedtls_des3_context *des3;
-    des3 = mbedtls_calloc( 1, sizeof( mbedtls_des3_context ) );
-
-    if( des3 == NULL )
-        return( NULL );
-
-    mbedtls_des3_init( des3 );
-
-    return( des3 );
-}
-
-static void des3_ctx_free( void *ctx )
-{
-    mbedtls_des3_free( (mbedtls_des3_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t des_info = {
-    MBEDTLS_CIPHER_ID_DES,
-    des_crypt_ecb_wrap,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    des_crypt_cbc_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    des_setkey_enc_wrap,
-    des_setkey_dec_wrap,
-    des_ctx_alloc,
-    des_ctx_free
-};
-
-static const mbedtls_cipher_info_t des_ecb_info = {
-    MBEDTLS_CIPHER_DES_ECB,
-    MBEDTLS_MODE_ECB,
-    MBEDTLS_KEY_LENGTH_DES,
-    "DES-ECB",
-    0,
-    0,
-    8,
-    &des_info
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const mbedtls_cipher_info_t des_cbc_info = {
-    MBEDTLS_CIPHER_DES_CBC,
-    MBEDTLS_MODE_CBC,
-    MBEDTLS_KEY_LENGTH_DES,
-    "DES-CBC",
-    8,
-    0,
-    8,
-    &des_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-static const mbedtls_cipher_base_t des_ede_info = {
-    MBEDTLS_CIPHER_ID_DES,
-    des3_crypt_ecb_wrap,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    des3_crypt_cbc_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    des3_set2key_enc_wrap,
-    des3_set2key_dec_wrap,
-    des3_ctx_alloc,
-    des3_ctx_free
-};
-
-static const mbedtls_cipher_info_t des_ede_ecb_info = {
-    MBEDTLS_CIPHER_DES_EDE_ECB,
-    MBEDTLS_MODE_ECB,
-    MBEDTLS_KEY_LENGTH_DES_EDE,
-    "DES-EDE-ECB",
-    0,
-    0,
-    8,
-    &des_ede_info
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const mbedtls_cipher_info_t des_ede_cbc_info = {
-    MBEDTLS_CIPHER_DES_EDE_CBC,
-    MBEDTLS_MODE_CBC,
-    MBEDTLS_KEY_LENGTH_DES_EDE,
-    "DES-EDE-CBC",
-    8,
-    0,
-    8,
-    &des_ede_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-static const mbedtls_cipher_base_t des_ede3_info = {
-    MBEDTLS_CIPHER_ID_3DES,
-    des3_crypt_ecb_wrap,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    des3_crypt_cbc_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    des3_set3key_enc_wrap,
-    des3_set3key_dec_wrap,
-    des3_ctx_alloc,
-    des3_ctx_free
-};
-
-static const mbedtls_cipher_info_t des_ede3_ecb_info = {
-    MBEDTLS_CIPHER_DES_EDE3_ECB,
-    MBEDTLS_MODE_ECB,
-    MBEDTLS_KEY_LENGTH_DES_EDE3,
-    "DES-EDE3-ECB",
-    0,
-    0,
-    8,
-    &des_ede3_info
-};
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const mbedtls_cipher_info_t des_ede3_cbc_info = {
-    MBEDTLS_CIPHER_DES_EDE3_CBC,
-    MBEDTLS_MODE_CBC,
-    MBEDTLS_KEY_LENGTH_DES_EDE3,
-    "DES-EDE3-CBC",
-    8,
-    0,
-    8,
-    &des_ede3_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_BLOWFISH_C)
-
-static int blowfish_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_blowfish_crypt_ecb( (mbedtls_blowfish_context *) ctx, operation, input,
-                               output );
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static int blowfish_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, unsigned char *iv, const unsigned char *input,
-        unsigned char *output )
-{
-    return mbedtls_blowfish_crypt_cbc( (mbedtls_blowfish_context *) ctx, operation, length, iv,
-                               input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static int blowfish_crypt_cfb64_wrap( void *ctx, mbedtls_operation_t operation,
-        size_t length, size_t *iv_off, unsigned char *iv,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_blowfish_crypt_cfb64( (mbedtls_blowfish_context *) ctx, operation, length,
-                                 iv_off, iv, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static int blowfish_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off,
-        unsigned char *nonce_counter, unsigned char *stream_block,
-        const unsigned char *input, unsigned char *output )
-{
-    return mbedtls_blowfish_crypt_ctr( (mbedtls_blowfish_context *) ctx, length, nc_off,
-                               nonce_counter, stream_block, input, output );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-
-static int blowfish_setkey_wrap( void *ctx, const unsigned char *key,
-                                 unsigned int key_bitlen )
-{
-    return mbedtls_blowfish_setkey( (mbedtls_blowfish_context *) ctx, key, key_bitlen );
-}
-
-static void * blowfish_ctx_alloc( void )
-{
-    mbedtls_blowfish_context *ctx;
-    ctx = mbedtls_calloc( 1, sizeof( mbedtls_blowfish_context ) );
-
-    if( ctx == NULL )
-        return( NULL );
-
-    mbedtls_blowfish_init( ctx );
-
-    return( ctx );
-}
-
-static void blowfish_ctx_free( void *ctx )
-{
-    mbedtls_blowfish_free( (mbedtls_blowfish_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t blowfish_info = {
-    MBEDTLS_CIPHER_ID_BLOWFISH,
-    blowfish_crypt_ecb_wrap,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    blowfish_crypt_cbc_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    blowfish_crypt_cfb64_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    blowfish_crypt_ctr_wrap,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    blowfish_setkey_wrap,
-    blowfish_setkey_wrap,
-    blowfish_ctx_alloc,
-    blowfish_ctx_free
-};
-
-static const mbedtls_cipher_info_t blowfish_ecb_info = {
-    MBEDTLS_CIPHER_BLOWFISH_ECB,
-    MBEDTLS_MODE_ECB,
-    128,
-    "BLOWFISH-ECB",
-    0,
-    MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
-    8,
-    &blowfish_info
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const mbedtls_cipher_info_t blowfish_cbc_info = {
-    MBEDTLS_CIPHER_BLOWFISH_CBC,
-    MBEDTLS_MODE_CBC,
-    128,
-    "BLOWFISH-CBC",
-    8,
-    MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
-    8,
-    &blowfish_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-static const mbedtls_cipher_info_t blowfish_cfb64_info = {
-    MBEDTLS_CIPHER_BLOWFISH_CFB64,
-    MBEDTLS_MODE_CFB,
-    128,
-    "BLOWFISH-CFB64",
-    8,
-    MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
-    8,
-    &blowfish_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CFB */
-
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-static const mbedtls_cipher_info_t blowfish_ctr_info = {
-    MBEDTLS_CIPHER_BLOWFISH_CTR,
-    MBEDTLS_MODE_CTR,
-    128,
-    "BLOWFISH-CTR",
-    8,
-    MBEDTLS_CIPHER_VARIABLE_KEY_LEN,
-    8,
-    &blowfish_info
-};
-#endif /* MBEDTLS_CIPHER_MODE_CTR */
-#endif /* MBEDTLS_BLOWFISH_C */
-
-#if defined(MBEDTLS_ARC4_C)
-static int arc4_crypt_stream_wrap( void *ctx, size_t length,
-                                   const unsigned char *input,
-                                   unsigned char *output )
-{
-    return( mbedtls_arc4_crypt( (mbedtls_arc4_context *) ctx, length, input, output ) );
-}
-
-static int arc4_setkey_wrap( void *ctx, const unsigned char *key,
-                             unsigned int key_bitlen )
-{
-    /* we get key_bitlen in bits, arc4 expects it in bytes */
-    if( key_bitlen % 8 != 0 )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    mbedtls_arc4_setup( (mbedtls_arc4_context *) ctx, key, key_bitlen / 8 );
-    return( 0 );
-}
-
-static void * arc4_ctx_alloc( void )
-{
-    mbedtls_arc4_context *ctx;
-    ctx = mbedtls_calloc( 1, sizeof( mbedtls_arc4_context ) );
-
-    if( ctx == NULL )
-        return( NULL );
-
-    mbedtls_arc4_init( ctx );
-
-    return( ctx );
-}
-
-static void arc4_ctx_free( void *ctx )
-{
-    mbedtls_arc4_free( (mbedtls_arc4_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t arc4_base_info = {
-    MBEDTLS_CIPHER_ID_ARC4,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    arc4_crypt_stream_wrap,
-#endif
-    arc4_setkey_wrap,
-    arc4_setkey_wrap,
-    arc4_ctx_alloc,
-    arc4_ctx_free
-};
-
-static const mbedtls_cipher_info_t arc4_128_info = {
-    MBEDTLS_CIPHER_ARC4_128,
-    MBEDTLS_MODE_STREAM,
-    128,
-    "ARC4-128",
-    0,
-    0,
-    1,
-    &arc4_base_info
-};
-#endif /* MBEDTLS_ARC4_C */
-
-#if defined(MBEDTLS_CHACHA20_C)
-
-static int chacha20_setkey_wrap( void *ctx, const unsigned char *key,
-                                 unsigned int key_bitlen )
-{
-    if( key_bitlen != 256U )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    if ( 0 != mbedtls_chacha20_setkey( (mbedtls_chacha20_context*)ctx, key ) )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    return( 0 );
-}
-
-static int chacha20_stream_wrap( void *ctx,  size_t length,
-                                 const unsigned char *input,
-                                 unsigned char *output )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    ret = mbedtls_chacha20_update( ctx, length, input, output );
-    if( ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    return( ret );
-}
-
-static void * chacha20_ctx_alloc( void )
-{
-    mbedtls_chacha20_context *ctx;
-    ctx = mbedtls_calloc( 1, sizeof( mbedtls_chacha20_context ) );
-
-    if( ctx == NULL )
-        return( NULL );
-
-    mbedtls_chacha20_init( ctx );
-
-    return( ctx );
-}
-
-static void chacha20_ctx_free( void *ctx )
-{
-    mbedtls_chacha20_free( (mbedtls_chacha20_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t chacha20_base_info = {
-    MBEDTLS_CIPHER_ID_CHACHA20,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    chacha20_stream_wrap,
-#endif
-    chacha20_setkey_wrap,
-    chacha20_setkey_wrap,
-    chacha20_ctx_alloc,
-    chacha20_ctx_free
-};
-static const mbedtls_cipher_info_t chacha20_info = {
-    MBEDTLS_CIPHER_CHACHA20,
-    MBEDTLS_MODE_STREAM,
-    256,
-    "CHACHA20",
-    12,
-    0,
-    1,
-    &chacha20_base_info
-};
-#endif /* MBEDTLS_CHACHA20_C */
-
-#if defined(MBEDTLS_CHACHAPOLY_C)
-
-static int chachapoly_setkey_wrap( void *ctx,
-                                   const unsigned char *key,
-                                   unsigned int key_bitlen )
-{
-    if( key_bitlen != 256U )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    if ( 0 != mbedtls_chachapoly_setkey( (mbedtls_chachapoly_context*)ctx, key ) )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    return( 0 );
-}
-
-static void * chachapoly_ctx_alloc( void )
-{
-    mbedtls_chachapoly_context *ctx;
-    ctx = mbedtls_calloc( 1, sizeof( mbedtls_chachapoly_context ) );
-
-    if( ctx == NULL )
-        return( NULL );
-
-    mbedtls_chachapoly_init( ctx );
-
-    return( ctx );
-}
-
-static void chachapoly_ctx_free( void *ctx )
-{
-    mbedtls_chachapoly_free( (mbedtls_chachapoly_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static const mbedtls_cipher_base_t chachapoly_base_info = {
-    MBEDTLS_CIPHER_ID_CHACHA20,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    chachapoly_setkey_wrap,
-    chachapoly_setkey_wrap,
-    chachapoly_ctx_alloc,
-    chachapoly_ctx_free
-};
-static const mbedtls_cipher_info_t chachapoly_info = {
-    MBEDTLS_CIPHER_CHACHA20_POLY1305,
-    MBEDTLS_MODE_CHACHAPOLY,
-    256,
-    "CHACHA20-POLY1305",
-    12,
-    0,
-    1,
-    &chachapoly_base_info
-};
-#endif /* MBEDTLS_CHACHAPOLY_C */
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-static int null_crypt_stream( void *ctx, size_t length,
-                              const unsigned char *input,
-                              unsigned char *output )
-{
-    ((void) ctx);
-    memmove( output, input, length );
-    return( 0 );
-}
-
-static int null_setkey( void *ctx, const unsigned char *key,
-                        unsigned int key_bitlen )
-{
-    ((void) ctx);
-    ((void) key);
-    ((void) key_bitlen);
-
-    return( 0 );
-}
-
-static void * null_ctx_alloc( void )
-{
-    return( (void *) 1 );
-}
-
-static void null_ctx_free( void *ctx )
-{
-    ((void) ctx);
-}
-
-static const mbedtls_cipher_base_t null_base_info = {
-    MBEDTLS_CIPHER_ID_NULL,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    null_crypt_stream,
-#endif
-    null_setkey,
-    null_setkey,
-    null_ctx_alloc,
-    null_ctx_free
-};
-
-static const mbedtls_cipher_info_t null_cipher_info = {
-    MBEDTLS_CIPHER_NULL,
-    MBEDTLS_MODE_STREAM,
-    0,
-    "NULL",
-    0,
-    0,
-    1,
-    &null_base_info
-};
-#endif /* defined(MBEDTLS_CIPHER_NULL_CIPHER) */
-
-#if defined(MBEDTLS_NIST_KW_C)
-static void *kw_ctx_alloc( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_nist_kw_context ) );
-
-    if( ctx != NULL )
-        mbedtls_nist_kw_init( (mbedtls_nist_kw_context *) ctx );
-
-    return( ctx );
-}
-
-static void kw_ctx_free( void *ctx )
-{
-    mbedtls_nist_kw_free( ctx );
-    mbedtls_free( ctx );
-}
-
-static int kw_aes_setkey_wrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
-{
-    return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx,
-                                   MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 1 );
-}
-
-static int kw_aes_setkey_unwrap( void *ctx, const unsigned char *key,
-                                unsigned int key_bitlen )
-{
-   return mbedtls_nist_kw_setkey( (mbedtls_nist_kw_context *) ctx,
-                                  MBEDTLS_CIPHER_ID_AES, key, key_bitlen, 0 );
-}
-
-static const mbedtls_cipher_base_t kw_aes_info = {
-    MBEDTLS_CIPHER_ID_AES,
-    NULL,
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    NULL,
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_STREAM)
-    NULL,
-#endif
-    kw_aes_setkey_wrap,
-    kw_aes_setkey_unwrap,
-    kw_ctx_alloc,
-    kw_ctx_free,
-};
-
-static const mbedtls_cipher_info_t aes_128_nist_kw_info = {
-    MBEDTLS_CIPHER_AES_128_KW,
-    MBEDTLS_MODE_KW,
-    128,
-    "AES-128-KW",
-    0,
-    0,
-    16,
-    &kw_aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_nist_kw_info = {
-    MBEDTLS_CIPHER_AES_192_KW,
-    MBEDTLS_MODE_KW,
-    192,
-    "AES-192-KW",
-    0,
-    0,
-    16,
-    &kw_aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_nist_kw_info = {
-    MBEDTLS_CIPHER_AES_256_KW,
-    MBEDTLS_MODE_KW,
-    256,
-    "AES-256-KW",
-    0,
-    0,
-    16,
-    &kw_aes_info
-};
-
-static const mbedtls_cipher_info_t aes_128_nist_kwp_info = {
-    MBEDTLS_CIPHER_AES_128_KWP,
-    MBEDTLS_MODE_KWP,
-    128,
-    "AES-128-KWP",
-    0,
-    0,
-    16,
-    &kw_aes_info
-};
-
-static const mbedtls_cipher_info_t aes_192_nist_kwp_info = {
-    MBEDTLS_CIPHER_AES_192_KWP,
-    MBEDTLS_MODE_KWP,
-    192,
-    "AES-192-KWP",
-    0,
-    0,
-    16,
-    &kw_aes_info
-};
-
-static const mbedtls_cipher_info_t aes_256_nist_kwp_info = {
-    MBEDTLS_CIPHER_AES_256_KWP,
-    MBEDTLS_MODE_KWP,
-    256,
-    "AES-256-KWP",
-    0,
-    0,
-    16,
-    &kw_aes_info
-};
-#endif /* MBEDTLS_NIST_KW_C */
-
-const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
-{
-#if defined(MBEDTLS_AES_C)
-    { MBEDTLS_CIPHER_AES_128_ECB,          &aes_128_ecb_info },
-    { MBEDTLS_CIPHER_AES_192_ECB,          &aes_192_ecb_info },
-    { MBEDTLS_CIPHER_AES_256_ECB,          &aes_256_ecb_info },
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_CIPHER_AES_128_CBC,          &aes_128_cbc_info },
-    { MBEDTLS_CIPHER_AES_192_CBC,          &aes_192_cbc_info },
-    { MBEDTLS_CIPHER_AES_256_CBC,          &aes_256_cbc_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    { MBEDTLS_CIPHER_AES_128_CFB128,       &aes_128_cfb128_info },
-    { MBEDTLS_CIPHER_AES_192_CFB128,       &aes_192_cfb128_info },
-    { MBEDTLS_CIPHER_AES_256_CFB128,       &aes_256_cfb128_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-    { MBEDTLS_CIPHER_AES_128_OFB,          &aes_128_ofb_info },
-    { MBEDTLS_CIPHER_AES_192_OFB,          &aes_192_ofb_info },
-    { MBEDTLS_CIPHER_AES_256_OFB,          &aes_256_ofb_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    { MBEDTLS_CIPHER_AES_128_CTR,          &aes_128_ctr_info },
-    { MBEDTLS_CIPHER_AES_192_CTR,          &aes_192_ctr_info },
-    { MBEDTLS_CIPHER_AES_256_CTR,          &aes_256_ctr_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-    { MBEDTLS_CIPHER_AES_128_XTS,          &aes_128_xts_info },
-    { MBEDTLS_CIPHER_AES_256_XTS,          &aes_256_xts_info },
-#endif
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_CIPHER_AES_128_GCM,          &aes_128_gcm_info },
-    { MBEDTLS_CIPHER_AES_192_GCM,          &aes_192_gcm_info },
-    { MBEDTLS_CIPHER_AES_256_GCM,          &aes_256_gcm_info },
-#endif
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_CIPHER_AES_128_CCM,          &aes_128_ccm_info },
-    { MBEDTLS_CIPHER_AES_192_CCM,          &aes_192_ccm_info },
-    { MBEDTLS_CIPHER_AES_256_CCM,          &aes_256_ccm_info },
-#endif
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-    { MBEDTLS_CIPHER_ARC4_128,             &arc4_128_info },
-#endif
-
-#if defined(MBEDTLS_BLOWFISH_C)
-    { MBEDTLS_CIPHER_BLOWFISH_ECB,         &blowfish_ecb_info },
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_CIPHER_BLOWFISH_CBC,         &blowfish_cbc_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    { MBEDTLS_CIPHER_BLOWFISH_CFB64,       &blowfish_cfb64_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    { MBEDTLS_CIPHER_BLOWFISH_CTR,         &blowfish_ctr_info },
-#endif
-#endif /* MBEDTLS_BLOWFISH_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-    { MBEDTLS_CIPHER_CAMELLIA_128_ECB,     &camellia_128_ecb_info },
-    { MBEDTLS_CIPHER_CAMELLIA_192_ECB,     &camellia_192_ecb_info },
-    { MBEDTLS_CIPHER_CAMELLIA_256_ECB,     &camellia_256_ecb_info },
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_CIPHER_CAMELLIA_128_CBC,     &camellia_128_cbc_info },
-    { MBEDTLS_CIPHER_CAMELLIA_192_CBC,     &camellia_192_cbc_info },
-    { MBEDTLS_CIPHER_CAMELLIA_256_CBC,     &camellia_256_cbc_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    { MBEDTLS_CIPHER_CAMELLIA_128_CFB128,  &camellia_128_cfb128_info },
-    { MBEDTLS_CIPHER_CAMELLIA_192_CFB128,  &camellia_192_cfb128_info },
-    { MBEDTLS_CIPHER_CAMELLIA_256_CFB128,  &camellia_256_cfb128_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    { MBEDTLS_CIPHER_CAMELLIA_128_CTR,     &camellia_128_ctr_info },
-    { MBEDTLS_CIPHER_CAMELLIA_192_CTR,     &camellia_192_ctr_info },
-    { MBEDTLS_CIPHER_CAMELLIA_256_CTR,     &camellia_256_ctr_info },
-#endif
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_CIPHER_CAMELLIA_128_GCM,     &camellia_128_gcm_info },
-    { MBEDTLS_CIPHER_CAMELLIA_192_GCM,     &camellia_192_gcm_info },
-    { MBEDTLS_CIPHER_CAMELLIA_256_GCM,     &camellia_256_gcm_info },
-#endif
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_CIPHER_CAMELLIA_128_CCM,     &camellia_128_ccm_info },
-    { MBEDTLS_CIPHER_CAMELLIA_192_CCM,     &camellia_192_ccm_info },
-    { MBEDTLS_CIPHER_CAMELLIA_256_CCM,     &camellia_256_ccm_info },
-#endif
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_ARIA_C)
-    { MBEDTLS_CIPHER_ARIA_128_ECB,     &aria_128_ecb_info },
-    { MBEDTLS_CIPHER_ARIA_192_ECB,     &aria_192_ecb_info },
-    { MBEDTLS_CIPHER_ARIA_256_ECB,     &aria_256_ecb_info },
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_CIPHER_ARIA_128_CBC,     &aria_128_cbc_info },
-    { MBEDTLS_CIPHER_ARIA_192_CBC,     &aria_192_cbc_info },
-    { MBEDTLS_CIPHER_ARIA_256_CBC,     &aria_256_cbc_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-    { MBEDTLS_CIPHER_ARIA_128_CFB128,  &aria_128_cfb128_info },
-    { MBEDTLS_CIPHER_ARIA_192_CFB128,  &aria_192_cfb128_info },
-    { MBEDTLS_CIPHER_ARIA_256_CFB128,  &aria_256_cfb128_info },
-#endif
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-    { MBEDTLS_CIPHER_ARIA_128_CTR,     &aria_128_ctr_info },
-    { MBEDTLS_CIPHER_ARIA_192_CTR,     &aria_192_ctr_info },
-    { MBEDTLS_CIPHER_ARIA_256_CTR,     &aria_256_ctr_info },
-#endif
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_CIPHER_ARIA_128_GCM,     &aria_128_gcm_info },
-    { MBEDTLS_CIPHER_ARIA_192_GCM,     &aria_192_gcm_info },
-    { MBEDTLS_CIPHER_ARIA_256_GCM,     &aria_256_gcm_info },
-#endif
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_CIPHER_ARIA_128_CCM,     &aria_128_ccm_info },
-    { MBEDTLS_CIPHER_ARIA_192_CCM,     &aria_192_ccm_info },
-    { MBEDTLS_CIPHER_ARIA_256_CCM,     &aria_256_ccm_info },
-#endif
-#endif /* MBEDTLS_ARIA_C */
-
-#if defined(MBEDTLS_DES_C)
-    { MBEDTLS_CIPHER_DES_ECB,              &des_ecb_info },
-    { MBEDTLS_CIPHER_DES_EDE_ECB,          &des_ede_ecb_info },
-    { MBEDTLS_CIPHER_DES_EDE3_ECB,         &des_ede3_ecb_info },
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_CIPHER_DES_CBC,              &des_cbc_info },
-    { MBEDTLS_CIPHER_DES_EDE_CBC,          &des_ede_cbc_info },
-    { MBEDTLS_CIPHER_DES_EDE3_CBC,         &des_ede3_cbc_info },
-#endif
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_CHACHA20_C)
-    { MBEDTLS_CIPHER_CHACHA20,             &chacha20_info },
-#endif
-
-#if defined(MBEDTLS_CHACHAPOLY_C)
-    { MBEDTLS_CIPHER_CHACHA20_POLY1305,    &chachapoly_info },
-#endif
-
-#if defined(MBEDTLS_NIST_KW_C)
-    { MBEDTLS_CIPHER_AES_128_KW,          &aes_128_nist_kw_info },
-    { MBEDTLS_CIPHER_AES_192_KW,          &aes_192_nist_kw_info },
-    { MBEDTLS_CIPHER_AES_256_KW,          &aes_256_nist_kw_info },
-    { MBEDTLS_CIPHER_AES_128_KWP,         &aes_128_nist_kwp_info },
-    { MBEDTLS_CIPHER_AES_192_KWP,         &aes_192_nist_kwp_info },
-    { MBEDTLS_CIPHER_AES_256_KWP,         &aes_256_nist_kwp_info },
-#endif
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-    { MBEDTLS_CIPHER_NULL,                 &null_cipher_info },
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-
-    { MBEDTLS_CIPHER_NONE, NULL }
-};
-
-#define NUM_CIPHERS ( sizeof(mbedtls_cipher_definitions) /      \
-                      sizeof(mbedtls_cipher_definitions[0]) )
-int mbedtls_cipher_supported[NUM_CIPHERS];
-
-#endif /* MBEDTLS_CIPHER_C */
diff --git a/Sources/mbedtls/library/cmac.c b/Sources/mbedtls/library/cmac.c
deleted file mode 100644
index 3cc49d1..0000000
--- a/Sources/mbedtls/library/cmac.c
+++ /dev/null
@@ -1,1087 +0,0 @@
-/**
- * \file cmac.c
- *
- * \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- * References:
- *
- * - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The
- *      CMAC Mode for Authentication
- *   http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf
- *
- * - RFC 4493 - The AES-CMAC Algorithm
- *   https://tools.ietf.org/html/rfc4493
- *
- * - RFC 4615 - The Advanced Encryption Standard-Cipher-based Message
- *      Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128)
- *      Algorithm for the Internet Key Exchange Protocol (IKE)
- *   https://tools.ietf.org/html/rfc4615
- *
- *   Additional test vectors: ISO/IEC 9797-1
- *
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_CMAC_C)
-
-#include "mbedtls/cmac.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-#include "mbedtls/platform.h"
-
-#include <string.h>
-
-#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)
-
-/*
- * Multiplication by u in the Galois field of GF(2^n)
- *
- * As explained in NIST SP 800-38B, this can be computed:
- *
- *   If MSB(p) = 0, then p = (p << 1)
- *   If MSB(p) = 1, then p = (p << 1) ^ R_n
- *   with R_64 = 0x1B and  R_128 = 0x87
- *
- * Input and output MUST NOT point to the same buffer
- * Block size must be 8 bytes or 16 bytes - the block sizes for DES and AES.
- */
-static int cmac_multiply_by_u( unsigned char *output,
-                               const unsigned char *input,
-                               size_t blocksize )
-{
-    const unsigned char R_128 = 0x87;
-    const unsigned char R_64 = 0x1B;
-    unsigned char R_n, mask;
-    unsigned char overflow = 0x00;
-    int i;
-
-    if( blocksize == MBEDTLS_AES_BLOCK_SIZE )
-    {
-        R_n = R_128;
-    }
-    else if( blocksize == MBEDTLS_DES3_BLOCK_SIZE )
-    {
-        R_n = R_64;
-    }
-    else
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-    for( i = (int)blocksize - 1; i >= 0; i-- )
-    {
-        output[i] = input[i] << 1 | overflow;
-        overflow = input[i] >> 7;
-    }
-
-    /* mask = ( input[0] >> 7 ) ? 0xff : 0x00
-     * using bit operations to avoid branches */
-
-    /* MSVC has a warning about unary minus on unsigned, but this is
-     * well-defined and precisely what we want to do here */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-    mask = - ( input[0] >> 7 );
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-
-    output[ blocksize - 1 ] ^= R_n & mask;
-
-    return( 0 );
-}
-
-/*
- * Generate subkeys
- *
- * - as specified by RFC 4493, section 2.3 Subkey Generation Algorithm
- */
-static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
-                                  unsigned char* K1, unsigned char* K2 )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
-    size_t olen, block_size;
-
-    mbedtls_platform_zeroize( L, sizeof( L ) );
-
-    block_size = ctx->cipher_info->block_size;
-
-    /* Calculate Ek(0) */
-    if( ( ret = mbedtls_cipher_update( ctx, L, block_size, L, &olen ) ) != 0 )
-        goto exit;
-
-    /*
-     * Generate K1 and K2
-     */
-    if( ( ret = cmac_multiply_by_u( K1, L , block_size ) ) != 0 )
-        goto exit;
-
-    if( ( ret = cmac_multiply_by_u( K2, K1 , block_size ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_platform_zeroize( L, sizeof( L ) );
-
-    return( ret );
-}
-#endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */
-
-#if !defined(MBEDTLS_CMAC_ALT)
-static void cmac_xor_block( unsigned char *output, const unsigned char *input1,
-                            const unsigned char *input2,
-                            const size_t block_size )
-{
-    size_t idx;
-
-    for( idx = 0; idx < block_size; idx++ )
-        output[ idx ] = input1[ idx ] ^ input2[ idx ];
-}
-
-/*
- * Create padded last block from (partial) last block.
- *
- * We can't use the padding option from the cipher layer, as it only works for
- * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition.
- */
-static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
-                      size_t padded_block_len,
-                      const unsigned char *last_block,
-                      size_t last_block_len )
-{
-    size_t j;
-
-    for( j = 0; j < padded_block_len; j++ )
-    {
-        if( j < last_block_len )
-            padded_block[j] = last_block[j];
-        else if( j == last_block_len )
-            padded_block[j] = 0x80;
-        else
-            padded_block[j] = 0x00;
-    }
-}
-
-int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
-                                const unsigned char *key, size_t keybits )
-{
-    mbedtls_cipher_type_t type;
-    mbedtls_cmac_context_t *cmac_ctx;
-    int retval;
-
-    if( ctx == NULL || ctx->cipher_info == NULL || key == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits,
-                                          MBEDTLS_ENCRYPT ) ) != 0 )
-        return( retval );
-
-    type = ctx->cipher_info->type;
-
-    switch( type )
-    {
-        case MBEDTLS_CIPHER_AES_128_ECB:
-        case MBEDTLS_CIPHER_AES_192_ECB:
-        case MBEDTLS_CIPHER_AES_256_ECB:
-        case MBEDTLS_CIPHER_DES_EDE3_ECB:
-            break;
-        default:
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-    /* Allocated and initialise in the cipher context memory for the CMAC
-     * context */
-    cmac_ctx = mbedtls_calloc( 1, sizeof( mbedtls_cmac_context_t ) );
-    if( cmac_ctx == NULL )
-        return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
-
-    ctx->cmac_ctx = cmac_ctx;
-
-    mbedtls_platform_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) );
-
-    return 0;
-}
-
-int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
-                                const unsigned char *input, size_t ilen )
-{
-    mbedtls_cmac_context_t* cmac_ctx;
-    unsigned char *state;
-    int ret = 0;
-    size_t n, j, olen, block_size;
-
-    if( ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
-        ctx->cmac_ctx == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    cmac_ctx = ctx->cmac_ctx;
-    block_size = ctx->cipher_info->block_size;
-    state = ctx->cmac_ctx->state;
-
-    /* Is there data still to process from the last call, that's greater in
-     * size than a block? */
-    if( cmac_ctx->unprocessed_len > 0 &&
-        ilen > block_size - cmac_ctx->unprocessed_len )
-    {
-        memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
-                input,
-                block_size - cmac_ctx->unprocessed_len );
-
-        cmac_xor_block( state, cmac_ctx->unprocessed_block, state, block_size );
-
-        if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
-                                           &olen ) ) != 0 )
-        {
-           goto exit;
-        }
-
-        input += block_size - cmac_ctx->unprocessed_len;
-        ilen -= block_size - cmac_ctx->unprocessed_len;
-        cmac_ctx->unprocessed_len = 0;
-    }
-
-    /* n is the number of blocks including any final partial block */
-    n = ( ilen + block_size - 1 ) / block_size;
-
-    /* Iterate across the input data in block sized chunks, excluding any
-     * final partial or complete block */
-    for( j = 1; j < n; j++ )
-    {
-        cmac_xor_block( state, input, state, block_size );
-
-        if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
-                                           &olen ) ) != 0 )
-           goto exit;
-
-        ilen -= block_size;
-        input += block_size;
-    }
-
-    /* If there is data left over that wasn't aligned to a block */
-    if( ilen > 0 )
-    {
-        memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
-                input,
-                ilen );
-        cmac_ctx->unprocessed_len += ilen;
-    }
-
-exit:
-    return( ret );
-}
-
-int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
-                                unsigned char *output )
-{
-    mbedtls_cmac_context_t* cmac_ctx;
-    unsigned char *state, *last_block;
-    unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
-    unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
-    unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX];
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t olen, block_size;
-
-    if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ||
-        output == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    cmac_ctx = ctx->cmac_ctx;
-    block_size = ctx->cipher_info->block_size;
-    state = cmac_ctx->state;
-
-    mbedtls_platform_zeroize( K1, sizeof( K1 ) );
-    mbedtls_platform_zeroize( K2, sizeof( K2 ) );
-    cmac_generate_subkeys( ctx, K1, K2 );
-
-    last_block = cmac_ctx->unprocessed_block;
-
-    /* Calculate last block */
-    if( cmac_ctx->unprocessed_len < block_size )
-    {
-        cmac_pad( M_last, block_size, last_block, cmac_ctx->unprocessed_len );
-        cmac_xor_block( M_last, M_last, K2, block_size );
-    }
-    else
-    {
-        /* Last block is complete block */
-        cmac_xor_block( M_last, last_block, K1, block_size );
-    }
-
-
-    cmac_xor_block( state, M_last, state, block_size );
-    if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
-                                       &olen ) ) != 0 )
-    {
-        goto exit;
-    }
-
-    memcpy( output, state, block_size );
-
-exit:
-    /* Wipe the generated keys on the stack, and any other transients to avoid
-     * side channel leakage */
-    mbedtls_platform_zeroize( K1, sizeof( K1 ) );
-    mbedtls_platform_zeroize( K2, sizeof( K2 ) );
-
-    cmac_ctx->unprocessed_len = 0;
-    mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
-                              sizeof( cmac_ctx->unprocessed_block ) );
-
-    mbedtls_platform_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX );
-    return( ret );
-}
-
-int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )
-{
-    mbedtls_cmac_context_t* cmac_ctx;
-
-    if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    cmac_ctx = ctx->cmac_ctx;
-
-    /* Reset the internal state */
-    cmac_ctx->unprocessed_len = 0;
-    mbedtls_platform_zeroize( cmac_ctx->unprocessed_block,
-                              sizeof( cmac_ctx->unprocessed_block ) );
-    mbedtls_platform_zeroize( cmac_ctx->state,
-                              sizeof( cmac_ctx->state ) );
-
-    return( 0 );
-}
-
-int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
-                         const unsigned char *key, size_t keylen,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output )
-{
-    mbedtls_cipher_context_t ctx;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if( cipher_info == NULL || key == NULL || input == NULL || output == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    mbedtls_cipher_init( &ctx );
-
-    if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
-        goto exit;
-
-    ret = mbedtls_cipher_cmac_starts( &ctx, key, keylen );
-    if( ret != 0 )
-        goto exit;
-
-    ret = mbedtls_cipher_cmac_update( &ctx, input, ilen );
-    if( ret != 0 )
-        goto exit;
-
-    ret = mbedtls_cipher_cmac_finish( &ctx, output );
-
-exit:
-    mbedtls_cipher_free( &ctx );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_AES_C)
-/*
- * Implementation of AES-CMAC-PRF-128 defined in RFC 4615
- */
-int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
-                              const unsigned char *input, size_t in_len,
-                              unsigned char output[16] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const mbedtls_cipher_info_t *cipher_info;
-    unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE];
-    unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE];
-
-    if( key == NULL || input == NULL || output == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
-    if( cipher_info == NULL )
-    {
-        /* Failing at this point must be due to a build issue */
-        ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
-        goto exit;
-    }
-
-    if( key_length == MBEDTLS_AES_BLOCK_SIZE )
-    {
-        /* Use key as is */
-        memcpy( int_key, key, MBEDTLS_AES_BLOCK_SIZE );
-    }
-    else
-    {
-        memset( zero_key, 0, MBEDTLS_AES_BLOCK_SIZE );
-
-        ret = mbedtls_cipher_cmac( cipher_info, zero_key, 128, key,
-                                   key_length, int_key );
-        if( ret != 0 )
-            goto exit;
-    }
-
-    ret = mbedtls_cipher_cmac( cipher_info, int_key, 128, input, in_len,
-                               output );
-
-exit:
-    mbedtls_platform_zeroize( int_key, sizeof( int_key ) );
-
-    return( ret );
-}
-#endif /* MBEDTLS_AES_C */
-
-#endif /* !MBEDTLS_CMAC_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * CMAC test data for SP800-38B
- * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/AES_CMAC.pdf
- * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/TDES_CMAC.pdf
- *
- * AES-CMAC-PRF-128 test data from RFC 4615
- * https://tools.ietf.org/html/rfc4615#page-4
- */
-
-#define NB_CMAC_TESTS_PER_KEY 4
-#define NB_PRF_TESTS 3
-
-#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C)
-/* All CMAC test inputs are truncated from the same 64 byte buffer. */
-static const unsigned char test_message[] = {
-    /* PT */
-    0x6b, 0xc1, 0xbe, 0xe2,     0x2e, 0x40, 0x9f, 0x96,
-    0xe9, 0x3d, 0x7e, 0x11,     0x73, 0x93, 0x17, 0x2a,
-    0xae, 0x2d, 0x8a, 0x57,     0x1e, 0x03, 0xac, 0x9c,
-    0x9e, 0xb7, 0x6f, 0xac,     0x45, 0xaf, 0x8e, 0x51,
-    0x30, 0xc8, 0x1c, 0x46,     0xa3, 0x5c, 0xe4, 0x11,
-    0xe5, 0xfb, 0xc1, 0x19,     0x1a, 0x0a, 0x52, 0xef,
-    0xf6, 0x9f, 0x24, 0x45,     0xdf, 0x4f, 0x9b, 0x17,
-    0xad, 0x2b, 0x41, 0x7b,     0xe6, 0x6c, 0x37, 0x10
-};
-#endif /* MBEDTLS_AES_C || MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_AES_C)
-/* Truncation point of message for AES CMAC tests  */
-static const  unsigned int  aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
-    /* Mlen */
-    0,
-    16,
-    20,
-    64
-};
-
-/* CMAC-AES128 Test Data */
-static const unsigned char aes_128_key[16] = {
-    0x2b, 0x7e, 0x15, 0x16,     0x28, 0xae, 0xd2, 0xa6,
-    0xab, 0xf7, 0x15, 0x88,     0x09, 0xcf, 0x4f, 0x3c
-};
-static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
-    {
-        /* K1 */
-        0xfb, 0xee, 0xd6, 0x18,     0x35, 0x71, 0x33, 0x66,
-        0x7c, 0x85, 0xe0, 0x8f,     0x72, 0x36, 0xa8, 0xde
-    },
-    {
-        /* K2 */
-        0xf7, 0xdd, 0xac, 0x30,     0x6a, 0xe2, 0x66, 0xcc,
-        0xf9, 0x0b, 0xc1, 0x1e,     0xe4, 0x6d, 0x51, 0x3b
-    }
-};
-static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
-    {
-        /* Example #1 */
-        0xbb, 0x1d, 0x69, 0x29,     0xe9, 0x59, 0x37, 0x28,
-        0x7f, 0xa3, 0x7d, 0x12,     0x9b, 0x75, 0x67, 0x46
-    },
-    {
-        /* Example #2 */
-        0x07, 0x0a, 0x16, 0xb4,     0x6b, 0x4d, 0x41, 0x44,
-        0xf7, 0x9b, 0xdd, 0x9d,     0xd0, 0x4a, 0x28, 0x7c
-    },
-    {
-        /* Example #3 */
-        0x7d, 0x85, 0x44, 0x9e,     0xa6, 0xea, 0x19, 0xc8,
-        0x23, 0xa7, 0xbf, 0x78,     0x83, 0x7d, 0xfa, 0xde
-    },
-    {
-        /* Example #4 */
-        0x51, 0xf0, 0xbe, 0xbf,     0x7e, 0x3b, 0x9d, 0x92,
-        0xfc, 0x49, 0x74, 0x17,     0x79, 0x36, 0x3c, 0xfe
-    }
-};
-
-/* CMAC-AES192 Test Data */
-static const unsigned char aes_192_key[24] = {
-    0x8e, 0x73, 0xb0, 0xf7,     0xda, 0x0e, 0x64, 0x52,
-    0xc8, 0x10, 0xf3, 0x2b,     0x80, 0x90, 0x79, 0xe5,
-    0x62, 0xf8, 0xea, 0xd2,     0x52, 0x2c, 0x6b, 0x7b
-};
-static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
-    {
-        /* K1 */
-        0x44, 0x8a, 0x5b, 0x1c,     0x93, 0x51, 0x4b, 0x27,
-        0x3e, 0xe6, 0x43, 0x9d,     0xd4, 0xda, 0xa2, 0x96
-    },
-    {
-        /* K2 */
-        0x89, 0x14, 0xb6, 0x39,     0x26, 0xa2, 0x96, 0x4e,
-        0x7d, 0xcc, 0x87, 0x3b,     0xa9, 0xb5, 0x45, 0x2c
-    }
-};
-static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
-    {
-        /* Example #1 */
-        0xd1, 0x7d, 0xdf, 0x46,     0xad, 0xaa, 0xcd, 0xe5,
-        0x31, 0xca, 0xc4, 0x83,     0xde, 0x7a, 0x93, 0x67
-    },
-    {
-        /* Example #2 */
-        0x9e, 0x99, 0xa7, 0xbf,     0x31, 0xe7, 0x10, 0x90,
-        0x06, 0x62, 0xf6, 0x5e,     0x61, 0x7c, 0x51, 0x84
-    },
-    {
-        /* Example #3 */
-        0x3d, 0x75, 0xc1, 0x94,     0xed, 0x96, 0x07, 0x04,
-        0x44, 0xa9, 0xfa, 0x7e,     0xc7, 0x40, 0xec, 0xf8
-    },
-    {
-        /* Example #4 */
-        0xa1, 0xd5, 0xdf, 0x0e,     0xed, 0x79, 0x0f, 0x79,
-        0x4d, 0x77, 0x58, 0x96,     0x59, 0xf3, 0x9a, 0x11
-    }
-};
-
-/* CMAC-AES256 Test Data */
-static const unsigned char aes_256_key[32] = {
-    0x60, 0x3d, 0xeb, 0x10,     0x15, 0xca, 0x71, 0xbe,
-    0x2b, 0x73, 0xae, 0xf0,     0x85, 0x7d, 0x77, 0x81,
-    0x1f, 0x35, 0x2c, 0x07,     0x3b, 0x61, 0x08, 0xd7,
-    0x2d, 0x98, 0x10, 0xa3,     0x09, 0x14, 0xdf, 0xf4
-};
-static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
-    {
-        /* K1 */
-        0xca, 0xd1, 0xed, 0x03,     0x29, 0x9e, 0xed, 0xac,
-        0x2e, 0x9a, 0x99, 0x80,     0x86, 0x21, 0x50, 0x2f
-    },
-    {
-        /* K2 */
-        0x95, 0xa3, 0xda, 0x06,     0x53, 0x3d, 0xdb, 0x58,
-        0x5d, 0x35, 0x33, 0x01,     0x0c, 0x42, 0xa0, 0xd9
-    }
-};
-static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
-    {
-        /* Example #1 */
-        0x02, 0x89, 0x62, 0xf6,     0x1b, 0x7b, 0xf8, 0x9e,
-        0xfc, 0x6b, 0x55, 0x1f,     0x46, 0x67, 0xd9, 0x83
-    },
-    {
-        /* Example #2 */
-        0x28, 0xa7, 0x02, 0x3f,     0x45, 0x2e, 0x8f, 0x82,
-        0xbd, 0x4b, 0xf2, 0x8d,     0x8c, 0x37, 0xc3, 0x5c
-    },
-    {
-        /* Example #3 */
-        0x15, 0x67, 0x27, 0xdc,     0x08, 0x78, 0x94, 0x4a,
-        0x02, 0x3c, 0x1f, 0xe0,     0x3b, 0xad, 0x6d, 0x93
-    },
-    {
-        /* Example #4 */
-        0xe1, 0x99, 0x21, 0x90,     0x54, 0x9f, 0x6e, 0xd5,
-        0x69, 0x6a, 0x2c, 0x05,     0x6c, 0x31, 0x54, 0x10
-    }
-};
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_DES_C)
-/* Truncation point of message for 3DES CMAC tests  */
-static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
-    0,
-    16,
-    20,
-    32
-};
-
-/* CMAC-TDES (Generation) - 2 Key Test Data */
-static const unsigned char des3_2key_key[24] = {
-    /* Key1 */
-    0x01, 0x23, 0x45, 0x67,     0x89, 0xab, 0xcd, 0xef,
-    /* Key2 */
-    0x23, 0x45, 0x67, 0x89,     0xab, 0xcd, 0xEF, 0x01,
-    /* Key3 */
-    0x01, 0x23, 0x45, 0x67,     0x89, 0xab, 0xcd, 0xef
-};
-static const unsigned char des3_2key_subkeys[2][8] = {
-    {
-        /* K1 */
-        0x0d, 0xd2, 0xcb, 0x7a,     0x3d, 0x88, 0x88, 0xd9
-    },
-    {
-        /* K2 */
-        0x1b, 0xa5, 0x96, 0xf4,     0x7b, 0x11, 0x11, 0xb2
-    }
-};
-static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
-    {
-        /* Sample #1 */
-        0x79, 0xce, 0x52, 0xa7,     0xf7, 0x86, 0xa9, 0x60
-    },
-    {
-        /* Sample #2 */
-        0xcc, 0x18, 0xa0, 0xb7,     0x9a, 0xf2, 0x41, 0x3b
-    },
-    {
-        /* Sample #3 */
-        0xc0, 0x6d, 0x37, 0x7e,     0xcd, 0x10, 0x19, 0x69
-    },
-    {
-        /* Sample #4 */
-        0x9c, 0xd3, 0x35, 0x80,     0xf9, 0xb6, 0x4d, 0xfb
-    }
-};
-
-/* CMAC-TDES (Generation) - 3 Key Test Data */
-static const unsigned char des3_3key_key[24] = {
-    /* Key1 */
-    0x01, 0x23, 0x45, 0x67,     0x89, 0xaa, 0xcd, 0xef,
-    /* Key2 */
-    0x23, 0x45, 0x67, 0x89,     0xab, 0xcd, 0xef, 0x01,
-    /* Key3 */
-    0x45, 0x67, 0x89, 0xab,     0xcd, 0xef, 0x01, 0x23
-};
-static const unsigned char des3_3key_subkeys[2][8] = {
-    {
-        /* K1 */
-        0x9d, 0x74, 0xe7, 0x39,     0x33, 0x17, 0x96, 0xc0
-    },
-    {
-        /* K2 */
-        0x3a, 0xe9, 0xce, 0x72,     0x66, 0x2f, 0x2d, 0x9b
-    }
-};
-static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
-    {
-        /* Sample #1 */
-        0x7d, 0xb0, 0xd3, 0x7d,     0xf9, 0x36, 0xc5, 0x50
-    },
-    {
-        /* Sample #2 */
-        0x30, 0x23, 0x9c, 0xf1,     0xf5, 0x2e, 0x66, 0x09
-    },
-    {
-        /* Sample #3 */
-        0x6c, 0x9f, 0x3e, 0xe4,     0x92, 0x3f, 0x6b, 0xe2
-    },
-    {
-        /* Sample #4 */
-        0x99, 0x42, 0x9b, 0xd0,     0xbF, 0x79, 0x04, 0xe5
-    }
-};
-
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_AES_C)
-/* AES AES-CMAC-PRF-128 Test Data */
-static const unsigned char PRFK[] = {
-    /* Key */
-    0x00, 0x01, 0x02, 0x03,     0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0a, 0x0b,     0x0c, 0x0d, 0x0e, 0x0f,
-    0xed, 0xcb
-};
-
-/* Sizes in bytes */
-static const size_t PRFKlen[NB_PRF_TESTS] = {
-    18,
-    16,
-    10
-};
-
-/* Message */
-static const unsigned char PRFM[] = {
-    0x00, 0x01, 0x02, 0x03,     0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0a, 0x0b,     0x0c, 0x0d, 0x0e, 0x0f,
-    0x10, 0x11, 0x12, 0x13
-};
-
-static const unsigned char PRFT[NB_PRF_TESTS][16] = {
-    {
-        0x84, 0xa3, 0x48, 0xa4,     0xa4, 0x5d, 0x23, 0x5b,
-        0xab, 0xff, 0xfc, 0x0d,     0x2b, 0x4d, 0xa0, 0x9a
-    },
-    {
-        0x98, 0x0a, 0xe8, 0x7b,     0x5f, 0x4c, 0x9c, 0x52,
-        0x14, 0xf5, 0xb6, 0xa8,     0x45, 0x5e, 0x4c, 0x2d
-    },
-    {
-        0x29, 0x0d, 0x9e, 0x11,     0x2e, 0xdb, 0x09, 0xee,
-        0x14, 0x1f, 0xcf, 0x64,     0xc0, 0xb7, 0x2f, 0x3d
-    }
-};
-#endif /* MBEDTLS_AES_C */
-
-static int cmac_test_subkeys( int verbose,
-                              const char* testname,
-                              const unsigned char* key,
-                              int keybits,
-                              const unsigned char* subkeys,
-                              mbedtls_cipher_type_t cipher_type,
-                              int block_size,
-                              int num_tests )
-{
-    int i, ret = 0;
-    mbedtls_cipher_context_t ctx;
-    const mbedtls_cipher_info_t *cipher_info;
-    unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
-    unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
-
-    cipher_info = mbedtls_cipher_info_from_type( cipher_type );
-    if( cipher_info == NULL )
-    {
-        /* Failing at this point must be due to a build issue */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-    }
-
-    for( i = 0; i < num_tests; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  %s CMAC subkey #%d: ", testname, i + 1 );
-
-        mbedtls_cipher_init( &ctx );
-
-        if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "test execution failed\n" );
-
-            goto cleanup;
-        }
-
-        if( ( ret = mbedtls_cipher_setkey( &ctx, key, keybits,
-                                       MBEDTLS_ENCRYPT ) ) != 0 )
-        {
-            /* When CMAC is implemented by an alternative implementation, or
-             * the underlying primitive itself is implemented alternatively,
-             * AES-192 may be unavailable. This should not cause the selftest
-             * function to fail. */
-            if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ||
-                  ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) &&
-                  cipher_type == MBEDTLS_CIPHER_AES_192_ECB ) {
-                if( verbose != 0 )
-                    mbedtls_printf( "skipped\n" );
-                goto next_test;
-            }
-
-            if( verbose != 0 )
-                mbedtls_printf( "test execution failed\n" );
-
-            goto cleanup;
-        }
-
-        ret = cmac_generate_subkeys( &ctx, K1, K2 );
-        if( ret != 0 )
-        {
-           if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            goto cleanup;
-        }
-
-        if( ( ret = memcmp( K1, subkeys, block_size ) ) != 0  ||
-            ( ret = memcmp( K2, &subkeys[block_size], block_size ) ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            goto cleanup;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-
-next_test:
-        mbedtls_cipher_free( &ctx );
-    }
-
-    ret = 0;
-    goto exit;
-
-cleanup:
-    mbedtls_cipher_free( &ctx );
-
-exit:
-    return( ret );
-}
-
-static int cmac_test_wth_cipher( int verbose,
-                                 const char* testname,
-                                 const unsigned char* key,
-                                 int keybits,
-                                 const unsigned char* messages,
-                                 const unsigned int message_lengths[4],
-                                 const unsigned char* expected_result,
-                                 mbedtls_cipher_type_t cipher_type,
-                                 int block_size,
-                                 int num_tests )
-{
-    const mbedtls_cipher_info_t *cipher_info;
-    int i, ret = 0;
-    unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
-
-    cipher_info = mbedtls_cipher_info_from_type( cipher_type );
-    if( cipher_info == NULL )
-    {
-        /* Failing at this point must be due to a build issue */
-        ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
-        goto exit;
-    }
-
-    for( i = 0; i < num_tests; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  %s CMAC #%d: ", testname, i + 1 );
-
-        if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages,
-                                         message_lengths[i], output ) ) != 0 )
-        {
-            /* When CMAC is implemented by an alternative implementation, or
-             * the underlying primitive itself is implemented alternatively,
-             * AES-192 and/or 3DES may be unavailable. This should not cause
-             * the selftest function to fail. */
-            if( ( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ||
-                  ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ) &&
-                ( cipher_type == MBEDTLS_CIPHER_AES_192_ECB ||
-                  cipher_type == MBEDTLS_CIPHER_DES_EDE3_ECB ) ) {
-                if( verbose != 0 )
-                    mbedtls_printf( "skipped\n" );
-                continue;
-            }
-
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-            goto exit;
-        }
-
-        if( ( ret = memcmp( output, &expected_result[i * block_size], block_size ) ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-    ret = 0;
-
-exit:
-    return( ret );
-}
-
-#if defined(MBEDTLS_AES_C)
-static int test_aes128_cmac_prf( int verbose )
-{
-    int i;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char output[MBEDTLS_AES_BLOCK_SIZE];
-
-    for( i = 0; i < NB_PRF_TESTS; i++ )
-    {
-        mbedtls_printf( "  AES CMAC 128 PRF #%d: ", i );
-        ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output );
-        if( ret != 0 ||
-            memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 )
-        {
-
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            return( ret );
-        }
-        else if( verbose != 0 )
-        {
-            mbedtls_printf( "passed\n" );
-        }
-    }
-    return( ret );
-}
-#endif /* MBEDTLS_AES_C */
-
-int mbedtls_cmac_self_test( int verbose )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-#if defined(MBEDTLS_AES_C)
-    /* AES-128 */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "AES 128",
-                                   aes_128_key,
-                                   128,
-                                   (const unsigned char*)aes_128_subkeys,
-                                   MBEDTLS_CIPHER_AES_128_ECB,
-                                   MBEDTLS_AES_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = cmac_test_wth_cipher( verbose,
-                                      "AES 128",
-                                      aes_128_key,
-                                      128,
-                                      test_message,
-                                      aes_message_lengths,
-                                      (const unsigned char*)aes_128_expected_result,
-                                      MBEDTLS_CIPHER_AES_128_ECB,
-                                      MBEDTLS_AES_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /* AES-192 */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "AES 192",
-                                   aes_192_key,
-                                   192,
-                                   (const unsigned char*)aes_192_subkeys,
-                                   MBEDTLS_CIPHER_AES_192_ECB,
-                                   MBEDTLS_AES_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = cmac_test_wth_cipher( verbose,
-                                      "AES 192",
-                                      aes_192_key,
-                                      192,
-                                      test_message,
-                                      aes_message_lengths,
-                                      (const unsigned char*)aes_192_expected_result,
-                                      MBEDTLS_CIPHER_AES_192_ECB,
-                                      MBEDTLS_AES_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /* AES-256 */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "AES 256",
-                                   aes_256_key,
-                                   256,
-                                   (const unsigned char*)aes_256_subkeys,
-                                   MBEDTLS_CIPHER_AES_256_ECB,
-                                   MBEDTLS_AES_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = cmac_test_wth_cipher ( verbose,
-                                       "AES 256",
-                                       aes_256_key,
-                                       256,
-                                       test_message,
-                                       aes_message_lengths,
-                                       (const unsigned char*)aes_256_expected_result,
-                                       MBEDTLS_CIPHER_AES_256_ECB,
-                                       MBEDTLS_AES_BLOCK_SIZE,
-                                       NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_DES_C)
-    /* 3DES 2 key */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "3DES 2 key",
-                                   des3_2key_key,
-                                   192,
-                                   (const unsigned char*)des3_2key_subkeys,
-                                   MBEDTLS_CIPHER_DES_EDE3_ECB,
-                                   MBEDTLS_DES3_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = cmac_test_wth_cipher( verbose,
-                                      "3DES 2 key",
-                                      des3_2key_key,
-                                      192,
-                                      test_message,
-                                      des3_message_lengths,
-                                      (const unsigned char*)des3_2key_expected_result,
-                                      MBEDTLS_CIPHER_DES_EDE3_ECB,
-                                      MBEDTLS_DES3_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /* 3DES 3 key */
-    if( ( ret = cmac_test_subkeys( verbose,
-                                   "3DES 3 key",
-                                   des3_3key_key,
-                                   192,
-                                   (const unsigned char*)des3_3key_subkeys,
-                                   MBEDTLS_CIPHER_DES_EDE3_ECB,
-                                   MBEDTLS_DES3_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = cmac_test_wth_cipher( verbose,
-                                      "3DES 3 key",
-                                      des3_3key_key,
-                                      192,
-                                      test_message,
-                                      des3_message_lengths,
-                                      (const unsigned char*)des3_3key_expected_result,
-                                      MBEDTLS_CIPHER_DES_EDE3_ECB,
-                                      MBEDTLS_DES3_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
-    {
-        return( ret );
-    }
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_AES_C)
-    if( ( ret = test_aes128_cmac_prf( verbose ) ) != 0 )
-        return( ret );
-#endif /* MBEDTLS_AES_C */
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_CMAC_C */
diff --git a/Sources/mbedtls/library/common.h b/Sources/mbedtls/library/common.h
deleted file mode 100644
index 1663d50..0000000
--- a/Sources/mbedtls/library/common.h
+++ /dev/null
@@ -1,350 +0,0 @@
-/**
- * \file common.h
- *
- * \brief Utility macros for internal use in the library
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_LIBRARY_COMMON_H
-#define MBEDTLS_LIBRARY_COMMON_H
-
-#if defined(MBEDTLS_CONFIG_FILE)
-#include MBEDTLS_CONFIG_FILE
-#else
-#include "mbedtls/config.h"
-#endif
-
-#include <stddef.h>
-#include <stdint.h>
-
-/* Define `inline` on some non-C99-compliant compilers. */
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
-#endif
-
-/** Helper to define a function as static except when building invasive tests.
- *
- * If a function is only used inside its own source file and should be
- * declared `static` to allow the compiler to optimize for code size,
- * but that function has unit tests, define it with
- * ```
- * MBEDTLS_STATIC_TESTABLE int mbedtls_foo(...) { ... }
- * ```
- * and declare it in a header in the `library/` directory with
- * ```
- * #if defined(MBEDTLS_TEST_HOOKS)
- * int mbedtls_foo(...);
- * #endif
- * ```
- */
-#if defined(MBEDTLS_TEST_HOOKS)
-#define MBEDTLS_STATIC_TESTABLE
-#else
-#define MBEDTLS_STATIC_TESTABLE static
-#endif
-
-/** Return an offset into a buffer.
- *
- * This is just the addition of an offset to a pointer, except that this
- * function also accepts an offset of 0 into a buffer whose pointer is null.
- * (`p + n` has undefined behavior when `p` is null, even when `n == 0`.
- * A null pointer is a valid buffer pointer when the size is 0, for example
- * as the result of `malloc(0)` on some platforms.)
- *
- * \param p     Pointer to a buffer of at least n bytes.
- *              This may be \p NULL if \p n is zero.
- * \param n     An offset in bytes.
- * \return      Pointer to offset \p n in the buffer \p p.
- *              Note that this is only a valid pointer if the size of the
- *              buffer is at least \p n + 1.
- */
-static inline unsigned char *mbedtls_buffer_offset(
-    unsigned char *p, size_t n )
-{
-    return( p == NULL ? NULL : p + n );
-}
-
-/** Return an offset into a read-only buffer.
- *
- * Similar to mbedtls_buffer_offset(), but for const pointers.
- *
- * \param p     Pointer to a buffer of at least n bytes.
- *              This may be \p NULL if \p n is zero.
- * \param n     An offset in bytes.
- * \return      Pointer to offset \p n in the buffer \p p.
- *              Note that this is only a valid pointer if the size of the
- *              buffer is at least \p n + 1.
- */
-static inline const unsigned char *mbedtls_buffer_offset_const(
-    const unsigned char *p, size_t n )
-{
-    return( p == NULL ? NULL : p + n );
-}
-
-/** Byte Reading Macros
- *
- * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th
- * byte from x, where byte 0 is the least significant byte.
- */
-#define MBEDTLS_BYTE_0( x ) ( (uint8_t) (   ( x )         & 0xff ) )
-#define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8  ) & 0xff ) )
-#define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) )
-#define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) )
-#define MBEDTLS_BYTE_4( x ) ( (uint8_t) ( ( ( x ) >> 32 ) & 0xff ) )
-#define MBEDTLS_BYTE_5( x ) ( (uint8_t) ( ( ( x ) >> 40 ) & 0xff ) )
-#define MBEDTLS_BYTE_6( x ) ( (uint8_t) ( ( ( x ) >> 48 ) & 0xff ) )
-#define MBEDTLS_BYTE_7( x ) ( (uint8_t) ( ( ( x ) >> 56 ) & 0xff ) )
-
-/**
- * Get the unsigned 32 bits integer corresponding to four bytes in
- * big-endian order (MSB first).
- *
- * \param   data    Base address of the memory to get the four bytes from.
- * \param   offset  Offset from \p base of the first and most significant
- *                  byte of the four bytes to build the 32 bits unsigned
- *                  integer from.
- */
-#ifndef MBEDTLS_GET_UINT32_BE
-#define MBEDTLS_GET_UINT32_BE( data , offset )                  \
-    (                                                           \
-          ( (uint32_t) ( data )[( offset )    ] << 24 )         \
-        | ( (uint32_t) ( data )[( offset ) + 1] << 16 )         \
-        | ( (uint32_t) ( data )[( offset ) + 2] <<  8 )         \
-        | ( (uint32_t) ( data )[( offset ) + 3]       )         \
-    )
-#endif
-
-/**
- * Put in memory a 32 bits unsigned integer in big-endian order.
- *
- * \param   n       32 bits unsigned integer to put in memory.
- * \param   data    Base address of the memory where to put the 32
- *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the most significant
- *                  byte of the 32 bits unsigned integer \p n.
- */
-#ifndef MBEDTLS_PUT_UINT32_BE
-#define MBEDTLS_PUT_UINT32_BE( n, data, offset )                \
-{                                                               \
-    ( data )[( offset )    ] = MBEDTLS_BYTE_3( n );             \
-    ( data )[( offset ) + 1] = MBEDTLS_BYTE_2( n );             \
-    ( data )[( offset ) + 2] = MBEDTLS_BYTE_1( n );             \
-    ( data )[( offset ) + 3] = MBEDTLS_BYTE_0( n );             \
-}
-#endif
-
-/**
- * Get the unsigned 32 bits integer corresponding to four bytes in
- * little-endian order (LSB first).
- *
- * \param   data    Base address of the memory to get the four bytes from.
- * \param   offset  Offset from \p base of the first and least significant
- *                  byte of the four bytes to build the 32 bits unsigned
- *                  integer from.
- */
-#ifndef MBEDTLS_GET_UINT32_LE
-#define MBEDTLS_GET_UINT32_LE( data, offset )                   \
-    (                                                           \
-          ( (uint32_t) ( data )[( offset )    ]       )         \
-        | ( (uint32_t) ( data )[( offset ) + 1] <<  8 )         \
-        | ( (uint32_t) ( data )[( offset ) + 2] << 16 )         \
-        | ( (uint32_t) ( data )[( offset ) + 3] << 24 )         \
-    )
-#endif
-
-/**
- * Put in memory a 32 bits unsigned integer in little-endian order.
- *
- * \param   n       32 bits unsigned integer to put in memory.
- * \param   data    Base address of the memory where to put the 32
- *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the least significant
- *                  byte of the 32 bits unsigned integer \p n.
- */
-#ifndef MBEDTLS_PUT_UINT32_LE
-#define MBEDTLS_PUT_UINT32_LE( n, data, offset )                \
-{                                                               \
-    ( data )[( offset )    ] = MBEDTLS_BYTE_0( n );             \
-    ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n );             \
-    ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n );             \
-    ( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n );             \
-}
-#endif
-
-/**
- * Get the unsigned 16 bits integer corresponding to two bytes in
- * little-endian order (LSB first).
- *
- * \param   data    Base address of the memory to get the two bytes from.
- * \param   offset  Offset from \p base of the first and least significant
- *                  byte of the two bytes to build the 16 bits unsigned
- *                  integer from.
- */
-#ifndef MBEDTLS_GET_UINT16_LE
-#define MBEDTLS_GET_UINT16_LE( data, offset )                   \
-    (                                                           \
-          ( (uint16_t) ( data )[( offset )    ]       )         \
-        | ( (uint16_t) ( data )[( offset ) + 1] <<  8 )         \
-    )
-#endif
-
-/**
- * Put in memory a 16 bits unsigned integer in little-endian order.
- *
- * \param   n       16 bits unsigned integer to put in memory.
- * \param   data    Base address of the memory where to put the 16
- *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the least significant
- *                  byte of the 16 bits unsigned integer \p n.
- */
-#ifndef MBEDTLS_PUT_UINT16_LE
-#define MBEDTLS_PUT_UINT16_LE( n, data, offset )                \
-{                                                               \
-    ( data )[( offset )    ] = MBEDTLS_BYTE_0( n );             \
-    ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n );             \
-}
-#endif
-
-/**
- * Get the unsigned 16 bits integer corresponding to two bytes in
- * big-endian order (MSB first).
- *
- * \param   data    Base address of the memory to get the two bytes from.
- * \param   offset  Offset from \p base of the first and most significant
- *                  byte of the two bytes to build the 16 bits unsigned
- *                  integer from.
- */
-#ifndef MBEDTLS_GET_UINT16_BE
-#define MBEDTLS_GET_UINT16_BE( data, offset )                   \
-    (                                                           \
-          ( (uint16_t) ( data )[( offset )    ] << 8 )          \
-        | ( (uint16_t) ( data )[( offset ) + 1]      )          \
-    )
-#endif
-
-/**
- * Put in memory a 16 bits unsigned integer in big-endian order.
- *
- * \param   n       16 bits unsigned integer to put in memory.
- * \param   data    Base address of the memory where to put the 16
- *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the most significant
- *                  byte of the 16 bits unsigned integer \p n.
- */
-#ifndef MBEDTLS_PUT_UINT16_BE
-#define MBEDTLS_PUT_UINT16_BE( n, data, offset )                \
-{                                                               \
-    ( data )[( offset )    ] = MBEDTLS_BYTE_1( n );             \
-    ( data )[( offset ) + 1] = MBEDTLS_BYTE_0( n );             \
-}
-#endif
-
-/**
- * Get the unsigned 64 bits integer corresponding to eight bytes in
- * big-endian order (MSB first).
- *
- * \param   data    Base address of the memory to get the eight bytes from.
- * \param   offset  Offset from \p base of the first and most significant
- *                  byte of the eight bytes to build the 64 bits unsigned
- *                  integer from.
- */
-#ifndef MBEDTLS_GET_UINT64_BE
-#define MBEDTLS_GET_UINT64_BE( data, offset )                   \
-    (                                                           \
-          ( (uint64_t) ( data )[( offset )    ] << 56 )         \
-        | ( (uint64_t) ( data )[( offset ) + 1] << 48 )         \
-        | ( (uint64_t) ( data )[( offset ) + 2] << 40 )         \
-        | ( (uint64_t) ( data )[( offset ) + 3] << 32 )         \
-        | ( (uint64_t) ( data )[( offset ) + 4] << 24 )         \
-        | ( (uint64_t) ( data )[( offset ) + 5] << 16 )         \
-        | ( (uint64_t) ( data )[( offset ) + 6] <<  8 )         \
-        | ( (uint64_t) ( data )[( offset ) + 7]       )         \
-    )
-#endif
-
-/**
- * Put in memory a 64 bits unsigned integer in big-endian order.
- *
- * \param   n       64 bits unsigned integer to put in memory.
- * \param   data    Base address of the memory where to put the 64
- *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the most significant
- *                  byte of the 64 bits unsigned integer \p n.
- */
-#ifndef MBEDTLS_PUT_UINT64_BE
-#define MBEDTLS_PUT_UINT64_BE( n, data, offset )                \
-{                                                               \
-    ( data )[( offset )    ] = MBEDTLS_BYTE_7( n );             \
-    ( data )[( offset ) + 1] = MBEDTLS_BYTE_6( n );             \
-    ( data )[( offset ) + 2] = MBEDTLS_BYTE_5( n );             \
-    ( data )[( offset ) + 3] = MBEDTLS_BYTE_4( n );             \
-    ( data )[( offset ) + 4] = MBEDTLS_BYTE_3( n );             \
-    ( data )[( offset ) + 5] = MBEDTLS_BYTE_2( n );             \
-    ( data )[( offset ) + 6] = MBEDTLS_BYTE_1( n );             \
-    ( data )[( offset ) + 7] = MBEDTLS_BYTE_0( n );             \
-}
-#endif
-
-/**
- * Get the unsigned 64 bits integer corresponding to eight bytes in
- * little-endian order (LSB first).
- *
- * \param   data    Base address of the memory to get the eight bytes from.
- * \param   offset  Offset from \p base of the first and least significant
- *                  byte of the eight bytes to build the 64 bits unsigned
- *                  integer from.
- */
-#ifndef MBEDTLS_GET_UINT64_LE
-#define MBEDTLS_GET_UINT64_LE( data, offset )                   \
-    (                                                           \
-          ( (uint64_t) ( data )[( offset ) + 7] << 56 )         \
-        | ( (uint64_t) ( data )[( offset ) + 6] << 48 )         \
-        | ( (uint64_t) ( data )[( offset ) + 5] << 40 )         \
-        | ( (uint64_t) ( data )[( offset ) + 4] << 32 )         \
-        | ( (uint64_t) ( data )[( offset ) + 3] << 24 )         \
-        | ( (uint64_t) ( data )[( offset ) + 2] << 16 )         \
-        | ( (uint64_t) ( data )[( offset ) + 1] <<  8 )         \
-        | ( (uint64_t) ( data )[( offset )    ]       )         \
-    )
-#endif
-
-/**
- * Put in memory a 64 bits unsigned integer in little-endian order.
- *
- * \param   n       64 bits unsigned integer to put in memory.
- * \param   data    Base address of the memory where to put the 64
- *                  bits unsigned integer in.
- * \param   offset  Offset from \p base where to put the least significant
- *                  byte of the 64 bits unsigned integer \p n.
- */
-#ifndef MBEDTLS_PUT_UINT64_LE
-#define MBEDTLS_PUT_UINT64_LE( n, data, offset )                \
-{                                                               \
-    ( data )[( offset )    ] = MBEDTLS_BYTE_0( n );             \
-    ( data )[( offset ) + 1] = MBEDTLS_BYTE_1( n );             \
-    ( data )[( offset ) + 2] = MBEDTLS_BYTE_2( n );             \
-    ( data )[( offset ) + 3] = MBEDTLS_BYTE_3( n );             \
-    ( data )[( offset ) + 4] = MBEDTLS_BYTE_4( n );             \
-    ( data )[( offset ) + 5] = MBEDTLS_BYTE_5( n );             \
-    ( data )[( offset ) + 6] = MBEDTLS_BYTE_6( n );             \
-    ( data )[( offset ) + 7] = MBEDTLS_BYTE_7( n );             \
-}
-#endif
-
-#endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/Sources/mbedtls/library/constant_time.c b/Sources/mbedtls/library/constant_time.c
deleted file mode 100644
index 2401b04..0000000
--- a/Sources/mbedtls/library/constant_time.c
+++ /dev/null
@@ -1,831 +0,0 @@
-/**
- *  Constant-time functions
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
- /*
- * The following functions are implemented without using comparison operators, as those
- * might be translated to branches by some compilers on some platforms.
- */
-
-#include "common.h"
-#include "constant_time_internal.h"
-#include "mbedtls/constant_time.h"
-#include "mbedtls/error.h"
-#include "mbedtls/platform_util.h"
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C)
-#include "mbedtls/ssl_internal.h"
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-
-#if defined(MBEDTLS_BASE64_C)
-#include "constant_time_invasive.h"
-#endif
-
-#include <string.h>
-
-int mbedtls_ct_memcmp( const void *a,
-                       const void *b,
-                       size_t n )
-{
-    size_t i;
-    volatile const unsigned char *A = (volatile const unsigned char *) a;
-    volatile const unsigned char *B = (volatile const unsigned char *) b;
-    volatile unsigned char diff = 0;
-
-    for( i = 0; i < n; i++ )
-    {
-        /* Read volatile data in order before computing diff.
-         * This avoids IAR compiler warning:
-         * 'the order of volatile accesses is undefined ..' */
-        unsigned char x = A[i], y = B[i];
-        diff |= x ^ y;
-    }
-
-    return( (int)diff );
-}
-
-unsigned mbedtls_ct_uint_mask( unsigned value )
-{
-    /* MSVC has a warning about unary minus on unsigned, but this is
-     * well-defined and precisely what we want to do here */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-    return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-}
-
-#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
-
-size_t mbedtls_ct_size_mask( size_t value )
-{
-    /* MSVC has a warning about unary minus on unsigned integer types,
-     * but this is well-defined and precisely what we want to do here. */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-    return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-}
-
-#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value )
-{
-    /* MSVC has a warning about unary minus on unsigned, but this is
-     * well-defined and precisely what we want to do here */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-    return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-}
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
-
-/** Constant-flow mask generation for "less than" comparison:
- * - if \p x < \p y, return all-bits 1, that is (size_t) -1
- * - otherwise, return all bits 0, that is 0
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
- *
- * \param x     The first value to analyze.
- * \param y     The second value to analyze.
- *
- * \return      All-bits-one if \p x is less than \p y, otherwise zero.
- */
-static size_t mbedtls_ct_size_mask_lt( size_t x,
-                                       size_t y )
-{
-    /* This has the most significant bit set if and only if x < y */
-    const size_t sub = x - y;
-
-    /* sub1 = (x < y) ? 1 : 0 */
-    const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 );
-
-    /* mask = (x < y) ? 0xff... : 0x00... */
-    const size_t mask = mbedtls_ct_size_mask( sub1 );
-
-    return( mask );
-}
-
-size_t mbedtls_ct_size_mask_ge( size_t x,
-                                size_t y )
-{
-    return( ~mbedtls_ct_size_mask_lt( x, y ) );
-}
-
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
-
-#if defined(MBEDTLS_BASE64_C)
-
-/* Return 0xff if low <= c <= high, 0 otherwise.
- *
- * Constant flow with respect to c.
- */
-MBEDTLS_STATIC_TESTABLE
-unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low,
-                                              unsigned char high,
-                                              unsigned char c )
-{
-    /* low_mask is: 0 if low <= c, 0x...ff if low > c */
-    unsigned low_mask = ( (unsigned) c - low ) >> 8;
-    /* high_mask is: 0 if c <= high, 0x...ff if c > high */
-    unsigned high_mask = ( (unsigned) high - c ) >> 8;
-    return( ~( low_mask | high_mask ) & 0xff );
-}
-
-#endif /* MBEDTLS_BASE64_C */
-
-unsigned mbedtls_ct_size_bool_eq( size_t x,
-                                  size_t y )
-{
-    /* diff = 0 if x == y, non-zero otherwise */
-    const size_t diff = x ^ y;
-
-    /* MSVC has a warning about unary minus on unsigned integer types,
-     * but this is well-defined and precisely what we want to do here. */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-
-    /* diff_msb's most significant bit is equal to x != y */
-    const size_t diff_msb = ( diff | (size_t) -diff );
-
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-
-    /* diff1 = (x != y) ? 1 : 0 */
-    const unsigned diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 );
-
-    return( 1 ^ diff1 );
-}
-
-#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
-
-/** Constant-flow "greater than" comparison:
- * return x > y
- *
- * This is equivalent to \p x > \p y, but is likely to be compiled
- * to code using bitwise operation rather than a branch.
- *
- * \param x     The first value to analyze.
- * \param y     The second value to analyze.
- *
- * \return      1 if \p x greater than \p y, otherwise 0.
- */
-static unsigned mbedtls_ct_size_gt( size_t x,
-                                    size_t y )
-{
-    /* Return the sign bit (1 for negative) of (y - x). */
-    return( ( y - x ) >> ( sizeof( size_t ) * 8 - 1 ) );
-}
-
-#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x,
-                                 const mbedtls_mpi_uint y )
-{
-    mbedtls_mpi_uint ret;
-    mbedtls_mpi_uint cond;
-
-    /*
-     * Check if the most significant bits (MSB) of the operands are different.
-     */
-    cond = ( x ^ y );
-    /*
-     * If the MSB are the same then the difference x-y will be negative (and
-     * have its MSB set to 1 during conversion to unsigned) if and only if x<y.
-     */
-    ret = ( x - y ) & ~cond;
-    /*
-     * If the MSB are different, then the operand with the MSB of 1 is the
-     * bigger. (That is if y has MSB of 1, then x<y is true and it is false if
-     * the MSB of y is 0.)
-     */
-    ret |= y & cond;
-
-
-    ret = ret >> ( sizeof( mbedtls_mpi_uint ) * 8 - 1 );
-
-    return (unsigned) ret;
-}
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-unsigned mbedtls_ct_uint_if( unsigned condition,
-                             unsigned if1,
-                             unsigned if0 )
-{
-    unsigned mask = mbedtls_ct_uint_mask( condition );
-    return( ( mask & if1 ) | (~mask & if0 ) );
-}
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-/** Select between two sign values without branches.
- *
- * This is functionally equivalent to `condition ? if1 : if0` but uses only bit
- * operations in order to avoid branches.
- *
- * \note if1 and if0 must be either 1 or -1, otherwise the result
- *       is undefined.
- *
- * \param condition     Condition to test; must be either 0 or 1.
- * \param if1           The first sign; must be either +1 or -1.
- * \param if0           The second sign; must be either +1 or -1.
- *
- * \return  \c if1 if \p condition is nonzero, otherwise \c if0.
- * */
-static int mbedtls_ct_cond_select_sign( unsigned char condition,
-                                        int if1,
-                                        int if0 )
-{
-    /* In order to avoid questions about what we can reasonably assume about
-     * the representations of signed integers, move everything to unsigned
-     * by taking advantage of the fact that if1 and if0 are either +1 or -1. */
-    unsigned uif1 = if1 + 1;
-    unsigned uif0 = if0 + 1;
-
-    /* condition was 0 or 1, mask is 0 or 2 as are uif1 and uif0 */
-    const unsigned mask = condition << 1;
-
-    /* select uif1 or uif0 */
-    unsigned ur = ( uif0 & ~mask ) | ( uif1 & mask );
-
-    /* ur is now 0 or 2, convert back to -1 or +1 */
-    return( (int) ur - 1 );
-}
-
-void mbedtls_ct_mpi_uint_cond_assign( size_t n,
-                                      mbedtls_mpi_uint *dest,
-                                      const mbedtls_mpi_uint *src,
-                                      unsigned char condition )
-{
-    size_t i;
-
-    /* MSVC has a warning about unary minus on unsigned integer types,
-     * but this is well-defined and precisely what we want to do here. */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-
-    /* all-bits 1 if condition is 1, all-bits 0 if condition is 0 */
-    const mbedtls_mpi_uint mask = -condition;
-
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-
-    for( i = 0; i < n; i++ )
-        dest[i] = ( src[i] & mask ) | ( dest[i] & ~mask );
-}
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-#if defined(MBEDTLS_BASE64_C)
-
-unsigned char mbedtls_ct_base64_enc_char( unsigned char value )
-{
-    unsigned char digit = 0;
-    /* For each range of values, if value is in that range, mask digit with
-     * the corresponding value. Since value can only be in a single range,
-     * only at most one masking will change digit. */
-    digit |= mbedtls_ct_uchar_mask_of_range(  0, 25, value ) & ( 'A' + value );
-    digit |= mbedtls_ct_uchar_mask_of_range( 26, 51, value ) & ( 'a' + value - 26 );
-    digit |= mbedtls_ct_uchar_mask_of_range( 52, 61, value ) & ( '0' + value - 52 );
-    digit |= mbedtls_ct_uchar_mask_of_range( 62, 62, value ) & '+';
-    digit |= mbedtls_ct_uchar_mask_of_range( 63, 63, value ) & '/';
-    return( digit );
-}
-
-signed char mbedtls_ct_base64_dec_value( unsigned char c )
-{
-    unsigned char val = 0;
-    /* For each range of digits, if c is in that range, mask val with
-     * the corresponding value. Since c can only be in a single range,
-     * only at most one masking will change val. Set val to one plus
-     * the desired value so that it stays 0 if c is in none of the ranges. */
-    val |= mbedtls_ct_uchar_mask_of_range( 'A', 'Z', c ) & ( c - 'A' +  0 + 1 );
-    val |= mbedtls_ct_uchar_mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 );
-    val |= mbedtls_ct_uchar_mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 );
-    val |= mbedtls_ct_uchar_mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 );
-    val |= mbedtls_ct_uchar_mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 );
-    /* At this point, val is 0 if c is an invalid digit and v+1 if c is
-     * a digit with the value v. */
-    return( val - 1 );
-}
-
-#endif /* MBEDTLS_BASE64_C */
-
-#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
-
-/** Shift some data towards the left inside a buffer.
- *
- * `mbedtls_ct_mem_move_to_left(start, total, offset)` is functionally
- * equivalent to
- * ```
- * memmove(start, start + offset, total - offset);
- * memset(start + offset, 0, total - offset);
- * ```
- * but it strives to use a memory access pattern (and thus total timing)
- * that does not depend on \p offset. This timing independence comes at
- * the expense of performance.
- *
- * \param start     Pointer to the start of the buffer.
- * \param total     Total size of the buffer.
- * \param offset    Offset from which to copy \p total - \p offset bytes.
- */
-static void mbedtls_ct_mem_move_to_left( void *start,
-                                         size_t total,
-                                         size_t offset )
-{
-    volatile unsigned char *buf = start;
-    size_t i, n;
-    if( total == 0 )
-        return;
-    for( i = 0; i < total; i++ )
-    {
-        unsigned no_op = mbedtls_ct_size_gt( total - offset, i );
-        /* The first `total - offset` passes are a no-op. The last
-         * `offset` passes shift the data one byte to the left and
-         * zero out the last byte. */
-        for( n = 0; n < total - 1; n++ )
-        {
-            unsigned char current = buf[n];
-            unsigned char next = buf[n+1];
-            buf[n] = mbedtls_ct_uint_if( no_op, current, next );
-        }
-        buf[total-1] = mbedtls_ct_uint_if( no_op, buf[total-1], 0 );
-    }
-}
-
-#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
-
-#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
-void mbedtls_ct_memcpy_if_eq( unsigned char *dest,
-                              const unsigned char *src,
-                              size_t len,
-                              size_t c1,
-                              size_t c2 )
-{
-    /* mask = c1 == c2 ? 0xff : 0x00 */
-    const size_t equal = mbedtls_ct_size_bool_eq( c1, c2 );
-    const unsigned char mask = (unsigned char) mbedtls_ct_size_mask( equal );
-
-    /* dest[i] = c1 == c2 ? src[i] : dest[i] */
-    for( size_t i = 0; i < len; i++ )
-        dest[i] = ( src[i] & mask ) | ( dest[i] & ~mask );
-}
-
-void mbedtls_ct_memcpy_offset( unsigned char *dest,
-                               const unsigned char *src,
-                               size_t offset,
-                               size_t offset_min,
-                               size_t offset_max,
-                               size_t len )
-{
-    size_t offsetval;
-
-    for( offsetval = offset_min; offsetval <= offset_max; offsetval++ )
-    {
-        mbedtls_ct_memcpy_if_eq( dest, src + offsetval, len,
-                                 offsetval, offset );
-    }
-}
-
-int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
-                     const unsigned char *add_data,
-                     size_t add_data_len,
-                     const unsigned char *data,
-                     size_t data_len_secret,
-                     size_t min_data_len,
-                     size_t max_data_len,
-                     unsigned char *output )
-{
-    /*
-     * This function breaks the HMAC abstraction and uses the md_clone()
-     * extension to the MD API in order to get constant-flow behaviour.
-     *
-     * HMAC(msg) is defined as HASH(okey + HASH(ikey + msg)) where + means
-     * concatenation, and okey/ikey are the XOR of the key with some fixed bit
-     * patterns (see RFC 2104, sec. 2), which are stored in ctx->hmac_ctx.
-     *
-     * We'll first compute inner_hash = HASH(ikey + msg) by hashing up to
-     * minlen, then cloning the context, and for each byte up to maxlen
-     * finishing up the hash computation, keeping only the correct result.
-     *
-     * Then we only need to compute HASH(okey + inner_hash) and we're done.
-     */
-    const mbedtls_md_type_t md_alg = mbedtls_md_get_type( ctx->md_info );
-    /* TLS 1.0-1.2 only support SHA-384, SHA-256, SHA-1, MD-5,
-     * all of which have the same block size except SHA-384. */
-    const size_t block_size = md_alg == MBEDTLS_MD_SHA384 ? 128 : 64;
-    const unsigned char * const ikey = ctx->hmac_ctx;
-    const unsigned char * const okey = ikey + block_size;
-    const size_t hash_size = mbedtls_md_get_size( ctx->md_info );
-
-    unsigned char aux_out[MBEDTLS_MD_MAX_SIZE];
-    mbedtls_md_context_t aux;
-    size_t offset;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    mbedtls_md_init( &aux );
-
-#define MD_CHK( func_call ) \
-    do {                    \
-        ret = (func_call);  \
-        if( ret != 0 )      \
-            goto cleanup;   \
-    } while( 0 )
-
-    MD_CHK( mbedtls_md_setup( &aux, ctx->md_info, 0 ) );
-
-    /* After hmac_start() of hmac_reset(), ikey has already been hashed,
-     * so we can start directly with the message */
-    MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) );
-    MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) );
-
-    /* Fill the hash buffer in advance with something that is
-     * not a valid hash (barring an attack on the hash and
-     * deliberately-crafted input), in case the caller doesn't
-     * check the return status properly. */
-    memset( output, '!', hash_size );
-
-    /* For each possible length, compute the hash up to that point */
-    for( offset = min_data_len; offset <= max_data_len; offset++ )
-    {
-        MD_CHK( mbedtls_md_clone( &aux, ctx ) );
-        MD_CHK( mbedtls_md_finish( &aux, aux_out ) );
-        /* Keep only the correct inner_hash in the output buffer */
-        mbedtls_ct_memcpy_if_eq( output, aux_out, hash_size,
-                                 offset, data_len_secret );
-
-        if( offset < max_data_len )
-            MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
-    }
-
-    /* The context needs to finish() before it starts() again */
-    MD_CHK( mbedtls_md_finish( ctx, aux_out ) );
-
-    /* Now compute HASH(okey + inner_hash) */
-    MD_CHK( mbedtls_md_starts( ctx ) );
-    MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );
-    MD_CHK( mbedtls_md_update( ctx, output, hash_size ) );
-    MD_CHK( mbedtls_md_finish( ctx, output ) );
-
-    /* Done, get ready for next time */
-    MD_CHK( mbedtls_md_hmac_reset( ctx ) );
-
-#undef MD_CHK
-
-cleanup:
-    mbedtls_md_free( &aux );
-    return( ret );
-}
-
-#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-#define MPI_VALIDATE_RET( cond )                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA )
-
-/*
- * Conditionally assign X = Y, without leaking information
- * about whether the assignment was made or not.
- * (Leaking information about the respective sizes of X and Y is ok however.)
- */
-#if defined(_MSC_VER) && defined(_M_ARM64) && (_MSC_FULL_VER < 193131103)
-/*
- * MSVC miscompiles this function if it's inlined prior to Visual Studio 2022 version 17.1. See:
- * https://developercommunity.visualstudio.com/t/c-compiler-miscompiles-part-of-mbedtls-library-on/1646989
- */
-__declspec(noinline)
-#endif
-int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X,
-                                  const mbedtls_mpi *Y,
-                                  unsigned char assign )
-{
-    int ret = 0;
-    size_t i;
-    mbedtls_mpi_uint limb_mask;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( Y != NULL );
-
-    /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */
-    limb_mask = mbedtls_ct_mpi_uint_mask( assign );;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
-
-    X->s = mbedtls_ct_cond_select_sign( assign, Y->s, X->s );
-
-    mbedtls_ct_mpi_uint_cond_assign( Y->n, X->p, Y->p, assign );
-
-    for( i = Y->n; i < X->n; i++ )
-        X->p[i] &= ~limb_mask;
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Conditionally swap X and Y, without leaking information
- * about whether the swap was made or not.
- * Here it is not ok to simply swap the pointers, which would lead to
- * different memory access patterns when X and Y are used afterwards.
- */
-int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X,
-                                mbedtls_mpi *Y,
-                                unsigned char swap )
-{
-    int ret, s;
-    size_t i;
-    mbedtls_mpi_uint limb_mask;
-    mbedtls_mpi_uint tmp;
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( Y != NULL );
-
-    if( X == Y )
-        return( 0 );
-
-    /* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */
-    limb_mask = mbedtls_ct_mpi_uint_mask( swap );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) );
-
-    s = X->s;
-    X->s = mbedtls_ct_cond_select_sign( swap, Y->s, X->s );
-    Y->s = mbedtls_ct_cond_select_sign( swap, s, Y->s );
-
-
-    for( i = 0; i < X->n; i++ )
-    {
-        tmp = X->p[i];
-        X->p[i] = ( X->p[i] & ~limb_mask ) | ( Y->p[i] & limb_mask );
-        Y->p[i] = ( Y->p[i] & ~limb_mask ) | (     tmp & limb_mask );
-    }
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Compare signed values in constant time
- */
-int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X,
-                           const mbedtls_mpi *Y,
-                           unsigned *ret )
-{
-    size_t i;
-    /* The value of any of these variables is either 0 or 1 at all times. */
-    unsigned cond, done, X_is_negative, Y_is_negative;
-
-    MPI_VALIDATE_RET( X != NULL );
-    MPI_VALIDATE_RET( Y != NULL );
-    MPI_VALIDATE_RET( ret != NULL );
-
-    if( X->n != Y->n )
-        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-
-    /*
-     * Set sign_N to 1 if N >= 0, 0 if N < 0.
-     * We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0.
-     */
-    X_is_negative = ( X->s & 2 ) >> 1;
-    Y_is_negative = ( Y->s & 2 ) >> 1;
-
-    /*
-     * If the signs are different, then the positive operand is the bigger.
-     * That is if X is negative (X_is_negative == 1), then X < Y is true and it
-     * is false if X is positive (X_is_negative == 0).
-     */
-    cond = ( X_is_negative ^ Y_is_negative );
-    *ret = cond & X_is_negative;
-
-    /*
-     * This is a constant-time function. We might have the result, but we still
-     * need to go through the loop. Record if we have the result already.
-     */
-    done = cond;
-
-    for( i = X->n; i > 0; i-- )
-    {
-        /*
-         * If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both
-         * X and Y are negative.
-         *
-         * Again even if we can make a decision, we just mark the result and
-         * the fact that we are done and continue looping.
-         */
-        cond = mbedtls_ct_mpi_uint_lt( Y->p[i - 1], X->p[i - 1] );
-        *ret |= cond & ( 1 - done ) & X_is_negative;
-        done |= cond;
-
-        /*
-         * If X->p[i - 1] < Y->p[i - 1] then X < Y is true if and only if both
-         * X and Y are positive.
-         *
-         * Again even if we can make a decision, we just mark the result and
-         * the fact that we are done and continue looping.
-         */
-        cond = mbedtls_ct_mpi_uint_lt( X->p[i - 1], Y->p[i - 1] );
-        *ret |= cond & ( 1 - done ) & ( 1 - X_is_negative );
-        done |= cond;
-    }
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
-
-int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
-                                          unsigned char *input,
-                                          size_t ilen,
-                                          unsigned char *output,
-                                          size_t output_max_len,
-                                          size_t *olen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i, plaintext_max_size;
-
-    /* The following variables take sensitive values: their value must
-     * not leak into the observable behavior of the function other than
-     * the designated outputs (output, olen, return value). Otherwise
-     * this would open the execution of the function to
-     * side-channel-based variants of the Bleichenbacher padding oracle
-     * attack. Potential side channels include overall timing, memory
-     * access patterns (especially visible to an adversary who has access
-     * to a shared memory cache), and branches (especially visible to
-     * an adversary who has access to a shared code cache or to a shared
-     * branch predictor). */
-    size_t pad_count = 0;
-    unsigned bad = 0;
-    unsigned char pad_done = 0;
-    size_t plaintext_size = 0;
-    unsigned output_too_large;
-
-    plaintext_max_size = ( output_max_len > ilen - 11 ) ? ilen - 11
-                                                        : output_max_len;
-
-    /* Check and get padding length in constant time and constant
-     * memory trace. The first byte must be 0. */
-    bad |= input[0];
-
-    if( mode == MBEDTLS_RSA_PRIVATE )
-    {
-        /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
-         * where PS must be at least 8 nonzero bytes. */
-        bad |= input[1] ^ MBEDTLS_RSA_CRYPT;
-
-        /* Read the whole buffer. Set pad_done to nonzero if we find
-         * the 0x00 byte and remember the padding length in pad_count. */
-        for( i = 2; i < ilen; i++ )
-        {
-            pad_done  |= ((input[i] | (unsigned char)-input[i]) >> 7) ^ 1;
-            pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
-        }
-    }
-    else
-    {
-        /* Decode EMSA-PKCS1-v1_5 padding: 0x00 || 0x01 || PS || 0x00
-         * where PS must be at least 8 bytes with the value 0xFF. */
-        bad |= input[1] ^ MBEDTLS_RSA_SIGN;
-
-        /* Read the whole buffer. Set pad_done to nonzero if we find
-         * the 0x00 byte and remember the padding length in pad_count.
-         * If there's a non-0xff byte in the padding, the padding is bad. */
-        for( i = 2; i < ilen; i++ )
-        {
-            pad_done |= mbedtls_ct_uint_if( input[i], 0, 1 );
-            pad_count += mbedtls_ct_uint_if( pad_done, 0, 1 );
-            bad |= mbedtls_ct_uint_if( pad_done, 0, input[i] ^ 0xFF );
-        }
-    }
-
-    /* If pad_done is still zero, there's no data, only unfinished padding. */
-    bad |= mbedtls_ct_uint_if( pad_done, 0, 1 );
-
-    /* There must be at least 8 bytes of padding. */
-    bad |= mbedtls_ct_size_gt( 8, pad_count );
-
-    /* If the padding is valid, set plaintext_size to the number of
-     * remaining bytes after stripping the padding. If the padding
-     * is invalid, avoid leaking this fact through the size of the
-     * output: use the maximum message size that fits in the output
-     * buffer. Do it without branches to avoid leaking the padding
-     * validity through timing. RSA keys are small enough that all the
-     * size_t values involved fit in unsigned int. */
-    plaintext_size = mbedtls_ct_uint_if(
-                        bad, (unsigned) plaintext_max_size,
-                        (unsigned) ( ilen - pad_count - 3 ) );
-
-    /* Set output_too_large to 0 if the plaintext fits in the output
-     * buffer and to 1 otherwise. */
-    output_too_large = mbedtls_ct_size_gt( plaintext_size,
-                                           plaintext_max_size );
-
-    /* Set ret without branches to avoid timing attacks. Return:
-     * - INVALID_PADDING if the padding is bad (bad != 0).
-     * - OUTPUT_TOO_LARGE if the padding is good but the decrypted
-     *   plaintext does not fit in the output buffer.
-     * - 0 if the padding is correct. */
-    ret = - (int) mbedtls_ct_uint_if(
-                    bad, - MBEDTLS_ERR_RSA_INVALID_PADDING,
-                    mbedtls_ct_uint_if( output_too_large,
-                                        - MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE,
-                                        0 ) );
-
-    /* If the padding is bad or the plaintext is too large, zero the
-     * data that we're about to copy to the output buffer.
-     * We need to copy the same amount of data
-     * from the same buffer whether the padding is good or not to
-     * avoid leaking the padding validity through overall timing or
-     * through memory or cache access patterns. */
-    bad = mbedtls_ct_uint_mask( bad | output_too_large );
-    for( i = 11; i < ilen; i++ )
-        input[i] &= ~bad;
-
-    /* If the plaintext is too large, truncate it to the buffer size.
-     * Copy anyway to avoid revealing the length through timing, because
-     * revealing the length is as bad as revealing the padding validity
-     * for a Bleichenbacher attack. */
-    plaintext_size = mbedtls_ct_uint_if( output_too_large,
-                                         (unsigned) plaintext_max_size,
-                                         (unsigned) plaintext_size );
-
-    /* Move the plaintext to the leftmost position where it can start in
-     * the working buffer, i.e. make it start plaintext_max_size from
-     * the end of the buffer. Do this with a memory access trace that
-     * does not depend on the plaintext size. After this move, the
-     * starting location of the plaintext is no longer sensitive
-     * information. */
-    mbedtls_ct_mem_move_to_left( input + ilen - plaintext_max_size,
-                                 plaintext_max_size,
-                                 plaintext_max_size - plaintext_size );
-
-    /* Finally copy the decrypted plaintext plus trailing zeros into the output
-     * buffer. If output_max_len is 0, then output may be an invalid pointer
-     * and the result of memcpy() would be undefined; prevent undefined
-     * behavior making sure to depend only on output_max_len (the size of the
-     * user-provided output buffer), which is independent from plaintext
-     * length, validity of padding, success of the decryption, and other
-     * secrets. */
-    if( output_max_len != 0 )
-        memcpy( output, input + ilen - plaintext_max_size, plaintext_max_size );
-
-    /* Report the amount of data we copied to the output buffer. In case
-     * of errors (bad padding or output too large), the value of *olen
-     * when this function returns is not specified. Making it equivalent
-     * to the good case limits the risks of leaking the padding validity. */
-    *olen = plaintext_size;
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
diff --git a/Sources/mbedtls/library/constant_time_internal.h b/Sources/mbedtls/library/constant_time_internal.h
deleted file mode 100644
index ff2d0ff..0000000
--- a/Sources/mbedtls/library/constant_time_internal.h
+++ /dev/null
@@ -1,335 +0,0 @@
-/**
- *  Constant-time functions
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_CONSTANT_TIME_INTERNAL_H
-#define MBEDTLS_CONSTANT_TIME_INTERNAL_H
-
-#include "common.h"
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C)
-#include "mbedtls/ssl_internal.h"
-#endif
-
-#include <stddef.h>
-
-/** Turn a value into a mask:
- * - if \p value == 0, return the all-bits 0 mask, aka 0
- * - otherwise, return the all-bits 1 mask, aka (unsigned) -1
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
- *
- * \param value     The value to analyze.
- *
- * \return          Zero if \p value is zero, otherwise all-bits-one.
- */
-unsigned mbedtls_ct_uint_mask( unsigned value );
-
-#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
-
-/** Turn a value into a mask:
- * - if \p value == 0, return the all-bits 0 mask, aka 0
- * - otherwise, return the all-bits 1 mask, aka (size_t) -1
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
- *
- * \param value     The value to analyze.
- *
- * \return          Zero if \p value is zero, otherwise all-bits-one.
- */
-size_t mbedtls_ct_size_mask( size_t value );
-
-#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-/** Turn a value into a mask:
- * - if \p value == 0, return the all-bits 0 mask, aka 0
- * - otherwise, return the all-bits 1 mask, aka (mbedtls_mpi_uint) -1
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
- *
- * \param value     The value to analyze.
- *
- * \return          Zero if \p value is zero, otherwise all-bits-one.
- */
-mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value );
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
-
-/** Constant-flow mask generation for "greater or equal" comparison:
- * - if \p x >= \p y, return all-bits 1, that is (size_t) -1
- * - otherwise, return all bits 0, that is 0
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
- *
- * \param x     The first value to analyze.
- * \param y     The second value to analyze.
- *
- * \return      All-bits-one if \p x is greater or equal than \p y,
- *              otherwise zero.
- */
-size_t mbedtls_ct_size_mask_ge( size_t x,
-                                size_t y );
-
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
-
-/** Constant-flow boolean "equal" comparison:
- * return x == y
- *
- * This is equivalent to \p x == \p y, but is likely to be compiled
- * to code using bitwise operation rather than a branch.
- *
- * \param x     The first value to analyze.
- * \param y     The second value to analyze.
- *
- * \return      1 if \p x equals to \p y, otherwise 0.
- */
-unsigned mbedtls_ct_size_bool_eq( size_t x,
-                                  size_t y );
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-/** Decide if an integer is less than the other, without branches.
- *
- * This is equivalent to \p x < \p y, but is likely to be compiled
- * to code using bitwise operation rather than a branch.
- *
- * \param x     The first value to analyze.
- * \param y     The second value to analyze.
- *
- * \return      1 if \p x is less than \p y, otherwise 0.
- */
-unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x,
-                                 const mbedtls_mpi_uint y );
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-/** Choose between two integer values without branches.
- *
- * This is equivalent to `condition ? if1 : if0`, but is likely to be compiled
- * to code using bitwise operation rather than a branch.
- *
- * \param condition     Condition to test.
- * \param if1           Value to use if \p condition is nonzero.
- * \param if0           Value to use if \p condition is zero.
- *
- * \return  \c if1 if \p condition is nonzero, otherwise \c if0.
- */
-unsigned mbedtls_ct_uint_if( unsigned condition,
-                             unsigned if1,
-                             unsigned if0 );
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-/** Conditionally assign a value without branches.
- *
- * This is equivalent to `if ( condition ) dest = src`, but is likely
- * to be compiled to code using bitwise operation rather than a branch.
- *
- * \param n             \p dest and \p src must be arrays of limbs of size n.
- * \param dest          The MPI to conditionally assign to. This must point
- *                      to an initialized MPI.
- * \param src           The MPI to be assigned from. This must point to an
- *                      initialized MPI.
- * \param condition     Condition to test, must be 0 or 1.
- */
-void mbedtls_ct_mpi_uint_cond_assign( size_t n,
-                                      mbedtls_mpi_uint *dest,
-                                      const mbedtls_mpi_uint *src,
-                                      unsigned char condition );
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-#if defined(MBEDTLS_BASE64_C)
-
-/** Given a value in the range 0..63, return the corresponding Base64 digit.
- *
- * The implementation assumes that letters are consecutive (e.g. ASCII
- * but not EBCDIC).
- *
- * \param value     A value in the range 0..63.
- *
- * \return          A base64 digit converted from \p value.
- */
-unsigned char mbedtls_ct_base64_enc_char( unsigned char value );
-
-/** Given a Base64 digit, return its value.
- *
- * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'),
- * return -1.
- *
- * The implementation assumes that letters are consecutive (e.g. ASCII
- * but not EBCDIC).
- *
- * \param c     A base64 digit.
- *
- * \return      The value of the base64 digit \p c.
- */
-signed char mbedtls_ct_base64_dec_value( unsigned char c );
-
-#endif /* MBEDTLS_BASE64_C */
-
-#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
-
-/** Conditional memcpy without branches.
- *
- * This is equivalent to `if ( c1 == c2 ) memcpy(dest, src, len)`, but is likely
- * to be compiled to code using bitwise operation rather than a branch.
- *
- * \param dest      The pointer to conditionally copy to.
- * \param src       The pointer to copy from. Shouldn't overlap with \p dest.
- * \param len       The number of bytes to copy.
- * \param c1        The first value to analyze in the condition.
- * \param c2        The second value to analyze in the condition.
- */
-void mbedtls_ct_memcpy_if_eq( unsigned char *dest,
-                              const unsigned char *src,
-                              size_t len,
-                              size_t c1, size_t c2 );
-
-/** Copy data from a secret position with constant flow.
- *
- * This function copies \p len bytes from \p src_base + \p offset_secret to \p
- * dst, with a code flow and memory access pattern that does not depend on \p
- * offset_secret, but only on \p offset_min, \p offset_max and \p len.
- * Functionally equivalent to `memcpy(dst, src + offset_secret, len)`.
- *
- * \note                This function reads from \p dest, but the value that
- *                      is read does not influence the result and this
- *                      function's behavior is well-defined regardless of the
- *                      contents of the buffers. This may result in false
- *                      positives from static or dynamic analyzers, especially
- *                      if \p dest is not initialized.
- *
- * \param dest          The destination buffer. This must point to a writable
- *                      buffer of at least \p len bytes.
- * \param src           The base of the source buffer. This must point to a
- *                      readable buffer of at least \p offset_max + \p len
- *                      bytes. Shouldn't overlap with \p dest.
- * \param offset        The offset in the source buffer from which to copy.
- *                      This must be no less than \p offset_min and no greater
- *                      than \p offset_max.
- * \param offset_min    The minimal value of \p offset.
- * \param offset_max    The maximal value of \p offset.
- * \param len           The number of bytes to copy.
- */
-void mbedtls_ct_memcpy_offset( unsigned char *dest,
-                               const unsigned char *src,
-                               size_t offset,
-                               size_t offset_min,
-                               size_t offset_max,
-                               size_t len );
-
-/** Compute the HMAC of variable-length data with constant flow.
- *
- * This function computes the HMAC of the concatenation of \p add_data and \p
- * data, and does with a code flow and memory access pattern that does not
- * depend on \p data_len_secret, but only on \p min_data_len and \p
- * max_data_len. In particular, this function always reads exactly \p
- * max_data_len bytes from \p data.
- *
- * \param ctx               The HMAC context. It must have keys configured
- *                          with mbedtls_md_hmac_starts() and use one of the
- *                          following hashes: SHA-384, SHA-256, SHA-1 or MD-5.
- *                          It is reset using mbedtls_md_hmac_reset() after
- *                          the computation is complete to prepare for the
- *                          next computation.
- * \param add_data          The first part of the message whose HMAC is being
- *                          calculated. This must point to a readable buffer
- *                          of \p add_data_len bytes.
- * \param add_data_len      The length of \p add_data in bytes.
- * \param data              The buffer containing the second part of the
- *                          message. This must point to a readable buffer
- *                          of \p max_data_len bytes.
- * \param data_len_secret   The length of the data to process in \p data.
- *                          This must be no less than \p min_data_len and no
- *                          greater than \p max_data_len.
- * \param min_data_len      The minimal length of the second part of the
- *                          message, read from \p data.
- * \param max_data_len      The maximal length of the second part of the
- *                          message, read from \p data.
- * \param output            The HMAC will be written here. This must point to
- *                          a writable buffer of sufficient size to hold the
- *                          HMAC value.
- *
- * \retval 0 on success.
- * \retval #MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
- *         The hardware accelerator failed.
- */
-int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
-                     const unsigned char *add_data,
-                     size_t add_data_len,
-                     const unsigned char *data,
-                     size_t data_len_secret,
-                     size_t min_data_len,
-                     size_t max_data_len,
-                     unsigned char *output );
-
-#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
-
-#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
-
-/** This function performs the unpadding part of a PKCS#1 v1.5 decryption
- *  operation (EME-PKCS1-v1_5 decoding).
- *
- * \note The return value from this function is a sensitive value
- *       (this is unusual). #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE shouldn't happen
- *       in a well-written application, but 0 vs #MBEDTLS_ERR_RSA_INVALID_PADDING
- *       is often a situation that an attacker can provoke and leaking which
- *       one is the result is precisely the information the attacker wants.
- *
- * \param mode           The mode of operation. This must be either
- *                       #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
- * \param input          The input buffer which is the payload inside PKCS#1v1.5
- *                       encryption padding, called the "encoded message EM"
- *                       by the terminology.
- * \param ilen           The length of the payload in the \p input buffer.
- * \param output         The buffer for the payload, called "message M" by the
- *                       PKCS#1 terminology. This must be a writable buffer of
- *                       length \p output_max_len bytes.
- * \param olen           The address at which to store the length of
- *                       the payload. This must not be \c NULL.
- * \param output_max_len The length in bytes of the output buffer \p output.
- *
- * \return      \c 0 on success.
- * \return      #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE
- *              The output buffer is too small for the unpadded payload.
- * \return      #MBEDTLS_ERR_RSA_INVALID_PADDING
- *              The input doesn't contain properly formatted padding.
- */
-int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
-                                          unsigned char *input,
-                                          size_t ilen,
-                                          unsigned char *output,
-                                          size_t output_max_len,
-                                          size_t *olen );
-
-#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
-
-#endif /* MBEDTLS_CONSTANT_TIME_INTERNAL_H */
diff --git a/Sources/mbedtls/library/constant_time_invasive.h b/Sources/mbedtls/library/constant_time_invasive.h
deleted file mode 100644
index 4620ca1..0000000
--- a/Sources/mbedtls/library/constant_time_invasive.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * \file constant_time_invasive.h
- *
- * \brief Constant-time module: interfaces for invasive testing only.
- *
- * The interfaces in this file are intended for testing purposes only.
- * They SHOULD NOT be made available in library integrations except when
- * building the library for testing.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef MBEDTLS_CONSTANT_TIME_INVASIVE_H
-#define MBEDTLS_CONSTANT_TIME_INVASIVE_H
-
-#include "common.h"
-
-#if defined(MBEDTLS_TEST_HOOKS)
-
-/** Turn a value into a mask:
- * - if \p low <= \p c <= \p high,
- *   return the all-bits 1 mask, aka (unsigned) -1
- * - otherwise, return the all-bits 0 mask, aka 0
- *
- * \param low   The value to analyze.
- * \param high  The value to analyze.
- * \param c     The value to analyze.
- *
- * \return      All-bits-one if \p low <= \p c <= \p high, otherwise zero.
- */
-unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low,
-                                              unsigned char high,
-                                              unsigned char c );
-
-#endif /* MBEDTLS_TEST_HOOKS */
-
-#endif /* MBEDTLS_CONSTANT_TIME_INVASIVE_H */
diff --git a/Sources/mbedtls/library/ctr_drbg.c b/Sources/mbedtls/library/ctr_drbg.c
deleted file mode 100644
index ed31576..0000000
--- a/Sources/mbedtls/library/ctr_drbg.c
+++ /dev/null
@@ -1,891 +0,0 @@
-/*
- *  CTR_DRBG implementation based on AES-256 (NIST SP 800-90)
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The NIST SP 800-90 DRBGs are described in the following publication.
- *
- *  http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#endif
-
-#include "mbedtls/platform.h"
-
-/*
- * CTR_DRBG context initialization
- */
-void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_ctr_drbg_context ) );
-    /* Indicate that the entropy nonce length is not set explicitly.
-     * See mbedtls_ctr_drbg_set_nonce_len(). */
-    ctx->reseed_counter = -1;
-
-    ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
-}
-
-/*
- *  This function resets CTR_DRBG context to the state immediately
- *  after initial call of mbedtls_ctr_drbg_init().
- */
-void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-#if defined(MBEDTLS_THREADING_C)
-    /* The mutex is initialized iff f_entropy is set. */
-    if( ctx->f_entropy != NULL )
-        mbedtls_mutex_free( &ctx->mutex );
-#endif
-    mbedtls_aes_free( &ctx->aes_ctx );
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) );
-    ctx->reseed_interval = MBEDTLS_CTR_DRBG_RESEED_INTERVAL;
-    ctx->reseed_counter = -1;
-}
-
-void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
-                                                 int resistance )
-{
-    ctx->prediction_resistance = resistance;
-}
-
-void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
-                                       size_t len )
-{
-    ctx->entropy_len = len;
-}
-
-int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
-                                    size_t len )
-{
-    /* If mbedtls_ctr_drbg_seed() has already been called, it's
-     * too late. Return the error code that's closest to making sense. */
-    if( ctx->f_entropy != NULL )
-        return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
-
-    if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
-#if SIZE_MAX > INT_MAX
-    /* This shouldn't be an issue because
-     * MBEDTLS_CTR_DRBG_MAX_SEED_INPUT < INT_MAX in any sensible
-     * configuration, but make sure anyway. */
-    if( len > INT_MAX )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
-#endif
-
-    /* For backward compatibility with Mbed TLS <= 2.19, store the
-     * entropy nonce length in a field that already exists, but isn't
-     * used until after the initial seeding. */
-    /* Due to the capping of len above, the value fits in an int. */
-    ctx->reseed_counter = (int) len;
-    return( 0 );
-}
-
-void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
-                                           int interval )
-{
-    ctx->reseed_interval = interval;
-}
-
-static int block_cipher_df( unsigned char *output,
-                            const unsigned char *data, size_t data_len )
-{
-    unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
-                      MBEDTLS_CTR_DRBG_BLOCKSIZE + 16];
-    unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
-    unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
-    unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE];
-    unsigned char *p, *iv;
-    mbedtls_aes_context aes_ctx;
-    int ret = 0;
-
-    int i, j;
-    size_t buf_len, use_len;
-
-    if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
-
-    memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
-            MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 );
-    mbedtls_aes_init( &aes_ctx );
-
-    /*
-     * Construct IV (16 bytes) and S in buffer
-     * IV = Counter (in 32-bits) padded to 16 with zeroes
-     * S = Length input string (in 32-bits) || Length of output (in 32-bits) ||
-     *     data || 0x80
-     *     (Total is padded to a multiple of 16-bytes with zeroes)
-     */
-    p = buf + MBEDTLS_CTR_DRBG_BLOCKSIZE;
-    MBEDTLS_PUT_UINT32_BE( data_len, p, 0);
-    p += 4 + 3;
-    *p++ = MBEDTLS_CTR_DRBG_SEEDLEN;
-    memcpy( p, data, data_len );
-    p[data_len] = 0x80;
-
-    buf_len = MBEDTLS_CTR_DRBG_BLOCKSIZE + 8 + data_len + 1;
-
-    for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ )
-        key[i] = i;
-
-    if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, key,
-                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
-    {
-        goto exit;
-    }
-
-    /*
-     * Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data
-     */
-    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
-    {
-        p = buf;
-        memset( chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE );
-        use_len = buf_len;
-
-        while( use_len > 0 )
-        {
-            for( i = 0; i < MBEDTLS_CTR_DRBG_BLOCKSIZE; i++ )
-                chain[i] ^= p[i];
-            p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
-            use_len -= ( use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE ) ?
-                       MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
-
-            if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT,
-                                               chain, chain ) ) != 0 )
-            {
-                goto exit;
-            }
-        }
-
-        memcpy( tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE );
-
-        /*
-         * Update IV
-         */
-        buf[3]++;
-    }
-
-    /*
-     * Do final encryption with reduced data
-     */
-    if( ( ret = mbedtls_aes_setkey_enc( &aes_ctx, tmp,
-                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
-    {
-        goto exit;
-    }
-    iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE;
-    p = output;
-
-    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
-    {
-        if( ( ret = mbedtls_aes_crypt_ecb( &aes_ctx, MBEDTLS_AES_ENCRYPT,
-                                           iv, iv ) ) != 0 )
-        {
-            goto exit;
-        }
-        memcpy( p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE );
-        p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
-    }
-exit:
-    mbedtls_aes_free( &aes_ctx );
-    /*
-    * tidy up the stack
-    */
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-    mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
-    mbedtls_platform_zeroize( key, sizeof( key ) );
-    mbedtls_platform_zeroize( chain, sizeof( chain ) );
-    if( 0 != ret )
-    {
-        /*
-        * wipe partial seed from memory
-        */
-        mbedtls_platform_zeroize( output, MBEDTLS_CTR_DRBG_SEEDLEN );
-    }
-
-    return( ret );
-}
-
-/* CTR_DRBG_Update (SP 800-90A &sect;10.2.1.2)
- * ctr_drbg_update_internal(ctx, provided_data)
- * implements
- * CTR_DRBG_Update(provided_data, Key, V)
- * with inputs and outputs
- *   ctx->aes_ctx = Key
- *   ctx->counter = V
- */
-static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
-                          const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] )
-{
-    unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
-    unsigned char *p = tmp;
-    int i, j;
-    int ret = 0;
-
-    memset( tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN );
-
-    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
-    {
-        /*
-         * Increase counter
-         */
-        for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
-            if( ++ctx->counter[i - 1] != 0 )
-                break;
-
-        /*
-         * Crypt counter block
-         */
-        if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
-                                           ctx->counter, p ) ) != 0 )
-        {
-            goto exit;
-        }
-
-        p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
-    }
-
-    for( i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++ )
-        tmp[i] ^= data[i];
-
-    /*
-     * Update key and counter
-     */
-    if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, tmp,
-                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
-    {
-        goto exit;
-    }
-    memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE,
-            MBEDTLS_CTR_DRBG_BLOCKSIZE );
-
-exit:
-    mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
-    return( ret );
-}
-
-/* CTR_DRBG_Instantiate with derivation function (SP 800-90A &sect;10.2.1.3.2)
- * mbedtls_ctr_drbg_update(ctx, additional, add_len)
- * implements
- * CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string,
- *                      security_strength) -> initial_working_state
- * with inputs
- *   ctx->counter = all-bits-0
- *   ctx->aes_ctx = context from all-bits-0 key
- *   additional[:add_len] = entropy_input || nonce || personalization_string
- * and with outputs
- *   ctx = initial_working_state
- */
-int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
-                                 const unsigned char *additional,
-                                 size_t add_len )
-{
-    unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if( add_len == 0 )
-        return( 0 );
-
-    if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
-        goto exit;
-    if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
-                              const unsigned char *additional,
-                              size_t add_len )
-{
-    /* MAX_INPUT would be more logical here, but we have to match
-     * block_cipher_df()'s limits since we can't propagate errors */
-    if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
-        add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT;
-    (void) mbedtls_ctr_drbg_update_ret( ctx, additional, add_len );
-}
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/* CTR_DRBG_Reseed with derivation function (SP 800-90A &sect;10.2.1.4.2)
- * mbedtls_ctr_drbg_reseed(ctx, additional, len, nonce_len)
- * implements
- * CTR_DRBG_Reseed(working_state, entropy_input, additional_input)
- *                -> new_working_state
- * with inputs
- *   ctx contains working_state
- *   additional[:len] = additional_input
- * and entropy_input comes from calling ctx->f_entropy
- *                              for (ctx->entropy_len + nonce_len) bytes
- * and with output
- *   ctx contains new_working_state
- */
-static int mbedtls_ctr_drbg_reseed_internal( mbedtls_ctr_drbg_context *ctx,
-                                             const unsigned char *additional,
-                                             size_t len,
-                                             size_t nonce_len )
-{
-    unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
-    size_t seedlen = 0;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
-    if( nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
-    if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
-
-    memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );
-
-    /* Gather entropy_len bytes of entropy to seed state. */
-    if( 0 != ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) )
-    {
-        return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
-    }
-    seedlen += ctx->entropy_len;
-
-    /* Gather entropy for a nonce if requested. */
-    if( nonce_len != 0 )
-    {
-        if( 0 != ctx->f_entropy( ctx->p_entropy, seed + seedlen, nonce_len ) )
-        {
-            return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
-        }
-        seedlen += nonce_len;
-    }
-
-    /* Add additional data if provided. */
-    if( additional != NULL && len != 0 )
-    {
-        memcpy( seed + seedlen, additional, len );
-        seedlen += len;
-    }
-
-    /* Reduce to 384 bits. */
-    if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
-        goto exit;
-
-    /* Update state. */
-    if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
-        goto exit;
-    ctx->reseed_counter = 1;
-
-exit:
-    mbedtls_platform_zeroize( seed, sizeof( seed ) );
-    return( ret );
-}
-
-int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
-                             const unsigned char *additional, size_t len )
-{
-    return( mbedtls_ctr_drbg_reseed_internal( ctx, additional, len, 0 ) );
-}
-
-/* Return a "good" nonce length for CTR_DRBG. The chosen nonce length
- * is sufficient to achieve the maximum security strength given the key
- * size and entropy length. If there is enough entropy in the initial
- * call to the entropy function to serve as both the entropy input and
- * the nonce, don't make a second call to get a nonce. */
-static size_t good_nonce_len( size_t entropy_len )
-{
-    if( entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2 )
-        return( 0 );
-    else
-        return( ( entropy_len + 1 ) / 2 );
-}
-
-/* CTR_DRBG_Instantiate with derivation function (SP 800-90A &sect;10.2.1.3.2)
- * mbedtls_ctr_drbg_seed(ctx, f_entropy, p_entropy, custom, len)
- * implements
- * CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string,
- *                      security_strength) -> initial_working_state
- * with inputs
- *   custom[:len] = nonce || personalization_string
- * where entropy_input comes from f_entropy for ctx->entropy_len bytes
- * and with outputs
- *   ctx = initial_working_state
- */
-int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
-                           int (*f_entropy)(void *, unsigned char *, size_t),
-                           void *p_entropy,
-                           const unsigned char *custom,
-                           size_t len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
-    size_t nonce_len;
-
-    memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE );
-
-    /* The mutex is initialized iff f_entropy is set. */
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
-#endif
-
-    mbedtls_aes_init( &ctx->aes_ctx );
-
-    ctx->f_entropy = f_entropy;
-    ctx->p_entropy = p_entropy;
-
-    if( ctx->entropy_len == 0 )
-        ctx->entropy_len = MBEDTLS_CTR_DRBG_ENTROPY_LEN;
-    /* ctx->reseed_counter contains the desired amount of entropy to
-     * grab for a nonce (see mbedtls_ctr_drbg_set_nonce_len()).
-     * If it's -1, indicating that the entropy nonce length was not set
-     * explicitly, use a sufficiently large nonce for security. */
-    nonce_len = ( ctx->reseed_counter >= 0 ?
-                  (size_t) ctx->reseed_counter :
-                  good_nonce_len( ctx->entropy_len ) );
-
-    /* Initialize with an empty key. */
-    if( ( ret = mbedtls_aes_setkey_enc( &ctx->aes_ctx, key,
-                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /* Do the initial seeding. */
-    if( ( ret = mbedtls_ctr_drbg_reseed_internal( ctx, custom, len,
-                                                  nonce_len ) ) != 0 )
-    {
-        return( ret );
-    }
-    return( 0 );
-}
-
-/* CTR_DRBG_Generate with derivation function (SP 800-90A &sect;10.2.1.5.2)
- * mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, additional, add_len)
- * implements
- * CTR_DRBG_Reseed(working_state, entropy_input, additional[:add_len])
- *                -> working_state_after_reseed
- *                if required, then
- * CTR_DRBG_Generate(working_state_after_reseed,
- *                   requested_number_of_bits, additional_input)
- *                -> status, returned_bits, new_working_state
- * with inputs
- *   ctx contains working_state
- *   requested_number_of_bits = 8 * output_len
- *   additional[:add_len] = additional_input
- * and entropy_input comes from calling ctx->f_entropy
- * and with outputs
- *   status = SUCCESS (this function does the reseed internally)
- *   returned_bits = output[:output_len]
- *   ctx contains new_working_state
- */
-int mbedtls_ctr_drbg_random_with_add( void *p_rng,
-                              unsigned char *output, size_t output_len,
-                              const unsigned char *additional, size_t add_len )
-{
-    int ret = 0;
-    mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
-    unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
-    unsigned char *p = output;
-    unsigned char tmp[MBEDTLS_CTR_DRBG_BLOCKSIZE];
-    int i;
-    size_t use_len;
-
-    if( output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST )
-        return( MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG );
-
-    if( add_len > MBEDTLS_CTR_DRBG_MAX_INPUT )
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
-
-    memset( add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN );
-
-    if( ctx->reseed_counter > ctx->reseed_interval ||
-        ctx->prediction_resistance )
-    {
-        if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 )
-        {
-            return( ret );
-        }
-        add_len = 0;
-    }
-
-    if( add_len > 0 )
-    {
-        if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
-            goto exit;
-        if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
-            goto exit;
-    }
-
-    while( output_len > 0 )
-    {
-        /*
-         * Increase counter
-         */
-        for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
-            if( ++ctx->counter[i - 1] != 0 )
-                break;
-
-        /*
-         * Crypt counter block
-         */
-        if( ( ret = mbedtls_aes_crypt_ecb( &ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
-                                           ctx->counter, tmp ) ) != 0 )
-        {
-            goto exit;
-        }
-
-        use_len = ( output_len > MBEDTLS_CTR_DRBG_BLOCKSIZE )
-            ? MBEDTLS_CTR_DRBG_BLOCKSIZE : output_len;
-        /*
-         * Copy random block to destination
-         */
-        memcpy( p, tmp, use_len );
-        p += use_len;
-        output_len -= use_len;
-    }
-
-    if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
-        goto exit;
-
-    ctx->reseed_counter++;
-
-exit:
-    mbedtls_platform_zeroize( add_input, sizeof( add_input ) );
-    mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
-    return( ret );
-}
-
-int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output,
-                             size_t output_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    ret = mbedtls_ctr_drbg_random_with_add( ctx, output, output_len, NULL, 0 );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx,
-                                      const char *path )
-{
-    int ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
-    FILE *f;
-    unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
-
-    if( ( f = fopen( path, "wb" ) ) == NULL )
-        return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
-
-    if( ( ret = mbedtls_ctr_drbg_random( ctx, buf,
-                                         MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
-        goto exit;
-
-    if( fwrite( buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f ) !=
-        MBEDTLS_CTR_DRBG_MAX_INPUT )
-    {
-        ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
-    }
-    else
-    {
-        ret = 0;
-    }
-
-exit:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-
-    fclose( f );
-    return( ret );
-}
-
-int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx,
-                                       const char *path )
-{
-    int ret = 0;
-    FILE *f = NULL;
-    size_t n;
-    unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
-    unsigned char c;
-
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
-
-    n = fread( buf, 1, sizeof( buf ), f );
-    if( fread( &c, 1, 1, f ) != 0 )
-    {
-        ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
-        goto exit;
-    }
-    if( n == 0 || ferror( f ) )
-    {
-        ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
-        goto exit;
-    }
-    fclose( f );
-    f = NULL;
-
-    ret = mbedtls_ctr_drbg_update_ret( ctx, buf, n );
-
-exit:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-    if( f != NULL )
-        fclose( f );
-    if( ret != 0 )
-        return( ret );
-    return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) );
-}
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/* The CTR_DRBG NIST test vectors used here are available at
- * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip
- *
- * The parameters used to derive the test data are:
- *
- * [AES-128 use df]
- * [PredictionResistance = True/False]
- * [EntropyInputLen = 128]
- * [NonceLen = 64]
- * [PersonalizationStringLen = 128]
- * [AdditionalInputLen = 0]
- * [ReturnedBitsLen = 512]
- *
- * [AES-256 use df]
- * [PredictionResistance = True/False]
- * [EntropyInputLen = 256]
- * [NonceLen = 128]
- * [PersonalizationStringLen = 256]
- * [AdditionalInputLen = 0]
- * [ReturnedBitsLen = 512]
- *
- */
-
-#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
-static const unsigned char entropy_source_pr[] =
-    { 0x04, 0xd9, 0x49, 0xa6, 0xdc, 0xe8, 0x6e, 0xbb,
-      0xf1, 0x08, 0x77, 0x2b, 0x9e, 0x08, 0xca, 0x92,
-      0x65, 0x16, 0xda, 0x99, 0xa2, 0x59, 0xf3, 0xe8,
-      0x38, 0x7e, 0x3f, 0x6b, 0x51, 0x70, 0x7b, 0x20,
-      0xec, 0x53, 0xd0, 0x66, 0xc3, 0x0f, 0xe3, 0xb0,
-      0xe0, 0x86, 0xa6, 0xaa, 0x5f, 0x72, 0x2f, 0xad,
-      0xf7, 0xef, 0x06, 0xb8, 0xd6, 0x9c, 0x9d, 0xe8 };
-
-static const unsigned char entropy_source_nopr[] =
-    { 0x07, 0x0d, 0x59, 0x63, 0x98, 0x73, 0xa5, 0x45,
-      0x27, 0x38, 0x22, 0x7b, 0x76, 0x85, 0xd1, 0xa9,
-      0x74, 0x18, 0x1f, 0x3c, 0x22, 0xf6, 0x49, 0x20,
-      0x4a, 0x47, 0xc2, 0xf3, 0x85, 0x16, 0xb4, 0x6f,
-      0x00, 0x2e, 0x71, 0xda, 0xed, 0x16, 0x9b, 0x5c };
-
-static const unsigned char pers_pr[] =
-    { 0xbf, 0xa4, 0x9a, 0x8f, 0x7b, 0xd8, 0xb1, 0x7a,
-      0x9d, 0xfa, 0x45, 0xed, 0x21, 0x52, 0xb3, 0xad };
-
-static const unsigned char pers_nopr[] =
-    { 0x4e, 0x61, 0x79, 0xd4, 0xc2, 0x72, 0xa1, 0x4c,
-      0xf1, 0x3d, 0xf6, 0x5e, 0xa3, 0xa6, 0xe5, 0x0f };
-
-static const unsigned char result_pr[] =
-    { 0xc9, 0x0a, 0xaf, 0x85, 0x89, 0x71, 0x44, 0x66,
-      0x4f, 0x25, 0x0b, 0x2b, 0xde, 0xd8, 0xfa, 0xff,
-      0x52, 0x5a, 0x1b, 0x32, 0x5e, 0x41, 0x7a, 0x10,
-      0x1f, 0xef, 0x1e, 0x62, 0x23, 0xe9, 0x20, 0x30,
-      0xc9, 0x0d, 0xad, 0x69, 0xb4, 0x9c, 0x5b, 0xf4,
-      0x87, 0x42, 0xd5, 0xae, 0x5e, 0x5e, 0x43, 0xcc,
-      0xd9, 0xfd, 0x0b, 0x93, 0x4a, 0xe3, 0xd4, 0x06,
-      0x37, 0x36, 0x0f, 0x3f, 0x72, 0x82, 0x0c, 0xcf };
-
-static const unsigned char result_nopr[] =
-    { 0x31, 0xc9, 0x91, 0x09, 0xf8, 0xc5, 0x10, 0x13,
-      0x3c, 0xd3, 0x96, 0xf9, 0xbc, 0x2c, 0x12, 0xc0,
-      0x7c, 0xc1, 0x61, 0x5f, 0xa3, 0x09, 0x99, 0xaf,
-      0xd7, 0xf2, 0x36, 0xfd, 0x40, 0x1a, 0x8b, 0xf2,
-      0x33, 0x38, 0xee, 0x1d, 0x03, 0x5f, 0x83, 0xb7,
-      0xa2, 0x53, 0xdc, 0xee, 0x18, 0xfc, 0xa7, 0xf2,
-      0xee, 0x96, 0xc6, 0xc2, 0xcd, 0x0c, 0xff, 0x02,
-      0x76, 0x70, 0x69, 0xaa, 0x69, 0xd1, 0x3b, 0xe8 };
-#else /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
-
-static const unsigned char entropy_source_pr[] =
-    { 0xca, 0x58, 0xfd, 0xf2, 0xb9, 0x77, 0xcb, 0x49,
-      0xd4, 0xe0, 0x5b, 0xe2, 0x39, 0x50, 0xd9, 0x8a,
-      0x6a, 0xb3, 0xc5, 0x2f, 0xdf, 0x74, 0xd5, 0x85,
-      0x8f, 0xd1, 0xba, 0x64, 0x54, 0x7b, 0xdb, 0x1e,
-      0xc5, 0xea, 0x24, 0xc0, 0xfa, 0x0c, 0x90, 0x15,
-      0x09, 0x20, 0x92, 0x42, 0x32, 0x36, 0x45, 0x45,
-      0x7d, 0x20, 0x76, 0x6b, 0xcf, 0xa2, 0x15, 0xc8,
-      0x2f, 0x9f, 0xbc, 0x88, 0x3f, 0x80, 0xd1, 0x2c,
-      0xb7, 0x16, 0xd1, 0x80, 0x9e, 0xe1, 0xc9, 0xb3,
-      0x88, 0x1b, 0x21, 0x45, 0xef, 0xa1, 0x7f, 0xce,
-      0xc8, 0x92, 0x35, 0x55, 0x2a, 0xd9, 0x1d, 0x8e,
-      0x12, 0x38, 0xac, 0x01, 0x4e, 0x38, 0x18, 0x76,
-      0x9c, 0xf2, 0xb6, 0xd4, 0x13, 0xb6, 0x2c, 0x77,
-      0xc0, 0xe7, 0xe6, 0x0c, 0x47, 0x44, 0x95, 0xbe };
-
-static const unsigned char entropy_source_nopr[] =
-    { 0x4c, 0xfb, 0x21, 0x86, 0x73, 0x34, 0x6d, 0x9d,
-      0x50, 0xc9, 0x22, 0xe4, 0x9b, 0x0d, 0xfc, 0xd0,
-      0x90, 0xad, 0xf0, 0x4f, 0x5c, 0x3b, 0xa4, 0x73,
-      0x27, 0xdf, 0xcd, 0x6f, 0xa6, 0x3a, 0x78, 0x5c,
-      0x01, 0x69, 0x62, 0xa7, 0xfd, 0x27, 0x87, 0xa2,
-      0x4b, 0xf6, 0xbe, 0x47, 0xef, 0x37, 0x83, 0xf1,
-      0xb7, 0xec, 0x46, 0x07, 0x23, 0x63, 0x83, 0x4a,
-      0x1b, 0x01, 0x33, 0xf2, 0xc2, 0x38, 0x91, 0xdb,
-      0x4f, 0x11, 0xa6, 0x86, 0x51, 0xf2, 0x3e, 0x3a,
-      0x8b, 0x1f, 0xdc, 0x03, 0xb1, 0x92, 0xc7, 0xe7 };
-
-static const unsigned char pers_pr[] =
-    { 0x5a, 0x70, 0x95, 0xe9, 0x81, 0x40, 0x52, 0x33,
-      0x91, 0x53, 0x7e, 0x75, 0xd6, 0x19, 0x9d, 0x1e,
-      0xad, 0x0d, 0xc6, 0xa7, 0xde, 0x6c, 0x1f, 0xe0,
-      0xea, 0x18, 0x33, 0xa8, 0x7e, 0x06, 0x20, 0xe9 };
-
-static const unsigned char pers_nopr[] =
-    { 0x88, 0xee, 0xb8, 0xe0, 0xe8, 0x3b, 0xf3, 0x29,
-      0x4b, 0xda, 0xcd, 0x60, 0x99, 0xeb, 0xe4, 0xbf,
-      0x55, 0xec, 0xd9, 0x11, 0x3f, 0x71, 0xe5, 0xeb,
-      0xcb, 0x45, 0x75, 0xf3, 0xd6, 0xa6, 0x8a, 0x6b };
-
-static const unsigned char result_pr[] =
-    { 0xce, 0x2f, 0xdb, 0xb6, 0xd9, 0xb7, 0x39, 0x85,
-      0x04, 0xc5, 0xc0, 0x42, 0xc2, 0x31, 0xc6, 0x1d,
-      0x9b, 0x5a, 0x59, 0xf8, 0x7e, 0x0d, 0xcc, 0x62,
-      0x7b, 0x65, 0x11, 0x55, 0x10, 0xeb, 0x9e, 0x3d,
-      0xa4, 0xfb, 0x1c, 0x6a, 0x18, 0xc0, 0x74, 0xdb,
-      0xdd, 0xe7, 0x02, 0x23, 0x63, 0x21, 0xd0, 0x39,
-      0xf9, 0xa7, 0xc4, 0x52, 0x84, 0x3b, 0x49, 0x40,
-      0x72, 0x2b, 0xb0, 0x6c, 0x9c, 0xdb, 0xc3, 0x43 };
-
-static const unsigned char result_nopr[] =
-    { 0xa5, 0x51, 0x80, 0xa1, 0x90, 0xbe, 0xf3, 0xad,
-      0xaf, 0x28, 0xf6, 0xb7, 0x95, 0xe9, 0xf1, 0xf3,
-      0xd6, 0xdf, 0xa1, 0xb2, 0x7d, 0xd0, 0x46, 0x7b,
-      0x0c, 0x75, 0xf5, 0xfa, 0x93, 0x1e, 0x97, 0x14,
-      0x75, 0xb2, 0x7c, 0xae, 0x03, 0xa2, 0x96, 0x54,
-      0xe2, 0xf4, 0x09, 0x66, 0xea, 0x33, 0x64, 0x30,
-      0x40, 0xd1, 0x40, 0x0f, 0xe6, 0x77, 0x87, 0x3a,
-      0xf8, 0x09, 0x7c, 0x1f, 0xe9, 0xf0, 0x02, 0x98 };
-#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
-
-static size_t test_offset;
-static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
-                                       size_t len )
-{
-    const unsigned char *p = data;
-    memcpy( buf, p + test_offset, len );
-    test_offset += len;
-    return( 0 );
-}
-
-#define CHK( c )    if( (c) != 0 )                          \
-                    {                                       \
-                        if( verbose != 0 )                  \
-                            mbedtls_printf( "failed\n" );  \
-                        return( 1 );                        \
-                    }
-
-#define SELF_TEST_OUTPUT_DISCARD_LENGTH 64
-
-/*
- * Checkup routine
- */
-int mbedtls_ctr_drbg_self_test( int verbose )
-{
-    mbedtls_ctr_drbg_context ctx;
-    unsigned char buf[ sizeof( result_pr ) ];
-
-    mbedtls_ctr_drbg_init( &ctx );
-
-    /*
-     * Based on a NIST CTR_DRBG test vector (PR = True)
-     */
-    if( verbose != 0 )
-        mbedtls_printf( "  CTR_DRBG (PR = TRUE) : " );
-
-    test_offset = 0;
-    mbedtls_ctr_drbg_set_entropy_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE );
-    mbedtls_ctr_drbg_set_nonce_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2 );
-    CHK( mbedtls_ctr_drbg_seed( &ctx,
-                                ctr_drbg_self_test_entropy,
-                                (void *) entropy_source_pr,
-                                pers_pr, MBEDTLS_CTR_DRBG_KEYSIZE ) );
-    mbedtls_ctr_drbg_set_prediction_resistance( &ctx, MBEDTLS_CTR_DRBG_PR_ON );
-    CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH ) );
-    CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_pr ) ) );
-    CHK( memcmp( buf, result_pr, sizeof( result_pr ) ) );
-
-    mbedtls_ctr_drbg_free( &ctx );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    /*
-     * Based on a NIST CTR_DRBG test vector (PR = FALSE)
-     */
-    if( verbose != 0 )
-        mbedtls_printf( "  CTR_DRBG (PR = FALSE): " );
-
-    mbedtls_ctr_drbg_init( &ctx );
-
-    test_offset = 0;
-    mbedtls_ctr_drbg_set_entropy_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE);
-    mbedtls_ctr_drbg_set_nonce_len( &ctx, MBEDTLS_CTR_DRBG_KEYSIZE / 2 );
-    CHK( mbedtls_ctr_drbg_seed( &ctx,
-                                ctr_drbg_self_test_entropy,
-                                (void *) entropy_source_nopr,
-                                pers_nopr, MBEDTLS_CTR_DRBG_KEYSIZE ) );
-    CHK( mbedtls_ctr_drbg_reseed( &ctx, NULL, 0 ) );
-    CHK( mbedtls_ctr_drbg_random( &ctx, buf, SELF_TEST_OUTPUT_DISCARD_LENGTH ) );
-    CHK( mbedtls_ctr_drbg_random( &ctx, buf, sizeof( result_nopr ) ) );
-    CHK( memcmp( buf, result_nopr, sizeof( result_nopr ) ) );
-
-    mbedtls_ctr_drbg_free( &ctx );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-            mbedtls_printf( "\n" );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_CTR_DRBG_C */
diff --git a/Sources/mbedtls/library/debug.c b/Sources/mbedtls/library/debug.c
deleted file mode 100644
index 353b4bf..0000000
--- a/Sources/mbedtls/library/debug.c
+++ /dev/null
@@ -1,408 +0,0 @@
-/*
- *  Debugging routines
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_DEBUG_C)
-
-#include "mbedtls/platform.h"
-
-#include "mbedtls/debug.h"
-#include "mbedtls/error.h"
-
-#include <stdarg.h>
-#include <stdio.h>
-#include <string.h>
-
-#define DEBUG_BUF_SIZE      512
-
-static int debug_threshold = 0;
-
-void mbedtls_debug_set_threshold( int threshold )
-{
-    debug_threshold = threshold;
-}
-
-/*
- * All calls to f_dbg must be made via this function
- */
-static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level,
-                                    const char *file, int line,
-                                    const char *str )
-{
-    /*
-     * If in a threaded environment, we need a thread identifier.
-     * Since there is no portable way to get one, use the address of the ssl
-     * context instead, as it shouldn't be shared between threads.
-     */
-#if defined(MBEDTLS_THREADING_C)
-    char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */
-    mbedtls_snprintf( idstr, sizeof( idstr ), "%p: %s", (void*)ssl, str );
-    ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, idstr );
-#else
-    ssl->conf->f_dbg( ssl->conf->p_dbg, level, file, line, str );
-#endif
-}
-
-MBEDTLS_PRINTF_ATTRIBUTE(5, 6)
-void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
-                              const char *file, int line,
-                              const char *format, ... )
-{
-    va_list argp;
-    char str[DEBUG_BUF_SIZE];
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if( NULL == ssl              ||
-        NULL == ssl->conf        ||
-        NULL == ssl->conf->f_dbg ||
-        level > debug_threshold )
-    {
-        return;
-    }
-
-    va_start( argp, format );
-    ret = mbedtls_vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
-    va_end( argp );
-
-    if( ret >= 0 && ret < DEBUG_BUF_SIZE - 1 )
-    {
-        str[ret]     = '\n';
-        str[ret + 1] = '\0';
-    }
-
-    debug_send_line( ssl, level, file, line, str );
-}
-
-void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, int ret )
-{
-    char str[DEBUG_BUF_SIZE];
-
-    if( NULL == ssl              ||
-        NULL == ssl->conf        ||
-        NULL == ssl->conf->f_dbg ||
-        level > debug_threshold )
-    {
-        return;
-    }
-
-    /*
-     * With non-blocking I/O and examples that just retry immediately,
-     * the logs would be quickly flooded with WANT_READ, so ignore that.
-     * Don't ignore WANT_WRITE however, since is is usually rare.
-     */
-    if( ret == MBEDTLS_ERR_SSL_WANT_READ )
-        return;
-
-    mbedtls_snprintf( str, sizeof( str ), "%s() returned %d (-0x%04x)\n",
-              text, ret, (unsigned int) -ret );
-
-    debug_send_line( ssl, level, file, line, str );
-}
-
-void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line, const char *text,
-                      const unsigned char *buf, size_t len )
-{
-    char str[DEBUG_BUF_SIZE];
-    char txt[17];
-    size_t i, idx = 0;
-
-    if( NULL == ssl              ||
-        NULL == ssl->conf        ||
-        NULL == ssl->conf->f_dbg ||
-        level > debug_threshold )
-    {
-        return;
-    }
-
-    mbedtls_snprintf( str + idx, sizeof( str ) - idx, "dumping '%s' (%u bytes)\n",
-              text, (unsigned int) len );
-
-    debug_send_line( ssl, level, file, line, str );
-
-    idx = 0;
-    memset( txt, 0, sizeof( txt ) );
-    for( i = 0; i < len; i++ )
-    {
-        if( i >= 4096 )
-            break;
-
-        if( i % 16 == 0 )
-        {
-            if( i > 0 )
-            {
-                mbedtls_snprintf( str + idx, sizeof( str ) - idx, "  %s\n", txt );
-                debug_send_line( ssl, level, file, line, str );
-
-                idx = 0;
-                memset( txt, 0, sizeof( txt ) );
-            }
-
-            idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, "%04x: ",
-                             (unsigned int) i );
-
-        }
-
-        idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x",
-                         (unsigned int) buf[i] );
-        txt[i % 16] = ( buf[i] > 31 && buf[i] < 127 ) ? buf[i] : '.' ;
-    }
-
-    if( len > 0 )
-    {
-        for( /* i = i */; i % 16 != 0; i++ )
-            idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, "   " );
-
-        mbedtls_snprintf( str + idx, sizeof( str ) - idx, "  %s\n", txt );
-        debug_send_line( ssl, level, file, line, str );
-    }
-}
-
-#if defined(MBEDTLS_ECP_C)
-void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_ecp_point *X )
-{
-    char str[DEBUG_BUF_SIZE];
-
-    if( NULL == ssl              ||
-        NULL == ssl->conf        ||
-        NULL == ssl->conf->f_dbg ||
-        level > debug_threshold )
-    {
-        return;
-    }
-
-    mbedtls_snprintf( str, sizeof( str ), "%s(X)", text );
-    mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->X );
-
-    mbedtls_snprintf( str, sizeof( str ), "%s(Y)", text );
-    mbedtls_debug_print_mpi( ssl, level, file, line, str, &X->Y );
-}
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_BIGNUM_C)
-void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_mpi *X )
-{
-    char str[DEBUG_BUF_SIZE];
-    size_t bitlen;
-    size_t idx = 0;
-
-    if( NULL == ssl              ||
-        NULL == ssl->conf        ||
-        NULL == ssl->conf->f_dbg ||
-        NULL == X                ||
-        level > debug_threshold )
-    {
-        return;
-    }
-
-    bitlen = mbedtls_mpi_bitlen( X );
-
-    mbedtls_snprintf( str, sizeof( str ), "value of '%s' (%u bits) is:\n",
-                      text, (unsigned) bitlen );
-    debug_send_line( ssl, level, file, line, str );
-
-    if( bitlen == 0 )
-    {
-        str[0] = ' '; str[1] = '0'; str[2] = '0';
-        idx = 3;
-    }
-    else
-    {
-        int n;
-        for( n = (int) ( ( bitlen - 1 ) / 8 ); n >= 0; n-- )
-        {
-            size_t limb_offset = n / sizeof( mbedtls_mpi_uint );
-            size_t offset_in_limb = n % sizeof( mbedtls_mpi_uint );
-            unsigned char octet =
-                ( X->p[limb_offset] >> ( offset_in_limb * 8 ) ) & 0xff;
-            mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", octet );
-            idx += 3;
-            /* Wrap lines after 16 octets that each take 3 columns */
-            if( idx >= 3 * 16 )
-            {
-                mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
-                debug_send_line( ssl, level, file, line, str );
-                idx = 0;
-            }
-        }
-    }
-
-    if( idx != 0 )
-    {
-        mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
-        debug_send_line( ssl, level, file, line, str );
-    }
-}
-#endif /* MBEDTLS_BIGNUM_C */
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
-                            const char *file, int line,
-                            const char *text, const mbedtls_pk_context *pk )
-{
-    size_t i;
-    mbedtls_pk_debug_item items[MBEDTLS_PK_DEBUG_MAX_ITEMS];
-    char name[16];
-
-    memset( items, 0, sizeof( items ) );
-
-    if( mbedtls_pk_debug( pk, items ) != 0 )
-    {
-        debug_send_line( ssl, level, file, line,
-                          "invalid PK context\n" );
-        return;
-    }
-
-    for( i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++ )
-    {
-        if( items[i].type == MBEDTLS_PK_DEBUG_NONE )
-            return;
-
-        mbedtls_snprintf( name, sizeof( name ), "%s%s", text, items[i].name );
-        name[sizeof( name ) - 1] = '\0';
-
-        if( items[i].type == MBEDTLS_PK_DEBUG_MPI )
-            mbedtls_debug_print_mpi( ssl, level, file, line, name, items[i].value );
-        else
-#if defined(MBEDTLS_ECP_C)
-        if( items[i].type == MBEDTLS_PK_DEBUG_ECP )
-            mbedtls_debug_print_ecp( ssl, level, file, line, name, items[i].value );
-        else
-#endif
-            debug_send_line( ssl, level, file, line,
-                              "should not happen\n" );
-    }
-}
-
-static void debug_print_line_by_line( const mbedtls_ssl_context *ssl, int level,
-                                      const char *file, int line, const char *text )
-{
-    char str[DEBUG_BUF_SIZE];
-    const char *start, *cur;
-
-    start = text;
-    for( cur = text; *cur != '\0'; cur++ )
-    {
-        if( *cur == '\n' )
-        {
-            size_t len = cur - start + 1;
-            if( len > DEBUG_BUF_SIZE - 1 )
-                len = DEBUG_BUF_SIZE - 1;
-
-            memcpy( str, start, len );
-            str[len] = '\0';
-
-            debug_send_line( ssl, level, file, line, str );
-
-            start = cur + 1;
-        }
-    }
-}
-
-void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_x509_crt *crt )
-{
-    char str[DEBUG_BUF_SIZE];
-    int i = 0;
-
-    if( NULL == ssl              ||
-        NULL == ssl->conf        ||
-        NULL == ssl->conf->f_dbg ||
-        NULL == crt              ||
-        level > debug_threshold )
-    {
-        return;
-    }
-
-    while( crt != NULL )
-    {
-        char buf[1024];
-
-        mbedtls_snprintf( str, sizeof( str ), "%s #%d:\n", text, ++i );
-        debug_send_line( ssl, level, file, line, str );
-
-        mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
-        debug_print_line_by_line( ssl, level, file, line, buf );
-
-        debug_print_pk( ssl, level, file, line, "crt->", &crt->pk );
-
-        crt = crt->next;
-    }
-}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-
-#if defined(MBEDTLS_ECDH_C)
-static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl,
-                                                int level, const char *file,
-                                                int line,
-                                                const mbedtls_ecdh_context *ecdh,
-                                                mbedtls_debug_ecdh_attr attr )
-{
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    const mbedtls_ecdh_context* ctx = ecdh;
-#else
-    const mbedtls_ecdh_context_mbed* ctx = &ecdh->ctx.mbed_ecdh;
-#endif
-
-    switch( attr )
-    {
-        case MBEDTLS_DEBUG_ECDH_Q:
-            mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Q",
-                                     &ctx->Q );
-            break;
-        case MBEDTLS_DEBUG_ECDH_QP:
-            mbedtls_debug_print_ecp( ssl, level, file, line, "ECDH: Qp",
-                                     &ctx->Qp );
-            break;
-        case MBEDTLS_DEBUG_ECDH_Z:
-            mbedtls_debug_print_mpi( ssl, level, file, line, "ECDH: z",
-                                     &ctx->z );
-            break;
-        default:
-            break;
-    }
-}
-
-void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
-                                const char *file, int line,
-                                const mbedtls_ecdh_context *ecdh,
-                                mbedtls_debug_ecdh_attr attr )
-{
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh, attr );
-#else
-    switch( ecdh->var )
-    {
-        default:
-            mbedtls_debug_printf_ecdh_internal( ssl, level, file, line, ecdh,
-                                                attr );
-    }
-#endif
-}
-#endif /* MBEDTLS_ECDH_C */
-
-#endif /* MBEDTLS_DEBUG_C */
diff --git a/Sources/mbedtls/library/des.c b/Sources/mbedtls/library/des.c
deleted file mode 100644
index 65f5681..0000000
--- a/Sources/mbedtls/library/des.c
+++ /dev/null
@@ -1,1055 +0,0 @@
-/*
- *  FIPS-46-3 compliant Triple-DES implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  DES, on which TDES is based, was originally designed by Horst Feistel
- *  at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
- *
- *  http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_DES_C)
-
-#include "mbedtls/des.h"
-#include "mbedtls/error.h"
-#include "mbedtls/platform_util.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_DES_ALT)
-
-/*
- * Expanded DES S-boxes
- */
-static const uint32_t SB1[64] =
-{
-    0x01010400, 0x00000000, 0x00010000, 0x01010404,
-    0x01010004, 0x00010404, 0x00000004, 0x00010000,
-    0x00000400, 0x01010400, 0x01010404, 0x00000400,
-    0x01000404, 0x01010004, 0x01000000, 0x00000004,
-    0x00000404, 0x01000400, 0x01000400, 0x00010400,
-    0x00010400, 0x01010000, 0x01010000, 0x01000404,
-    0x00010004, 0x01000004, 0x01000004, 0x00010004,
-    0x00000000, 0x00000404, 0x00010404, 0x01000000,
-    0x00010000, 0x01010404, 0x00000004, 0x01010000,
-    0x01010400, 0x01000000, 0x01000000, 0x00000400,
-    0x01010004, 0x00010000, 0x00010400, 0x01000004,
-    0x00000400, 0x00000004, 0x01000404, 0x00010404,
-    0x01010404, 0x00010004, 0x01010000, 0x01000404,
-    0x01000004, 0x00000404, 0x00010404, 0x01010400,
-    0x00000404, 0x01000400, 0x01000400, 0x00000000,
-    0x00010004, 0x00010400, 0x00000000, 0x01010004
-};
-
-static const uint32_t SB2[64] =
-{
-    0x80108020, 0x80008000, 0x00008000, 0x00108020,
-    0x00100000, 0x00000020, 0x80100020, 0x80008020,
-    0x80000020, 0x80108020, 0x80108000, 0x80000000,
-    0x80008000, 0x00100000, 0x00000020, 0x80100020,
-    0x00108000, 0x00100020, 0x80008020, 0x00000000,
-    0x80000000, 0x00008000, 0x00108020, 0x80100000,
-    0x00100020, 0x80000020, 0x00000000, 0x00108000,
-    0x00008020, 0x80108000, 0x80100000, 0x00008020,
-    0x00000000, 0x00108020, 0x80100020, 0x00100000,
-    0x80008020, 0x80100000, 0x80108000, 0x00008000,
-    0x80100000, 0x80008000, 0x00000020, 0x80108020,
-    0x00108020, 0x00000020, 0x00008000, 0x80000000,
-    0x00008020, 0x80108000, 0x00100000, 0x80000020,
-    0x00100020, 0x80008020, 0x80000020, 0x00100020,
-    0x00108000, 0x00000000, 0x80008000, 0x00008020,
-    0x80000000, 0x80100020, 0x80108020, 0x00108000
-};
-
-static const uint32_t SB3[64] =
-{
-    0x00000208, 0x08020200, 0x00000000, 0x08020008,
-    0x08000200, 0x00000000, 0x00020208, 0x08000200,
-    0x00020008, 0x08000008, 0x08000008, 0x00020000,
-    0x08020208, 0x00020008, 0x08020000, 0x00000208,
-    0x08000000, 0x00000008, 0x08020200, 0x00000200,
-    0x00020200, 0x08020000, 0x08020008, 0x00020208,
-    0x08000208, 0x00020200, 0x00020000, 0x08000208,
-    0x00000008, 0x08020208, 0x00000200, 0x08000000,
-    0x08020200, 0x08000000, 0x00020008, 0x00000208,
-    0x00020000, 0x08020200, 0x08000200, 0x00000000,
-    0x00000200, 0x00020008, 0x08020208, 0x08000200,
-    0x08000008, 0x00000200, 0x00000000, 0x08020008,
-    0x08000208, 0x00020000, 0x08000000, 0x08020208,
-    0x00000008, 0x00020208, 0x00020200, 0x08000008,
-    0x08020000, 0x08000208, 0x00000208, 0x08020000,
-    0x00020208, 0x00000008, 0x08020008, 0x00020200
-};
-
-static const uint32_t SB4[64] =
-{
-    0x00802001, 0x00002081, 0x00002081, 0x00000080,
-    0x00802080, 0x00800081, 0x00800001, 0x00002001,
-    0x00000000, 0x00802000, 0x00802000, 0x00802081,
-    0x00000081, 0x00000000, 0x00800080, 0x00800001,
-    0x00000001, 0x00002000, 0x00800000, 0x00802001,
-    0x00000080, 0x00800000, 0x00002001, 0x00002080,
-    0x00800081, 0x00000001, 0x00002080, 0x00800080,
-    0x00002000, 0x00802080, 0x00802081, 0x00000081,
-    0x00800080, 0x00800001, 0x00802000, 0x00802081,
-    0x00000081, 0x00000000, 0x00000000, 0x00802000,
-    0x00002080, 0x00800080, 0x00800081, 0x00000001,
-    0x00802001, 0x00002081, 0x00002081, 0x00000080,
-    0x00802081, 0x00000081, 0x00000001, 0x00002000,
-    0x00800001, 0x00002001, 0x00802080, 0x00800081,
-    0x00002001, 0x00002080, 0x00800000, 0x00802001,
-    0x00000080, 0x00800000, 0x00002000, 0x00802080
-};
-
-static const uint32_t SB5[64] =
-{
-    0x00000100, 0x02080100, 0x02080000, 0x42000100,
-    0x00080000, 0x00000100, 0x40000000, 0x02080000,
-    0x40080100, 0x00080000, 0x02000100, 0x40080100,
-    0x42000100, 0x42080000, 0x00080100, 0x40000000,
-    0x02000000, 0x40080000, 0x40080000, 0x00000000,
-    0x40000100, 0x42080100, 0x42080100, 0x02000100,
-    0x42080000, 0x40000100, 0x00000000, 0x42000000,
-    0x02080100, 0x02000000, 0x42000000, 0x00080100,
-    0x00080000, 0x42000100, 0x00000100, 0x02000000,
-    0x40000000, 0x02080000, 0x42000100, 0x40080100,
-    0x02000100, 0x40000000, 0x42080000, 0x02080100,
-    0x40080100, 0x00000100, 0x02000000, 0x42080000,
-    0x42080100, 0x00080100, 0x42000000, 0x42080100,
-    0x02080000, 0x00000000, 0x40080000, 0x42000000,
-    0x00080100, 0x02000100, 0x40000100, 0x00080000,
-    0x00000000, 0x40080000, 0x02080100, 0x40000100
-};
-
-static const uint32_t SB6[64] =
-{
-    0x20000010, 0x20400000, 0x00004000, 0x20404010,
-    0x20400000, 0x00000010, 0x20404010, 0x00400000,
-    0x20004000, 0x00404010, 0x00400000, 0x20000010,
-    0x00400010, 0x20004000, 0x20000000, 0x00004010,
-    0x00000000, 0x00400010, 0x20004010, 0x00004000,
-    0x00404000, 0x20004010, 0x00000010, 0x20400010,
-    0x20400010, 0x00000000, 0x00404010, 0x20404000,
-    0x00004010, 0x00404000, 0x20404000, 0x20000000,
-    0x20004000, 0x00000010, 0x20400010, 0x00404000,
-    0x20404010, 0x00400000, 0x00004010, 0x20000010,
-    0x00400000, 0x20004000, 0x20000000, 0x00004010,
-    0x20000010, 0x20404010, 0x00404000, 0x20400000,
-    0x00404010, 0x20404000, 0x00000000, 0x20400010,
-    0x00000010, 0x00004000, 0x20400000, 0x00404010,
-    0x00004000, 0x00400010, 0x20004010, 0x00000000,
-    0x20404000, 0x20000000, 0x00400010, 0x20004010
-};
-
-static const uint32_t SB7[64] =
-{
-    0x00200000, 0x04200002, 0x04000802, 0x00000000,
-    0x00000800, 0x04000802, 0x00200802, 0x04200800,
-    0x04200802, 0x00200000, 0x00000000, 0x04000002,
-    0x00000002, 0x04000000, 0x04200002, 0x00000802,
-    0x04000800, 0x00200802, 0x00200002, 0x04000800,
-    0x04000002, 0x04200000, 0x04200800, 0x00200002,
-    0x04200000, 0x00000800, 0x00000802, 0x04200802,
-    0x00200800, 0x00000002, 0x04000000, 0x00200800,
-    0x04000000, 0x00200800, 0x00200000, 0x04000802,
-    0x04000802, 0x04200002, 0x04200002, 0x00000002,
-    0x00200002, 0x04000000, 0x04000800, 0x00200000,
-    0x04200800, 0x00000802, 0x00200802, 0x04200800,
-    0x00000802, 0x04000002, 0x04200802, 0x04200000,
-    0x00200800, 0x00000000, 0x00000002, 0x04200802,
-    0x00000000, 0x00200802, 0x04200000, 0x00000800,
-    0x04000002, 0x04000800, 0x00000800, 0x00200002
-};
-
-static const uint32_t SB8[64] =
-{
-    0x10001040, 0x00001000, 0x00040000, 0x10041040,
-    0x10000000, 0x10001040, 0x00000040, 0x10000000,
-    0x00040040, 0x10040000, 0x10041040, 0x00041000,
-    0x10041000, 0x00041040, 0x00001000, 0x00000040,
-    0x10040000, 0x10000040, 0x10001000, 0x00001040,
-    0x00041000, 0x00040040, 0x10040040, 0x10041000,
-    0x00001040, 0x00000000, 0x00000000, 0x10040040,
-    0x10000040, 0x10001000, 0x00041040, 0x00040000,
-    0x00041040, 0x00040000, 0x10041000, 0x00001000,
-    0x00000040, 0x10040040, 0x00001000, 0x00041040,
-    0x10001000, 0x00000040, 0x10000040, 0x10040000,
-    0x10040040, 0x10000000, 0x00040000, 0x10001040,
-    0x00000000, 0x10041040, 0x00040040, 0x10000040,
-    0x10040000, 0x10001000, 0x10001040, 0x00000000,
-    0x10041040, 0x00041000, 0x00041000, 0x00001040,
-    0x00001040, 0x00040040, 0x10000000, 0x10041000
-};
-
-/*
- * PC1: left and right halves bit-swap
- */
-static const uint32_t LHs[16] =
-{
-    0x00000000, 0x00000001, 0x00000100, 0x00000101,
-    0x00010000, 0x00010001, 0x00010100, 0x00010101,
-    0x01000000, 0x01000001, 0x01000100, 0x01000101,
-    0x01010000, 0x01010001, 0x01010100, 0x01010101
-};
-
-static const uint32_t RHs[16] =
-{
-    0x00000000, 0x01000000, 0x00010000, 0x01010000,
-    0x00000100, 0x01000100, 0x00010100, 0x01010100,
-    0x00000001, 0x01000001, 0x00010001, 0x01010001,
-    0x00000101, 0x01000101, 0x00010101, 0x01010101,
-};
-
-/*
- * Initial Permutation macro
- */
-#define DES_IP(X,Y)                                                       \
-    do                                                                    \
-    {                                                                     \
-        T = (((X) >>  4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T <<  4); \
-        T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \
-        T = (((Y) >>  2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T <<  2); \
-        T = (((Y) >>  8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T <<  8); \
-        (Y) = (((Y) << 1) | ((Y) >> 31)) & 0xFFFFFFFF;                    \
-        T = ((X) ^ (Y)) & 0xAAAAAAAA; (Y) ^= T; (X) ^= T;                 \
-        (X) = (((X) << 1) | ((X) >> 31)) & 0xFFFFFFFF;                    \
-    } while( 0 )
-
-/*
- * Final Permutation macro
- */
-#define DES_FP(X,Y)                                                       \
-    do                                                                    \
-    {                                                                     \
-        (X) = (((X) << 31) | ((X) >> 1)) & 0xFFFFFFFF;                    \
-        T = ((X) ^ (Y)) & 0xAAAAAAAA; (X) ^= T; (Y) ^= T;                 \
-        (Y) = (((Y) << 31) | ((Y) >> 1)) & 0xFFFFFFFF;                    \
-        T = (((Y) >>  8) ^ (X)) & 0x00FF00FF; (X) ^= T; (Y) ^= (T <<  8); \
-        T = (((Y) >>  2) ^ (X)) & 0x33333333; (X) ^= T; (Y) ^= (T <<  2); \
-        T = (((X) >> 16) ^ (Y)) & 0x0000FFFF; (Y) ^= T; (X) ^= (T << 16); \
-        T = (((X) >>  4) ^ (Y)) & 0x0F0F0F0F; (Y) ^= T; (X) ^= (T <<  4); \
-    } while( 0 )
-
-/*
- * DES round macro
- */
-#define DES_ROUND(X,Y)                              \
-    do                                              \
-    {                                               \
-        T = *SK++ ^ (X);                            \
-        (Y) ^= SB8[ (T      ) & 0x3F ] ^            \
-               SB6[ (T >>  8) & 0x3F ] ^            \
-               SB4[ (T >> 16) & 0x3F ] ^            \
-               SB2[ (T >> 24) & 0x3F ];             \
-                                                    \
-        T = *SK++ ^ (((X) << 28) | ((X) >> 4));     \
-        (Y) ^= SB7[ (T      ) & 0x3F ] ^            \
-               SB5[ (T >>  8) & 0x3F ] ^            \
-               SB3[ (T >> 16) & 0x3F ] ^            \
-               SB1[ (T >> 24) & 0x3F ];             \
-    } while( 0 )
-
-#define SWAP(a,b)                                       \
-    do                                                  \
-    {                                                   \
-        uint32_t t = (a); (a) = (b); (b) = t; t = 0;    \
-    } while( 0 )
-
-void mbedtls_des_init( mbedtls_des_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_des_context ) );
-}
-
-void mbedtls_des_free( mbedtls_des_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) );
-}
-
-void mbedtls_des3_init( mbedtls_des3_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_des3_context ) );
-}
-
-void mbedtls_des3_free( mbedtls_des3_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) );
-}
-
-static const unsigned char odd_parity_table[128] = { 1,  2,  4,  7,  8,
-        11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
-        47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
-        82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
-        115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
-        143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
-        171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
-        199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
-        227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
-        254 };
-
-void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] )
-{
-    int i;
-
-    for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
-        key[i] = odd_parity_table[key[i] / 2];
-}
-
-/*
- * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
- */
-int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
-{
-    int i;
-
-    for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
-        if( key[i] != odd_parity_table[key[i] / 2] )
-            return( 1 );
-
-    return( 0 );
-}
-
-/*
- * Table of weak and semi-weak keys
- *
- * Source: http://en.wikipedia.org/wiki/Weak_key
- *
- * Weak:
- * Alternating ones + zeros (0x0101010101010101)
- * Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
- * '0xE0E0E0E0F1F1F1F1'
- * '0x1F1F1F1F0E0E0E0E'
- *
- * Semi-weak:
- * 0x011F011F010E010E and 0x1F011F010E010E01
- * 0x01E001E001F101F1 and 0xE001E001F101F101
- * 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
- * 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
- * 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
- * 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
- *
- */
-
-#define WEAK_KEY_COUNT 16
-
-static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] =
-{
-    { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
-    { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
-    { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
-    { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
-
-    { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
-    { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
-    { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
-    { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
-    { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
-    { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
-    { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
-    { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
-    { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
-    { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
-    { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
-    { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
-};
-
-int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
-{
-    int i;
-
-    for( i = 0; i < WEAK_KEY_COUNT; i++ )
-        if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
-            return( 1 );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DES_SETKEY_ALT)
-void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
-{
-    int i;
-    uint32_t X, Y, T;
-
-    X = MBEDTLS_GET_UINT32_BE( key, 0 );
-    Y = MBEDTLS_GET_UINT32_BE( key, 4 );
-
-    /*
-     * Permuted Choice 1
-     */
-    T =  ((Y >>  4) ^ X) & 0x0F0F0F0F;  X ^= T; Y ^= (T <<  4);
-    T =  ((Y      ) ^ X) & 0x10101010;  X ^= T; Y ^= (T      );
-
-    X =   (LHs[ (X      ) & 0xF] << 3) | (LHs[ (X >>  8) & 0xF ] << 2)
-        | (LHs[ (X >> 16) & 0xF] << 1) | (LHs[ (X >> 24) & 0xF ]     )
-        | (LHs[ (X >>  5) & 0xF] << 7) | (LHs[ (X >> 13) & 0xF ] << 6)
-        | (LHs[ (X >> 21) & 0xF] << 5) | (LHs[ (X >> 29) & 0xF ] << 4);
-
-    Y =   (RHs[ (Y >>  1) & 0xF] << 3) | (RHs[ (Y >>  9) & 0xF ] << 2)
-        | (RHs[ (Y >> 17) & 0xF] << 1) | (RHs[ (Y >> 25) & 0xF ]     )
-        | (RHs[ (Y >>  4) & 0xF] << 7) | (RHs[ (Y >> 12) & 0xF ] << 6)
-        | (RHs[ (Y >> 20) & 0xF] << 5) | (RHs[ (Y >> 28) & 0xF ] << 4);
-
-    X &= 0x0FFFFFFF;
-    Y &= 0x0FFFFFFF;
-
-    /*
-     * calculate subkeys
-     */
-    for( i = 0; i < 16; i++ )
-    {
-        if( i < 2 || i == 8 || i == 15 )
-        {
-            X = ((X <<  1) | (X >> 27)) & 0x0FFFFFFF;
-            Y = ((Y <<  1) | (Y >> 27)) & 0x0FFFFFFF;
-        }
-        else
-        {
-            X = ((X <<  2) | (X >> 26)) & 0x0FFFFFFF;
-            Y = ((Y <<  2) | (Y >> 26)) & 0x0FFFFFFF;
-        }
-
-        *SK++ =   ((X <<  4) & 0x24000000) | ((X << 28) & 0x10000000)
-                | ((X << 14) & 0x08000000) | ((X << 18) & 0x02080000)
-                | ((X <<  6) & 0x01000000) | ((X <<  9) & 0x00200000)
-                | ((X >>  1) & 0x00100000) | ((X << 10) & 0x00040000)
-                | ((X <<  2) & 0x00020000) | ((X >> 10) & 0x00010000)
-                | ((Y >> 13) & 0x00002000) | ((Y >>  4) & 0x00001000)
-                | ((Y <<  6) & 0x00000800) | ((Y >>  1) & 0x00000400)
-                | ((Y >> 14) & 0x00000200) | ((Y      ) & 0x00000100)
-                | ((Y >>  5) & 0x00000020) | ((Y >> 10) & 0x00000010)
-                | ((Y >>  3) & 0x00000008) | ((Y >> 18) & 0x00000004)
-                | ((Y >> 26) & 0x00000002) | ((Y >> 24) & 0x00000001);
-
-        *SK++ =   ((X << 15) & 0x20000000) | ((X << 17) & 0x10000000)
-                | ((X << 10) & 0x08000000) | ((X << 22) & 0x04000000)
-                | ((X >>  2) & 0x02000000) | ((X <<  1) & 0x01000000)
-                | ((X << 16) & 0x00200000) | ((X << 11) & 0x00100000)
-                | ((X <<  3) & 0x00080000) | ((X >>  6) & 0x00040000)
-                | ((X << 15) & 0x00020000) | ((X >>  4) & 0x00010000)
-                | ((Y >>  2) & 0x00002000) | ((Y <<  8) & 0x00001000)
-                | ((Y >> 14) & 0x00000808) | ((Y >>  9) & 0x00000400)
-                | ((Y      ) & 0x00000200) | ((Y <<  7) & 0x00000100)
-                | ((Y >>  7) & 0x00000020) | ((Y >>  3) & 0x00000011)
-                | ((Y <<  2) & 0x00000004) | ((Y >> 21) & 0x00000002);
-    }
-}
-#endif /* !MBEDTLS_DES_SETKEY_ALT */
-
-/*
- * DES key schedule (56-bit, encryption)
- */
-int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
-{
-    mbedtls_des_setkey( ctx->sk, key );
-
-    return( 0 );
-}
-
-/*
- * DES key schedule (56-bit, decryption)
- */
-int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
-{
-    int i;
-
-    mbedtls_des_setkey( ctx->sk, key );
-
-    for( i = 0; i < 16; i += 2 )
-    {
-        SWAP( ctx->sk[i    ], ctx->sk[30 - i] );
-        SWAP( ctx->sk[i + 1], ctx->sk[31 - i] );
-    }
-
-    return( 0 );
-}
-
-static void des3_set2key( uint32_t esk[96],
-                          uint32_t dsk[96],
-                          const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] )
-{
-    int i;
-
-    mbedtls_des_setkey( esk, key );
-    mbedtls_des_setkey( dsk + 32, key + 8 );
-
-    for( i = 0; i < 32; i += 2 )
-    {
-        dsk[i     ] = esk[30 - i];
-        dsk[i +  1] = esk[31 - i];
-
-        esk[i + 32] = dsk[62 - i];
-        esk[i + 33] = dsk[63 - i];
-
-        esk[i + 64] = esk[i    ];
-        esk[i + 65] = esk[i + 1];
-
-        dsk[i + 64] = dsk[i    ];
-        dsk[i + 65] = dsk[i + 1];
-    }
-}
-
-/*
- * Triple-DES key schedule (112-bit, encryption)
- */
-int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
-{
-    uint32_t sk[96];
-
-    des3_set2key( ctx->sk, sk, key );
-    mbedtls_platform_zeroize( sk,  sizeof( sk ) );
-
-    return( 0 );
-}
-
-/*
- * Triple-DES key schedule (112-bit, decryption)
- */
-int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
-{
-    uint32_t sk[96];
-
-    des3_set2key( sk, ctx->sk, key );
-    mbedtls_platform_zeroize( sk,  sizeof( sk ) );
-
-    return( 0 );
-}
-
-static void des3_set3key( uint32_t esk[96],
-                          uint32_t dsk[96],
-                          const unsigned char key[24] )
-{
-    int i;
-
-    mbedtls_des_setkey( esk, key );
-    mbedtls_des_setkey( dsk + 32, key +  8 );
-    mbedtls_des_setkey( esk + 64, key + 16 );
-
-    for( i = 0; i < 32; i += 2 )
-    {
-        dsk[i     ] = esk[94 - i];
-        dsk[i +  1] = esk[95 - i];
-
-        esk[i + 32] = dsk[62 - i];
-        esk[i + 33] = dsk[63 - i];
-
-        dsk[i + 64] = esk[30 - i];
-        dsk[i + 65] = esk[31 - i];
-    }
-}
-
-/*
- * Triple-DES key schedule (168-bit, encryption)
- */
-int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
-{
-    uint32_t sk[96];
-
-    des3_set3key( ctx->sk, sk, key );
-    mbedtls_platform_zeroize( sk,  sizeof( sk ) );
-
-    return( 0 );
-}
-
-/*
- * Triple-DES key schedule (168-bit, decryption)
- */
-int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
-{
-    uint32_t sk[96];
-
-    des3_set3key( sk, ctx->sk, key );
-    mbedtls_platform_zeroize( sk,  sizeof( sk ) );
-
-    return( 0 );
-}
-
-/*
- * DES-ECB block encryption/decryption
- */
-#if !defined(MBEDTLS_DES_CRYPT_ECB_ALT)
-int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
-                    const unsigned char input[8],
-                    unsigned char output[8] )
-{
-    int i;
-    uint32_t X, Y, T, *SK;
-
-    SK = ctx->sk;
-
-    X = MBEDTLS_GET_UINT32_BE( input, 0 );
-    Y = MBEDTLS_GET_UINT32_BE( input, 4 );
-
-    DES_IP( X, Y );
-
-    for( i = 0; i < 8; i++ )
-    {
-        DES_ROUND( Y, X );
-        DES_ROUND( X, Y );
-    }
-
-    DES_FP( Y, X );
-
-    MBEDTLS_PUT_UINT32_BE( Y, output, 0 );
-    MBEDTLS_PUT_UINT32_BE( X, output, 4 );
-
-    return( 0 );
-}
-#endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * DES-CBC buffer encryption/decryption
- */
-int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[8],
-                    const unsigned char *input,
-                    unsigned char *output )
-{
-    int i;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char temp[8];
-
-    if( length % 8 )
-        return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
-
-    if( mode == MBEDTLS_DES_ENCRYPT )
-    {
-        while( length > 0 )
-        {
-            for( i = 0; i < 8; i++ )
-                output[i] = (unsigned char)( input[i] ^ iv[i] );
-
-            ret = mbedtls_des_crypt_ecb( ctx, output, output );
-            if( ret != 0 )
-                goto exit;
-            memcpy( iv, output, 8 );
-
-            input  += 8;
-            output += 8;
-            length -= 8;
-        }
-    }
-    else /* MBEDTLS_DES_DECRYPT */
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, 8 );
-            ret = mbedtls_des_crypt_ecb( ctx, input, output );
-            if( ret != 0 )
-                goto exit;
-
-            for( i = 0; i < 8; i++ )
-                output[i] = (unsigned char)( output[i] ^ iv[i] );
-
-            memcpy( iv, temp, 8 );
-
-            input  += 8;
-            output += 8;
-            length -= 8;
-        }
-    }
-    ret = 0;
-
-exit:
-    return( ret );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-/*
- * 3DES-ECB block encryption/decryption
- */
-#if !defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
-int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
-                     const unsigned char input[8],
-                     unsigned char output[8] )
-{
-    int i;
-    uint32_t X, Y, T, *SK;
-
-    SK = ctx->sk;
-
-    X = MBEDTLS_GET_UINT32_BE( input, 0 );
-    Y = MBEDTLS_GET_UINT32_BE( input, 4 );
-
-    DES_IP( X, Y );
-
-    for( i = 0; i < 8; i++ )
-    {
-        DES_ROUND( Y, X );
-        DES_ROUND( X, Y );
-    }
-
-    for( i = 0; i < 8; i++ )
-    {
-        DES_ROUND( X, Y );
-        DES_ROUND( Y, X );
-    }
-
-    for( i = 0; i < 8; i++ )
-    {
-        DES_ROUND( Y, X );
-        DES_ROUND( X, Y );
-    }
-
-    DES_FP( Y, X );
-
-    MBEDTLS_PUT_UINT32_BE( Y, output, 0 );
-    MBEDTLS_PUT_UINT32_BE( X, output, 4 );
-
-    return( 0 );
-}
-#endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * 3DES-CBC buffer encryption/decryption
- */
-int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
-                     int mode,
-                     size_t length,
-                     unsigned char iv[8],
-                     const unsigned char *input,
-                     unsigned char *output )
-{
-    int i;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char temp[8];
-
-    if( length % 8 )
-        return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
-
-    if( mode == MBEDTLS_DES_ENCRYPT )
-    {
-        while( length > 0 )
-        {
-            for( i = 0; i < 8; i++ )
-                output[i] = (unsigned char)( input[i] ^ iv[i] );
-
-            ret = mbedtls_des3_crypt_ecb( ctx, output, output );
-            if( ret != 0 )
-                goto exit;
-            memcpy( iv, output, 8 );
-
-            input  += 8;
-            output += 8;
-            length -= 8;
-        }
-    }
-    else /* MBEDTLS_DES_DECRYPT */
-    {
-        while( length > 0 )
-        {
-            memcpy( temp, input, 8 );
-            ret = mbedtls_des3_crypt_ecb( ctx, input, output );
-            if( ret != 0 )
-                goto exit;
-
-            for( i = 0; i < 8; i++ )
-                output[i] = (unsigned char)( output[i] ^ iv[i] );
-
-            memcpy( iv, temp, 8 );
-
-            input  += 8;
-            output += 8;
-            length -= 8;
-        }
-    }
-    ret = 0;
-
-exit:
-    return( ret );
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#endif /* !MBEDTLS_DES_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * DES and 3DES test vectors from:
- *
- * http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
- */
-static const unsigned char des3_test_keys[24] =
-{
-    0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
-    0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01,
-    0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23
-};
-
-static const unsigned char des3_test_buf[8] =
-{
-    0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74
-};
-
-static const unsigned char des3_test_ecb_dec[3][8] =
-{
-    { 0x37, 0x2B, 0x98, 0xBF, 0x52, 0x65, 0xB0, 0x59 },
-    { 0xC2, 0x10, 0x19, 0x9C, 0x38, 0x5A, 0x65, 0xA1 },
-    { 0xA2, 0x70, 0x56, 0x68, 0x69, 0xE5, 0x15, 0x1D }
-};
-
-static const unsigned char des3_test_ecb_enc[3][8] =
-{
-    { 0x1C, 0xD5, 0x97, 0xEA, 0x84, 0x26, 0x73, 0xFB },
-    { 0xB3, 0x92, 0x4D, 0xF3, 0xC5, 0xB5, 0x42, 0x93 },
-    { 0xDA, 0x37, 0x64, 0x41, 0xBA, 0x6F, 0x62, 0x6F }
-};
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-static const unsigned char des3_test_iv[8] =
-{
-    0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
-};
-
-static const unsigned char des3_test_cbc_dec[3][8] =
-{
-    { 0x58, 0xD9, 0x48, 0xEF, 0x85, 0x14, 0x65, 0x9A },
-    { 0x5F, 0xC8, 0x78, 0xD4, 0xD7, 0x92, 0xD9, 0x54 },
-    { 0x25, 0xF9, 0x75, 0x85, 0xA8, 0x1E, 0x48, 0xBF }
-};
-
-static const unsigned char des3_test_cbc_enc[3][8] =
-{
-    { 0x91, 0x1C, 0x6D, 0xCF, 0x48, 0xA7, 0xC3, 0x4D },
-    { 0x60, 0x1A, 0x76, 0x8F, 0xA1, 0xF9, 0x66, 0xF1 },
-    { 0xA1, 0x50, 0x0F, 0x99, 0xB2, 0xCD, 0x64, 0x76 }
-};
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-/*
- * Checkup routine
- */
-int mbedtls_des_self_test( int verbose )
-{
-    int i, j, u, v, ret = 0;
-    mbedtls_des_context ctx;
-    mbedtls_des3_context ctx3;
-    unsigned char buf[8];
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    unsigned char prv[8];
-    unsigned char iv[8];
-#endif
-
-    mbedtls_des_init( &ctx );
-    mbedtls_des3_init( &ctx3 );
-    /*
-     * ECB mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        v = i  & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  DES%c-ECB-%3d (%s): ",
-                             ( u == 0 ) ? ' ' : '3', 56 + u * 56,
-                             ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( buf, des3_test_buf, 8 );
-
-        switch( i )
-        {
-        case 0:
-            ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys );
-            break;
-
-        case 1:
-            ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys );
-            break;
-
-        case 2:
-            ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
-            break;
-
-        case 3:
-            ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
-            break;
-
-        case 4:
-            ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
-            break;
-
-        case 5:
-            ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
-            break;
-
-        default:
-            return( 1 );
-        }
-        if( ret != 0 )
-            goto exit;
-
-        for( j = 0; j < 100; j++ )
-        {
-            if( u == 0 )
-                ret = mbedtls_des_crypt_ecb( &ctx, buf, buf );
-            else
-                ret = mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
-            if( ret != 0 )
-                goto exit;
-        }
-
-        if( ( v == MBEDTLS_DES_DECRYPT &&
-                memcmp( buf, des3_test_ecb_dec[u], 8 ) != 0 ) ||
-            ( v != MBEDTLS_DES_DECRYPT &&
-                memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    /*
-     * CBC mode
-     */
-    for( i = 0; i < 6; i++ )
-    {
-        u = i >> 1;
-        v = i  & 1;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  DES%c-CBC-%3d (%s): ",
-                             ( u == 0 ) ? ' ' : '3', 56 + u * 56,
-                             ( v == MBEDTLS_DES_DECRYPT ) ? "dec" : "enc" );
-
-        memcpy( iv,  des3_test_iv,  8 );
-        memcpy( prv, des3_test_iv,  8 );
-        memcpy( buf, des3_test_buf, 8 );
-
-        switch( i )
-        {
-        case 0:
-            ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys );
-            break;
-
-        case 1:
-            ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys );
-            break;
-
-        case 2:
-            ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
-            break;
-
-        case 3:
-            ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
-            break;
-
-        case 4:
-            ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
-            break;
-
-        case 5:
-            ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
-            break;
-
-        default:
-            return( 1 );
-        }
-        if( ret != 0 )
-            goto exit;
-
-        if( v == MBEDTLS_DES_DECRYPT )
-        {
-            for( j = 0; j < 100; j++ )
-            {
-                if( u == 0 )
-                    ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
-                else
-                    ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
-                if( ret != 0 )
-                    goto exit;
-            }
-        }
-        else
-        {
-            for( j = 0; j < 100; j++ )
-            {
-                unsigned char tmp[8];
-
-                if( u == 0 )
-                    ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
-                else
-                    ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
-                if( ret != 0 )
-                    goto exit;
-
-                memcpy( tmp, prv, 8 );
-                memcpy( prv, buf, 8 );
-                memcpy( buf, tmp, 8 );
-            }
-
-            memcpy( buf, prv, 8 );
-        }
-
-        if( ( v == MBEDTLS_DES_DECRYPT &&
-                memcmp( buf, des3_test_cbc_dec[u], 8 ) != 0 ) ||
-            ( v != MBEDTLS_DES_DECRYPT &&
-                memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-exit:
-    mbedtls_des_free( &ctx );
-    mbedtls_des3_free( &ctx3 );
-
-    if( ret != 0 )
-        ret = 1;
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_DES_C */
diff --git a/Sources/mbedtls/library/dhm.c b/Sources/mbedtls/library/dhm.c
deleted file mode 100644
index 4d2e33e..0000000
--- a/Sources/mbedtls/library/dhm.c
+++ /dev/null
@@ -1,711 +0,0 @@
-/*
- *  Diffie-Hellman-Merkle key exchange
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The following sources were referenced in the design of this implementation
- *  of the Diffie-Hellman-Merkle algorithm:
- *
- *  [1] Handbook of Applied Cryptography - 1997, Chapter 12
- *      Menezes, van Oorschot and Vanstone
- *
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_DHM_C)
-
-#include "mbedtls/dhm.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-#include "mbedtls/pem.h"
-#endif
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-#include "mbedtls/asn1.h"
-#endif
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_DHM_ALT)
-
-#define DHM_VALIDATE_RET( cond )    \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_DHM_BAD_INPUT_DATA )
-#define DHM_VALIDATE( cond )        \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-/*
- * helper to validate the mbedtls_mpi size and import it
- */
-static int dhm_read_bignum( mbedtls_mpi *X,
-                            unsigned char **p,
-                            const unsigned char *end )
-{
-    int ret, n;
-
-    if( end - *p < 2 )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    n = ( (*p)[0] << 8 ) | (*p)[1];
-    (*p) += 2;
-
-    if( (int)( end - *p ) < n )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_mpi_read_binary( X, *p, n ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret ) );
-
-    (*p) += n;
-
-    return( 0 );
-}
-
-/*
- * Verify sanity of parameter with regards to P
- *
- * Parameter should be: 2 <= public_param <= P - 2
- *
- * This means that we need to return an error if
- *              public_param < 2 or public_param > P-2
- *
- * For more information on the attack, see:
- *  http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
- *  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
- */
-static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
-{
-    mbedtls_mpi U;
-    int ret = 0;
-
-    mbedtls_mpi_init( &U );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
-
-    if( mbedtls_mpi_cmp_int( param, 2 ) < 0 ||
-        mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
-    {
-        ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
-    }
-
-cleanup:
-    mbedtls_mpi_free( &U );
-    return( ret );
-}
-
-void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
-{
-    DHM_VALIDATE( ctx != NULL );
-    memset( ctx, 0, sizeof( mbedtls_dhm_context ) );
-}
-
-/*
- * Parse the ServerKeyExchange parameters
- */
-int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
-                     unsigned char **p,
-                     const unsigned char *end )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    DHM_VALIDATE_RET( ctx != NULL );
-    DHM_VALIDATE_RET( p != NULL && *p != NULL );
-    DHM_VALIDATE_RET( end != NULL );
-
-    if( ( ret = dhm_read_bignum( &ctx->P,  p, end ) ) != 0 ||
-        ( ret = dhm_read_bignum( &ctx->G,  p, end ) ) != 0 ||
-        ( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 )
-        return( ret );
-
-    if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
-        return( ret );
-
-    ctx->len = mbedtls_mpi_size( &ctx->P );
-
-    return( 0 );
-}
-
-/*
- * Pick a random R in the range [2, M-2] for blinding or key generation.
- */
-static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_random( R, 3, M, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( R, R, 1 ) );
-
-cleanup:
-    return( ret );
-}
-
-static int dhm_make_common( mbedtls_dhm_context *ctx, int x_size,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
-{
-    int ret = 0;
-
-    if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-    if( x_size < 0 )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    if( (unsigned) x_size < mbedtls_mpi_size( &ctx->P ) )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
-    }
-    else
-    {
-        /* Generate X as large as possible ( <= P - 2 ) */
-        ret = dhm_random_below( &ctx->X, &ctx->P, f_rng, p_rng );
-        if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
-            return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED );
-        if( ret != 0 )
-            return( ret );
-    }
-
-    /*
-     * Calculate GX = G^X mod P
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
-                          &ctx->P , &ctx->RP ) );
-
-    if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
-        return( ret );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Setup and write the ServerKeyExchange parameters
- */
-int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
-                     unsigned char *output, size_t *olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
-{
-    int ret;
-    size_t n1, n2, n3;
-    unsigned char *p;
-    DHM_VALIDATE_RET( ctx != NULL );
-    DHM_VALIDATE_RET( output != NULL );
-    DHM_VALIDATE_RET( olen != NULL );
-    DHM_VALIDATE_RET( f_rng != NULL );
-
-    ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
-    if( ret != 0 )
-        goto cleanup;
-
-    /*
-     * Export P, G, GX. RFC 5246 §4.4 states that "leading zero octets are
-     * not required". We omit leading zeros for compactness.
-     */
-#define DHM_MPI_EXPORT( X, n )                                          \
-    do {                                                                \
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( ( X ),               \
-                                                   p + 2,               \
-                                                   ( n ) ) );           \
-        *p++ = MBEDTLS_BYTE_1( n );                                     \
-        *p++ = MBEDTLS_BYTE_0( n );                                     \
-        p += ( n );                                                     \
-    } while( 0 )
-
-    n1 = mbedtls_mpi_size( &ctx->P  );
-    n2 = mbedtls_mpi_size( &ctx->G  );
-    n3 = mbedtls_mpi_size( &ctx->GX );
-
-    p = output;
-    DHM_MPI_EXPORT( &ctx->P , n1 );
-    DHM_MPI_EXPORT( &ctx->G , n2 );
-    DHM_MPI_EXPORT( &ctx->GX, n3 );
-
-    *olen = p - output;
-
-    ctx->len = n1;
-
-cleanup:
-    if( ret != 0 && ret > -128 )
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret );
-    return( ret );
-}
-
-/*
- * Set prime modulus and generator
- */
-int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
-                           const mbedtls_mpi *P,
-                           const mbedtls_mpi *G )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    DHM_VALIDATE_RET( ctx != NULL );
-    DHM_VALIDATE_RET( P != NULL );
-    DHM_VALIDATE_RET( G != NULL );
-
-    if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) );
-    }
-
-    ctx->len = mbedtls_mpi_size( &ctx->P );
-    return( 0 );
-}
-
-/*
- * Import the peer's public value G^Y
- */
-int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
-                     const unsigned char *input, size_t ilen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    DHM_VALIDATE_RET( ctx != NULL );
-    DHM_VALIDATE_RET( input != NULL );
-
-    if( ilen < 1 || ilen > ctx->len )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret ) );
-
-    return( 0 );
-}
-
-/*
- * Create own private value X and export G^X
- */
-int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
-                     unsigned char *output, size_t olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
-{
-    int ret;
-    DHM_VALIDATE_RET( ctx != NULL );
-    DHM_VALIDATE_RET( output != NULL );
-    DHM_VALIDATE_RET( f_rng != NULL );
-
-    if( olen < 1 || olen > ctx->len )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
-    if( ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED )
-        return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
-    if( ret != 0 )
-        goto cleanup;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->GX, output, olen ) );
-
-cleanup:
-    if( ret != 0 && ret > -128 )
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret );
-    return( ret );
-}
-
-
-/*
- * Use the blinding method and optimisation suggested in section 10 of:
- *  KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
- *  DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
- *  Berlin Heidelberg, 1996. p. 104-113.
- */
-static int dhm_update_blinding( mbedtls_dhm_context *ctx,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret;
-    mbedtls_mpi R;
-
-    mbedtls_mpi_init( &R );
-
-    /*
-     * Don't use any blinding the first time a particular X is used,
-     * but remember it to use blinding next time.
-     */
-    if( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &ctx->pX, &ctx->X ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vi, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->Vf, 1 ) );
-
-        return( 0 );
-    }
-
-    /*
-     * Ok, we need blinding. Can we re-use existing values?
-     * If yes, just update them by squaring them.
-     */
-    if( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
-
-        return( 0 );
-    }
-
-    /*
-     * We need to generate blinding values from scratch
-     */
-
-    /* Vi = random( 2, P-2 ) */
-    MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) );
-
-    /* Vf = Vi^-X mod P
-     * First compute Vi^-1 = R * (R Vi)^-1, (avoiding leaks from inv_mod),
-     * then elevate to the Xth power. */
-    MBEDTLS_MPI_CHK( dhm_random_below( &R, &ctx->P, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vi, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vf, &ctx->Vf, &ctx->P ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->P ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vf, &ctx->Vf, &ctx->X, &ctx->P, &ctx->RP ) );
-
-cleanup:
-    mbedtls_mpi_free( &R );
-
-    return( ret );
-}
-
-/*
- * Derive and export the shared secret (G^Y)^X mod P
- */
-int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
-                     unsigned char *output, size_t output_size, size_t *olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi GYb;
-    DHM_VALIDATE_RET( ctx != NULL );
-    DHM_VALIDATE_RET( output != NULL );
-    DHM_VALIDATE_RET( olen != NULL );
-
-    if( output_size < ctx->len )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
-        return( ret );
-
-    mbedtls_mpi_init( &GYb );
-
-    /* Blind peer's value */
-    if( f_rng != NULL )
-    {
-        MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) );
-    }
-    else
-        MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &GYb, &ctx->GY ) );
-
-    /* Do modular exponentiation */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->K, &GYb, &ctx->X,
-                          &ctx->P, &ctx->RP ) );
-
-    /* Unblind secret value */
-    if( f_rng != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
-    }
-
-    /* Output the secret without any leading zero byte. This is mandatory
-     * for TLS per RFC 5246 §8.1.2. */
-    *olen = mbedtls_mpi_size( &ctx->K );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->K, output, *olen ) );
-
-cleanup:
-    mbedtls_mpi_free( &GYb );
-
-    if( ret != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret ) );
-
-    return( 0 );
-}
-
-/*
- * Free the components of a DHM key
- */
-void mbedtls_dhm_free( mbedtls_dhm_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_mpi_free( &ctx->pX );
-    mbedtls_mpi_free( &ctx->Vf );
-    mbedtls_mpi_free( &ctx->Vi );
-    mbedtls_mpi_free( &ctx->RP );
-    mbedtls_mpi_free( &ctx->K  );
-    mbedtls_mpi_free( &ctx->GY );
-    mbedtls_mpi_free( &ctx->GX );
-    mbedtls_mpi_free( &ctx->X  );
-    mbedtls_mpi_free( &ctx->G  );
-    mbedtls_mpi_free( &ctx->P  );
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) );
-}
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-/*
- * Parse DHM parameters
- */
-int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
-                   size_t dhminlen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len;
-    unsigned char *p, *end;
-#if defined(MBEDTLS_PEM_PARSE_C)
-    mbedtls_pem_context pem;
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-    DHM_VALIDATE_RET( dhm != NULL );
-    DHM_VALIDATE_RET( dhmin != NULL );
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-    mbedtls_pem_init( &pem );
-
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( dhminlen == 0 || dhmin[dhminlen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN DH PARAMETERS-----",
-                               "-----END DH PARAMETERS-----",
-                               dhmin, NULL, 0, &dhminlen );
-
-    if( ret == 0 )
-    {
-        /*
-         * Was PEM encoded
-         */
-        dhminlen = pem.buflen;
-    }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        goto exit;
-
-    p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
-#else
-    p = (unsigned char *) dhmin;
-#endif /* MBEDTLS_PEM_PARSE_C */
-    end = p + dhminlen;
-
-    /*
-     *  DHParams ::= SEQUENCE {
-     *      prime              INTEGER,  -- P
-     *      generator          INTEGER,  -- g
-     *      privateValueLength INTEGER OPTIONAL
-     *  }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret );
-        goto exit;
-    }
-
-    end = p + len;
-
-    if( ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->P  ) ) != 0 ||
-        ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
-    {
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret );
-        goto exit;
-    }
-
-    if( p != end )
-    {
-        /* This might be the optional privateValueLength.
-         * If so, we can cleanly discard it */
-        mbedtls_mpi rec;
-        mbedtls_mpi_init( &rec );
-        ret = mbedtls_asn1_get_mpi( &p, end, &rec );
-        mbedtls_mpi_free( &rec );
-        if ( ret != 0 )
-        {
-            ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret );
-            goto exit;
-        }
-        if ( p != end )
-        {
-            ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-            goto exit;
-        }
-    }
-
-    ret = 0;
-
-    dhm->len = mbedtls_mpi_size( &dhm->P );
-
-exit:
-#if defined(MBEDTLS_PEM_PARSE_C)
-    mbedtls_pem_free( &pem );
-#endif
-    if( ret != 0 )
-        mbedtls_dhm_free( dhm );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_FS_IO)
-/*
- * Load all data from a file into a given buffer.
- *
- * The file is expected to contain either PEM or DER encoded data.
- * A terminating null byte is always appended. It is included in the announced
- * length only if the data looks like it is PEM encoded.
- */
-static int load_file( const char *path, unsigned char **buf, size_t *n )
-{
-    FILE *f;
-    long size;
-
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
-
-    fseek( f, 0, SEEK_END );
-    if( ( size = ftell( f ) ) == -1 )
-    {
-        fclose( f );
-        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
-    }
-    fseek( f, 0, SEEK_SET );
-
-    *n = (size_t) size;
-
-    if( *n + 1 == 0 ||
-        ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
-    {
-        fclose( f );
-        return( MBEDTLS_ERR_DHM_ALLOC_FAILED );
-    }
-
-    if( fread( *buf, 1, *n, f ) != *n )
-    {
-        fclose( f );
-
-        mbedtls_platform_zeroize( *buf, *n + 1 );
-        mbedtls_free( *buf );
-
-        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
-    }
-
-    fclose( f );
-
-    (*buf)[*n] = '\0';
-
-    if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
-        ++*n;
-
-    return( 0 );
-}
-
-/*
- * Load and parse DHM parameters
- */
-int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t n;
-    unsigned char *buf;
-    DHM_VALIDATE_RET( dhm != NULL );
-    DHM_VALIDATE_RET( path != NULL );
-
-    if( ( ret = load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
-
-    ret = mbedtls_dhm_parse_dhm( dhm, buf, n );
-
-    mbedtls_platform_zeroize( buf, n );
-    mbedtls_free( buf );
-
-    return( ret );
-}
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_ASN1_PARSE_C */
-#endif /* MBEDTLS_DHM_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-static const char mbedtls_test_dhm_params[] =
-"-----BEGIN DH PARAMETERS-----\r\n"
-"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
-"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
-"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
-"-----END DH PARAMETERS-----\r\n";
-#else /* MBEDTLS_PEM_PARSE_C */
-static const char mbedtls_test_dhm_params[] = {
-  0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e, 0x35, 0xf4, 0x30, 0x44,
-  0x3a, 0x09, 0x90, 0x4f, 0x3a, 0x39, 0xa9, 0x79, 0x79, 0x7d, 0x07, 0x0d,
-  0xf5, 0x33, 0x78, 0xe7, 0x9c, 0x24, 0x38, 0xbe, 0xf4, 0xe7, 0x61, 0xf3,
-  0xc7, 0x14, 0x55, 0x33, 0x28, 0x58, 0x9b, 0x04, 0x1c, 0x80, 0x9b, 0xe1,
-  0xd6, 0xc6, 0xb5, 0xf1, 0xfc, 0x9f, 0x47, 0xd3, 0xa2, 0x54, 0x43, 0x18,
-  0x82, 0x53, 0xa9, 0x92, 0xa5, 0x68, 0x18, 0xb3, 0x7b, 0xa9, 0xde, 0x5a,
-  0x40, 0xd3, 0x62, 0xe5, 0x6e, 0xff, 0x0b, 0xe5, 0x41, 0x74, 0x74, 0xc1,
-  0x25, 0xc1, 0x99, 0x27, 0x2c, 0x8f, 0xe4, 0x1d, 0xea, 0x73, 0x3d, 0xf6,
-  0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64,
-  0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8,
-  0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f,
-  0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 };
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_params );
-
-/*
- * Checkup routine
- */
-int mbedtls_dhm_self_test( int verbose )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_dhm_context dhm;
-
-    mbedtls_dhm_init( &dhm );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  DHM parameter load: " );
-
-    if( ( ret = mbedtls_dhm_parse_dhm( &dhm,
-                    (const unsigned char *) mbedtls_test_dhm_params,
-                    mbedtls_test_dhm_params_len ) ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto exit;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n\n" );
-
-exit:
-    mbedtls_dhm_free( &dhm );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_DHM_C */
diff --git a/Sources/mbedtls/library/ecdh.c b/Sources/mbedtls/library/ecdh.c
deleted file mode 100644
index 724c938..0000000
--- a/Sources/mbedtls/library/ecdh.c
+++ /dev/null
@@ -1,731 +0,0 @@
-/*
- *  Elliptic curve Diffie-Hellman
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- * References:
- *
- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
- * RFC 4492
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_ECDH_C)
-
-#include "mbedtls/ecdh.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-/* Parameter validation macros based on platform_util.h */
-#define ECDH_VALIDATE_RET( cond )    \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECDH_VALIDATE( cond )        \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
-#endif
-
-static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
-    const mbedtls_ecdh_context *ctx )
-{
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ctx->grp.id );
-#else
-    return( ctx->grp_id );
-#endif
-}
-
-int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid )
-{
-    /* At this time, all groups support ECDH. */
-    (void) gid;
-    return( 1 );
-}
-
-#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
-/*
- * Generate public key (restartable version)
- *
- * Note: this internal function relies on its caller preserving the value of
- * the output parameter 'd' across continuation calls. This would not be
- * acceptable for a public function but is OK here as we control call sites.
- */
-static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp,
-                    mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                    int (*f_rng)(void *, unsigned char *, size_t),
-                    void *p_rng,
-                    mbedtls_ecp_restart_ctx *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    int restarting = 0;
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL );
-#endif
-    /* If multiplication is in progress, we already generated a privkey */
-    if( !restarting )
-        MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, Q, d, &grp->G,
-                                                  f_rng, p_rng, rs_ctx ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Generate public key
- */
-int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
-{
-    ECDH_VALIDATE_RET( grp != NULL );
-    ECDH_VALIDATE_RET( d != NULL );
-    ECDH_VALIDATE_RET( Q != NULL );
-    ECDH_VALIDATE_RET( f_rng != NULL );
-    return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) );
-}
-#endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */
-
-#if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
-/*
- * Compute shared secret (SEC1 3.3.1)
- */
-static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp,
-                         mbedtls_mpi *z,
-                         const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         mbedtls_ecp_restart_ctx *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_point P;
-
-    mbedtls_ecp_point_init( &P );
-
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &P, d, Q,
-                                                  f_rng, p_rng, rs_ctx ) );
-
-    if( mbedtls_ecp_is_zero( &P ) )
-    {
-        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( z, &P.X ) );
-
-cleanup:
-    mbedtls_ecp_point_free( &P );
-
-    return( ret );
-}
-
-/*
- * Compute shared secret (SEC1 3.3.1)
- */
-int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
-                         const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng )
-{
-    ECDH_VALIDATE_RET( grp != NULL );
-    ECDH_VALIDATE_RET( Q != NULL );
-    ECDH_VALIDATE_RET( d != NULL );
-    ECDH_VALIDATE_RET( z != NULL );
-    return( ecdh_compute_shared_restartable( grp, z, Q, d,
-                                             f_rng, p_rng, NULL ) );
-}
-#endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
-
-static void ecdh_init_internal( mbedtls_ecdh_context_mbed *ctx )
-{
-    mbedtls_ecp_group_init( &ctx->grp );
-    mbedtls_mpi_init( &ctx->d  );
-    mbedtls_ecp_point_init( &ctx->Q   );
-    mbedtls_ecp_point_init( &ctx->Qp  );
-    mbedtls_mpi_init( &ctx->z  );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    mbedtls_ecp_restart_init( &ctx->rs );
-#endif
-}
-
-/*
- * Initialize context
- */
-void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx )
-{
-    ECDH_VALIDATE( ctx != NULL );
-
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    ecdh_init_internal( ctx );
-    mbedtls_ecp_point_init( &ctx->Vi  );
-    mbedtls_ecp_point_init( &ctx->Vf  );
-    mbedtls_mpi_init( &ctx->_d );
-#else
-    memset( ctx, 0, sizeof( mbedtls_ecdh_context ) );
-
-    ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
-#endif
-    ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    ctx->restart_enabled = 0;
-#endif
-}
-
-static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx,
-                                mbedtls_ecp_group_id grp_id )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    ret = mbedtls_ecp_group_load( &ctx->grp, grp_id );
-    if( ret != 0 )
-    {
-        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-    }
-
-    return( 0 );
-}
-
-/*
- * Setup context
- */
-int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id )
-{
-    ECDH_VALIDATE_RET( ctx != NULL );
-
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_setup_internal( ctx, grp_id ) );
-#else
-    switch( grp_id )
-    {
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-        case MBEDTLS_ECP_DP_CURVE25519:
-            ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED;
-            ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST;
-            ctx->grp_id = grp_id;
-            return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) );
-#endif
-        default:
-            ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
-            ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
-            ctx->grp_id = grp_id;
-            ecdh_init_internal( &ctx->ctx.mbed_ecdh );
-            return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
-    }
-#endif
-}
-
-static void ecdh_free_internal( mbedtls_ecdh_context_mbed *ctx )
-{
-    mbedtls_ecp_group_free( &ctx->grp );
-    mbedtls_mpi_free( &ctx->d  );
-    mbedtls_ecp_point_free( &ctx->Q   );
-    mbedtls_ecp_point_free( &ctx->Qp  );
-    mbedtls_mpi_free( &ctx->z  );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    mbedtls_ecp_restart_free( &ctx->rs );
-#endif
-}
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/*
- * Enable restartable operations for context
- */
-void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
-{
-    ECDH_VALIDATE( ctx != NULL );
-
-    ctx->restart_enabled = 1;
-}
-#endif
-
-/*
- * Free context
- */
-void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    mbedtls_ecp_point_free( &ctx->Vi );
-    mbedtls_ecp_point_free( &ctx->Vf );
-    mbedtls_mpi_free( &ctx->_d );
-    ecdh_free_internal( ctx );
-#else
-    switch( ctx->var )
-    {
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-        case MBEDTLS_ECDH_VARIANT_EVEREST:
-            mbedtls_everest_free( &ctx->ctx.everest_ecdh );
-            break;
-#endif
-        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            ecdh_free_internal( &ctx->ctx.mbed_ecdh );
-            break;
-        default:
-            break;
-    }
-
-    ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
-    ctx->var = MBEDTLS_ECDH_VARIANT_NONE;
-    ctx->grp_id = MBEDTLS_ECP_DP_NONE;
-#endif
-}
-
-static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
-                                      size_t *olen, int point_format,
-                                      unsigned char *buf, size_t blen,
-                                      int (*f_rng)(void *,
-                                                   unsigned char *,
-                                                   size_t),
-                                      void *p_rng,
-                                      int restart_enabled )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t grp_len, pt_len;
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    mbedtls_ecp_restart_ctx *rs_ctx = NULL;
-#endif
-
-    if( ctx->grp.pbits == 0 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( restart_enabled )
-        rs_ctx = &ctx->rs;
-#else
-    (void) restart_enabled;
-#endif
-
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
-                                             f_rng, p_rng, rs_ctx ) ) != 0 )
-        return( ret );
-#else
-    if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
-                                         f_rng, p_rng ) ) != 0 )
-        return( ret );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-    if( ( ret = mbedtls_ecp_tls_write_group( &ctx->grp, &grp_len, buf,
-                                             blen ) ) != 0 )
-        return( ret );
-
-    buf += grp_len;
-    blen -= grp_len;
-
-    if( ( ret = mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format,
-                                             &pt_len, buf, blen ) ) != 0 )
-        return( ret );
-
-    *olen = grp_len + pt_len;
-    return( 0 );
-}
-
-/*
- * Setup and write the ServerKeyExchange parameters (RFC 4492)
- *      struct {
- *          ECParameters    curve_params;
- *          ECPoint         public;
- *      } ServerECDHParams;
- */
-int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
-                              unsigned char *buf, size_t blen,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
-{
-    int restart_enabled = 0;
-    ECDH_VALIDATE_RET( ctx != NULL );
-    ECDH_VALIDATE_RET( olen != NULL );
-    ECDH_VALIDATE_RET( buf != NULL );
-    ECDH_VALIDATE_RET( f_rng != NULL );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    restart_enabled = ctx->restart_enabled;
-#else
-    (void) restart_enabled;
-#endif
-
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_make_params_internal( ctx, olen, ctx->point_format, buf, blen,
-                                       f_rng, p_rng, restart_enabled ) );
-#else
-    switch( ctx->var )
-    {
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-        case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen,
-                                                 buf, blen, f_rng, p_rng ) );
-#endif
-        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
-                                               ctx->point_format, buf, blen,
-                                               f_rng, p_rng,
-                                               restart_enabled ) );
-        default:
-            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-    }
-#endif
-}
-
-static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx,
-                                      const unsigned char **buf,
-                                      const unsigned char *end )
-{
-    return( mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf,
-                                        end - *buf ) );
-}
-
-/*
- * Read the ServerKeyExchange parameters (RFC 4492)
- *      struct {
- *          ECParameters    curve_params;
- *          ECPoint         public;
- *      } ServerECDHParams;
- */
-int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
-                              const unsigned char **buf,
-                              const unsigned char *end )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_group_id grp_id;
-    ECDH_VALIDATE_RET( ctx != NULL );
-    ECDH_VALIDATE_RET( buf != NULL );
-    ECDH_VALIDATE_RET( *buf != NULL );
-    ECDH_VALIDATE_RET( end != NULL );
-
-    if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, end - *buf ) )
-            != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 )
-        return( ret );
-
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_read_params_internal( ctx, buf, end ) );
-#else
-    switch( ctx->var )
-    {
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-        case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_read_params( &ctx->ctx.everest_ecdh,
-                                                 buf, end) );
-#endif
-        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh,
-                                               buf, end ) );
-        default:
-            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-    }
-#endif
-}
-
-static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx,
-                                     const mbedtls_ecp_keypair *key,
-                                     mbedtls_ecdh_side side )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    /* If it's not our key, just import the public part as Qp */
-    if( side == MBEDTLS_ECDH_THEIRS )
-        return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) );
-
-    /* Our key: import public (as Q) and private parts */
-    if( side != MBEDTLS_ECDH_OURS )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-/*
- * Get parameters from a keypair
- */
-int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
-                             const mbedtls_ecp_keypair *key,
-                             mbedtls_ecdh_side side )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ECDH_VALIDATE_RET( ctx != NULL );
-    ECDH_VALIDATE_RET( key != NULL );
-    ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS ||
-                       side == MBEDTLS_ECDH_THEIRS );
-
-    if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
-    {
-        /* This is the first call to get_params(). Set up the context
-         * for use with the group. */
-        if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
-            return( ret );
-    }
-    else
-    {
-        /* This is not the first call to get_params(). Check that the
-         * current key's group is the same as the context's, which was set
-         * from the first key's group. */
-        if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id )
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-    }
-
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_get_params_internal( ctx, key, side ) );
-#else
-    switch( ctx->var )
-    {
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-        case MBEDTLS_ECDH_VARIANT_EVEREST:
-        {
-            mbedtls_everest_ecdh_side s = side == MBEDTLS_ECDH_OURS ?
-                                                   MBEDTLS_EVEREST_ECDH_OURS :
-                                                   MBEDTLS_EVEREST_ECDH_THEIRS;
-            return( mbedtls_everest_get_params( &ctx->ctx.everest_ecdh,
-                                                key, s) );
-        }
-#endif
-        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh,
-                                              key, side ) );
-        default:
-            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-    }
-#endif
-}
-
-static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx,
-                                      size_t *olen, int point_format,
-                                      unsigned char *buf, size_t blen,
-                                      int (*f_rng)(void *,
-                                                   unsigned char *,
-                                                   size_t),
-                                      void *p_rng,
-                                      int restart_enabled )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    mbedtls_ecp_restart_ctx *rs_ctx = NULL;
-#endif
-
-    if( ctx->grp.pbits == 0 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( restart_enabled )
-        rs_ctx = &ctx->rs;
-#else
-    (void) restart_enabled;
-#endif
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( ( ret = ecdh_gen_public_restartable( &ctx->grp, &ctx->d, &ctx->Q,
-                                             f_rng, p_rng, rs_ctx ) ) != 0 )
-        return( ret );
-#else
-    if( ( ret = mbedtls_ecdh_gen_public( &ctx->grp, &ctx->d, &ctx->Q,
-                                         f_rng, p_rng ) ) != 0 )
-        return( ret );
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-    return mbedtls_ecp_tls_write_point( &ctx->grp, &ctx->Q, point_format, olen,
-                                        buf, blen );
-}
-
-/*
- * Setup and export the client public value
- */
-int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
-                              unsigned char *buf, size_t blen,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
-{
-    int restart_enabled = 0;
-    ECDH_VALIDATE_RET( ctx != NULL );
-    ECDH_VALIDATE_RET( olen != NULL );
-    ECDH_VALIDATE_RET( buf != NULL );
-    ECDH_VALIDATE_RET( f_rng != NULL );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    restart_enabled = ctx->restart_enabled;
-#endif
-
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_make_public_internal( ctx, olen, ctx->point_format, buf, blen,
-                                       f_rng, p_rng, restart_enabled ) );
-#else
-    switch( ctx->var )
-    {
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-        case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_make_public( &ctx->ctx.everest_ecdh, olen,
-                                                 buf, blen, f_rng, p_rng ) );
-#endif
-        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen,
-                                               ctx->point_format, buf, blen,
-                                               f_rng, p_rng,
-                                               restart_enabled ) );
-        default:
-            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-    }
-#endif
-}
-
-static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
-                                      const unsigned char *buf, size_t blen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const unsigned char *p = buf;
-
-    if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p,
-                                            blen ) ) != 0 )
-        return( ret );
-
-    if( (size_t)( p - buf ) != blen )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    return( 0 );
-}
-
-/*
- * Parse and import the client's public value
- */
-int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
-                              const unsigned char *buf, size_t blen )
-{
-    ECDH_VALIDATE_RET( ctx != NULL );
-    ECDH_VALIDATE_RET( buf != NULL );
-
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_read_public_internal( ctx, buf, blen ) );
-#else
-    switch( ctx->var )
-    {
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-        case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_read_public( &ctx->ctx.everest_ecdh,
-                                                 buf, blen ) );
-#endif
-        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh,
-                                                       buf, blen ) );
-        default:
-            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-    }
-#endif
-}
-
-static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
-                                      size_t *olen, unsigned char *buf,
-                                      size_t blen,
-                                      int (*f_rng)(void *,
-                                                   unsigned char *,
-                                                   size_t),
-                                      void *p_rng,
-                                      int restart_enabled )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    mbedtls_ecp_restart_ctx *rs_ctx = NULL;
-#endif
-
-    if( ctx == NULL || ctx->grp.pbits == 0 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( restart_enabled )
-        rs_ctx = &ctx->rs;
-#else
-    (void) restart_enabled;
-#endif
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( ( ret = ecdh_compute_shared_restartable( &ctx->grp, &ctx->z, &ctx->Qp,
-                                                 &ctx->d, f_rng, p_rng,
-                                                 rs_ctx ) ) != 0 )
-    {
-        return( ret );
-    }
-#else
-    if( ( ret = mbedtls_ecdh_compute_shared( &ctx->grp, &ctx->z, &ctx->Qp,
-                                             &ctx->d, f_rng, p_rng ) ) != 0 )
-    {
-        return( ret );
-    }
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-    if( mbedtls_mpi_size( &ctx->z ) > blen )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    *olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 );
-
-    if( mbedtls_ecp_get_type( &ctx->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-        return mbedtls_mpi_write_binary_le( &ctx->z, buf, *olen );
-
-    return mbedtls_mpi_write_binary( &ctx->z, buf, *olen );
-}
-
-/*
- * Derive and export the shared secret
- */
-int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
-                              unsigned char *buf, size_t blen,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
-{
-    int restart_enabled = 0;
-    ECDH_VALIDATE_RET( ctx != NULL );
-    ECDH_VALIDATE_RET( olen != NULL );
-    ECDH_VALIDATE_RET( buf != NULL );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    restart_enabled = ctx->restart_enabled;
-#endif
-
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_calc_secret_internal( ctx, olen, buf, blen, f_rng, p_rng,
-                                       restart_enabled ) );
-#else
-    switch( ctx->var )
-    {
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-        case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_calc_secret( &ctx->ctx.everest_ecdh, olen,
-                                                 buf, blen, f_rng, p_rng ) );
-#endif
-        case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf,
-                                               blen, f_rng, p_rng,
-                                               restart_enabled ) );
-        default:
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-    }
-#endif
-}
-
-#endif /* MBEDTLS_ECDH_C */
diff --git a/Sources/mbedtls/library/ecdsa.c b/Sources/mbedtls/library/ecdsa.c
deleted file mode 100644
index 4bae6a9..0000000
--- a/Sources/mbedtls/library/ecdsa.c
+++ /dev/null
@@ -1,1006 +0,0 @@
-/*
- *  Elliptic curve DSA
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- * References:
- *
- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_ECDSA_C)
-
-#include "mbedtls/ecdsa.h"
-#include "mbedtls/asn1write.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#include "mbedtls/hmac_drbg.h"
-#endif
-
-#include "mbedtls/platform.h"
-
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-/* Parameter validation macros based on platform_util.h */
-#define ECDSA_VALIDATE_RET( cond )    \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECDSA_VALIDATE( cond )        \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-
-/*
- * Sub-context for ecdsa_verify()
- */
-struct mbedtls_ecdsa_restart_ver
-{
-    mbedtls_mpi u1, u2;     /* intermediate values  */
-    enum {                  /* what to do next?     */
-        ecdsa_ver_init = 0, /* getting started      */
-        ecdsa_ver_muladd,   /* muladd step          */
-    } state;
-};
-
-/*
- * Init verify restart sub-context
- */
-static void ecdsa_restart_ver_init( mbedtls_ecdsa_restart_ver_ctx *ctx )
-{
-    mbedtls_mpi_init( &ctx->u1 );
-    mbedtls_mpi_init( &ctx->u2 );
-    ctx->state = ecdsa_ver_init;
-}
-
-/*
- * Free the components of a verify restart sub-context
- */
-static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_mpi_free( &ctx->u1 );
-    mbedtls_mpi_free( &ctx->u2 );
-
-    ecdsa_restart_ver_init( ctx );
-}
-
-/*
- * Sub-context for ecdsa_sign()
- */
-struct mbedtls_ecdsa_restart_sig
-{
-    int sign_tries;
-    int key_tries;
-    mbedtls_mpi k;          /* per-signature random */
-    mbedtls_mpi r;          /* r value              */
-    enum {                  /* what to do next?     */
-        ecdsa_sig_init = 0, /* getting started      */
-        ecdsa_sig_mul,      /* doing ecp_mul()      */
-        ecdsa_sig_modn,     /* mod N computations   */
-    } state;
-};
-
-/*
- * Init verify sign sub-context
- */
-static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx )
-{
-    ctx->sign_tries = 0;
-    ctx->key_tries = 0;
-    mbedtls_mpi_init( &ctx->k );
-    mbedtls_mpi_init( &ctx->r );
-    ctx->state = ecdsa_sig_init;
-}
-
-/*
- * Free the components of a sign restart sub-context
- */
-static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_mpi_free( &ctx->k );
-    mbedtls_mpi_free( &ctx->r );
-}
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-/*
- * Sub-context for ecdsa_sign_det()
- */
-struct mbedtls_ecdsa_restart_det
-{
-    mbedtls_hmac_drbg_context rng_ctx;  /* DRBG state   */
-    enum {                      /* what to do next?     */
-        ecdsa_det_init = 0,     /* getting started      */
-        ecdsa_det_sign,         /* make signature       */
-    } state;
-};
-
-/*
- * Init verify sign_det sub-context
- */
-static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx )
-{
-    mbedtls_hmac_drbg_init( &ctx->rng_ctx );
-    ctx->state = ecdsa_det_init;
-}
-
-/*
- * Free the components of a sign_det restart sub-context
- */
-static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_hmac_drbg_free( &ctx->rng_ctx );
-
-    ecdsa_restart_det_init( ctx );
-}
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-#define ECDSA_RS_ECP    ( rs_ctx == NULL ? NULL : &rs_ctx->ecp )
-
-/* Utility macro for checking and updating ops budget */
-#define ECDSA_BUDGET( ops )   \
-    MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, ECDSA_RS_ECP, ops ) );
-
-/* Call this when entering a function that needs its own sub-context */
-#define ECDSA_RS_ENTER( SUB )   do {                                 \
-    /* reset ops count for this call if top-level */                 \
-    if( rs_ctx != NULL && rs_ctx->ecp.depth++ == 0 )                 \
-        rs_ctx->ecp.ops_done = 0;                                    \
-                                                                     \
-    /* set up our own sub-context if needed */                       \
-    if( mbedtls_ecp_restart_is_enabled() &&                          \
-        rs_ctx != NULL && rs_ctx->SUB == NULL )                      \
-    {                                                                \
-        rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) );   \
-        if( rs_ctx->SUB == NULL )                                    \
-            return( MBEDTLS_ERR_ECP_ALLOC_FAILED );                  \
-                                                                     \
-        ecdsa_restart_## SUB ##_init( rs_ctx->SUB );                 \
-    }                                                                \
-} while( 0 )
-
-/* Call this when leaving a function that needs its own sub-context */
-#define ECDSA_RS_LEAVE( SUB )   do {                                 \
-    /* clear our sub-context when not in progress (done or error) */ \
-    if( rs_ctx != NULL && rs_ctx->SUB != NULL &&                     \
-        ret != MBEDTLS_ERR_ECP_IN_PROGRESS )                         \
-    {                                                                \
-        ecdsa_restart_## SUB ##_free( rs_ctx->SUB );                 \
-        mbedtls_free( rs_ctx->SUB );                                 \
-        rs_ctx->SUB = NULL;                                          \
-    }                                                                \
-                                                                     \
-    if( rs_ctx != NULL )                                             \
-        rs_ctx->ecp.depth--;                                         \
-} while( 0 )
-
-#else /* MBEDTLS_ECP_RESTARTABLE */
-
-#define ECDSA_RS_ECP    NULL
-
-#define ECDSA_BUDGET( ops )   /* no-op; for compatibility */
-
-#define ECDSA_RS_ENTER( SUB )   (void) rs_ctx
-#define ECDSA_RS_LEAVE( SUB )   (void) rs_ctx
-
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC) || \
-    !defined(MBEDTLS_ECDSA_SIGN_ALT)     || \
-    !defined(MBEDTLS_ECDSA_VERIFY_ALT)
-/*
- * Derive a suitable integer for group grp from a buffer of length len
- * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
- */
-static int derive_mpi( const mbedtls_ecp_group *grp, mbedtls_mpi *x,
-                       const unsigned char *buf, size_t blen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t n_size = ( grp->nbits + 7 ) / 8;
-    size_t use_size = blen > n_size ? n_size : blen;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( x, buf, use_size ) );
-    if( use_size * 8 > grp->nbits )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( x, use_size * 8 - grp->nbits ) );
-
-    /* While at it, reduce modulo N */
-    if( mbedtls_mpi_cmp_mpi( x, &grp->N ) >= 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( x, x, &grp->N ) );
-
-cleanup:
-    return( ret );
-}
-#endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
-
-#if !defined(MBEDTLS_ECDSA_SIGN_ALT)
-/*
- * Compute ECDSA signature of a hashed message (SEC1 4.1.3)
- * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
- */
-static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
-                mbedtls_mpi *r, mbedtls_mpi *s,
-                const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                int (*f_rng_blind)(void *, unsigned char *, size_t),
-                void *p_rng_blind,
-                mbedtls_ecdsa_restart_ctx *rs_ctx )
-{
-    int ret, key_tries, sign_tries;
-    int *p_sign_tries = &sign_tries, *p_key_tries = &key_tries;
-    mbedtls_ecp_point R;
-    mbedtls_mpi k, e, t;
-    mbedtls_mpi *pk = &k, *pr = r;
-
-    /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
-    if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /* Make sure d is in range 1..n-1 */
-    if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
-
-    mbedtls_ecp_point_init( &R );
-    mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t );
-
-    ECDSA_RS_ENTER( sig );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->sig != NULL )
-    {
-        /* redirect to our context */
-        p_sign_tries = &rs_ctx->sig->sign_tries;
-        p_key_tries = &rs_ctx->sig->key_tries;
-        pk = &rs_ctx->sig->k;
-        pr = &rs_ctx->sig->r;
-
-        /* jump to current step */
-        if( rs_ctx->sig->state == ecdsa_sig_mul )
-            goto mul;
-        if( rs_ctx->sig->state == ecdsa_sig_modn )
-            goto modn;
-    }
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-    *p_sign_tries = 0;
-    do
-    {
-        if( (*p_sign_tries)++ > 10 )
-        {
-            ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
-            goto cleanup;
-        }
-
-        /*
-         * Steps 1-3: generate a suitable ephemeral keypair
-         * and set r = xR mod n
-         */
-        *p_key_tries = 0;
-        do
-        {
-            if( (*p_key_tries)++ > 10 )
-            {
-                ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
-                goto cleanup;
-            }
-
-            MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-            if( rs_ctx != NULL && rs_ctx->sig != NULL )
-                rs_ctx->sig->state = ecdsa_sig_mul;
-
-mul:
-#endif
-            MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G,
-                                                          f_rng_blind,
-                                                          p_rng_blind,
-                                                          ECDSA_RS_ECP ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) );
-        }
-        while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-        if( rs_ctx != NULL && rs_ctx->sig != NULL )
-            rs_ctx->sig->state = ecdsa_sig_modn;
-
-modn:
-#endif
-        /*
-         * Accounting for everything up to the end of the loop
-         * (step 6, but checking now avoids saving e and t)
-         */
-        ECDSA_BUDGET( MBEDTLS_ECP_OPS_INV + 4 );
-
-        /*
-         * Step 5: derive MPI from hashed message
-         */
-        MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
-
-        /*
-         * Generate a random value to blind inv_mod in next step,
-         * avoiding a potential timing leak.
-         */
-        MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, &t, f_rng_blind,
-                                                  p_rng_blind ) );
-
-        /*
-         * Step 6: compute s = (e + r * d) / k = t (e + rd) / (kt) mod n
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, pr, d ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &e, &e, s ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &e, &e, &t ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pk, pk, &t ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pk, pk, &grp->N ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
-    }
-    while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->sig != NULL )
-        mbedtls_mpi_copy( r, pr );
-#endif
-
-cleanup:
-    mbedtls_ecp_point_free( &R );
-    mbedtls_mpi_free( &k ); mbedtls_mpi_free( &e ); mbedtls_mpi_free( &t );
-
-    ECDSA_RS_LEAVE( sig );
-
-    return( ret );
-}
-
-int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid )
-{
-    switch( gid )
-    {
-#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
-        case MBEDTLS_ECP_DP_CURVE25519: return 0;
-#endif
-#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
-        case MBEDTLS_ECP_DP_CURVE448: return 0;
-#endif
-    default: return 1;
-    }
-}
-
-/*
- * Compute ECDSA signature of a hashed message
- */
-int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
-                const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    ECDSA_VALIDATE_RET( grp   != NULL );
-    ECDSA_VALIDATE_RET( r     != NULL );
-    ECDSA_VALIDATE_RET( s     != NULL );
-    ECDSA_VALIDATE_RET( d     != NULL );
-    ECDSA_VALIDATE_RET( f_rng != NULL );
-    ECDSA_VALIDATE_RET( buf   != NULL || blen == 0 );
-
-    /* Use the same RNG for both blinding and ephemeral key generation */
-    return( ecdsa_sign_restartable( grp, r, s, d, buf, blen,
-                                    f_rng, p_rng, f_rng, p_rng, NULL ) );
-}
-#endif /* !MBEDTLS_ECDSA_SIGN_ALT */
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-/*
- * Deterministic signature wrapper
- */
-static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
-                    mbedtls_mpi *r, mbedtls_mpi *s,
-                    const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
-                    mbedtls_md_type_t md_alg,
-                    int (*f_rng_blind)(void *, unsigned char *, size_t),
-                    void *p_rng_blind,
-                    mbedtls_ecdsa_restart_ctx *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_hmac_drbg_context rng_ctx;
-    mbedtls_hmac_drbg_context *p_rng = &rng_ctx;
-    unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
-    size_t grp_len = ( grp->nbits + 7 ) / 8;
-    const mbedtls_md_info_t *md_info;
-    mbedtls_mpi h;
-
-    if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &h );
-    mbedtls_hmac_drbg_init( &rng_ctx );
-
-    ECDSA_RS_ENTER( det );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->det != NULL )
-    {
-        /* redirect to our context */
-        p_rng = &rs_ctx->det->rng_ctx;
-
-        /* jump to current step */
-        if( rs_ctx->det->state == ecdsa_det_sign )
-            goto sign;
-    }
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-    /* Use private key and message hash (reduced) to initialize HMAC_DRBG */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) );
-    MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) );
-    mbedtls_hmac_drbg_seed_buf( p_rng, md_info, data, 2 * grp_len );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->det != NULL )
-        rs_ctx->det->state = ecdsa_det_sign;
-
-sign:
-#endif
-#if defined(MBEDTLS_ECDSA_SIGN_ALT)
-    (void) f_rng_blind;
-    (void) p_rng_blind;
-    ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen,
-                              mbedtls_hmac_drbg_random, p_rng );
-#else
-    if( f_rng_blind != NULL )
-        ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen,
-                                      mbedtls_hmac_drbg_random, p_rng,
-                                      f_rng_blind, p_rng_blind, rs_ctx );
-    else
-    {
-        mbedtls_hmac_drbg_context *p_rng_blind_det;
-
-#if !defined(MBEDTLS_ECP_RESTARTABLE)
-        /*
-         * To avoid reusing rng_ctx and risking incorrect behavior we seed a
-         * second HMAC-DRBG with the same seed. We also apply a label to avoid
-         * reusing the bits of the ephemeral key for blinding and eliminate the
-         * risk that they leak this way.
-         */
-        const char* blind_label = "BLINDING CONTEXT";
-        mbedtls_hmac_drbg_context rng_ctx_blind;
-
-        mbedtls_hmac_drbg_init( &rng_ctx_blind );
-        p_rng_blind_det = &rng_ctx_blind;
-        mbedtls_hmac_drbg_seed_buf( p_rng_blind_det, md_info,
-                                    data, 2 * grp_len );
-        ret = mbedtls_hmac_drbg_update_ret( p_rng_blind_det,
-                                            (const unsigned char*) blind_label,
-                                            strlen( blind_label ) );
-        if( ret != 0 )
-        {
-            mbedtls_hmac_drbg_free( &rng_ctx_blind );
-            goto cleanup;
-        }
-#else
-        /*
-         * In the case of restartable computations we would either need to store
-         * the second RNG in the restart context too or set it up at every
-         * restart. The first option would penalize the correct application of
-         * the function and the second would defeat the purpose of the
-         * restartable feature.
-         *
-         * Therefore in this case we reuse the original RNG. This comes with the
-         * price that the resulting signature might not be a valid deterministic
-         * ECDSA signature with a very low probability (same magnitude as
-         * successfully guessing the private key). However even then it is still
-         * a valid ECDSA signature.
-         */
-        p_rng_blind_det = p_rng;
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-        /*
-         * Since the output of the RNGs is always the same for the same key and
-         * message, this limits the efficiency of blinding and leaks information
-         * through side channels. After mbedtls_ecdsa_sign_det() is removed NULL
-         * won't be a valid value for f_rng_blind anymore. Therefore it should
-         * be checked by the caller and this branch and check can be removed.
-         */
-        ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen,
-                                      mbedtls_hmac_drbg_random, p_rng,
-                                      mbedtls_hmac_drbg_random, p_rng_blind_det,
-                                      rs_ctx );
-
-#if !defined(MBEDTLS_ECP_RESTARTABLE)
-        mbedtls_hmac_drbg_free( &rng_ctx_blind );
-#endif
-    }
-#endif /* MBEDTLS_ECDSA_SIGN_ALT */
-
-cleanup:
-    mbedtls_hmac_drbg_free( &rng_ctx );
-    mbedtls_mpi_free( &h );
-
-    ECDSA_RS_LEAVE( det );
-
-    return( ret );
-}
-
-/*
- * Deterministic signature wrappers
- */
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
-                            mbedtls_mpi *s, const mbedtls_mpi *d,
-                            const unsigned char *buf, size_t blen,
-                            mbedtls_md_type_t md_alg )
-{
-    ECDSA_VALIDATE_RET( grp   != NULL );
-    ECDSA_VALIDATE_RET( r     != NULL );
-    ECDSA_VALIDATE_RET( s     != NULL );
-    ECDSA_VALIDATE_RET( d     != NULL );
-    ECDSA_VALIDATE_RET( buf   != NULL || blen == 0 );
-
-    return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg,
-                                        NULL, NULL, NULL ) );
-}
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
-                                mbedtls_mpi *s, const mbedtls_mpi *d,
-                                const unsigned char *buf, size_t blen,
-                                mbedtls_md_type_t md_alg,
-                                int (*f_rng_blind)(void *, unsigned char *,
-                                                   size_t),
-                                void *p_rng_blind )
-{
-    ECDSA_VALIDATE_RET( grp   != NULL );
-    ECDSA_VALIDATE_RET( r     != NULL );
-    ECDSA_VALIDATE_RET( s     != NULL );
-    ECDSA_VALIDATE_RET( d     != NULL );
-    ECDSA_VALIDATE_RET( buf   != NULL || blen == 0 );
-    ECDSA_VALIDATE_RET( f_rng_blind != NULL );
-
-    return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg,
-                                        f_rng_blind, p_rng_blind, NULL ) );
-}
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-#if !defined(MBEDTLS_ECDSA_VERIFY_ALT)
-/*
- * Verify ECDSA signature of hashed message (SEC1 4.1.4)
- * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
- */
-static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
-                                     const unsigned char *buf, size_t blen,
-                                     const mbedtls_ecp_point *Q,
-                                     const mbedtls_mpi *r, const mbedtls_mpi *s,
-                                     mbedtls_ecdsa_restart_ctx *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi e, s_inv, u1, u2;
-    mbedtls_ecp_point R;
-    mbedtls_mpi *pu1 = &u1, *pu2 = &u2;
-
-    mbedtls_ecp_point_init( &R );
-    mbedtls_mpi_init( &e ); mbedtls_mpi_init( &s_inv );
-    mbedtls_mpi_init( &u1 ); mbedtls_mpi_init( &u2 );
-
-    /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
-    if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    ECDSA_RS_ENTER( ver );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ver != NULL )
-    {
-        /* redirect to our context */
-        pu1 = &rs_ctx->ver->u1;
-        pu2 = &rs_ctx->ver->u2;
-
-        /* jump to current step */
-        if( rs_ctx->ver->state == ecdsa_ver_muladd )
-            goto muladd;
-    }
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-    /*
-     * Step 1: make sure r and s are in range 1..n-1
-     */
-    if( mbedtls_mpi_cmp_int( r, 1 ) < 0 || mbedtls_mpi_cmp_mpi( r, &grp->N ) >= 0 ||
-        mbedtls_mpi_cmp_int( s, 1 ) < 0 || mbedtls_mpi_cmp_mpi( s, &grp->N ) >= 0 )
-    {
-        ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
-        goto cleanup;
-    }
-
-    /*
-     * Step 3: derive MPI from hashed message
-     */
-    MBEDTLS_MPI_CHK( derive_mpi( grp, &e, buf, blen ) );
-
-    /*
-     * Step 4: u1 = e / s mod n, u2 = r / s mod n
-     */
-    ECDSA_BUDGET( MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2 );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &s_inv, s, &grp->N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu1, &e, &s_inv ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pu1, pu1, &grp->N ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( pu2, r, &s_inv ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pu2, pu2, &grp->N ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ver != NULL )
-        rs_ctx->ver->state = ecdsa_ver_muladd;
-
-muladd:
-#endif
-    /*
-     * Step 5: R = u1 G + u2 Q
-     */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd_restartable( grp,
-                     &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP ) );
-
-    if( mbedtls_ecp_is_zero( &R ) )
-    {
-        ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
-        goto cleanup;
-    }
-
-    /*
-     * Step 6: convert xR to an integer (no-op)
-     * Step 7: reduce xR mod n (gives v)
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &R.X, &R.X, &grp->N ) );
-
-    /*
-     * Step 8: check if v (that is, R.X) is equal to r
-     */
-    if( mbedtls_mpi_cmp_mpi( &R.X, r ) != 0 )
-    {
-        ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
-        goto cleanup;
-    }
-
-cleanup:
-    mbedtls_ecp_point_free( &R );
-    mbedtls_mpi_free( &e ); mbedtls_mpi_free( &s_inv );
-    mbedtls_mpi_free( &u1 ); mbedtls_mpi_free( &u2 );
-
-    ECDSA_RS_LEAVE( ver );
-
-    return( ret );
-}
-
-/*
- * Verify ECDSA signature of hashed message
- */
-int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
-                          const unsigned char *buf, size_t blen,
-                          const mbedtls_ecp_point *Q,
-                          const mbedtls_mpi *r,
-                          const mbedtls_mpi *s)
-{
-    ECDSA_VALIDATE_RET( grp != NULL );
-    ECDSA_VALIDATE_RET( Q   != NULL );
-    ECDSA_VALIDATE_RET( r   != NULL );
-    ECDSA_VALIDATE_RET( s   != NULL );
-    ECDSA_VALIDATE_RET( buf != NULL || blen == 0 );
-
-    return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) );
-}
-#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */
-
-/*
- * Convert a signature (given by context) to ASN.1
- */
-static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
-                                    unsigned char *sig, size_t *slen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char buf[MBEDTLS_ECDSA_MAX_LEN] = {0};
-    unsigned char *p = buf + sizeof( buf );
-    size_t len = 0;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, s ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &p, buf, r ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, buf,
-                                       MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
-
-    memcpy( sig, p, len );
-    *slen = len;
-
-    return( 0 );
-}
-
-/*
- * Compute and write signature
- */
-int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
-                           mbedtls_md_type_t md_alg,
-                           const unsigned char *hash, size_t hlen,
-                           unsigned char *sig, size_t *slen,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng,
-                           mbedtls_ecdsa_restart_ctx *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi r, s;
-    ECDSA_VALIDATE_RET( ctx  != NULL );
-    ECDSA_VALIDATE_RET( hash != NULL );
-    ECDSA_VALIDATE_RET( sig  != NULL );
-    ECDSA_VALIDATE_RET( slen != NULL );
-
-    mbedtls_mpi_init( &r );
-    mbedtls_mpi_init( &s );
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-    MBEDTLS_MPI_CHK( ecdsa_sign_det_restartable( &ctx->grp, &r, &s, &ctx->d,
-                                                 hash, hlen, md_alg, f_rng,
-                                                 p_rng, rs_ctx ) );
-#else
-    (void) md_alg;
-
-#if defined(MBEDTLS_ECDSA_SIGN_ALT)
-    (void) rs_ctx;
-
-    MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ctx->grp, &r, &s, &ctx->d,
-                         hash, hlen, f_rng, p_rng ) );
-#else
-    /* Use the same RNG for both blinding and ephemeral key generation */
-    MBEDTLS_MPI_CHK( ecdsa_sign_restartable( &ctx->grp, &r, &s, &ctx->d,
-                                             hash, hlen, f_rng, p_rng, f_rng,
-                                             p_rng, rs_ctx ) );
-#endif /* MBEDTLS_ECDSA_SIGN_ALT */
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
-
-    MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, slen ) );
-
-cleanup:
-    mbedtls_mpi_free( &r );
-    mbedtls_mpi_free( &s );
-
-    return( ret );
-}
-
-/*
- * Compute and write signature
- */
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
-                                 mbedtls_md_type_t md_alg,
-                                 const unsigned char *hash, size_t hlen,
-                                 unsigned char *sig, size_t *slen,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng )
-{
-    ECDSA_VALIDATE_RET( ctx  != NULL );
-    ECDSA_VALIDATE_RET( hash != NULL );
-    ECDSA_VALIDATE_RET( sig  != NULL );
-    ECDSA_VALIDATE_RET( slen != NULL );
-    return( mbedtls_ecdsa_write_signature_restartable(
-                ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED) && \
-    defined(MBEDTLS_ECDSA_DETERMINISTIC)
-int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
-                               const unsigned char *hash, size_t hlen,
-                               unsigned char *sig, size_t *slen,
-                               mbedtls_md_type_t md_alg )
-{
-    ECDSA_VALIDATE_RET( ctx  != NULL );
-    ECDSA_VALIDATE_RET( hash != NULL );
-    ECDSA_VALIDATE_RET( sig  != NULL );
-    ECDSA_VALIDATE_RET( slen != NULL );
-    return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen,
-                                   NULL, NULL ) );
-}
-#endif
-
-/*
- * Read and check signature
- */
-int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
-                          const unsigned char *hash, size_t hlen,
-                          const unsigned char *sig, size_t slen )
-{
-    ECDSA_VALIDATE_RET( ctx  != NULL );
-    ECDSA_VALIDATE_RET( hash != NULL );
-    ECDSA_VALIDATE_RET( sig  != NULL );
-    return( mbedtls_ecdsa_read_signature_restartable(
-                ctx, hash, hlen, sig, slen, NULL ) );
-}
-
-/*
- * Restartable read and check signature
- */
-int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
-                          const unsigned char *hash, size_t hlen,
-                          const unsigned char *sig, size_t slen,
-                          mbedtls_ecdsa_restart_ctx *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *p = (unsigned char *) sig;
-    const unsigned char *end = sig + slen;
-    size_t len;
-    mbedtls_mpi r, s;
-    ECDSA_VALIDATE_RET( ctx  != NULL );
-    ECDSA_VALIDATE_RET( hash != NULL );
-    ECDSA_VALIDATE_RET( sig  != NULL );
-
-    mbedtls_mpi_init( &r );
-    mbedtls_mpi_init( &s );
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    if( p + len != end )
-    {
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
-              MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-        goto cleanup;
-    }
-
-    if( ( ret = mbedtls_asn1_get_mpi( &p, end, &r ) ) != 0 ||
-        ( ret = mbedtls_asn1_get_mpi( &p, end, &s ) ) != 0 )
-    {
-        ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
-    (void) rs_ctx;
-
-    if( ( ret = mbedtls_ecdsa_verify( &ctx->grp, hash, hlen,
-                                      &ctx->Q, &r, &s ) ) != 0 )
-        goto cleanup;
-#else
-    if( ( ret = ecdsa_verify_restartable( &ctx->grp, hash, hlen,
-                              &ctx->Q, &r, &s, rs_ctx ) ) != 0 )
-        goto cleanup;
-#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
-
-    /* At this point we know that the buffer starts with a valid signature.
-     * Return 0 if the buffer just contains the signature, and a specific
-     * error code if the valid signature is followed by more data. */
-    if( p != end )
-        ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;
-
-cleanup:
-    mbedtls_mpi_free( &r );
-    mbedtls_mpi_free( &s );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_ECDSA_GENKEY_ALT)
-/*
- * Generate key pair
- */
-int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
-                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret = 0;
-    ECDSA_VALIDATE_RET( ctx   != NULL );
-    ECDSA_VALIDATE_RET( f_rng != NULL );
-
-    ret = mbedtls_ecp_group_load( &ctx->grp, gid );
-    if( ret != 0 )
-        return( ret );
-
-   return( mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d,
-                                    &ctx->Q, f_rng, p_rng ) );
-}
-#endif /* !MBEDTLS_ECDSA_GENKEY_ALT */
-
-/*
- * Set context from an mbedtls_ecp_keypair
- */
-int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ECDSA_VALIDATE_RET( ctx != NULL );
-    ECDSA_VALIDATE_RET( key != NULL );
-
-    if( ( ret = mbedtls_ecp_group_copy( &ctx->grp, &key->grp ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 ||
-        ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 )
-    {
-        mbedtls_ecdsa_free( ctx );
-    }
-
-    return( ret );
-}
-
-/*
- * Initialize context
- */
-void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
-{
-    ECDSA_VALIDATE( ctx != NULL );
-
-    mbedtls_ecp_keypair_init( ctx );
-}
-
-/*
- * Free context
- */
-void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_ecp_keypair_free( ctx );
-}
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/*
- * Initialize a restart context
- */
-void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
-{
-    ECDSA_VALIDATE( ctx != NULL );
-
-    mbedtls_ecp_restart_init( &ctx->ecp );
-
-    ctx->ver = NULL;
-    ctx->sig = NULL;
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-    ctx->det = NULL;
-#endif
-}
-
-/*
- * Free the components of a restart context
- */
-void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_ecp_restart_free( &ctx->ecp );
-
-    ecdsa_restart_ver_free( ctx->ver );
-    mbedtls_free( ctx->ver );
-    ctx->ver = NULL;
-
-    ecdsa_restart_sig_free( ctx->sig );
-    mbedtls_free( ctx->sig );
-    ctx->sig = NULL;
-
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-    ecdsa_restart_det_free( ctx->det );
-    mbedtls_free( ctx->det );
-    ctx->det = NULL;
-#endif
-}
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-#endif /* MBEDTLS_ECDSA_C */
diff --git a/Sources/mbedtls/library/ecjpake.c b/Sources/mbedtls/library/ecjpake.c
deleted file mode 100644
index fe0b9d9..0000000
--- a/Sources/mbedtls/library/ecjpake.c
+++ /dev/null
@@ -1,1136 +0,0 @@
-/*
- *  Elliptic curve J-PAKE
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- * References in the code are to the Thread v1.0 Specification,
- * available to members of the Thread Group http://threadgroup.org/
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_ECJPAKE_C)
-
-#include "mbedtls/ecjpake.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#if !defined(MBEDTLS_ECJPAKE_ALT)
-
-/* Parameter validation macros based on platform_util.h */
-#define ECJPAKE_VALIDATE_RET( cond )    \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECJPAKE_VALIDATE( cond )        \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-/*
- * Convert a mbedtls_ecjpake_role to identifier string
- */
-static const char * const ecjpake_id[] = {
-    "client",
-    "server"
-};
-
-#define ID_MINE     ( ecjpake_id[ ctx->role ] )
-#define ID_PEER     ( ecjpake_id[ 1 - ctx->role ] )
-
-/*
- * Initialize context
- */
-void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
-{
-    ECJPAKE_VALIDATE( ctx != NULL );
-
-    ctx->md_info = NULL;
-    mbedtls_ecp_group_init( &ctx->grp );
-    ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
-
-    mbedtls_ecp_point_init( &ctx->Xm1 );
-    mbedtls_ecp_point_init( &ctx->Xm2 );
-    mbedtls_ecp_point_init( &ctx->Xp1 );
-    mbedtls_ecp_point_init( &ctx->Xp2 );
-    mbedtls_ecp_point_init( &ctx->Xp  );
-
-    mbedtls_mpi_init( &ctx->xm1 );
-    mbedtls_mpi_init( &ctx->xm2 );
-    mbedtls_mpi_init( &ctx->s   );
-}
-
-/*
- * Free context
- */
-void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    ctx->md_info = NULL;
-    mbedtls_ecp_group_free( &ctx->grp );
-
-    mbedtls_ecp_point_free( &ctx->Xm1 );
-    mbedtls_ecp_point_free( &ctx->Xm2 );
-    mbedtls_ecp_point_free( &ctx->Xp1 );
-    mbedtls_ecp_point_free( &ctx->Xp2 );
-    mbedtls_ecp_point_free( &ctx->Xp  );
-
-    mbedtls_mpi_free( &ctx->xm1 );
-    mbedtls_mpi_free( &ctx->xm2 );
-    mbedtls_mpi_free( &ctx->s   );
-}
-
-/*
- * Setup context
- */
-int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
-                           mbedtls_ecjpake_role role,
-                           mbedtls_md_type_t hash,
-                           mbedtls_ecp_group_id curve,
-                           const unsigned char *secret,
-                           size_t len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    ECJPAKE_VALIDATE_RET( ctx != NULL );
-    ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT ||
-                          role == MBEDTLS_ECJPAKE_SERVER );
-    ECJPAKE_VALIDATE_RET( secret != NULL || len == 0 );
-
-    ctx->role = role;
-
-    if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL )
-        return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
-
-    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, curve ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->s, secret, len ) );
-
-cleanup:
-    if( ret != 0 )
-        mbedtls_ecjpake_free( ctx );
-
-    return( ret );
-}
-
-/*
- * Check if context is ready for use
- */
-int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
-{
-    ECJPAKE_VALIDATE_RET( ctx != NULL );
-
-    if( ctx->md_info == NULL ||
-        ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
-        ctx->s.p == NULL )
-    {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-    }
-
-    return( 0 );
-}
-
-/*
- * Write a point plus its length to a buffer
- */
-static int ecjpake_write_len_point( unsigned char **p,
-                                    const unsigned char *end,
-                                    const mbedtls_ecp_group *grp,
-                                    const int pf,
-                                    const mbedtls_ecp_point *P )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len;
-
-    /* Need at least 4 for length plus 1 for point */
-    if( end < *p || end - *p < 5 )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    ret = mbedtls_ecp_point_write_binary( grp, P, pf,
-                                          &len, *p + 4, end - ( *p + 4 ) );
-    if( ret != 0 )
-        return( ret );
-
-    MBEDTLS_PUT_UINT32_BE( len, *p, 0 );
-
-    *p += 4 + len;
-
-    return( 0 );
-}
-
-/*
- * Size of the temporary buffer for ecjpake_hash:
- * 3 EC points plus their length, plus ID and its length (4 + 6 bytes)
- */
-#define ECJPAKE_HASH_BUF_LEN    ( 3 * ( 4 + MBEDTLS_ECP_MAX_PT_LEN ) + 4 + 6 )
-
-/*
- * Compute hash for ZKP (7.4.2.2.2.1)
- */
-static int ecjpake_hash( const mbedtls_md_info_t *md_info,
-                         const mbedtls_ecp_group *grp,
-                         const int pf,
-                         const mbedtls_ecp_point *G,
-                         const mbedtls_ecp_point *V,
-                         const mbedtls_ecp_point *X,
-                         const char *id,
-                         mbedtls_mpi *h )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char buf[ECJPAKE_HASH_BUF_LEN];
-    unsigned char *p = buf;
-    const unsigned char *end = buf + sizeof( buf );
-    const size_t id_len = strlen( id );
-    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-
-    /* Write things to temporary buffer */
-    MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, G ) );
-    MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, V ) );
-    MBEDTLS_MPI_CHK( ecjpake_write_len_point( &p, end, grp, pf, X ) );
-
-    if( end - p < 4 )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    MBEDTLS_PUT_UINT32_BE( id_len, p, 0 );
-    p += 4;
-
-    if( end < p || (size_t)( end - p ) < id_len )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    memcpy( p, id, id_len );
-    p += id_len;
-
-    /* Compute hash */
-    MBEDTLS_MPI_CHK( mbedtls_md( md_info, buf, p - buf, hash ) );
-
-    /* Turn it into an integer mod n */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( h, hash,
-                                        mbedtls_md_get_size( md_info ) ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( h, h, &grp->N ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Parse a ECShnorrZKP (7.4.2.2.2) and verify it (7.4.2.3.3)
- */
-static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
-                             const mbedtls_ecp_group *grp,
-                             const int pf,
-                             const mbedtls_ecp_point *G,
-                             const mbedtls_ecp_point *X,
-                             const char *id,
-                             const unsigned char **p,
-                             const unsigned char *end )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_point V, VV;
-    mbedtls_mpi r, h;
-    size_t r_len;
-
-    mbedtls_ecp_point_init( &V );
-    mbedtls_ecp_point_init( &VV );
-    mbedtls_mpi_init( &r );
-    mbedtls_mpi_init( &h );
-
-    /*
-     * struct {
-     *     ECPoint V;
-     *     opaque r<1..2^8-1>;
-     * } ECSchnorrZKP;
-     */
-    if( end < *p )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, &V, p, end - *p ) );
-
-    if( end < *p || (size_t)( end - *p ) < 1 )
-    {
-        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    r_len = *(*p)++;
-
-    if( end < *p || (size_t)( end - *p ) < r_len || r_len == 0 )
-    {
-        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r, *p, r_len ) );
-    *p += r_len;
-
-    /*
-     * Verification
-     */
-    MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( (mbedtls_ecp_group *) grp,
-                     &VV, &h, X, &r, G ) );
-
-    if( mbedtls_ecp_point_cmp( &VV, &V ) != 0 )
-    {
-        ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
-        goto cleanup;
-    }
-
-cleanup:
-    mbedtls_ecp_point_free( &V );
-    mbedtls_ecp_point_free( &VV );
-    mbedtls_mpi_free( &r );
-    mbedtls_mpi_free( &h );
-
-    return( ret );
-}
-
-/*
- * Generate ZKP (7.4.2.3.2) and write it as ECSchnorrZKP (7.4.2.2.2)
- */
-static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
-                              const mbedtls_ecp_group *grp,
-                              const int pf,
-                              const mbedtls_ecp_point *G,
-                              const mbedtls_mpi *x,
-                              const mbedtls_ecp_point *X,
-                              const char *id,
-                              unsigned char **p,
-                              const unsigned char *end,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_point V;
-    mbedtls_mpi v;
-    mbedtls_mpi h; /* later recycled to hold r */
-    size_t len;
-
-    if( end < *p )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    mbedtls_ecp_point_init( &V );
-    mbedtls_mpi_init( &v );
-    mbedtls_mpi_init( &h );
-
-    /* Compute signature */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp,
-                                                   G, &v, &V, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &h, &h, x ) ); /* x*h */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &h, &v, &h ) ); /* v - x*h */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &h, &h, &grp->N ) ); /* r */
-
-    /* Write it out */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, &V,
-                pf, &len, *p, end - *p ) );
-    *p += len;
-
-    len = mbedtls_mpi_size( &h ); /* actually r */
-    if( end < *p || (size_t)( end - *p ) < 1 + len || len > 255 )
-    {
-        ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
-        goto cleanup;
-    }
-
-    *(*p)++ = MBEDTLS_BYTE_0( len );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, *p, len ) ); /* r */
-    *p += len;
-
-cleanup:
-    mbedtls_ecp_point_free( &V );
-    mbedtls_mpi_free( &v );
-    mbedtls_mpi_free( &h );
-
-    return( ret );
-}
-
-/*
- * Parse a ECJPAKEKeyKP (7.4.2.2.1) and check proof
- * Output: verified public key X
- */
-static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
-                             const mbedtls_ecp_group *grp,
-                             const int pf,
-                             const mbedtls_ecp_point *G,
-                             mbedtls_ecp_point *X,
-                             const char *id,
-                             const unsigned char **p,
-                             const unsigned char *end )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if( end < *p )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * struct {
-     *     ECPoint X;
-     *     ECSchnorrZKP zkp;
-     * } ECJPAKEKeyKP;
-     */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_point( grp, X, p, end - *p ) );
-    if( mbedtls_ecp_is_zero( X ) )
-    {
-        ret = MBEDTLS_ERR_ECP_INVALID_KEY;
-        goto cleanup;
-    }
-
-    MBEDTLS_MPI_CHK( ecjpake_zkp_read( md_info, grp, pf, G, X, id, p, end ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Generate an ECJPAKEKeyKP
- * Output: the serialized structure, plus private/public key pair
- */
-static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info,
-                              const mbedtls_ecp_group *grp,
-                              const int pf,
-                              const mbedtls_ecp_point *G,
-                              mbedtls_mpi *x,
-                              mbedtls_ecp_point *X,
-                              const char *id,
-                              unsigned char **p,
-                              const unsigned char *end,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len;
-
-    if( end < *p )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    /* Generate key (7.4.2.3.1) and write it out */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_gen_keypair_base( (mbedtls_ecp_group *) grp, G, x, X,
-                                                   f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( grp, X,
-                pf, &len, *p, end - *p ) );
-    *p += len;
-
-    /* Generate and write proof */
-    MBEDTLS_MPI_CHK( ecjpake_zkp_write( md_info, grp, pf, G, x, X, id,
-                                        p, end, f_rng, p_rng ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs
- * Outputs: verified peer public keys Xa, Xb
- */
-static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
-                              const mbedtls_ecp_group *grp,
-                              const int pf,
-                              const mbedtls_ecp_point *G,
-                              mbedtls_ecp_point *Xa,
-                              mbedtls_ecp_point *Xb,
-                              const char *id,
-                              const unsigned char *buf,
-                              size_t len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const unsigned char *p = buf;
-    const unsigned char *end = buf + len;
-
-    /*
-     * struct {
-     *     ECJPAKEKeyKP ecjpake_key_kp_pair_list[2];
-     * } ECJPAKEKeyKPPairList;
-     */
-    MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_info, grp, pf, G, Xa, id, &p, end ) );
-    MBEDTLS_MPI_CHK( ecjpake_kkp_read( md_info, grp, pf, G, Xb, id, &p, end ) );
-
-    if( p != end )
-        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Generate a ECJPAKEKeyKPPairList
- * Outputs: the serialized structure, plus two private/public key pairs
- */
-static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info,
-                               const mbedtls_ecp_group *grp,
-                               const int pf,
-                               const mbedtls_ecp_point *G,
-                               mbedtls_mpi *xm1,
-                               mbedtls_ecp_point *Xa,
-                               mbedtls_mpi *xm2,
-                               mbedtls_ecp_point *Xb,
-                               const char *id,
-                               unsigned char *buf,
-                               size_t len,
-                               size_t *olen,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *p = buf;
-    const unsigned char *end = buf + len;
-
-    MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_info, grp, pf, G, xm1, Xa, id,
-                &p, end, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( ecjpake_kkp_write( md_info, grp, pf, G, xm2, Xb, id,
-                &p, end, f_rng, p_rng ) );
-
-    *olen = p - buf;
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Read and process the first round message
- */
-int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
-                                    const unsigned char *buf,
-                                    size_t len )
-{
-    ECJPAKE_VALIDATE_RET( ctx != NULL );
-    ECJPAKE_VALIDATE_RET( buf != NULL );
-
-    return( ecjpake_kkpp_read( ctx->md_info, &ctx->grp, ctx->point_format,
-                               &ctx->grp.G,
-                               &ctx->Xp1, &ctx->Xp2, ID_PEER,
-                               buf, len ) );
-}
-
-/*
- * Generate and write the first round message
- */
-int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
-{
-    ECJPAKE_VALIDATE_RET( ctx   != NULL );
-    ECJPAKE_VALIDATE_RET( buf   != NULL );
-    ECJPAKE_VALIDATE_RET( olen  != NULL );
-    ECJPAKE_VALIDATE_RET( f_rng != NULL );
-
-    return( ecjpake_kkpp_write( ctx->md_info, &ctx->grp, ctx->point_format,
-                                &ctx->grp.G,
-                                &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
-                                ID_MINE, buf, len, olen, f_rng, p_rng ) );
-}
-
-/*
- * Compute the sum of three points R = A + B + C
- */
-static int ecjpake_ecp_add3( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                             const mbedtls_ecp_point *A,
-                             const mbedtls_ecp_point *B,
-                             const mbedtls_ecp_point *C )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi one;
-
-    mbedtls_mpi_init( &one );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, A, &one, B ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( grp, R, &one, R, &one, C ) );
-
-cleanup:
-    mbedtls_mpi_free( &one );
-
-    return( ret );
-}
-
-/*
- * Read and process second round message (C: 7.4.2.5, S: 7.4.2.6)
- */
-int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
-                                            const unsigned char *buf,
-                                            size_t len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const unsigned char *p = buf;
-    const unsigned char *end = buf + len;
-    mbedtls_ecp_group grp;
-    mbedtls_ecp_point G;    /* C: GB, S: GA */
-
-    ECJPAKE_VALIDATE_RET( ctx != NULL );
-    ECJPAKE_VALIDATE_RET( buf != NULL );
-
-    mbedtls_ecp_group_init( &grp );
-    mbedtls_ecp_point_init( &G );
-
-    /*
-     * Server: GA = X3  + X4  + X1      (7.4.2.6.1)
-     * Client: GB = X1  + X2  + X3      (7.4.2.5.1)
-     * Unified: G = Xm1 + Xm2 + Xp1
-     * We need that before parsing in order to check Xp as we read it
-     */
-    MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G,
-                                       &ctx->Xm1, &ctx->Xm2, &ctx->Xp1 ) );
-
-    /*
-     * struct {
-     *     ECParameters curve_params;   // only client reading server msg
-     *     ECJPAKEKeyKP ecjpake_key_kp;
-     * } Client/ServerECJPAKEParams;
-     */
-    if( ctx->role == MBEDTLS_ECJPAKE_CLIENT )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_ecp_tls_read_group( &grp, &p, len ) );
-        if( grp.id != ctx->grp.id )
-        {
-            ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
-            goto cleanup;
-        }
-    }
-
-    MBEDTLS_MPI_CHK( ecjpake_kkp_read( ctx->md_info, &ctx->grp,
-                            ctx->point_format,
-                            &G, &ctx->Xp, ID_PEER, &p, end ) );
-
-    if( p != end )
-    {
-        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-cleanup:
-    mbedtls_ecp_group_free( &grp );
-    mbedtls_ecp_point_free( &G );
-
-    return( ret );
-}
-
-/*
- * Compute R = +/- X * S mod N, taking care not to leak S
- */
-static int ecjpake_mul_secret( mbedtls_mpi *R, int sign,
-                               const mbedtls_mpi *X,
-                               const mbedtls_mpi *S,
-                               const mbedtls_mpi *N,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi b; /* Blinding value, then s + N * blinding */
-
-    mbedtls_mpi_init( &b );
-
-    /* b = s + rnd-128-bit * N */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &b, 16, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &b, &b, N ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &b, &b, S ) );
-
-    /* R = sign * X * b mod N */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( R, X, &b ) );
-    R->s *= sign;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( R, R, N ) );
-
-cleanup:
-    mbedtls_mpi_free( &b );
-
-    return( ret );
-}
-
-/*
- * Generate and write the second round message (S: 7.4.2.5, C: 7.4.2.6)
- */
-int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_point G;    /* C: GA, S: GB */
-    mbedtls_ecp_point Xm;   /* C: Xc, S: Xs */
-    mbedtls_mpi xm;         /* C: xc, S: xs */
-    unsigned char *p = buf;
-    const unsigned char *end = buf + len;
-    size_t ec_len;
-
-    ECJPAKE_VALIDATE_RET( ctx   != NULL );
-    ECJPAKE_VALIDATE_RET( buf   != NULL );
-    ECJPAKE_VALIDATE_RET( olen  != NULL );
-    ECJPAKE_VALIDATE_RET( f_rng != NULL );
-
-    mbedtls_ecp_point_init( &G );
-    mbedtls_ecp_point_init( &Xm );
-    mbedtls_mpi_init( &xm );
-
-    /*
-     * First generate private/public key pair (S: 7.4.2.5.1, C: 7.4.2.6.1)
-     *
-     * Client:  GA = X1  + X3  + X4  | xs = x2  * s | Xc = xc * GA
-     * Server:  GB = X3  + X1  + X2  | xs = x4  * s | Xs = xs * GB
-     * Unified: G  = Xm1 + Xp1 + Xp2 | xm = xm2 * s | Xm = xm * G
-     */
-    MBEDTLS_MPI_CHK( ecjpake_ecp_add3( &ctx->grp, &G,
-                                       &ctx->Xp1, &ctx->Xp2, &ctx->Xm1 ) );
-    MBEDTLS_MPI_CHK( ecjpake_mul_secret( &xm, 1, &ctx->xm2, &ctx->s,
-                                         &ctx->grp.N, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &Xm, &xm, &G, f_rng, p_rng ) );
-
-    /*
-     * Now write things out
-     *
-     * struct {
-     *     ECParameters curve_params;   // only server writing its message
-     *     ECJPAKEKeyKP ecjpake_key_kp;
-     * } Client/ServerECJPAKEParams;
-     */
-    if( ctx->role == MBEDTLS_ECJPAKE_SERVER )
-    {
-        if( end < p )
-        {
-            ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
-            goto cleanup;
-        }
-        MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_group( &ctx->grp, &ec_len,
-                                                      p, end - p ) );
-        p += ec_len;
-    }
-
-    if( end < p )
-    {
-        ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
-        goto cleanup;
-    }
-    MBEDTLS_MPI_CHK( mbedtls_ecp_tls_write_point( &ctx->grp, &Xm,
-                     ctx->point_format, &ec_len, p, end - p ) );
-    p += ec_len;
-
-    MBEDTLS_MPI_CHK( ecjpake_zkp_write( ctx->md_info, &ctx->grp,
-                                        ctx->point_format,
-                                        &G, &xm, &Xm, ID_MINE,
-                                        &p, end, f_rng, p_rng ) );
-
-    *olen = p - buf;
-
-cleanup:
-    mbedtls_ecp_point_free( &G );
-    mbedtls_ecp_point_free( &Xm );
-    mbedtls_mpi_free( &xm );
-
-    return( ret );
-}
-
-/*
- * Derive PMS (7.4.2.7 / 7.4.2.8)
- */
-int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_point K;
-    mbedtls_mpi m_xm2_s, one;
-    unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
-    size_t x_bytes;
-
-    ECJPAKE_VALIDATE_RET( ctx   != NULL );
-    ECJPAKE_VALIDATE_RET( buf   != NULL );
-    ECJPAKE_VALIDATE_RET( olen  != NULL );
-    ECJPAKE_VALIDATE_RET( f_rng != NULL );
-
-    *olen = mbedtls_md_get_size( ctx->md_info );
-    if( len < *olen )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    mbedtls_ecp_point_init( &K );
-    mbedtls_mpi_init( &m_xm2_s );
-    mbedtls_mpi_init( &one );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &one, 1 ) );
-
-    /*
-     * Client:  K = ( Xs - X4  * x2  * s ) * x2
-     * Server:  K = ( Xc - X2  * x4  * s ) * x4
-     * Unified: K = ( Xp - Xp2 * xm2 * s ) * xm2
-     */
-    MBEDTLS_MPI_CHK( ecjpake_mul_secret( &m_xm2_s, -1, &ctx->xm2, &ctx->s,
-                                         &ctx->grp.N, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( &ctx->grp, &K,
-                                         &one, &ctx->Xp,
-                                         &m_xm2_s, &ctx->Xp2 ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &K, &ctx->xm2, &K,
-                                      f_rng, p_rng ) );
-
-    /* PMS = SHA-256( K.X ) */
-    x_bytes = ( ctx->grp.pbits + 7 ) / 8;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &K.X, kx, x_bytes ) );
-    MBEDTLS_MPI_CHK( mbedtls_md( ctx->md_info, kx, x_bytes, buf ) );
-
-cleanup:
-    mbedtls_ecp_point_free( &K );
-    mbedtls_mpi_free( &m_xm2_s );
-    mbedtls_mpi_free( &one );
-
-    return( ret );
-}
-
-#undef ID_MINE
-#undef ID_PEER
-
-#endif /* ! MBEDTLS_ECJPAKE_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
-    !defined(MBEDTLS_SHA256_C)
-int mbedtls_ecjpake_self_test( int verbose )
-{
-    (void) verbose;
-    return( 0 );
-}
-#else
-
-static const unsigned char ecjpake_test_password[] = {
-    0x74, 0x68, 0x72, 0x65, 0x61, 0x64, 0x6a, 0x70, 0x61, 0x6b, 0x65, 0x74,
-    0x65, 0x73, 0x74
-};
-
-#if !defined(MBEDTLS_ECJPAKE_ALT)
-
-static const unsigned char ecjpake_test_x1[] = {
-    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
-    0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
-    0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x21
-};
-
-static const unsigned char ecjpake_test_x2[] = {
-    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
-    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
-    0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x81
-};
-
-static const unsigned char ecjpake_test_x3[] = {
-    0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c,
-    0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
-    0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x81
-};
-
-static const unsigned char ecjpake_test_x4[] = {
-    0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc,
-    0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8,
-    0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe1
-};
-
-static const unsigned char ecjpake_test_cli_one[] = {
-    0x41, 0x04, 0xac, 0xcf, 0x01, 0x06, 0xef, 0x85, 0x8f, 0xa2, 0xd9, 0x19,
-    0x33, 0x13, 0x46, 0x80, 0x5a, 0x78, 0xb5, 0x8b, 0xba, 0xd0, 0xb8, 0x44,
-    0xe5, 0xc7, 0x89, 0x28, 0x79, 0x14, 0x61, 0x87, 0xdd, 0x26, 0x66, 0xad,
-    0xa7, 0x81, 0xbb, 0x7f, 0x11, 0x13, 0x72, 0x25, 0x1a, 0x89, 0x10, 0x62,
-    0x1f, 0x63, 0x4d, 0xf1, 0x28, 0xac, 0x48, 0xe3, 0x81, 0xfd, 0x6e, 0xf9,
-    0x06, 0x07, 0x31, 0xf6, 0x94, 0xa4, 0x41, 0x04, 0x1d, 0xd0, 0xbd, 0x5d,
-    0x45, 0x66, 0xc9, 0xbe, 0xd9, 0xce, 0x7d, 0xe7, 0x01, 0xb5, 0xe8, 0x2e,
-    0x08, 0xe8, 0x4b, 0x73, 0x04, 0x66, 0x01, 0x8a, 0xb9, 0x03, 0xc7, 0x9e,
-    0xb9, 0x82, 0x17, 0x22, 0x36, 0xc0, 0xc1, 0x72, 0x8a, 0xe4, 0xbf, 0x73,
-    0x61, 0x0d, 0x34, 0xde, 0x44, 0x24, 0x6e, 0xf3, 0xd9, 0xc0, 0x5a, 0x22,
-    0x36, 0xfb, 0x66, 0xa6, 0x58, 0x3d, 0x74, 0x49, 0x30, 0x8b, 0xab, 0xce,
-    0x20, 0x72, 0xfe, 0x16, 0x66, 0x29, 0x92, 0xe9, 0x23, 0x5c, 0x25, 0x00,
-    0x2f, 0x11, 0xb1, 0x50, 0x87, 0xb8, 0x27, 0x38, 0xe0, 0x3c, 0x94, 0x5b,
-    0xf7, 0xa2, 0x99, 0x5d, 0xda, 0x1e, 0x98, 0x34, 0x58, 0x41, 0x04, 0x7e,
-    0xa6, 0xe3, 0xa4, 0x48, 0x70, 0x37, 0xa9, 0xe0, 0xdb, 0xd7, 0x92, 0x62,
-    0xb2, 0xcc, 0x27, 0x3e, 0x77, 0x99, 0x30, 0xfc, 0x18, 0x40, 0x9a, 0xc5,
-    0x36, 0x1c, 0x5f, 0xe6, 0x69, 0xd7, 0x02, 0xe1, 0x47, 0x79, 0x0a, 0xeb,
-    0x4c, 0xe7, 0xfd, 0x65, 0x75, 0xab, 0x0f, 0x6c, 0x7f, 0xd1, 0xc3, 0x35,
-    0x93, 0x9a, 0xa8, 0x63, 0xba, 0x37, 0xec, 0x91, 0xb7, 0xe3, 0x2b, 0xb0,
-    0x13, 0xbb, 0x2b, 0x41, 0x04, 0xa4, 0x95, 0x58, 0xd3, 0x2e, 0xd1, 0xeb,
-    0xfc, 0x18, 0x16, 0xaf, 0x4f, 0xf0, 0x9b, 0x55, 0xfc, 0xb4, 0xca, 0x47,
-    0xb2, 0xa0, 0x2d, 0x1e, 0x7c, 0xaf, 0x11, 0x79, 0xea, 0x3f, 0xe1, 0x39,
-    0x5b, 0x22, 0xb8, 0x61, 0x96, 0x40, 0x16, 0xfa, 0xba, 0xf7, 0x2c, 0x97,
-    0x56, 0x95, 0xd9, 0x3d, 0x4d, 0xf0, 0xe5, 0x19, 0x7f, 0xe9, 0xf0, 0x40,
-    0x63, 0x4e, 0xd5, 0x97, 0x64, 0x93, 0x77, 0x87, 0xbe, 0x20, 0xbc, 0x4d,
-    0xee, 0xbb, 0xf9, 0xb8, 0xd6, 0x0a, 0x33, 0x5f, 0x04, 0x6c, 0xa3, 0xaa,
-    0x94, 0x1e, 0x45, 0x86, 0x4c, 0x7c, 0xad, 0xef, 0x9c, 0xf7, 0x5b, 0x3d,
-    0x8b, 0x01, 0x0e, 0x44, 0x3e, 0xf0
-};
-
-static const unsigned char ecjpake_test_srv_one[] = {
-    0x41, 0x04, 0x7e, 0xa6, 0xe3, 0xa4, 0x48, 0x70, 0x37, 0xa9, 0xe0, 0xdb,
-    0xd7, 0x92, 0x62, 0xb2, 0xcc, 0x27, 0x3e, 0x77, 0x99, 0x30, 0xfc, 0x18,
-    0x40, 0x9a, 0xc5, 0x36, 0x1c, 0x5f, 0xe6, 0x69, 0xd7, 0x02, 0xe1, 0x47,
-    0x79, 0x0a, 0xeb, 0x4c, 0xe7, 0xfd, 0x65, 0x75, 0xab, 0x0f, 0x6c, 0x7f,
-    0xd1, 0xc3, 0x35, 0x93, 0x9a, 0xa8, 0x63, 0xba, 0x37, 0xec, 0x91, 0xb7,
-    0xe3, 0x2b, 0xb0, 0x13, 0xbb, 0x2b, 0x41, 0x04, 0x09, 0xf8, 0x5b, 0x3d,
-    0x20, 0xeb, 0xd7, 0x88, 0x5c, 0xe4, 0x64, 0xc0, 0x8d, 0x05, 0x6d, 0x64,
-    0x28, 0xfe, 0x4d, 0xd9, 0x28, 0x7a, 0xa3, 0x65, 0xf1, 0x31, 0xf4, 0x36,
-    0x0f, 0xf3, 0x86, 0xd8, 0x46, 0x89, 0x8b, 0xc4, 0xb4, 0x15, 0x83, 0xc2,
-    0xa5, 0x19, 0x7f, 0x65, 0xd7, 0x87, 0x42, 0x74, 0x6c, 0x12, 0xa5, 0xec,
-    0x0a, 0x4f, 0xfe, 0x2f, 0x27, 0x0a, 0x75, 0x0a, 0x1d, 0x8f, 0xb5, 0x16,
-    0x20, 0x93, 0x4d, 0x74, 0xeb, 0x43, 0xe5, 0x4d, 0xf4, 0x24, 0xfd, 0x96,
-    0x30, 0x6c, 0x01, 0x17, 0xbf, 0x13, 0x1a, 0xfa, 0xbf, 0x90, 0xa9, 0xd3,
-    0x3d, 0x11, 0x98, 0xd9, 0x05, 0x19, 0x37, 0x35, 0x14, 0x41, 0x04, 0x19,
-    0x0a, 0x07, 0x70, 0x0f, 0xfa, 0x4b, 0xe6, 0xae, 0x1d, 0x79, 0xee, 0x0f,
-    0x06, 0xae, 0xb5, 0x44, 0xcd, 0x5a, 0xdd, 0xaa, 0xbe, 0xdf, 0x70, 0xf8,
-    0x62, 0x33, 0x21, 0x33, 0x2c, 0x54, 0xf3, 0x55, 0xf0, 0xfb, 0xfe, 0xc7,
-    0x83, 0xed, 0x35, 0x9e, 0x5d, 0x0b, 0xf7, 0x37, 0x7a, 0x0f, 0xc4, 0xea,
-    0x7a, 0xce, 0x47, 0x3c, 0x9c, 0x11, 0x2b, 0x41, 0xcc, 0xd4, 0x1a, 0xc5,
-    0x6a, 0x56, 0x12, 0x41, 0x04, 0x36, 0x0a, 0x1c, 0xea, 0x33, 0xfc, 0xe6,
-    0x41, 0x15, 0x64, 0x58, 0xe0, 0xa4, 0xea, 0xc2, 0x19, 0xe9, 0x68, 0x31,
-    0xe6, 0xae, 0xbc, 0x88, 0xb3, 0xf3, 0x75, 0x2f, 0x93, 0xa0, 0x28, 0x1d,
-    0x1b, 0xf1, 0xfb, 0x10, 0x60, 0x51, 0xdb, 0x96, 0x94, 0xa8, 0xd6, 0xe8,
-    0x62, 0xa5, 0xef, 0x13, 0x24, 0xa3, 0xd9, 0xe2, 0x78, 0x94, 0xf1, 0xee,
-    0x4f, 0x7c, 0x59, 0x19, 0x99, 0x65, 0xa8, 0xdd, 0x4a, 0x20, 0x91, 0x84,
-    0x7d, 0x2d, 0x22, 0xdf, 0x3e, 0xe5, 0x5f, 0xaa, 0x2a, 0x3f, 0xb3, 0x3f,
-    0xd2, 0xd1, 0xe0, 0x55, 0xa0, 0x7a, 0x7c, 0x61, 0xec, 0xfb, 0x8d, 0x80,
-    0xec, 0x00, 0xc2, 0xc9, 0xeb, 0x12
-};
-
-static const unsigned char ecjpake_test_srv_two[] = {
-    0x03, 0x00, 0x17, 0x41, 0x04, 0x0f, 0xb2, 0x2b, 0x1d, 0x5d, 0x11, 0x23,
-    0xe0, 0xef, 0x9f, 0xeb, 0x9d, 0x8a, 0x2e, 0x59, 0x0a, 0x1f, 0x4d, 0x7c,
-    0xed, 0x2c, 0x2b, 0x06, 0x58, 0x6e, 0x8f, 0x2a, 0x16, 0xd4, 0xeb, 0x2f,
-    0xda, 0x43, 0x28, 0xa2, 0x0b, 0x07, 0xd8, 0xfd, 0x66, 0x76, 0x54, 0xca,
-    0x18, 0xc5, 0x4e, 0x32, 0xa3, 0x33, 0xa0, 0x84, 0x54, 0x51, 0xe9, 0x26,
-    0xee, 0x88, 0x04, 0xfd, 0x7a, 0xf0, 0xaa, 0xa7, 0xa6, 0x41, 0x04, 0x55,
-    0x16, 0xea, 0x3e, 0x54, 0xa0, 0xd5, 0xd8, 0xb2, 0xce, 0x78, 0x6b, 0x38,
-    0xd3, 0x83, 0x37, 0x00, 0x29, 0xa5, 0xdb, 0xe4, 0x45, 0x9c, 0x9d, 0xd6,
-    0x01, 0xb4, 0x08, 0xa2, 0x4a, 0xe6, 0x46, 0x5c, 0x8a, 0xc9, 0x05, 0xb9,
-    0xeb, 0x03, 0xb5, 0xd3, 0x69, 0x1c, 0x13, 0x9e, 0xf8, 0x3f, 0x1c, 0xd4,
-    0x20, 0x0f, 0x6c, 0x9c, 0xd4, 0xec, 0x39, 0x22, 0x18, 0xa5, 0x9e, 0xd2,
-    0x43, 0xd3, 0xc8, 0x20, 0xff, 0x72, 0x4a, 0x9a, 0x70, 0xb8, 0x8c, 0xb8,
-    0x6f, 0x20, 0xb4, 0x34, 0xc6, 0x86, 0x5a, 0xa1, 0xcd, 0x79, 0x06, 0xdd,
-    0x7c, 0x9b, 0xce, 0x35, 0x25, 0xf5, 0x08, 0x27, 0x6f, 0x26, 0x83, 0x6c
-};
-
-static const unsigned char ecjpake_test_cli_two[] = {
-    0x41, 0x04, 0x69, 0xd5, 0x4e, 0xe8, 0x5e, 0x90, 0xce, 0x3f, 0x12, 0x46,
-    0x74, 0x2d, 0xe5, 0x07, 0xe9, 0x39, 0xe8, 0x1d, 0x1d, 0xc1, 0xc5, 0xcb,
-    0x98, 0x8b, 0x58, 0xc3, 0x10, 0xc9, 0xfd, 0xd9, 0x52, 0x4d, 0x93, 0x72,
-    0x0b, 0x45, 0x54, 0x1c, 0x83, 0xee, 0x88, 0x41, 0x19, 0x1d, 0xa7, 0xce,
-    0xd8, 0x6e, 0x33, 0x12, 0xd4, 0x36, 0x23, 0xc1, 0xd6, 0x3e, 0x74, 0x98,
-    0x9a, 0xba, 0x4a, 0xff, 0xd1, 0xee, 0x41, 0x04, 0x07, 0x7e, 0x8c, 0x31,
-    0xe2, 0x0e, 0x6b, 0xed, 0xb7, 0x60, 0xc1, 0x35, 0x93, 0xe6, 0x9f, 0x15,
-    0xbe, 0x85, 0xc2, 0x7d, 0x68, 0xcd, 0x09, 0xcc, 0xb8, 0xc4, 0x18, 0x36,
-    0x08, 0x91, 0x7c, 0x5c, 0x3d, 0x40, 0x9f, 0xac, 0x39, 0xfe, 0xfe, 0xe8,
-    0x2f, 0x72, 0x92, 0xd3, 0x6f, 0x0d, 0x23, 0xe0, 0x55, 0x91, 0x3f, 0x45,
-    0xa5, 0x2b, 0x85, 0xdd, 0x8a, 0x20, 0x52, 0xe9, 0xe1, 0x29, 0xbb, 0x4d,
-    0x20, 0x0f, 0x01, 0x1f, 0x19, 0x48, 0x35, 0x35, 0xa6, 0xe8, 0x9a, 0x58,
-    0x0c, 0x9b, 0x00, 0x03, 0xba, 0xf2, 0x14, 0x62, 0xec, 0xe9, 0x1a, 0x82,
-    0xcc, 0x38, 0xdb, 0xdc, 0xae, 0x60, 0xd9, 0xc5, 0x4c
-};
-
-static const unsigned char ecjpake_test_pms[] = {
-    0xf3, 0xd4, 0x7f, 0x59, 0x98, 0x44, 0xdb, 0x92, 0xa5, 0x69, 0xbb, 0xe7,
-    0x98, 0x1e, 0x39, 0xd9, 0x31, 0xfd, 0x74, 0x3b, 0xf2, 0x2e, 0x98, 0xf9,
-    0xb4, 0x38, 0xf7, 0x19, 0xd3, 0xc4, 0xf3, 0x51
-};
-
-/* Load my private keys and generate the corresponding public keys */
-static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
-                              const unsigned char *xm1, size_t len1,
-                              const unsigned char *xm2, size_t len2 )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm1, &ctx->xm1,
-                                      &ctx->grp.G, NULL, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm2, &ctx->xm2,
-                                      &ctx->grp.G, NULL, NULL ) );
-
-cleanup:
-    return( ret );
-}
-
-#endif /* ! MBEDTLS_ECJPAKE_ALT */
-
-/* For tests we don't need a secure RNG;
- * use the LGC from Numerical Recipes for simplicity */
-static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
-{
-    static uint32_t x = 42;
-    (void) p;
-
-    while( len > 0 )
-    {
-        size_t use_len = len > 4 ? 4 : len;
-        x = 1664525 * x + 1013904223;
-        memcpy( out, &x, use_len );
-        out += use_len;
-        len -= use_len;
-    }
-
-    return( 0 );
-}
-
-#define TEST_ASSERT( x )    \
-    do {                    \
-        if( x )             \
-            ret = 0;        \
-        else                \
-        {                   \
-            ret = 1;        \
-            goto cleanup;   \
-        }                   \
-    } while( 0 )
-
-/*
- * Checkup routine
- */
-int mbedtls_ecjpake_self_test( int verbose )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecjpake_context cli;
-    mbedtls_ecjpake_context srv;
-    unsigned char buf[512], pms[32];
-    size_t len, pmslen;
-
-    mbedtls_ecjpake_init( &cli );
-    mbedtls_ecjpake_init( &srv );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  ECJPAKE test #0 (setup): " );
-
-    TEST_ASSERT( mbedtls_ecjpake_setup( &cli, MBEDTLS_ECJPAKE_CLIENT,
-                    MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
-                    ecjpake_test_password,
-            sizeof( ecjpake_test_password ) ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_setup( &srv, MBEDTLS_ECJPAKE_SERVER,
-                    MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
-                    ecjpake_test_password,
-            sizeof( ecjpake_test_password ) ) == 0 );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  ECJPAKE test #1 (random handshake): " );
-
-    TEST_ASSERT( mbedtls_ecjpake_write_round_one( &cli,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv, buf, len ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_write_round_one( &srv,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli, buf, len ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_write_round_two( &srv,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli, buf, len ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli,
-                 pms, sizeof( pms ), &pmslen, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_write_round_two( &cli,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv, buf, len ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( len == pmslen );
-    TEST_ASSERT( memcmp( buf, pms, len ) == 0 );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-#if !defined(MBEDTLS_ECJPAKE_ALT)
-    /* 'reference handshake' tests can only be run against implementations
-     * for which we have 100% control over how the random ephemeral keys
-     * are generated. This is only the case for the internal mbed TLS
-     * implementation, so these tests are skipped in case the internal
-     * implementation is swapped out for an alternative one. */
-    if( verbose != 0 )
-        mbedtls_printf( "  ECJPAKE test #2 (reference handshake): " );
-
-    /* Simulate generation of round one */
-    MBEDTLS_MPI_CHK( ecjpake_test_load( &cli,
-                ecjpake_test_x1, sizeof( ecjpake_test_x1 ),
-                ecjpake_test_x2, sizeof( ecjpake_test_x2 ) ) );
-
-    MBEDTLS_MPI_CHK( ecjpake_test_load( &srv,
-                ecjpake_test_x3, sizeof( ecjpake_test_x3 ),
-                ecjpake_test_x4, sizeof( ecjpake_test_x4 ) ) );
-
-    /* Read round one */
-    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &srv,
-                                    ecjpake_test_cli_one,
-                            sizeof( ecjpake_test_cli_one ) ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_read_round_one( &cli,
-                                    ecjpake_test_srv_one,
-                            sizeof( ecjpake_test_srv_one ) ) == 0 );
-
-    /* Skip generation of round two, read round two */
-    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &cli,
-                                    ecjpake_test_srv_two,
-                            sizeof( ecjpake_test_srv_two ) ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecjpake_read_round_two( &srv,
-                                    ecjpake_test_cli_two,
-                            sizeof( ecjpake_test_cli_two ) ) == 0 );
-
-    /* Server derives PMS */
-    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &srv,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( len == sizeof( ecjpake_test_pms ) );
-    TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 );
-
-    memset( buf, 0, len ); /* Avoid interferences with next step */
-
-    /* Client derives PMS */
-    TEST_ASSERT( mbedtls_ecjpake_derive_secret( &cli,
-                 buf, sizeof( buf ), &len, ecjpake_lgc, NULL ) == 0 );
-
-    TEST_ASSERT( len == sizeof( ecjpake_test_pms ) );
-    TEST_ASSERT( memcmp( buf, ecjpake_test_pms, len ) == 0 );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-#endif /* ! MBEDTLS_ECJPAKE_ALT */
-
-cleanup:
-    mbedtls_ecjpake_free( &cli );
-    mbedtls_ecjpake_free( &srv );
-
-    if( ret != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( ret );
-}
-
-#undef TEST_ASSERT
-
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED && MBEDTLS_SHA256_C */
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_ECJPAKE_C */
diff --git a/Sources/mbedtls/library/ecp.c b/Sources/mbedtls/library/ecp.c
deleted file mode 100644
index ad19e05..0000000
--- a/Sources/mbedtls/library/ecp.c
+++ /dev/null
@@ -1,3611 +0,0 @@
-/*
- *  Elliptic curves over GF(p): generic functions
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- * References:
- *
- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
- * GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone
- * FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
- * RFC 4492 for the related TLS structures and constants
- * RFC 7748 for the Curve448 and Curve25519 curve definitions
- *
- * [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
- *
- * [2] CORON, Jean-S'ebastien. Resistance against differential power analysis
- *     for elliptic curve cryptosystems. In : Cryptographic Hardware and
- *     Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302.
- *     <http://link.springer.com/chapter/10.1007/3-540-48059-5_25>
- *
- * [3] HEDABOU, Mustapha, PINEL, Pierre, et B'EN'ETEAU, Lucien. A comb method to
- *     render ECC resistant against Side Channel Attacks. IACR Cryptology
- *     ePrint Archive, 2004, vol. 2004, p. 342.
- *     <http://eprint.iacr.org/2004/342.pdf>
- */
-
-#include "common.h"
-
-/**
- * \brief Function level alternative implementation.
- *
- * The MBEDTLS_ECP_INTERNAL_ALT macro enables alternative implementations to
- * replace certain functions in this module. The alternative implementations are
- * typically hardware accelerators and need to activate the hardware before the
- * computation starts and deactivate it after it finishes. The
- * mbedtls_internal_ecp_init() and mbedtls_internal_ecp_free() functions serve
- * this purpose.
- *
- * To preserve the correct functionality the following conditions must hold:
- *
- * - The alternative implementation must be activated by
- *   mbedtls_internal_ecp_init() before any of the replaceable functions is
- *   called.
- * - mbedtls_internal_ecp_free() must \b only be called when the alternative
- *   implementation is activated.
- * - mbedtls_internal_ecp_init() must \b not be called when the alternative
- *   implementation is activated.
- * - Public functions must not return while the alternative implementation is
- *   activated.
- * - Replaceable functions are guarded by \c MBEDTLS_ECP_XXX_ALT macros and
- *   before calling them an \code if( mbedtls_internal_ecp_grp_capable( grp ) )
- *   \endcode ensures that the alternative implementation supports the current
- *   group.
- */
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-
-#include "mbedtls/ecp.h"
-#include "mbedtls/threading.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-#include "mbedtls/bn_mul.h"
-
-#include "ecp_invasive.h"
-
-#include <string.h>
-
-#if !defined(MBEDTLS_ECP_ALT)
-
-/* Parameter validation macros based on platform_util.h */
-#define ECP_VALIDATE_RET( cond )    \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECP_VALIDATE( cond )        \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#include "mbedtls/platform.h"
-
-#include "mbedtls/ecp_internal.h"
-
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-#if defined(MBEDTLS_HMAC_DRBG_C)
-#include "mbedtls/hmac_drbg.h"
-#elif defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/ctr_drbg.h"
-#else
-#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid."
-#endif
-#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * Counts of point addition and doubling, and field multiplications.
- * Used to test resistance of point multiplication to simple timing attacks.
- */
-static unsigned long add_count, dbl_count, mul_count;
-#endif
-
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-/*
- * Currently ecp_mul() takes a RNG function as an argument, used for
- * side-channel protection, but it can be NULL. The initial reasoning was
- * that people will pass non-NULL RNG when they care about side-channels, but
- * unfortunately we have some APIs that call ecp_mul() with a NULL RNG, with
- * no opportunity for the user to do anything about it.
- *
- * The obvious strategies for addressing that include:
- * - change those APIs so that they take RNG arguments;
- * - require a global RNG to be available to all crypto modules.
- *
- * Unfortunately those would break compatibility. So what we do instead is
- * have our own internal DRBG instance, seeded from the secret scalar.
- *
- * The following is a light-weight abstraction layer for doing that with
- * HMAC_DRBG (first choice) or CTR_DRBG.
- */
-
-#if defined(MBEDTLS_HMAC_DRBG_C)
-
-/* DRBG context type */
-typedef mbedtls_hmac_drbg_context ecp_drbg_context;
-
-/* DRBG context init */
-static inline void ecp_drbg_init( ecp_drbg_context *ctx )
-{
-    mbedtls_hmac_drbg_init( ctx );
-}
-
-/* DRBG context free */
-static inline void ecp_drbg_free( ecp_drbg_context *ctx )
-{
-    mbedtls_hmac_drbg_free( ctx );
-}
-
-/* DRBG function */
-static inline int ecp_drbg_random( void *p_rng,
-                                   unsigned char *output, size_t output_len )
-{
-    return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) );
-}
-
-/* DRBG context seeding */
-static int ecp_drbg_seed( ecp_drbg_context *ctx,
-                   const mbedtls_mpi *secret, size_t secret_len )
-{
-    int ret;
-    unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
-    /* The list starts with strong hashes */
-    const mbedtls_md_type_t md_type = mbedtls_md_list()[0];
-    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type );
-
-    if( secret_len > MBEDTLS_ECP_MAX_BYTES )
-    {
-        ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
-        goto cleanup;
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret,
-                                               secret_bytes, secret_len ) );
-
-    ret = mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_bytes, secret_len );
-
-cleanup:
-    mbedtls_platform_zeroize( secret_bytes, secret_len );
-
-    return( ret );
-}
-
-#elif defined(MBEDTLS_CTR_DRBG_C)
-
-/* DRBG context type */
-typedef mbedtls_ctr_drbg_context ecp_drbg_context;
-
-/* DRBG context init */
-static inline void ecp_drbg_init( ecp_drbg_context *ctx )
-{
-    mbedtls_ctr_drbg_init( ctx );
-}
-
-/* DRBG context free */
-static inline void ecp_drbg_free( ecp_drbg_context *ctx )
-{
-    mbedtls_ctr_drbg_free( ctx );
-}
-
-/* DRBG function */
-static inline int ecp_drbg_random( void *p_rng,
-                                   unsigned char *output, size_t output_len )
-{
-    return( mbedtls_ctr_drbg_random( p_rng, output, output_len ) );
-}
-
-/*
- * Since CTR_DRBG doesn't have a seed_buf() function the way HMAC_DRBG does,
- * we need to pass an entropy function when seeding. So we use a dummy
- * function for that, and pass the actual entropy as customisation string.
- * (During seeding of CTR_DRBG the entropy input and customisation string are
- * concatenated before being used to update the secret state.)
- */
-static int ecp_ctr_drbg_null_entropy(void *ctx, unsigned char *out, size_t len)
-{
-    (void) ctx;
-    memset( out, 0, len );
-    return( 0 );
-}
-
-/* DRBG context seeding */
-static int ecp_drbg_seed( ecp_drbg_context *ctx,
-                   const mbedtls_mpi *secret, size_t secret_len )
-{
-    int ret;
-    unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
-
-    if( secret_len > MBEDTLS_ECP_MAX_BYTES )
-    {
-        ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
-        goto cleanup;
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret,
-                                               secret_bytes, secret_len ) );
-
-    ret = mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL,
-                                 secret_bytes, secret_len );
-
-cleanup:
-    mbedtls_platform_zeroize( secret_bytes, secret_len );
-
-    return( ret );
-}
-
-#else
-#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid."
-#endif /* DRBG modules */
-#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/*
- * Maximum number of "basic operations" to be done in a row.
- *
- * Default value 0 means that ECC operations will not yield.
- * Note that regardless of the value of ecp_max_ops, always at
- * least one step is performed before yielding.
- *
- * Setting ecp_max_ops=1 can be suitable for testing purposes
- * as it will interrupt computation at all possible points.
- */
-static unsigned ecp_max_ops = 0;
-
-/*
- * Set ecp_max_ops
- */
-void mbedtls_ecp_set_max_ops( unsigned max_ops )
-{
-    ecp_max_ops = max_ops;
-}
-
-/*
- * Check if restart is enabled
- */
-int mbedtls_ecp_restart_is_enabled( void )
-{
-    return( ecp_max_ops != 0 );
-}
-
-/*
- * Restart sub-context for ecp_mul_comb()
- */
-struct mbedtls_ecp_restart_mul
-{
-    mbedtls_ecp_point R;    /* current intermediate result                  */
-    size_t i;               /* current index in various loops, 0 outside    */
-    mbedtls_ecp_point *T;   /* table for precomputed points                 */
-    unsigned char T_size;   /* number of points in table T                  */
-    enum {                  /* what were we doing last time we returned?    */
-        ecp_rsm_init = 0,       /* nothing so far, dummy initial state      */
-        ecp_rsm_pre_dbl,        /* precompute 2^n multiples                 */
-        ecp_rsm_pre_norm_dbl,   /* normalize precomputed 2^n multiples      */
-        ecp_rsm_pre_add,        /* precompute remaining points by adding    */
-        ecp_rsm_pre_norm_add,   /* normalize all precomputed points         */
-        ecp_rsm_comb_core,      /* ecp_mul_comb_core()                      */
-        ecp_rsm_final_norm,     /* do the final normalization               */
-    } state;
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-    ecp_drbg_context drbg_ctx;
-    unsigned char drbg_seeded;
-#endif
-};
-
-/*
- * Init restart_mul sub-context
- */
-static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx )
-{
-    mbedtls_ecp_point_init( &ctx->R );
-    ctx->i = 0;
-    ctx->T = NULL;
-    ctx->T_size = 0;
-    ctx->state = ecp_rsm_init;
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-    ecp_drbg_init( &ctx->drbg_ctx );
-    ctx->drbg_seeded = 0;
-#endif
-}
-
-/*
- * Free the components of a restart_mul sub-context
- */
-static void ecp_restart_rsm_free( mbedtls_ecp_restart_mul_ctx *ctx )
-{
-    unsigned char i;
-
-    if( ctx == NULL )
-        return;
-
-    mbedtls_ecp_point_free( &ctx->R );
-
-    if( ctx->T != NULL )
-    {
-        for( i = 0; i < ctx->T_size; i++ )
-            mbedtls_ecp_point_free( ctx->T + i );
-        mbedtls_free( ctx->T );
-    }
-
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-    ecp_drbg_free( &ctx->drbg_ctx );
-#endif
-
-    ecp_restart_rsm_init( ctx );
-}
-
-/*
- * Restart context for ecp_muladd()
- */
-struct mbedtls_ecp_restart_muladd
-{
-    mbedtls_ecp_point mP;       /* mP value                             */
-    mbedtls_ecp_point R;        /* R intermediate result                */
-    enum {                      /* what should we do next?              */
-        ecp_rsma_mul1 = 0,      /* first multiplication                 */
-        ecp_rsma_mul2,          /* second multiplication                */
-        ecp_rsma_add,           /* addition                             */
-        ecp_rsma_norm,          /* normalization                        */
-    } state;
-};
-
-/*
- * Init restart_muladd sub-context
- */
-static void ecp_restart_ma_init( mbedtls_ecp_restart_muladd_ctx *ctx )
-{
-    mbedtls_ecp_point_init( &ctx->mP );
-    mbedtls_ecp_point_init( &ctx->R );
-    ctx->state = ecp_rsma_mul1;
-}
-
-/*
- * Free the components of a restart_muladd sub-context
- */
-static void ecp_restart_ma_free( mbedtls_ecp_restart_muladd_ctx *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_ecp_point_free( &ctx->mP );
-    mbedtls_ecp_point_free( &ctx->R );
-
-    ecp_restart_ma_init( ctx );
-}
-
-/*
- * Initialize a restart context
- */
-void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx )
-{
-    ECP_VALIDATE( ctx != NULL );
-    ctx->ops_done = 0;
-    ctx->depth = 0;
-    ctx->rsm = NULL;
-    ctx->ma = NULL;
-}
-
-/*
- * Free the components of a restart context
- */
-void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    ecp_restart_rsm_free( ctx->rsm );
-    mbedtls_free( ctx->rsm );
-
-    ecp_restart_ma_free( ctx->ma );
-    mbedtls_free( ctx->ma );
-
-    mbedtls_ecp_restart_init( ctx );
-}
-
-/*
- * Check if we can do the next step
- */
-int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
-                              mbedtls_ecp_restart_ctx *rs_ctx,
-                              unsigned ops )
-{
-    ECP_VALIDATE_RET( grp != NULL );
-
-    if( rs_ctx != NULL && ecp_max_ops != 0 )
-    {
-        /* scale depending on curve size: the chosen reference is 256-bit,
-         * and multiplication is quadratic. Round to the closest integer. */
-        if( grp->pbits >= 512 )
-            ops *= 4;
-        else if( grp->pbits >= 384 )
-            ops *= 2;
-
-        /* Avoid infinite loops: always allow first step.
-         * Because of that, however, it's not generally true
-         * that ops_done <= ecp_max_ops, so the check
-         * ops_done > ecp_max_ops below is mandatory. */
-        if( ( rs_ctx->ops_done != 0 ) &&
-            ( rs_ctx->ops_done > ecp_max_ops ||
-              ops > ecp_max_ops - rs_ctx->ops_done ) )
-        {
-            return( MBEDTLS_ERR_ECP_IN_PROGRESS );
-        }
-
-        /* update running count */
-        rs_ctx->ops_done += ops;
-    }
-
-    return( 0 );
-}
-
-/* Call this when entering a function that needs its own sub-context */
-#define ECP_RS_ENTER( SUB )   do {                                      \
-    /* reset ops count for this call if top-level */                    \
-    if( rs_ctx != NULL && rs_ctx->depth++ == 0 )                        \
-        rs_ctx->ops_done = 0;                                           \
-                                                                        \
-    /* set up our own sub-context if needed */                          \
-    if( mbedtls_ecp_restart_is_enabled() &&                             \
-        rs_ctx != NULL && rs_ctx->SUB == NULL )                         \
-    {                                                                   \
-        rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) );      \
-        if( rs_ctx->SUB == NULL )                                       \
-            return( MBEDTLS_ERR_ECP_ALLOC_FAILED );                     \
-                                                                        \
-        ecp_restart_## SUB ##_init( rs_ctx->SUB );                      \
-    }                                                                   \
-} while( 0 )
-
-/* Call this when leaving a function that needs its own sub-context */
-#define ECP_RS_LEAVE( SUB )   do {                                      \
-    /* clear our sub-context when not in progress (done or error) */    \
-    if( rs_ctx != NULL && rs_ctx->SUB != NULL &&                        \
-        ret != MBEDTLS_ERR_ECP_IN_PROGRESS )                            \
-    {                                                                   \
-        ecp_restart_## SUB ##_free( rs_ctx->SUB );                      \
-        mbedtls_free( rs_ctx->SUB );                                    \
-        rs_ctx->SUB = NULL;                                             \
-    }                                                                   \
-                                                                        \
-    if( rs_ctx != NULL )                                                \
-        rs_ctx->depth--;                                                \
-} while( 0 )
-
-#else /* MBEDTLS_ECP_RESTARTABLE */
-
-#define ECP_RS_ENTER( sub )     (void) rs_ctx;
-#define ECP_RS_LEAVE( sub )     (void) rs_ctx;
-
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-/*
- * List of supported curves:
- *  - internal ID
- *  - TLS NamedCurve ID (RFC 4492 sec. 5.1.1, RFC 7071 sec. 2, RFC 8446 sec. 4.2.7)
- *  - size in bits
- *  - readable name
- *
- * Curves are listed in order: largest curves first, and for a given size,
- * fastest curves first. This provides the default order for the SSL module.
- *
- * Reminder: update profiles in x509_crt.c when adding a new curves!
- */
-static const mbedtls_ecp_curve_info ecp_supported_curves[] =
-{
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP521R1,    25,     521,    "secp521r1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-    { MBEDTLS_ECP_DP_BP512R1,      28,     512,    "brainpoolP512r1"   },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP384R1,    24,     384,    "secp384r1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-    { MBEDTLS_ECP_DP_BP384R1,      27,     384,    "brainpoolP384r1"   },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP256R1,    23,     256,    "secp256r1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP256K1,    22,     256,    "secp256k1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-    { MBEDTLS_ECP_DP_BP256R1,      26,     256,    "brainpoolP256r1"   },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP224R1,    21,     224,    "secp224r1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP224K1,    20,     224,    "secp224k1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP192R1,    19,     192,    "secp192r1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-    { MBEDTLS_ECP_DP_SECP192K1,    18,     192,    "secp192k1"         },
-#endif
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-    { MBEDTLS_ECP_DP_CURVE25519,   29,     256,    "x25519"            },
-#endif
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-    { MBEDTLS_ECP_DP_CURVE448,     30,     448,    "x448"              },
-#endif
-    { MBEDTLS_ECP_DP_NONE,          0,     0,      NULL                },
-};
-
-#define ECP_NB_CURVES   sizeof( ecp_supported_curves ) /    \
-                        sizeof( ecp_supported_curves[0] )
-
-static mbedtls_ecp_group_id ecp_supported_grp_id[ECP_NB_CURVES];
-
-/*
- * List of supported curves and associated info
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void )
-{
-    return( ecp_supported_curves );
-}
-
-/*
- * List of supported curves, group ID only
- */
-const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void )
-{
-    static int init_done = 0;
-
-    if( ! init_done )
-    {
-        size_t i = 0;
-        const mbedtls_ecp_curve_info *curve_info;
-
-        for( curve_info = mbedtls_ecp_curve_list();
-             curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
-             curve_info++ )
-        {
-            ecp_supported_grp_id[i++] = curve_info->grp_id;
-        }
-        ecp_supported_grp_id[i] = MBEDTLS_ECP_DP_NONE;
-
-        init_done = 1;
-    }
-
-    return( ecp_supported_grp_id );
-}
-
-/*
- * Get the curve info for the internal identifier
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id )
-{
-    const mbedtls_ecp_curve_info *curve_info;
-
-    for( curve_info = mbedtls_ecp_curve_list();
-         curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
-         curve_info++ )
-    {
-        if( curve_info->grp_id == grp_id )
-            return( curve_info );
-    }
-
-    return( NULL );
-}
-
-/*
- * Get the curve info from the TLS identifier
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id )
-{
-    const mbedtls_ecp_curve_info *curve_info;
-
-    for( curve_info = mbedtls_ecp_curve_list();
-         curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
-         curve_info++ )
-    {
-        if( curve_info->tls_id == tls_id )
-            return( curve_info );
-    }
-
-    return( NULL );
-}
-
-/*
- * Get the curve info from the name
- */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name )
-{
-    const mbedtls_ecp_curve_info *curve_info;
-
-    if( name == NULL )
-        return( NULL );
-
-    for( curve_info = mbedtls_ecp_curve_list();
-         curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
-         curve_info++ )
-    {
-        if( strcmp( curve_info->name, name ) == 0 )
-            return( curve_info );
-    }
-
-    return( NULL );
-}
-
-/*
- * Get the type of a curve
- */
-mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp )
-{
-    if( grp->G.X.p == NULL )
-        return( MBEDTLS_ECP_TYPE_NONE );
-
-    if( grp->G.Y.p == NULL )
-        return( MBEDTLS_ECP_TYPE_MONTGOMERY );
-    else
-        return( MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS );
-}
-
-/*
- * Initialize (the components of) a point
- */
-void mbedtls_ecp_point_init( mbedtls_ecp_point *pt )
-{
-    ECP_VALIDATE( pt != NULL );
-
-    mbedtls_mpi_init( &pt->X );
-    mbedtls_mpi_init( &pt->Y );
-    mbedtls_mpi_init( &pt->Z );
-}
-
-/*
- * Initialize (the components of) a group
- */
-void mbedtls_ecp_group_init( mbedtls_ecp_group *grp )
-{
-    ECP_VALIDATE( grp != NULL );
-
-    grp->id = MBEDTLS_ECP_DP_NONE;
-    mbedtls_mpi_init( &grp->P );
-    mbedtls_mpi_init( &grp->A );
-    mbedtls_mpi_init( &grp->B );
-    mbedtls_ecp_point_init( &grp->G );
-    mbedtls_mpi_init( &grp->N );
-    grp->pbits = 0;
-    grp->nbits = 0;
-    grp->h = 0;
-    grp->modp = NULL;
-    grp->t_pre = NULL;
-    grp->t_post = NULL;
-    grp->t_data = NULL;
-    grp->T = NULL;
-    grp->T_size = 0;
-}
-
-/*
- * Initialize (the components of) a key pair
- */
-void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key )
-{
-    ECP_VALIDATE( key != NULL );
-
-    mbedtls_ecp_group_init( &key->grp );
-    mbedtls_mpi_init( &key->d );
-    mbedtls_ecp_point_init( &key->Q );
-}
-
-/*
- * Unallocate (the components of) a point
- */
-void mbedtls_ecp_point_free( mbedtls_ecp_point *pt )
-{
-    if( pt == NULL )
-        return;
-
-    mbedtls_mpi_free( &( pt->X ) );
-    mbedtls_mpi_free( &( pt->Y ) );
-    mbedtls_mpi_free( &( pt->Z ) );
-}
-
-/*
- * Unallocate (the components of) a group
- */
-void mbedtls_ecp_group_free( mbedtls_ecp_group *grp )
-{
-    size_t i;
-
-    if( grp == NULL )
-        return;
-
-    if( grp->h != 1 )
-    {
-        mbedtls_mpi_free( &grp->P );
-        mbedtls_mpi_free( &grp->A );
-        mbedtls_mpi_free( &grp->B );
-        mbedtls_ecp_point_free( &grp->G );
-        mbedtls_mpi_free( &grp->N );
-    }
-
-    if( grp->T != NULL )
-    {
-        for( i = 0; i < grp->T_size; i++ )
-            mbedtls_ecp_point_free( &grp->T[i] );
-        mbedtls_free( grp->T );
-    }
-
-    mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) );
-}
-
-/*
- * Unallocate (the components of) a key pair
- */
-void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key )
-{
-    if( key == NULL )
-        return;
-
-    mbedtls_ecp_group_free( &key->grp );
-    mbedtls_mpi_free( &key->d );
-    mbedtls_ecp_point_free( &key->Q );
-}
-
-/*
- * Copy the contents of a point
- */
-int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ECP_VALIDATE_RET( P != NULL );
-    ECP_VALIDATE_RET( Q != NULL );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Z, &Q->Z ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Copy the contents of a group object
- */
-int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src )
-{
-    ECP_VALIDATE_RET( dst != NULL );
-    ECP_VALIDATE_RET( src != NULL );
-
-    return( mbedtls_ecp_group_load( dst, src->id ) );
-}
-
-/*
- * Set point to zero
- */
-int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ECP_VALIDATE_RET( pt != NULL );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z , 0 ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Tell if a point is zero
- */
-int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt )
-{
-    ECP_VALIDATE_RET( pt != NULL );
-
-    return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 );
-}
-
-/*
- * Compare two points lazily
- */
-int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
-                           const mbedtls_ecp_point *Q )
-{
-    ECP_VALIDATE_RET( P != NULL );
-    ECP_VALIDATE_RET( Q != NULL );
-
-    if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 &&
-        mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 &&
-        mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 )
-    {
-        return( 0 );
-    }
-
-    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-}
-
-/*
- * Import a non-zero point from ASCII strings
- */
-int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
-                           const char *x, const char *y )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ECP_VALIDATE_RET( P != NULL );
-    ECP_VALIDATE_RET( x != NULL );
-    ECP_VALIDATE_RET( y != NULL );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Export a point into unsigned binary data (SEC1 2.3.3 and RFC7748)
- */
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
-                                    const mbedtls_ecp_point *P,
-                                    int format, size_t *olen,
-                                    unsigned char *buf, size_t buflen )
-{
-    int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
-    size_t plen;
-    ECP_VALIDATE_RET( grp  != NULL );
-    ECP_VALIDATE_RET( P    != NULL );
-    ECP_VALIDATE_RET( olen != NULL );
-    ECP_VALIDATE_RET( buf  != NULL );
-    ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
-                      format == MBEDTLS_ECP_PF_COMPRESSED );
-
-    plen = mbedtls_mpi_size( &grp->P );
-
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    (void) format; /* Montgomery curves always use the same point format */
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-    {
-        *olen = plen;
-        if( buflen < *olen )
-            return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &P->X, buf, plen ) );
-    }
-#endif
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-    {
-        /*
-         * Common case: P == 0
-         */
-        if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
-        {
-            if( buflen < 1 )
-                return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-            buf[0] = 0x00;
-            *olen = 1;
-
-            return( 0 );
-        }
-
-        if( format == MBEDTLS_ECP_PF_UNCOMPRESSED )
-        {
-            *olen = 2 * plen + 1;
-
-            if( buflen < *olen )
-                return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-            buf[0] = 0x04;
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) );
-        }
-        else if( format == MBEDTLS_ECP_PF_COMPRESSED )
-        {
-            *olen = plen + 1;
-
-            if( buflen < *olen )
-                return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-            buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
-        }
-    }
-#endif
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Import a point from unsigned binary data (SEC1 2.3.4 and RFC7748)
- */
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
-                                   mbedtls_ecp_point *pt,
-                                   const unsigned char *buf, size_t ilen )
-{
-    int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
-    size_t plen;
-    ECP_VALIDATE_RET( grp != NULL );
-    ECP_VALIDATE_RET( pt  != NULL );
-    ECP_VALIDATE_RET( buf != NULL );
-
-    if( ilen < 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    plen = mbedtls_mpi_size( &grp->P );
-
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-    {
-        if( plen != ilen )
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &pt->X, buf, plen ) );
-        mbedtls_mpi_free( &pt->Y );
-
-        if( grp->id == MBEDTLS_ECP_DP_CURVE25519 )
-            /* Set most significant bit to 0 as prescribed in RFC7748 §5 */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &pt->X, plen * 8 - 1, 0 ) );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
-    }
-#endif
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-    {
-        if( buf[0] == 0x00 )
-        {
-            if( ilen == 1 )
-                return( mbedtls_ecp_set_zero( pt ) );
-            else
-                return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-        }
-
-        if( buf[0] != 0x04 )
-            return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-
-        if( ilen != 2 * plen + 1 )
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y,
-                                                  buf + 1 + plen, plen ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
-    }
-#endif
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Import a point from a TLS ECPoint record (RFC 4492)
- *      struct {
- *          opaque point <1..2^8-1>;
- *      } ECPoint;
- */
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
-                                mbedtls_ecp_point *pt,
-                                const unsigned char **buf, size_t buf_len )
-{
-    unsigned char data_len;
-    const unsigned char *buf_start;
-    ECP_VALIDATE_RET( grp != NULL );
-    ECP_VALIDATE_RET( pt  != NULL );
-    ECP_VALIDATE_RET( buf != NULL );
-    ECP_VALIDATE_RET( *buf != NULL );
-
-    /*
-     * We must have at least two bytes (1 for length, at least one for data)
-     */
-    if( buf_len < 2 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    data_len = *(*buf)++;
-    if( data_len < 1 || data_len > buf_len - 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * Save buffer start for read_binary and update buf
-     */
-    buf_start = *buf;
-    *buf += data_len;
-
-    return( mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ) );
-}
-
-/*
- * Export a point as a TLS ECPoint record (RFC 4492)
- *      struct {
- *          opaque point <1..2^8-1>;
- *      } ECPoint;
- */
-int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
-                         int format, size_t *olen,
-                         unsigned char *buf, size_t blen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ECP_VALIDATE_RET( grp  != NULL );
-    ECP_VALIDATE_RET( pt   != NULL );
-    ECP_VALIDATE_RET( olen != NULL );
-    ECP_VALIDATE_RET( buf  != NULL );
-    ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
-                      format == MBEDTLS_ECP_PF_COMPRESSED );
-
-    /*
-     * buffer length must be at least one, for our length byte
-     */
-    if( blen < 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    if( ( ret = mbedtls_ecp_point_write_binary( grp, pt, format,
-                    olen, buf + 1, blen - 1) ) != 0 )
-        return( ret );
-
-    /*
-     * write length to the first byte and update total length
-     */
-    buf[0] = (unsigned char) *olen;
-    ++*olen;
-
-    return( 0 );
-}
-
-/*
- * Set a group from an ECParameters record (RFC 4492)
- */
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
-                                const unsigned char **buf, size_t len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_group_id grp_id;
-    ECP_VALIDATE_RET( grp  != NULL );
-    ECP_VALIDATE_RET( buf  != NULL );
-    ECP_VALIDATE_RET( *buf != NULL );
-
-    if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, len ) ) != 0 )
-        return( ret );
-
-    return( mbedtls_ecp_group_load( grp, grp_id ) );
-}
-
-/*
- * Read a group id from an ECParameters record (RFC 4492) and convert it to
- * mbedtls_ecp_group_id.
- */
-int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
-                                   const unsigned char **buf, size_t len )
-{
-    uint16_t tls_id;
-    const mbedtls_ecp_curve_info *curve_info;
-    ECP_VALIDATE_RET( grp  != NULL );
-    ECP_VALIDATE_RET( buf  != NULL );
-    ECP_VALIDATE_RET( *buf != NULL );
-
-    /*
-     * We expect at least three bytes (see below)
-     */
-    if( len < 3 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * First byte is curve_type; only named_curve is handled
-     */
-    if( *(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * Next two bytes are the namedcurve value
-     */
-    tls_id = *(*buf)++;
-    tls_id <<= 8;
-    tls_id |= *(*buf)++;
-
-    if( ( curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_id ) ) == NULL )
-        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-
-    *grp = curve_info->grp_id;
-
-    return( 0 );
-}
-
-/*
- * Write the ECParameters record corresponding to a group (RFC 4492)
- */
-int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
-                         unsigned char *buf, size_t blen )
-{
-    const mbedtls_ecp_curve_info *curve_info;
-    ECP_VALIDATE_RET( grp  != NULL );
-    ECP_VALIDATE_RET( buf  != NULL );
-    ECP_VALIDATE_RET( olen != NULL );
-
-    if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /*
-     * We are going to write 3 bytes (see below)
-     */
-    *olen = 3;
-    if( blen < *olen )
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
-
-    /*
-     * First byte is curve_type, always named_curve
-     */
-    *buf++ = MBEDTLS_ECP_TLS_NAMED_CURVE;
-
-    /*
-     * Next two bytes are the namedcurve value
-     */
-    MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, buf, 0 );
-
-    return( 0 );
-}
-
-/*
- * Wrapper around fast quasi-modp functions, with fall-back to mbedtls_mpi_mod_mpi.
- * See the documentation of struct mbedtls_ecp_group.
- *
- * This function is in the critial loop for mbedtls_ecp_mul, so pay attention to perf.
- */
-static int ecp_modp( mbedtls_mpi *N, const mbedtls_ecp_group *grp )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if( grp->modp == NULL )
-        return( mbedtls_mpi_mod_mpi( N, N, &grp->P ) );
-
-    /* N->s < 0 is a much faster test, which fails only if N is 0 */
-    if( ( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) ||
-        mbedtls_mpi_bitlen( N ) > 2 * grp->pbits )
-    {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-    }
-
-    MBEDTLS_MPI_CHK( grp->modp( N ) );
-
-    /* N->s < 0 is a much faster test, which fails only if N is 0 */
-    while( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &grp->P ) );
-
-    while( mbedtls_mpi_cmp_mpi( N, &grp->P ) >= 0 )
-        /* we known P, N and the result are positive */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, N, &grp->P ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Fast mod-p functions expect their argument to be in the 0..p^2 range.
- *
- * In order to guarantee that, we need to ensure that operands of
- * mbedtls_mpi_mul_mpi are in the 0..p range. So, after each operation we will
- * bring the result back to this range.
- *
- * The following macros are shortcuts for doing that.
- */
-
-/*
- * Reduce a mbedtls_mpi mod p in-place, general case, to use after mbedtls_mpi_mul_mpi
- */
-#if defined(MBEDTLS_SELF_TEST)
-#define INC_MUL_COUNT   mul_count++;
-#else
-#define INC_MUL_COUNT
-#endif
-
-#define MOD_MUL( N )                                                    \
-    do                                                                  \
-    {                                                                   \
-        MBEDTLS_MPI_CHK( ecp_modp( &(N), grp ) );                       \
-        INC_MUL_COUNT                                                   \
-    } while( 0 )
-
-static inline int mbedtls_mpi_mul_mod( const mbedtls_ecp_group *grp,
-                                       mbedtls_mpi *X,
-                                       const mbedtls_mpi *A,
-                                       const mbedtls_mpi *B )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( X, A, B ) );
-    MOD_MUL( *X );
-cleanup:
-    return( ret );
-}
-
-/*
- * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_sub_mpi
- * N->s < 0 is a very fast test, which fails only if N is 0
- */
-#define MOD_SUB( N )                                                    \
-    while( (N).s < 0 && mbedtls_mpi_cmp_int( &(N), 0 ) != 0 )           \
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &(N), &(N), &grp->P ) )
-
-#if ( defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \
-      !( defined(MBEDTLS_ECP_NO_FALLBACK) && \
-         defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \
-         defined(MBEDTLS_ECP_ADD_MIXED_ALT) ) ) || \
-    ( defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) && \
-      !( defined(MBEDTLS_ECP_NO_FALLBACK) && \
-         defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) ) )
-static inline int mbedtls_mpi_sub_mod( const mbedtls_ecp_group *grp,
-                                       mbedtls_mpi *X,
-                                       const mbedtls_mpi *A,
-                                       const mbedtls_mpi *B )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( X, A, B ) );
-    MOD_SUB( *X );
-cleanup:
-    return( ret );
-}
-#endif /* All functions referencing mbedtls_mpi_sub_mod() are alt-implemented without fallback */
-
-/*
- * Reduce a mbedtls_mpi mod p in-place, to use after mbedtls_mpi_add_mpi and mbedtls_mpi_mul_int.
- * We known P, N and the result are positive, so sub_abs is correct, and
- * a bit faster.
- */
-#define MOD_ADD( N )                                                    \
-    while( mbedtls_mpi_cmp_mpi( &(N), &grp->P ) >= 0 )                  \
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &(N), &(N), &grp->P ) )
-
-static inline int mbedtls_mpi_add_mod( const mbedtls_ecp_group *grp,
-                                       mbedtls_mpi *X,
-                                       const mbedtls_mpi *A,
-                                       const mbedtls_mpi *B )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, A, B ) );
-    MOD_ADD( *X );
-cleanup:
-    return( ret );
-}
-
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \
-    !( defined(MBEDTLS_ECP_NO_FALLBACK) && \
-       defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \
-       defined(MBEDTLS_ECP_ADD_MIXED_ALT) )
-static inline int mbedtls_mpi_shift_l_mod( const mbedtls_ecp_group *grp,
-                                           mbedtls_mpi *X,
-                                           size_t count )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( X, count ) );
-    MOD_ADD( *X );
-cleanup:
-    return( ret );
-}
-#endif /* All functions referencing mbedtls_mpi_shift_l_mod() are alt-implemented without fallback */
-
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-/*
- * For curves in short Weierstrass form, we do all the internal operations in
- * Jacobian coordinates.
- *
- * For multiplication, we'll use a comb method with countermeasures against
- * SPA, hence timing attacks.
- */
-
-/*
- * Normalize jacobian coordinates so that Z == 0 || Z == 1  (GECC 3.2.1)
- * Cost: 1N := 1I + 3M + 1S
- */
-static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt )
-{
-    if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 )
-        return( 0 );
-
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_normalize_jac( grp, pt ) );
-#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */
-
-#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-#else
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi Zi, ZZi;
-    mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi );
-
-    /*
-     * X = X / Z^2  mod p
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi,      &pt->Z,     &grp->P ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi,     &Zi,        &Zi     ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X,   &pt->X,     &ZZi    ) );
-
-    /*
-     * Y = Y / Z^3  mod p
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y,   &pt->Y,     &ZZi    ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y,   &pt->Y,     &Zi     ) );
-
-    /*
-     * Z = 1
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
-
-cleanup:
-
-    mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi );
-
-    return( ret );
-#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) */
-}
-
-/*
- * Normalize jacobian coordinates of an array of (pointers to) points,
- * using Montgomery's trick to perform only one inversion mod P.
- * (See for example Cohen's "A Course in Computational Algebraic Number
- * Theory", Algorithm 10.3.4.)
- *
- * Warning: fails (returning an error) if one of the points is zero!
- * This should never happen, see choice of w in ecp_mul_comb().
- *
- * Cost: 1N(t) := 1I + (6t - 3)M + 1S
- */
-static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp,
-                                   mbedtls_ecp_point *T[], size_t T_size )
-{
-    if( T_size < 2 )
-        return( ecp_normalize_jac( grp, *T ) );
-
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_normalize_jac_many( grp, T, T_size ) );
-#endif
-
-#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-#else
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i;
-    mbedtls_mpi *c, u, Zi, ZZi;
-
-    if( ( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) == NULL )
-        return( MBEDTLS_ERR_ECP_ALLOC_FAILED );
-
-    for( i = 0; i < T_size; i++ )
-        mbedtls_mpi_init( &c[i] );
-
-    mbedtls_mpi_init( &u ); mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi );
-
-    /*
-     * c[i] = Z_0 * ... * Z_i
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &c[0], &T[0]->Z ) );
-    for( i = 1; i < T_size; i++ )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &c[i], &c[i-1], &T[i]->Z ) );
-    }
-
-    /*
-     * u = 1 / (Z_0 * ... * Z_n) mod P
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[T_size-1], &grp->P ) );
-
-    for( i = T_size - 1; ; i-- )
-    {
-        /*
-         * Zi = 1 / Z_i mod p
-         * u = 1 / (Z_0 * ... * Z_i) mod P
-         */
-        if( i == 0 ) {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Zi, &u ) );
-        }
-        else
-        {
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Zi, &u, &c[i-1]  ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &u,  &u, &T[i]->Z ) );
-        }
-
-        /*
-         * proceed as in normalize()
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi,     &Zi,      &Zi  ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->X, &T[i]->X, &ZZi ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &ZZi ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &Zi  ) );
-
-        /*
-         * Post-precessing: reclaim some memory by shrinking coordinates
-         * - not storing Z (always 1)
-         * - shrinking other coordinates, but still keeping the same number of
-         *   limbs as P, as otherwise it will too likely be regrown too fast.
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->X, grp->P.n ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->Y, grp->P.n ) );
-        mbedtls_mpi_free( &T[i]->Z );
-
-        if( i == 0 )
-            break;
-    }
-
-cleanup:
-
-    mbedtls_mpi_free( &u ); mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi );
-    for( i = 0; i < T_size; i++ )
-        mbedtls_mpi_free( &c[i] );
-    mbedtls_free( c );
-
-    return( ret );
-#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) */
-}
-
-/*
- * Conditional point inversion: Q -> -Q = (Q.X, -Q.Y, Q.Z) without leak.
- * "inv" must be 0 (don't invert) or 1 (invert) or the result will be invalid
- */
-static int ecp_safe_invert_jac( const mbedtls_ecp_group *grp,
-                            mbedtls_ecp_point *Q,
-                            unsigned char inv )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char nonzero;
-    mbedtls_mpi mQY;
-
-    mbedtls_mpi_init( &mQY );
-
-    /* Use the fact that -Q.Y mod P = P - Q.Y unless Q.Y == 0 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mQY, &grp->P, &Q->Y ) );
-    nonzero = mbedtls_mpi_cmp_int( &Q->Y, 0 ) != 0;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &Q->Y, &mQY, inv & nonzero ) );
-
-cleanup:
-    mbedtls_mpi_free( &mQY );
-
-    return( ret );
-}
-
-/*
- * Point doubling R = 2 P, Jacobian coordinates
- *
- * Based on http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#doubling-dbl-1998-cmo-2 .
- *
- * We follow the variable naming fairly closely. The formula variations that trade a MUL for a SQR
- * (plus a few ADDs) aren't useful as our bignum implementation doesn't distinguish squaring.
- *
- * Standard optimizations are applied when curve parameter A is one of { 0, -3 }.
- *
- * Cost: 1D := 3M + 4S          (A ==  0)
- *             4M + 4S          (A == -3)
- *             3M + 6S + 1a     otherwise
- */
-static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                           const mbedtls_ecp_point *P )
-{
-#if defined(MBEDTLS_SELF_TEST)
-    dbl_count++;
-#endif
-
-#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_double_jac( grp, R, P ) );
-#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */
-
-#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-#else
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi M, S, T, U;
-
-    mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U );
-
-    /* Special case for A = -3 */
-    if( grp->A.p == NULL )
-    {
-        /* M = 3(X + Z^2)(X - Z^2) */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S,  &P->Z,  &P->Z   ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &T,  &P->X,  &S      ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &U,  &P->X,  &S      ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S,  &T,     &U      ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M,  &S,     3       ) ); MOD_ADD( M );
-    }
-    else
-    {
-        /* M = 3.X^2 */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S,  &P->X,  &P->X   ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M,  &S,     3       ) ); MOD_ADD( M );
-
-        /* Optimize away for "koblitz" curves with A = 0 */
-        if( mbedtls_mpi_cmp_int( &grp->A, 0 ) != 0 )
-        {
-            /* M += A.Z^4 */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S,  &P->Z,  &P->Z   ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T,  &S,     &S      ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S,  &T,     &grp->A ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &M,  &M,     &S      ) );
-        }
-    }
-
-    /* S = 4.X.Y^2 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T,  &P->Y,  &P->Y   ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T,  1               ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S,  &P->X,  &T      ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &S,  1               ) );
-
-    /* U = 8.Y^4 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U,  &T,     &T      ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U,  1               ) );
-
-    /* T = M^2 - 2.S */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T,  &M,     &M      ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T,  &T,     &S      ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T,  &T,     &S      ) );
-
-    /* S = M(S - T) - U */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S,  &S,     &T      ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S,  &S,     &M      ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S,  &S,     &U      ) );
-
-    /* U = 2.Y.Z */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U,  &P->Y,  &P->Z   ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U,  1               ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &T ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &S ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &U ) );
-
-cleanup:
-    mbedtls_mpi_free( &M ); mbedtls_mpi_free( &S ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &U );
-
-    return( ret );
-#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) */
-}
-
-/*
- * Addition: R = P + Q, mixed affine-Jacobian coordinates (GECC 3.22)
- *
- * The coordinates of Q must be normalized (= affine),
- * but those of P don't need to. R is not normalized.
- *
- * Special cases: (1) P or Q is zero, (2) R is zero, (3) P == Q.
- * None of these cases can happen as intermediate step in ecp_mul_comb():
- * - at each step, P, Q and R are multiples of the base point, the factor
- *   being less than its order, so none of them is zero;
- * - Q is an odd multiple of the base point, P an even multiple,
- *   due to the choice of precomputed points in the modified comb method.
- * So branches for these cases do not leak secret information.
- *
- * We accept Q->Z being unset (saving memory in tables) as meaning 1.
- *
- * Cost: 1A := 8M + 3S
- */
-static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                          const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q )
-{
-#if defined(MBEDTLS_SELF_TEST)
-    add_count++;
-#endif
-
-#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_add_mixed( grp, R, P, Q ) );
-#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */
-
-#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_ADD_MIXED_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-#else
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi T1, T2, T3, T4, X, Y, Z;
-
-    /*
-     * Trivial cases: P == 0 or Q == 0 (case 1)
-     */
-    if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
-        return( mbedtls_ecp_copy( R, Q ) );
-
-    if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 0 ) == 0 )
-        return( mbedtls_ecp_copy( R, P ) );
-
-    /*
-     * Make sure Q coordinates are normalized
-     */
-    if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 1 ) != 0 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &T3 ); mbedtls_mpi_init( &T4 );
-    mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1,  &P->Z,  &P->Z ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2,  &T1,    &P->Z ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1,  &T1,    &Q->X ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2,  &T2,    &Q->Y ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T1,  &T1,    &P->X ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T2,  &T2,    &P->Y ) );
-
-    /* Special cases (2) and (3) */
-    if( mbedtls_mpi_cmp_int( &T1, 0 ) == 0 )
-    {
-        if( mbedtls_mpi_cmp_int( &T2, 0 ) == 0 )
-        {
-            ret = ecp_double_jac( grp, R, P );
-            goto cleanup;
-        }
-        else
-        {
-            ret = mbedtls_ecp_set_zero( R );
-            goto cleanup;
-        }
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Z,   &P->Z,  &T1   ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3,  &T1,    &T1   ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4,  &T3,    &T1   ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3,  &T3,    &P->X ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &T3 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T1,  1     ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &X,   &T2,    &T2   ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X,   &X,     &T1   ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X,   &X,     &T4   ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T3,  &T3,    &X    ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3,  &T3,    &T2   ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4,  &T4,    &P->Y ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &Y,   &T3,    &T4   ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &X ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &Y ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &Z ) );
-
-cleanup:
-
-    mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 ); mbedtls_mpi_free( &T3 ); mbedtls_mpi_free( &T4 );
-    mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z );
-
-    return( ret );
-#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_ADD_MIXED_ALT) */
-}
-
-/*
- * Randomize jacobian coordinates:
- * (X, Y, Z) -> (l^2 X, l^3 Y, l Z) for random l
- * This is sort of the reverse operation of ecp_normalize_jac().
- *
- * This countermeasure was first suggested in [2].
- */
-static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_randomize_jac( grp, pt, f_rng, p_rng ) );
-#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */
-
-#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-#else
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi l, ll;
-
-    mbedtls_mpi_init( &l ); mbedtls_mpi_init( &ll );
-
-    /* Generate l such that 1 < l < p */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_random( &l, 2, &grp->P, f_rng, p_rng ) );
-
-    /* Z = l * Z */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Z,   &pt->Z,     &l  ) );
-
-    /* X = l^2 * X */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll,      &l,         &l  ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X,   &pt->X,     &ll ) );
-
-    /* Y = l^3 * Y */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll,      &ll,        &l  ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y,   &pt->Y,     &ll ) );
-
-cleanup:
-    mbedtls_mpi_free( &l ); mbedtls_mpi_free( &ll );
-
-    if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
-        ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
-    return( ret );
-#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) */
-}
-
-/*
- * Check and define parameters used by the comb method (see below for details)
- */
-#if MBEDTLS_ECP_WINDOW_SIZE < 2 || MBEDTLS_ECP_WINDOW_SIZE > 7
-#error "MBEDTLS_ECP_WINDOW_SIZE out of bounds"
-#endif
-
-/* d = ceil( n / w ) */
-#define COMB_MAX_D      ( MBEDTLS_ECP_MAX_BITS + 1 ) / 2
-
-/* number of precomputed points */
-#define COMB_MAX_PRE    ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
-
-/*
- * Compute the representation of m that will be used with our comb method.
- *
- * The basic comb method is described in GECC 3.44 for example. We use a
- * modified version that provides resistance to SPA by avoiding zero
- * digits in the representation as in [3]. We modify the method further by
- * requiring that all K_i be odd, which has the small cost that our
- * representation uses one more K_i, due to carries, but saves on the size of
- * the precomputed table.
- *
- * Summary of the comb method and its modifications:
- *
- * - The goal is to compute m*P for some w*d-bit integer m.
- *
- * - The basic comb method splits m into the w-bit integers
- *   x[0] .. x[d-1] where x[i] consists of the bits in m whose
- *   index has residue i modulo d, and computes m * P as
- *   S[x[0]] + 2 * S[x[1]] + .. + 2^(d-1) S[x[d-1]], where
- *   S[i_{w-1} .. i_0] := i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + i_0 P.
- *
- * - If it happens that, say, x[i+1]=0 (=> S[x[i+1]]=0), one can replace the sum by
- *    .. + 2^{i-1} S[x[i-1]] - 2^i S[x[i]] + 2^{i+1} S[x[i]] + 2^{i+2} S[x[i+2]] ..,
- *   thereby successively converting it into a form where all summands
- *   are nonzero, at the cost of negative summands. This is the basic idea of [3].
- *
- * - More generally, even if x[i+1] != 0, we can first transform the sum as
- *   .. - 2^i S[x[i]] + 2^{i+1} ( S[x[i]] + S[x[i+1]] ) + 2^{i+2} S[x[i+2]] ..,
- *   and then replace S[x[i]] + S[x[i+1]] = S[x[i] ^ x[i+1]] + 2 S[x[i] & x[i+1]].
- *   Performing and iterating this procedure for those x[i] that are even
- *   (keeping track of carry), we can transform the original sum into one of the form
- *   S[x'[0]] +- 2 S[x'[1]] +- .. +- 2^{d-1} S[x'[d-1]] + 2^d S[x'[d]]
- *   with all x'[i] odd. It is therefore only necessary to know S at odd indices,
- *   which is why we are only computing half of it in the first place in
- *   ecp_precompute_comb and accessing it with index abs(i) / 2 in ecp_select_comb.
- *
- * - For the sake of compactness, only the seven low-order bits of x[i]
- *   are used to represent its absolute value (K_i in the paper), and the msb
- *   of x[i] encodes the sign (s_i in the paper): it is set if and only if
- *   if s_i == -1;
- *
- * Calling conventions:
- * - x is an array of size d + 1
- * - w is the size, ie number of teeth, of the comb, and must be between
- *   2 and 7 (in practice, between 2 and MBEDTLS_ECP_WINDOW_SIZE)
- * - m is the MPI, expected to be odd and such that bitlength(m) <= w * d
- *   (the result will be incorrect if these assumptions are not satisfied)
- */
-static void ecp_comb_recode_core( unsigned char x[], size_t d,
-                                  unsigned char w, const mbedtls_mpi *m )
-{
-    size_t i, j;
-    unsigned char c, cc, adjust;
-
-    memset( x, 0, d+1 );
-
-    /* First get the classical comb values (except for x_d = 0) */
-    for( i = 0; i < d; i++ )
-        for( j = 0; j < w; j++ )
-            x[i] |= mbedtls_mpi_get_bit( m, i + d * j ) << j;
-
-    /* Now make sure x_1 .. x_d are odd */
-    c = 0;
-    for( i = 1; i <= d; i++ )
-    {
-        /* Add carry and update it */
-        cc   = x[i] & c;
-        x[i] = x[i] ^ c;
-        c = cc;
-
-        /* Adjust if needed, avoiding branches */
-        adjust = 1 - ( x[i] & 0x01 );
-        c   |= x[i] & ( x[i-1] * adjust );
-        x[i] = x[i] ^ ( x[i-1] * adjust );
-        x[i-1] |= adjust << 7;
-    }
-}
-
-/*
- * Precompute points for the adapted comb method
- *
- * Assumption: T must be able to hold 2^{w - 1} elements.
- *
- * Operation: If i = i_{w-1} ... i_1 is the binary representation of i,
- *            sets T[i] = i_{w-1} 2^{(w-1)d} P + ... + i_1 2^d P + P.
- *
- * Cost: d(w-1) D + (2^{w-1} - 1) A + 1 N(w-1) + 1 N(2^{w-1} - 1)
- *
- * Note: Even comb values (those where P would be omitted from the
- *       sum defining T[i] above) are not needed in our adaption
- *       the comb method. See ecp_comb_recode_core().
- *
- * This function currently works in four steps:
- * (1) [dbl]      Computation of intermediate T[i] for 2-power values of i
- * (2) [norm_dbl] Normalization of coordinates of these T[i]
- * (3) [add]      Computation of all T[i]
- * (4) [norm_add] Normalization of all T[i]
- *
- * Step 1 can be interrupted but not the others; together with the final
- * coordinate normalization they are the largest steps done at once, depending
- * on the window size. Here are operation counts for P-256:
- *
- * step     (2)     (3)     (4)
- * w = 5    142     165     208
- * w = 4    136      77     160
- * w = 3    130      33     136
- * w = 2    124      11     124
- *
- * So if ECC operations are blocking for too long even with a low max_ops
- * value, it's useful to set MBEDTLS_ECP_WINDOW_SIZE to a lower value in order
- * to minimize maximum blocking time.
- */
-static int ecp_precompute_comb( const mbedtls_ecp_group *grp,
-                                mbedtls_ecp_point T[], const mbedtls_ecp_point *P,
-                                unsigned char w, size_t d,
-                                mbedtls_ecp_restart_ctx *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char i;
-    size_t j = 0;
-    const unsigned char T_size = 1U << ( w - 1 );
-    mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1];
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
-    {
-        if( rs_ctx->rsm->state == ecp_rsm_pre_dbl )
-            goto dbl;
-        if( rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl )
-            goto norm_dbl;
-        if( rs_ctx->rsm->state == ecp_rsm_pre_add )
-            goto add;
-        if( rs_ctx->rsm->state == ecp_rsm_pre_norm_add )
-            goto norm_add;
-    }
-#else
-    (void) rs_ctx;
-#endif
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
-    {
-        rs_ctx->rsm->state = ecp_rsm_pre_dbl;
-
-        /* initial state for the loop */
-        rs_ctx->rsm->i = 0;
-    }
-
-dbl:
-#endif
-    /*
-     * Set T[0] = P and
-     * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value)
-     */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 )
-        j = rs_ctx->rsm->i;
-    else
-#endif
-        j = 0;
-
-    for( ; j < d * ( w - 1 ); j++ )
-    {
-        MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL );
-
-        i = 1U << ( j / d );
-        cur = T + i;
-
-        if( j % d == 0 )
-            MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) );
-
-        MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) );
-    }
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
-        rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl;
-
-norm_dbl:
-#endif
-    /*
-     * Normalize current elements in T. As T has holes,
-     * use an auxiliary array of pointers to elements in T.
-     */
-    j = 0;
-    for( i = 1; i < T_size; i <<= 1 )
-        TT[j++] = T + i;
-
-    MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 );
-
-    MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
-        rs_ctx->rsm->state = ecp_rsm_pre_add;
-
-add:
-#endif
-    /*
-     * Compute the remaining ones using the minimal number of additions
-     * Be careful to update T[2^l] only after using it!
-     */
-    MBEDTLS_ECP_BUDGET( ( T_size - 1 ) * MBEDTLS_ECP_OPS_ADD );
-
-    for( i = 1; i < T_size; i <<= 1 )
-    {
-        j = i;
-        while( j-- )
-            MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) );
-    }
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
-        rs_ctx->rsm->state = ecp_rsm_pre_norm_add;
-
-norm_add:
-#endif
-    /*
-     * Normalize final elements in T. Even though there are no holes now, we
-     * still need the auxiliary array for homogeneity with the previous
-     * call. Also, skip T[0] which is already normalised, being a copy of P.
-     */
-    for( j = 0; j + 1 < T_size; j++ )
-        TT[j] = T + j + 1;
-
-    MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 );
-
-    MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );
-
-cleanup:
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
-        ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-    {
-        if( rs_ctx->rsm->state == ecp_rsm_pre_dbl )
-            rs_ctx->rsm->i = j;
-    }
-#endif
-
-    return( ret );
-}
-
-/*
- * Select precomputed point: R = sign(i) * T[ abs(i) / 2 ]
- *
- * See ecp_comb_recode_core() for background
- */
-static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                            const mbedtls_ecp_point T[], unsigned char T_size,
-                            unsigned char i )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char ii, j;
-
-    /* Ignore the "sign" bit and scale down */
-    ii =  ( i & 0x7Fu ) >> 1;
-
-    /* Read the whole table to thwart cache-based timing attacks */
-    for( j = 0; j < T_size; j++ )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->X, &T[j].X, j == ii ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->Y, &T[j].Y, j == ii ) );
-    }
-
-    /* Safely invert result if i is "negative" */
-    MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, i >> 7 ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Core multiplication algorithm for the (modified) comb method.
- * This part is actually common with the basic comb method (GECC 3.44)
- *
- * Cost: d A + d D + 1 R
- */
-static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                              const mbedtls_ecp_point T[], unsigned char T_size,
-                              const unsigned char x[], size_t d,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng,
-                              mbedtls_ecp_restart_ctx *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_point Txi;
-    size_t i;
-
-    mbedtls_ecp_point_init( &Txi );
-
-#if !defined(MBEDTLS_ECP_RESTARTABLE)
-    (void) rs_ctx;
-#endif
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
-        rs_ctx->rsm->state != ecp_rsm_comb_core )
-    {
-        rs_ctx->rsm->i = 0;
-        rs_ctx->rsm->state = ecp_rsm_comb_core;
-    }
-
-    /* new 'if' instead of nested for the sake of the 'else' branch */
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 )
-    {
-        /* restore current index (R already pointing to rs_ctx->rsm->R) */
-        i = rs_ctx->rsm->i;
-    }
-    else
-#endif
-    {
-        /* Start with a non-zero point and randomize its coordinates */
-        i = d;
-        MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) );
-
-        int have_rng = 1;
-#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-        if( f_rng == NULL )
-            have_rng = 0;
-#endif
-        if( have_rng )
-            MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
-    }
-
-    while( i != 0 )
-    {
-        MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD );
-        --i;
-
-        MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) );
-        MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, T_size, x[i] ) );
-        MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) );
-    }
-
-cleanup:
-
-    mbedtls_ecp_point_free( &Txi );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
-        ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-    {
-        rs_ctx->rsm->i = i;
-        /* no need to save R, already pointing to rs_ctx->rsm->R */
-    }
-#endif
-
-    return( ret );
-}
-
-/*
- * Recode the scalar to get constant-time comb multiplication
- *
- * As the actual scalar recoding needs an odd scalar as a starting point,
- * this wrapper ensures that by replacing m by N - m if necessary, and
- * informs the caller that the result of multiplication will be negated.
- *
- * This works because we only support large prime order for Short Weierstrass
- * curves, so N is always odd hence either m or N - m is.
- *
- * See ecp_comb_recode_core() for background.
- */
-static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp,
-                                   const mbedtls_mpi *m,
-                                   unsigned char k[COMB_MAX_D + 1],
-                                   size_t d,
-                                   unsigned char w,
-                                   unsigned char *parity_trick )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi M, mm;
-
-    mbedtls_mpi_init( &M );
-    mbedtls_mpi_init( &mm );
-
-    /* N is always odd (see above), just make extra sure */
-    if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-
-    /* do we need the parity trick? */
-    *parity_trick = ( mbedtls_mpi_get_bit( m, 0 ) == 0 );
-
-    /* execute parity fix in constant time */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, *parity_trick ) );
-
-    /* actual scalar recoding */
-    ecp_comb_recode_core( k, d, w, &M );
-
-cleanup:
-    mbedtls_mpi_free( &mm );
-    mbedtls_mpi_free( &M );
-
-    return( ret );
-}
-
-/*
- * Perform comb multiplication (for short Weierstrass curves)
- * once the auxiliary table has been pre-computed.
- *
- * Scalar recoding may use a parity trick that makes us compute -m * P,
- * if that is the case we'll need to recover m * P at the end.
- */
-static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp,
-                                mbedtls_ecp_point *R,
-                                const mbedtls_mpi *m,
-                                const mbedtls_ecp_point *T,
-                                unsigned char T_size,
-                                unsigned char w,
-                                size_t d,
-                                int (*f_rng)(void *, unsigned char *, size_t),
-                                void *p_rng,
-                                mbedtls_ecp_restart_ctx *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char parity_trick;
-    unsigned char k[COMB_MAX_D + 1];
-    mbedtls_ecp_point *RR = R;
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
-    {
-        RR = &rs_ctx->rsm->R;
-
-        if( rs_ctx->rsm->state == ecp_rsm_final_norm )
-            goto final_norm;
-    }
-#endif
-
-    MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w,
-                                            &parity_trick ) );
-    MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, T_size, k, d,
-                                        f_rng, p_rng, rs_ctx ) );
-    MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
-        rs_ctx->rsm->state = ecp_rsm_final_norm;
-
-final_norm:
-    MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV );
-#endif
-    /*
-     * Knowledge of the jacobian coordinates may leak the last few bits of the
-     * scalar [1], and since our MPI implementation isn't constant-flow,
-     * inversion (used for coordinate normalization) may leak the full value
-     * of its input via side-channels [2].
-     *
-     * [1] https://eprint.iacr.org/2003/191
-     * [2] https://eprint.iacr.org/2020/055
-     *
-     * Avoid the leak by randomizing coordinates before we normalize them.
-     */
-    int have_rng = 1;
-#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-    if( f_rng == NULL )
-        have_rng = 0;
-#endif
-    if( have_rng )
-        MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) );
-
-    MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, RR ) );
-#endif
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Pick window size based on curve size and whether we optimize for base point
- */
-static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp,
-                                           unsigned char p_eq_g )
-{
-    unsigned char w;
-
-    /*
-     * Minimize the number of multiplications, that is minimize
-     * 10 * d * w + 18 * 2^(w-1) + 11 * d + 7 * w, with d = ceil( nbits / w )
-     * (see costs of the various parts, with 1S = 1M)
-     */
-    w = grp->nbits >= 384 ? 5 : 4;
-
-    /*
-     * If P == G, pre-compute a bit more, since this may be re-used later.
-     * Just adding one avoids upping the cost of the first mul too much,
-     * and the memory cost too.
-     */
-    if( p_eq_g )
-        w++;
-
-    /*
-     * Make sure w is within bounds.
-     * (The last test is useful only for very small curves in the test suite.)
-     */
-#if( MBEDTLS_ECP_WINDOW_SIZE < 6 )
-    if( w > MBEDTLS_ECP_WINDOW_SIZE )
-        w = MBEDTLS_ECP_WINDOW_SIZE;
-#endif
-    if( w >= grp->nbits )
-        w = 2;
-
-    return( w );
-}
-
-/*
- * Multiplication using the comb method - for curves in short Weierstrass form
- *
- * This function is mainly responsible for administrative work:
- * - managing the restart context if enabled
- * - managing the table of precomputed points (passed between the below two
- *   functions): allocation, computation, ownership transfer, freeing.
- *
- * It delegates the actual arithmetic work to:
- *      ecp_precompute_comb() and ecp_mul_comb_with_precomp()
- *
- * See comments on ecp_comb_recode_core() regarding the computation strategy.
- */
-static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                         const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         mbedtls_ecp_restart_ctx *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char w, p_eq_g, i;
-    size_t d;
-    unsigned char T_size = 0, T_ok = 0;
-    mbedtls_ecp_point *T = NULL;
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-    ecp_drbg_context drbg_ctx;
-
-    ecp_drbg_init( &drbg_ctx );
-#endif
-
-    ECP_RS_ENTER( rsm );
-
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-    if( f_rng == NULL )
-    {
-        /* Adjust pointers */
-        f_rng = &ecp_drbg_random;
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-        if( rs_ctx != NULL && rs_ctx->rsm != NULL )
-            p_rng = &rs_ctx->rsm->drbg_ctx;
-        else
-#endif
-            p_rng = &drbg_ctx;
-
-        /* Initialize internal DRBG if necessary */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-        if( rs_ctx == NULL || rs_ctx->rsm == NULL ||
-            rs_ctx->rsm->drbg_seeded == 0 )
-#endif
-        {
-            const size_t m_len = ( grp->nbits + 7 ) / 8;
-            MBEDTLS_MPI_CHK( ecp_drbg_seed( p_rng, m, m_len ) );
-        }
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-        if( rs_ctx != NULL && rs_ctx->rsm != NULL )
-            rs_ctx->rsm->drbg_seeded = 1;
-#endif
-    }
-#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
-
-    /* Is P the base point ? */
-#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
-    p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
-               mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 );
-#else
-    p_eq_g = 0;
-#endif
-
-    /* Pick window size and deduce related sizes */
-    w = ecp_pick_window_size( grp, p_eq_g );
-    T_size = 1U << ( w - 1 );
-    d = ( grp->nbits + w - 1 ) / w;
-
-    /* Pre-computed table: do we have it already for the base point? */
-    if( p_eq_g && grp->T != NULL )
-    {
-        /* second pointer to the same table, will be deleted on exit */
-        T = grp->T;
-        T_ok = 1;
-    }
-    else
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    /* Pre-computed table: do we have one in progress? complete? */
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL )
-    {
-        /* transfer ownership of T from rsm to local function */
-        T = rs_ctx->rsm->T;
-        rs_ctx->rsm->T = NULL;
-        rs_ctx->rsm->T_size = 0;
-
-        /* This effectively jumps to the call to mul_comb_after_precomp() */
-        T_ok = rs_ctx->rsm->state >= ecp_rsm_comb_core;
-    }
-    else
-#endif
-    /* Allocate table if we didn't have any */
-    {
-        T = mbedtls_calloc( T_size, sizeof( mbedtls_ecp_point ) );
-        if( T == NULL )
-        {
-            ret = MBEDTLS_ERR_ECP_ALLOC_FAILED;
-            goto cleanup;
-        }
-
-        for( i = 0; i < T_size; i++ )
-            mbedtls_ecp_point_init( &T[i] );
-
-        T_ok = 0;
-    }
-
-    /* Compute table (or finish computing it) if not done already */
-    if( !T_ok )
-    {
-        MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d, rs_ctx ) );
-
-        if( p_eq_g )
-        {
-            /* almost transfer ownership of T to the group, but keep a copy of
-             * the pointer to use for calling the next function more easily */
-            grp->T = T;
-            grp->T_size = T_size;
-        }
-    }
-
-    /* Actual comb multiplication using precomputed points */
-    MBEDTLS_MPI_CHK( ecp_mul_comb_after_precomp( grp, R, m,
-                                                 T, T_size, w, d,
-                                                 f_rng, p_rng, rs_ctx ) );
-
-cleanup:
-
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-    ecp_drbg_free( &drbg_ctx );
-#endif
-
-    /* does T belong to the group? */
-    if( T == grp->T )
-        T = NULL;
-
-    /* does T belong to the restart context? */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL )
-    {
-        /* transfer ownership of T from local function to rsm */
-        rs_ctx->rsm->T_size = T_size;
-        rs_ctx->rsm->T = T;
-        T = NULL;
-    }
-#endif
-
-    /* did T belong to us? then let's destroy it! */
-    if( T != NULL )
-    {
-        for( i = 0; i < T_size; i++ )
-            mbedtls_ecp_point_free( &T[i] );
-        mbedtls_free( T );
-    }
-
-    /* prevent caller from using invalid value */
-    int should_free_R = ( ret != 0 );
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    /* don't free R while in progress in case R == P */
-    if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-        should_free_R = 0;
-#endif
-    if( should_free_R )
-        mbedtls_ecp_point_free( R );
-
-    ECP_RS_LEAVE( rsm );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-/*
- * For Montgomery curves, we do all the internal arithmetic in projective
- * coordinates. Import/export of points uses only the x coordinates, which is
- * internally represented as X / Z.
- *
- * For scalar multiplication, we'll use a Montgomery ladder.
- */
-
-/*
- * Normalize Montgomery x/z coordinates: X = X/Z, Z = 1
- * Cost: 1M + 1I
- */
-static int ecp_normalize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P )
-{
-#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_normalize_mxz( grp, P ) );
-#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
-
-#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-#else
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &P->Z ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
-
-cleanup:
-    return( ret );
-#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) */
-}
-
-/*
- * Randomize projective x/z coordinates:
- * (X, Z) -> (l X, l Z) for random l
- * This is sort of the reverse operation of ecp_normalize_mxz().
- *
- * This countermeasure was first suggested in [2].
- * Cost: 2M
- */
-static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ) );
-#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
-
-#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-#else
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi l;
-    mbedtls_mpi_init( &l );
-
-    /* Generate l such that 1 < l < p */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_random( &l, 2, &grp->P, f_rng, p_rng ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &l ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->Z, &P->Z, &l ) );
-
-cleanup:
-    mbedtls_mpi_free( &l );
-
-    if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
-        ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
-    return( ret );
-#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) */
-}
-
-/*
- * Double-and-add: R = 2P, S = P + Q, with d = X(P - Q),
- * for Montgomery curves in x/z coordinates.
- *
- * http://www.hyperelliptic.org/EFD/g1p/auto-code/montgom/xz/ladder/mladd-1987-m.op3
- * with
- * d =  X1
- * P = (X2, Z2)
- * Q = (X3, Z3)
- * R = (X4, Z4)
- * S = (X5, Z5)
- * and eliminating temporary variables tO, ..., t4.
- *
- * Cost: 5M + 4S
- */
-static int ecp_double_add_mxz( const mbedtls_ecp_group *grp,
-                               mbedtls_ecp_point *R, mbedtls_ecp_point *S,
-                               const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q,
-                               const mbedtls_mpi *d )
-{
-#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
-    if( mbedtls_internal_ecp_grp_capable( grp ) )
-        return( mbedtls_internal_ecp_double_add_mxz( grp, R, S, P, Q, d ) );
-#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */
-
-#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
-    return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-#else
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB;
-
-    mbedtls_mpi_init( &A ); mbedtls_mpi_init( &AA ); mbedtls_mpi_init( &B );
-    mbedtls_mpi_init( &BB ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &C );
-    mbedtls_mpi_init( &D ); mbedtls_mpi_init( &DA ); mbedtls_mpi_init( &CB );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &A,    &P->X,   &P->Z ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &AA,   &A,      &A    ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &B,    &P->X,   &P->Z ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &BB,   &B,      &B    ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &E,    &AA,     &BB   ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &C,    &Q->X,   &Q->Z ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &D,    &Q->X,   &Q->Z ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &DA,   &D,      &A    ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &CB,   &C,      &B    ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &S->X, &DA,     &CB   ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->X, &S->X,   &S->X ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S->Z, &DA,     &CB   ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, &S->Z,   &S->Z ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S->Z, d,       &S->Z ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->X, &AA,     &BB   ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &grp->A, &E    ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &R->Z, &BB,     &R->Z ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &E,      &R->Z ) );
-
-cleanup:
-    mbedtls_mpi_free( &A ); mbedtls_mpi_free( &AA ); mbedtls_mpi_free( &B );
-    mbedtls_mpi_free( &BB ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &C );
-    mbedtls_mpi_free( &D ); mbedtls_mpi_free( &DA ); mbedtls_mpi_free( &CB );
-
-    return( ret );
-#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) */
-}
-
-/*
- * Multiplication with Montgomery ladder in x/z coordinates,
- * for curves in Montgomery form
- */
-static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-                        const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-                        int (*f_rng)(void *, unsigned char *, size_t),
-                        void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i;
-    unsigned char b;
-    mbedtls_ecp_point RP;
-    mbedtls_mpi PX;
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-    ecp_drbg_context drbg_ctx;
-
-    ecp_drbg_init( &drbg_ctx );
-#endif
-    mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX );
-
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-    if( f_rng == NULL )
-    {
-        const size_t m_len = ( grp->nbits + 7 ) / 8;
-        MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m, m_len ) );
-        f_rng = &ecp_drbg_random;
-        p_rng = &drbg_ctx;
-    }
-#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
-
-    /* Save PX and read from P before writing to R, in case P == R */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) );
-
-    /* Set R to zero in modified x/z coordinates */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->X, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 0 ) );
-    mbedtls_mpi_free( &R->Y );
-
-    /* RP.X might be slightly larger than P, so reduce it */
-    MOD_ADD( RP.X );
-
-    /* Randomize coordinates of the starting point */
-    int have_rng = 1;
-#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-    if( f_rng == NULL )
-        have_rng = 0;
-#endif
-    if( have_rng )
-        MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
-
-    /* Loop invariant: R = result so far, RP = R + P */
-    i = grp->nbits + 1; /* one past the (zero-based) required msb for private keys */
-    while( i-- > 0 )
-    {
-        b = mbedtls_mpi_get_bit( m, i );
-        /*
-         *  if (b) R = 2R + P else R = 2R,
-         * which is:
-         *  if (b) double_add( RP, R, RP, R )
-         *  else   double_add( R, RP, R, RP )
-         * but using safe conditional swaps to avoid leaks
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
-        MBEDTLS_MPI_CHK( ecp_double_add_mxz( grp, R, &RP, R, &RP, &PX ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) );
-    }
-
-    /*
-     * Knowledge of the projective coordinates may leak the last few bits of the
-     * scalar [1], and since our MPI implementation isn't constant-flow,
-     * inversion (used for coordinate normalization) may leak the full value
-     * of its input via side-channels [2].
-     *
-     * [1] https://eprint.iacr.org/2003/191
-     * [2] https://eprint.iacr.org/2020/055
-     *
-     * Avoid the leak by randomizing coordinates before we normalize them.
-     */
-    have_rng = 1;
-#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-    if( f_rng == NULL )
-        have_rng = 0;
-#endif
-    if( have_rng )
-        MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) );
-
-    MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
-
-cleanup:
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
-    ecp_drbg_free( &drbg_ctx );
-#endif
-
-    mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
-
-/*
- * Restartable multiplication R = m * P
- */
-int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-             mbedtls_ecp_restart_ctx *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    char is_grp_capable = 0;
-#endif
-    ECP_VALIDATE_RET( grp != NULL );
-    ECP_VALIDATE_RET( R   != NULL );
-    ECP_VALIDATE_RET( m   != NULL );
-    ECP_VALIDATE_RET( P   != NULL );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    /* reset ops count for this call if top-level */
-    if( rs_ctx != NULL && rs_ctx->depth++ == 0 )
-        rs_ctx->ops_done = 0;
-#else
-    (void) rs_ctx;
-#endif
-
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) )
-        MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-
-    int restarting = 0;
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    restarting = ( rs_ctx != NULL && rs_ctx->rsm != NULL );
-#endif
-    /* skip argument check when restarting */
-    if( !restarting )
-    {
-        /* check_privkey is free */
-        MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK );
-
-        /* Common sanity checks */
-        MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( grp, m ) );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
-    }
-
-    ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-        MBEDTLS_MPI_CHK( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) );
-#endif
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-        MBEDTLS_MPI_CHK( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) );
-#endif
-
-cleanup:
-
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    if( is_grp_capable )
-        mbedtls_internal_ecp_free( grp );
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL )
-        rs_ctx->depth--;
-#endif
-
-    return( ret );
-}
-
-/*
- * Multiplication R = m * P
- */
-int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    ECP_VALIDATE_RET( grp != NULL );
-    ECP_VALIDATE_RET( R   != NULL );
-    ECP_VALIDATE_RET( m   != NULL );
-    ECP_VALIDATE_RET( P   != NULL );
-    return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) );
-}
-
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-/*
- * Check that an affine point is valid as a public key,
- * short weierstrass curves (SEC1 3.2.3.1)
- */
-static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi YY, RHS;
-
-    /* pt coordinates must be normalized for our checks */
-    if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 ||
-        mbedtls_mpi_cmp_int( &pt->Y, 0 ) < 0 ||
-        mbedtls_mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 ||
-        mbedtls_mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 )
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
-
-    mbedtls_mpi_init( &YY ); mbedtls_mpi_init( &RHS );
-
-    /*
-     * YY = Y^2
-     * RHS = X (X^2 + A) + B = X^3 + A X + B
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &YY,  &pt->Y,   &pt->Y  ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &pt->X,   &pt->X  ) );
-
-    /* Special case for A = -3 */
-    if( grp->A.p == NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &RHS, &RHS, 3       ) );  MOD_SUB( RHS );
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->A ) );
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &RHS,     &pt->X  ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS,     &grp->B ) );
-
-    if( mbedtls_mpi_cmp_mpi( &YY, &RHS ) != 0 )
-        ret = MBEDTLS_ERR_ECP_INVALID_KEY;
-
-cleanup:
-
-    mbedtls_mpi_free( &YY ); mbedtls_mpi_free( &RHS );
-
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-/*
- * R = m * P with shortcuts for m == 0, m == 1 and m == -1
- * NOT constant-time - ONLY for short Weierstrass!
- */
-static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
-                                      mbedtls_ecp_point *R,
-                                      const mbedtls_mpi *m,
-                                      const mbedtls_ecp_point *P,
-                                      mbedtls_ecp_restart_ctx *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if( mbedtls_mpi_cmp_int( m, 0 ) == 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) );
-    }
-    else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
-    }
-    else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
-        if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 )
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) );
-    }
-    else
-    {
-        MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, R, m, P,
-                                                      NULL, NULL, rs_ctx ) );
-    }
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Restartable linear combination
- * NOT constant-time
- */
-int mbedtls_ecp_muladd_restartable(
-             mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
-             mbedtls_ecp_restart_ctx *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_point mP;
-    mbedtls_ecp_point *pmP = &mP;
-    mbedtls_ecp_point *pR = R;
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    char is_grp_capable = 0;
-#endif
-    ECP_VALIDATE_RET( grp != NULL );
-    ECP_VALIDATE_RET( R   != NULL );
-    ECP_VALIDATE_RET( m   != NULL );
-    ECP_VALIDATE_RET( P   != NULL );
-    ECP_VALIDATE_RET( n   != NULL );
-    ECP_VALIDATE_RET( Q   != NULL );
-
-    if( mbedtls_ecp_get_type( grp ) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-
-    mbedtls_ecp_point_init( &mP );
-
-    ECP_RS_ENTER( ma );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ma != NULL )
-    {
-        /* redirect intermediate results to restart context */
-        pmP = &rs_ctx->ma->mP;
-        pR  = &rs_ctx->ma->R;
-
-        /* jump to next operation */
-        if( rs_ctx->ma->state == ecp_rsma_mul2 )
-            goto mul2;
-        if( rs_ctx->ma->state == ecp_rsma_add )
-            goto add;
-        if( rs_ctx->ma->state == ecp_rsma_norm )
-            goto norm;
-    }
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pmP, m, P, rs_ctx ) );
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ma != NULL )
-        rs_ctx->ma->state = ecp_rsma_mul2;
-
-mul2:
-#endif
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR,  n, Q, rs_ctx ) );
-
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) )
-        MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ma != NULL )
-        rs_ctx->ma->state = ecp_rsma_add;
-
-add:
-#endif
-    MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_ADD );
-    MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) );
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ma != NULL )
-        rs_ctx->ma->state = ecp_rsma_norm;
-
-norm:
-#endif
-    MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV );
-    MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, pR ) );
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ma != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, pR ) );
-#endif
-
-cleanup:
-#if defined(MBEDTLS_ECP_INTERNAL_ALT)
-    if( is_grp_capable )
-        mbedtls_internal_ecp_free( grp );
-#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-
-    mbedtls_ecp_point_free( &mP );
-
-    ECP_RS_LEAVE( ma );
-
-    return( ret );
-}
-
-/*
- * Linear combination
- * NOT constant-time
- */
-int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             const mbedtls_mpi *n, const mbedtls_ecp_point *Q )
-{
-    ECP_VALIDATE_RET( grp != NULL );
-    ECP_VALIDATE_RET( R   != NULL );
-    ECP_VALIDATE_RET( m   != NULL );
-    ECP_VALIDATE_RET( P   != NULL );
-    ECP_VALIDATE_RET( n   != NULL );
-    ECP_VALIDATE_RET( Q   != NULL );
-    return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) );
-}
-#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}
-#define ECP_MPI_INIT_ARRAY(x)   \
-    ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x)
-/*
- * Constants for the two points other than 0, 1, -1 (mod p) in
- * https://cr.yp.to/ecdh.html#validate
- * See ecp_check_pubkey_x25519().
- */
-static const mbedtls_mpi_uint x25519_bad_point_1[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 ),
-};
-static const mbedtls_mpi_uint x25519_bad_point_2[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 ),
-};
-static const mbedtls_mpi ecp_x25519_bad_point_1 = ECP_MPI_INIT_ARRAY(
-        x25519_bad_point_1 );
-static const mbedtls_mpi ecp_x25519_bad_point_2 = ECP_MPI_INIT_ARRAY(
-        x25519_bad_point_2 );
-#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
-
-/*
- * Check that the input point is not one of the low-order points.
- * This is recommended by the "May the Fourth" paper:
- * https://eprint.iacr.org/2017/806.pdf
- * Those points are never sent by an honest peer.
- */
-static int ecp_check_bad_points_mx( const mbedtls_mpi *X, const mbedtls_mpi *P,
-                                    const mbedtls_ecp_group_id grp_id )
-{
-    int ret;
-    mbedtls_mpi XmP;
-
-    mbedtls_mpi_init( &XmP );
-
-    /* Reduce X mod P so that we only need to check values less than P.
-     * We know X < 2^256 so we can proceed by subtraction. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &XmP, X ) );
-    while( mbedtls_mpi_cmp_mpi( &XmP, P ) >= 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &XmP, &XmP, P ) );
-
-    /* Check against the known bad values that are less than P. For Curve448
-     * these are 0, 1 and -1. For Curve25519 we check the values less than P
-     * from the following list: https://cr.yp.to/ecdh.html#validate */
-    if( mbedtls_mpi_cmp_int( &XmP, 1 ) <= 0 ) /* takes care of 0 and 1 */
-    {
-        ret = MBEDTLS_ERR_ECP_INVALID_KEY;
-        goto cleanup;
-    }
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-    if( grp_id == MBEDTLS_ECP_DP_CURVE25519 )
-    {
-        if( mbedtls_mpi_cmp_mpi( &XmP, &ecp_x25519_bad_point_1 ) == 0 )
-        {
-            ret = MBEDTLS_ERR_ECP_INVALID_KEY;
-            goto cleanup;
-        }
-
-        if( mbedtls_mpi_cmp_mpi( &XmP, &ecp_x25519_bad_point_2 ) == 0 )
-        {
-            ret = MBEDTLS_ERR_ECP_INVALID_KEY;
-            goto cleanup;
-        }
-    }
-#else
-    (void) grp_id;
-#endif
-
-    /* Final check: check if XmP + 1 is P (final because it changes XmP!) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &XmP, &XmP, 1 ) );
-    if( mbedtls_mpi_cmp_mpi( &XmP, P ) == 0 )
-    {
-        ret = MBEDTLS_ERR_ECP_INVALID_KEY;
-        goto cleanup;
-    }
-
-    ret = 0;
-
-cleanup:
-    mbedtls_mpi_free( &XmP );
-
-    return( ret );
-}
-
-/*
- * Check validity of a public key for Montgomery curves with x-only schemes
- */
-static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt )
-{
-    /* [Curve25519 p. 5] Just check X is the correct number of bytes */
-    /* Allow any public value, if it's too big then we'll just reduce it mod p
-     * (RFC 7748 sec. 5 para. 3). */
-    if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 )
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
-
-    /* Implicit in all standards (as they don't consider negative numbers):
-     * X must be non-negative. This is normally ensured by the way it's
-     * encoded for transmission, but let's be extra sure. */
-    if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 )
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
-
-    return( ecp_check_bad_points_mx( &pt->X, &grp->P, grp->id ) );
-}
-#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
-
-/*
- * Check that a point is valid as a public key
- */
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
-                              const mbedtls_ecp_point *pt )
-{
-    ECP_VALIDATE_RET( grp != NULL );
-    ECP_VALIDATE_RET( pt  != NULL );
-
-    /* Must use affine coordinates */
-    if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 )
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
-
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-        return( ecp_check_pubkey_mx( grp, pt ) );
-#endif
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-        return( ecp_check_pubkey_sw( grp, pt ) );
-#endif
-    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-}
-
-/*
- * Check that an mbedtls_mpi is valid as a private key
- */
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
-                               const mbedtls_mpi *d )
-{
-    ECP_VALIDATE_RET( grp != NULL );
-    ECP_VALIDATE_RET( d   != NULL );
-
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-    {
-        /* see RFC 7748 sec. 5 para. 5 */
-        if( mbedtls_mpi_get_bit( d, 0 ) != 0 ||
-            mbedtls_mpi_get_bit( d, 1 ) != 0 ||
-            mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */
-            return( MBEDTLS_ERR_ECP_INVALID_KEY );
-
-        /* see [Curve25519] page 5 */
-        if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 )
-            return( MBEDTLS_ERR_ECP_INVALID_KEY );
-
-        return( 0 );
-    }
-#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-    {
-        /* see SEC1 3.2 */
-        if( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
-            mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
-            return( MBEDTLS_ERR_ECP_INVALID_KEY );
-        else
-            return( 0 );
-    }
-#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-
-    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-}
-
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-MBEDTLS_STATIC_TESTABLE
-int mbedtls_ecp_gen_privkey_mx( size_t high_bit,
-                                mbedtls_mpi *d,
-                                int (*f_rng)(void *, unsigned char *, size_t),
-                                void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-    size_t n_random_bytes = high_bit / 8 + 1;
-
-    /* [Curve25519] page 5 */
-    /* Generate a (high_bit+1)-bit random number by generating just enough
-     * random bytes, then shifting out extra bits from the top (necessary
-     * when (high_bit+1) is not a multiple of 8). */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_random_bytes,
-                                              f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_random_bytes - high_bit - 1 ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, high_bit, 1 ) );
-
-    /* Make sure the last two bits are unset for Curve448, three bits for
-       Curve25519 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
-    if( high_bit == 254 )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
-    }
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
-
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-static int mbedtls_ecp_gen_privkey_sw(
-    const mbedtls_mpi *N, mbedtls_mpi *d,
-    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret = mbedtls_mpi_random( d, 1, N, f_rng, p_rng );
-    switch( ret )
-    {
-        case MBEDTLS_ERR_MPI_NOT_ACCEPTABLE:
-            return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
-        default:
-            return( ret );
-    }
-}
-#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-
-/*
- * Generate a private key
- */
-int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
-                     mbedtls_mpi *d,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
-{
-    ECP_VALIDATE_RET( grp   != NULL );
-    ECP_VALIDATE_RET( d     != NULL );
-    ECP_VALIDATE_RET( f_rng != NULL );
-
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-        return( mbedtls_ecp_gen_privkey_mx( grp->nbits, d, f_rng, p_rng ) );
-#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
-
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-        return( mbedtls_ecp_gen_privkey_sw( &grp->N, d, f_rng, p_rng ) );
-#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-
-    return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-}
-
-/*
- * Generate a keypair with configurable base point
- */
-int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
-                     const mbedtls_ecp_point *G,
-                     mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ECP_VALIDATE_RET( grp   != NULL );
-    ECP_VALIDATE_RET( d     != NULL );
-    ECP_VALIDATE_RET( G     != NULL );
-    ECP_VALIDATE_RET( Q     != NULL );
-    ECP_VALIDATE_RET( f_rng != NULL );
-
-    MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) );
-
-cleanup:
-    return( ret );
-}
-
-/*
- * Generate key pair, wrapper for conventional base point
- */
-int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp,
-                             mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng )
-{
-    ECP_VALIDATE_RET( grp   != NULL );
-    ECP_VALIDATE_RET( d     != NULL );
-    ECP_VALIDATE_RET( Q     != NULL );
-    ECP_VALIDATE_RET( f_rng != NULL );
-
-    return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) );
-}
-
-/*
- * Generate a keypair, prettier wrapper
- */
-int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ECP_VALIDATE_RET( key   != NULL );
-    ECP_VALIDATE_RET( f_rng != NULL );
-
-    if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
-        return( ret );
-
-    return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) );
-}
-
-#define ECP_CURVE25519_KEY_SIZE 32
-/*
- * Read a private key.
- */
-int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
-                          const unsigned char *buf, size_t buflen )
-{
-    int ret = 0;
-
-    ECP_VALIDATE_RET( key  != NULL );
-    ECP_VALIDATE_RET( buf  != NULL );
-
-    if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
-        return( ret );
-
-    ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
-
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-    {
-        /*
-         * If it is Curve25519 curve then mask the key as mandated by RFC7748
-         */
-        if( grp_id == MBEDTLS_ECP_DP_CURVE25519 )
-        {
-            if( buflen != ECP_CURVE25519_KEY_SIZE )
-                return MBEDTLS_ERR_ECP_INVALID_KEY;
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &key->d, buf, buflen ) );
-
-            /* Set the three least significant bits to 0 */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 0, 0 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 1, 0 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 2, 0 ) );
-
-            /* Set the most significant bit to 0 */
-            MBEDTLS_MPI_CHK(
-                    mbedtls_mpi_set_bit( &key->d,
-                                         ECP_CURVE25519_KEY_SIZE * 8 - 1, 0 )
-                    );
-
-            /* Set the second most significant bit to 1 */
-            MBEDTLS_MPI_CHK(
-                    mbedtls_mpi_set_bit( &key->d,
-                                         ECP_CURVE25519_KEY_SIZE * 8 - 2, 1 )
-                    );
-        }
-        else
-            ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
-    }
-
-#endif
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &key->d, buf, buflen ) );
-
-        MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( &key->grp, &key->d ) );
-    }
-
-#endif
-cleanup:
-
-    if( ret != 0 )
-        mbedtls_mpi_free( &key->d );
-
-    return( ret );
-}
-
-/*
- * Write a private key.
- */
-int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key,
-                           unsigned char *buf, size_t buflen )
-{
-    int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
-
-    ECP_VALIDATE_RET( key != NULL );
-    ECP_VALIDATE_RET( buf != NULL );
-
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
-    {
-        if( key->grp.id == MBEDTLS_ECP_DP_CURVE25519 )
-        {
-            if( buflen < ECP_CURVE25519_KEY_SIZE )
-                return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &key->d, buf, buflen ) );
-        }
-        else
-            ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
-    }
-
-#endif
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &key->d, buf, buflen ) );
-    }
-
-#endif
-cleanup:
-
-    return( ret );
-}
-
-
-/*
- * Check a public-private key pair
- */
-int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_point Q;
-    mbedtls_ecp_group grp;
-    ECP_VALIDATE_RET( pub != NULL );
-    ECP_VALIDATE_RET( prv != NULL );
-
-    if( pub->grp.id == MBEDTLS_ECP_DP_NONE ||
-        pub->grp.id != prv->grp.id ||
-        mbedtls_mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) ||
-        mbedtls_mpi_cmp_mpi( &pub->Q.Y, &prv->Q.Y ) ||
-        mbedtls_mpi_cmp_mpi( &pub->Q.Z, &prv->Q.Z ) )
-    {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-    }
-
-    mbedtls_ecp_point_init( &Q );
-    mbedtls_ecp_group_init( &grp );
-
-    /* mbedtls_ecp_mul() needs a non-const group... */
-    mbedtls_ecp_group_copy( &grp, &prv->grp );
-
-    /* Also checks d is valid */
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) );
-
-    if( mbedtls_mpi_cmp_mpi( &Q.X, &prv->Q.X ) ||
-        mbedtls_mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) ||
-        mbedtls_mpi_cmp_mpi( &Q.Z, &prv->Q.Z ) )
-    {
-        ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-cleanup:
-    mbedtls_ecp_point_free( &Q );
-    mbedtls_ecp_group_free( &grp );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/* Adjust the exponent to be a valid private point for the specified curve.
- * This is sometimes necessary because we use a single set of exponents
- * for all curves but the validity of values depends on the curve. */
-static int self_test_adjust_exponent( const mbedtls_ecp_group *grp,
-                                      mbedtls_mpi *m )
-{
-    int ret = 0;
-    switch( grp->id )
-    {
-        /* If Curve25519 is available, then that's what we use for the
-         * Montgomery test, so we don't need the adjustment code. */
-#if ! defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-        case MBEDTLS_ECP_DP_CURVE448:
-            /* Move highest bit from 254 to N-1. Setting bit N-1 is
-             * necessary to enforce the highest-bit-set constraint. */
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( m, 254, 0 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( m, grp->nbits, 1 ) );
-            /* Copy second-highest bit from 253 to N-2. This is not
-             * necessary but improves the test variety a bit. */
-            MBEDTLS_MPI_CHK(
-                mbedtls_mpi_set_bit( m, grp->nbits - 1,
-                                     mbedtls_mpi_get_bit( m, 253 ) ) );
-            break;
-#endif
-#endif /* ! defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) */
-        default:
-            /* Non-Montgomery curves and Curve25519 need no adjustment. */
-            (void) grp;
-            (void) m;
-            goto cleanup;
-    }
-cleanup:
-    return( ret );
-}
-
-/* Calculate R = m.P for each m in exponents. Check that the number of
- * basic operations doesn't depend on the value of m. */
-static int self_test_point( int verbose,
-                            mbedtls_ecp_group *grp,
-                            mbedtls_ecp_point *R,
-                            mbedtls_mpi *m,
-                            const mbedtls_ecp_point *P,
-                            const char *const *exponents,
-                            size_t n_exponents )
-{
-    int ret = 0;
-    size_t i = 0;
-    unsigned long add_c_prev, dbl_c_prev, mul_c_prev;
-    add_count = 0;
-    dbl_count = 0;
-    mul_count = 0;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[0] ) );
-    MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) );
-
-    for( i = 1; i < n_exponents; i++ )
-    {
-        add_c_prev = add_count;
-        dbl_c_prev = dbl_count;
-        mul_c_prev = mul_count;
-        add_count = 0;
-        dbl_count = 0;
-        mul_count = 0;
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[i] ) );
-        MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) );
-
-        if( add_count != add_c_prev ||
-            dbl_count != dbl_c_prev ||
-            mul_count != mul_c_prev )
-        {
-            ret = 1;
-            break;
-        }
-    }
-
-cleanup:
-    if( verbose != 0 )
-    {
-        if( ret != 0 )
-            mbedtls_printf( "failed (%u)\n", (unsigned int) i );
-        else
-            mbedtls_printf( "passed\n" );
-    }
-    return( ret );
-}
-
-/*
- * Checkup routine
- */
-int mbedtls_ecp_self_test( int verbose )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_group grp;
-    mbedtls_ecp_point R, P;
-    mbedtls_mpi m;
-
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    /* Exponents especially adapted for secp192k1, which has the lowest
-     * order n of all supported curves (secp192r1 is in a slightly larger
-     * field but the order of its base point is slightly smaller). */
-    const char *sw_exponents[] =
-    {
-        "000000000000000000000000000000000000000000000001", /* one */
-        "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8C", /* n - 1 */
-        "5EA6F389A38B8BC81E767753B15AA5569E1782E30ABE7D25", /* random */
-        "400000000000000000000000000000000000000000000000", /* one and zeros */
-        "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", /* all ones */
-        "555555555555555555555555555555555555555555555555", /* 101010... */
-    };
-#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    const char *m_exponents[] =
-    {
-        /* Valid private values for Curve25519. In a build with Curve448
-         * but not Curve25519, they will be adjusted in
-         * self_test_adjust_exponent(). */
-        "4000000000000000000000000000000000000000000000000000000000000000",
-        "5C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C30",
-        "5715ECCE24583F7A7023C24164390586842E816D7280A49EF6DF4EAE6B280BF8",
-        "41A2B017516F6D254E1F002BCCBADD54BE30F8CEC737A0E912B4963B6BA74460",
-        "5555555555555555555555555555555555555555555555555555555555555550",
-        "7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8",
-    };
-#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
-
-    mbedtls_ecp_group_init( &grp );
-    mbedtls_ecp_point_init( &R );
-    mbedtls_ecp_point_init( &P );
-    mbedtls_mpi_init( &m );
-
-#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
-    /* Use secp192r1 if available, or any available curve */
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_SECP192R1 ) );
-#else
-    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, mbedtls_ecp_curve_list()->grp_id ) );
-#endif
-
-    if( verbose != 0 )
-        mbedtls_printf( "  ECP SW test #1 (constant op_count, base point G): " );
-    /* Do a dummy multiplication first to trigger precomputation */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &m, 2 ) );
-    MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, NULL, NULL ) );
-    ret = self_test_point( verbose,
-                           &grp, &R, &m, &grp.G,
-                           sw_exponents,
-                           sizeof( sw_exponents ) / sizeof( sw_exponents[0] ));
-    if( ret != 0 )
-        goto cleanup;
-
-    if( verbose != 0 )
-        mbedtls_printf( "  ECP SW test #2 (constant op_count, other point): " );
-    /* We computed P = 2G last time, use it */
-    ret = self_test_point( verbose,
-                           &grp, &R, &m, &P,
-                           sw_exponents,
-                           sizeof( sw_exponents ) / sizeof( sw_exponents[0] ));
-    if( ret != 0 )
-        goto cleanup;
-
-    mbedtls_ecp_group_free( &grp );
-    mbedtls_ecp_point_free( &R );
-#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-    if( verbose != 0 )
-        mbedtls_printf( "  ECP Montgomery test (constant op_count): " );
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE25519 ) );
-#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-    MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &grp, MBEDTLS_ECP_DP_CURVE448 ) );
-#else
-#error "MBEDTLS_ECP_MONTGOMERY_ENABLED is defined, but no curve is supported for self-test"
-#endif
-    ret = self_test_point( verbose,
-                           &grp, &R, &m, &grp.G,
-                           m_exponents,
-                           sizeof( m_exponents ) / sizeof( m_exponents[0] ));
-    if( ret != 0 )
-        goto cleanup;
-#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
-
-cleanup:
-
-    if( ret < 0 && verbose != 0 )
-        mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret );
-
-    mbedtls_ecp_group_free( &grp );
-    mbedtls_ecp_point_free( &R );
-    mbedtls_ecp_point_free( &P );
-    mbedtls_mpi_free( &m );
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* !MBEDTLS_ECP_ALT */
-
-#endif /* MBEDTLS_ECP_C */
diff --git a/Sources/mbedtls/library/ecp_curves.c b/Sources/mbedtls/library/ecp_curves.c
deleted file mode 100644
index 47761ee..0000000
--- a/Sources/mbedtls/library/ecp_curves.c
+++ /dev/null
@@ -1,1475 +0,0 @@
-/*
- *  Elliptic curves over GF(p): curve-specific data and functions
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_ECP_C)
-
-#include "mbedtls/ecp.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-#include "mbedtls/bn_mul.h"
-
-#include "ecp_invasive.h"
-
-#include <string.h>
-
-#if !defined(MBEDTLS_ECP_ALT)
-
-/* Parameter validation macros based on platform_util.h */
-#define ECP_VALIDATE_RET( cond )    \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA )
-#define ECP_VALIDATE( cond )        \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}
-
-#define ECP_MPI_INIT_ARRAY(x)   \
-    ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x)
-
-/*
- * Note: the constants are in little-endian order
- * to be directly usable in MPIs
- */
-
-/*
- * Domain parameters for secp192r1
- */
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-static const mbedtls_mpi_uint secp192r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-static const mbedtls_mpi_uint secp192r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ),
-};
-static const mbedtls_mpi_uint secp192r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
-};
-static const mbedtls_mpi_uint secp192r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
-};
-static const mbedtls_mpi_uint secp192r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-
-/*
- * Domain parameters for secp224r1
- */
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-static const mbedtls_mpi_uint secp224r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
-};
-static const mbedtls_mpi_uint secp224r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ),
-    MBEDTLS_BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ),
-};
-static const mbedtls_mpi_uint secp224r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
-    MBEDTLS_BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ),
-};
-static const mbedtls_mpi_uint secp224r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
-    MBEDTLS_BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ),
-};
-static const mbedtls_mpi_uint secp224r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-
-/*
- * Domain parameters for secp256r1
- */
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-static const mbedtls_mpi_uint secp256r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-static const mbedtls_mpi_uint secp256r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ),
-};
-static const mbedtls_mpi_uint secp256r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
-};
-static const mbedtls_mpi_uint secp256r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
-};
-static const mbedtls_mpi_uint secp256r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-
-/*
- * Domain parameters for secp384r1
- */
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-static const mbedtls_mpi_uint secp384r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-static const mbedtls_mpi_uint secp384r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ),
-};
-static const mbedtls_mpi_uint secp384r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
-};
-static const mbedtls_mpi_uint secp384r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
-};
-static const mbedtls_mpi_uint secp384r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-
-/*
- * Domain parameters for secp521r1
- */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-static const mbedtls_mpi_uint secp521r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
-};
-static const mbedtls_mpi_uint secp521r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ),
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x51, 0x00 ),
-};
-static const mbedtls_mpi_uint secp521r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_2( 0xC6, 0x00 ),
-};
-static const mbedtls_mpi_uint secp521r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x18, 0x01 ),
-};
-static const mbedtls_mpi_uint secp521r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-static const mbedtls_mpi_uint secp192k1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-static const mbedtls_mpi_uint secp192k1_a[] = {
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
-};
-static const mbedtls_mpi_uint secp192k1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x03, 0x00 ),
-};
-static const mbedtls_mpi_uint secp192k1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
-};
-static const mbedtls_mpi_uint secp192k1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
-};
-static const mbedtls_mpi_uint secp192k1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-static const mbedtls_mpi_uint secp224k1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-static const mbedtls_mpi_uint secp224k1_a[] = {
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
-};
-static const mbedtls_mpi_uint secp224k1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x05, 0x00 ),
-};
-static const mbedtls_mpi_uint secp224k1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
-    MBEDTLS_BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ),
-};
-static const mbedtls_mpi_uint secp224k1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
-    MBEDTLS_BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ),
-};
-static const mbedtls_mpi_uint secp224k1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-static const mbedtls_mpi_uint secp256k1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-static const mbedtls_mpi_uint secp256k1_a[] = {
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
-};
-static const mbedtls_mpi_uint secp256k1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_2( 0x07, 0x00 ),
-};
-static const mbedtls_mpi_uint secp256k1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
-};
-static const mbedtls_mpi_uint secp256k1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
-};
-static const mbedtls_mpi_uint secp256k1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
-};
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-
-/*
- * Domain parameters for brainpoolP256r1 (RFC 5639 3.4)
- */
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-static const mbedtls_mpi_uint brainpoolP256r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
-};
-static const mbedtls_mpi_uint brainpoolP256r1_a[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ),
-};
-static const mbedtls_mpi_uint brainpoolP256r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ),
-};
-static const mbedtls_mpi_uint brainpoolP256r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
-};
-static const mbedtls_mpi_uint brainpoolP256r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
-};
-static const mbedtls_mpi_uint brainpoolP256r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
-};
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-
-/*
- * Domain parameters for brainpoolP384r1 (RFC 5639 3.6)
- */
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-static const mbedtls_mpi_uint brainpoolP384r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
-};
-static const mbedtls_mpi_uint brainpoolP384r1_a[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ),
-};
-static const mbedtls_mpi_uint brainpoolP384r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
-};
-static const mbedtls_mpi_uint brainpoolP384r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
-};
-static const mbedtls_mpi_uint brainpoolP384r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
-};
-static const mbedtls_mpi_uint brainpoolP384r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
-};
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-
-/*
- * Domain parameters for brainpoolP512r1 (RFC 5639 3.7)
- */
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-static const mbedtls_mpi_uint brainpoolP512r1_p[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
-};
-static const mbedtls_mpi_uint brainpoolP512r1_a[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ),
-};
-static const mbedtls_mpi_uint brainpoolP512r1_b[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ),
-};
-static const mbedtls_mpi_uint brainpoolP512r1_gx[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
-};
-static const mbedtls_mpi_uint brainpoolP512r1_gy[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
-};
-static const mbedtls_mpi_uint brainpoolP512r1_n[] = {
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
-    MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
-};
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)   ||   \
-    defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)   ||   \
-    defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)   ||   \
-    defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-/* For these curves, we build the group parameters dynamically. */
-#define ECP_LOAD_GROUP
-#endif
-
-#if defined(ECP_LOAD_GROUP)
-/*
- * Create an MPI from embedded constants
- * (assumes len is an exact multiple of sizeof mbedtls_mpi_uint)
- */
-static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len )
-{
-    X->s = 1;
-    X->n = len / sizeof( mbedtls_mpi_uint );
-    X->p = (mbedtls_mpi_uint *) p;
-}
-
-/*
- * Set an MPI to static value 1
- */
-static inline void ecp_mpi_set1( mbedtls_mpi *X )
-{
-    static mbedtls_mpi_uint one[] = { 1 };
-    X->s = 1;
-    X->n = 1;
-    X->p = one;
-}
-
-/*
- * Make group available from embedded constants
- */
-static int ecp_group_load( mbedtls_ecp_group *grp,
-                           const mbedtls_mpi_uint *p,  size_t plen,
-                           const mbedtls_mpi_uint *a,  size_t alen,
-                           const mbedtls_mpi_uint *b,  size_t blen,
-                           const mbedtls_mpi_uint *gx, size_t gxlen,
-                           const mbedtls_mpi_uint *gy, size_t gylen,
-                           const mbedtls_mpi_uint *n,  size_t nlen)
-{
-    ecp_mpi_load( &grp->P, p, plen );
-    if( a != NULL )
-        ecp_mpi_load( &grp->A, a, alen );
-    ecp_mpi_load( &grp->B, b, blen );
-    ecp_mpi_load( &grp->N, n, nlen );
-
-    ecp_mpi_load( &grp->G.X, gx, gxlen );
-    ecp_mpi_load( &grp->G.Y, gy, gylen );
-    ecp_mpi_set1( &grp->G.Z );
-
-    grp->pbits = mbedtls_mpi_bitlen( &grp->P );
-    grp->nbits = mbedtls_mpi_bitlen( &grp->N );
-
-    grp->h = 1;
-
-    return( 0 );
-}
-#endif /* ECP_LOAD_GROUP */
-
-#if defined(MBEDTLS_ECP_NIST_OPTIM)
-/* Forward declarations */
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-static int ecp_mod_p192( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-static int ecp_mod_p224( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-static int ecp_mod_p256( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-static int ecp_mod_p384( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-static int ecp_mod_p521( mbedtls_mpi * );
-#endif
-
-#define NIST_MODP( P )      grp->modp = ecp_mod_ ## P;
-#else
-#define NIST_MODP( P )
-#endif /* MBEDTLS_ECP_NIST_OPTIM */
-
-/* Additional forward declarations */
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-static int ecp_mod_p255( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-static int ecp_mod_p448( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-static int ecp_mod_p192k1( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-static int ecp_mod_p224k1( mbedtls_mpi * );
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-static int ecp_mod_p256k1( mbedtls_mpi * );
-#endif
-
-#if defined(ECP_LOAD_GROUP)
-#define LOAD_GROUP_A( G )   ecp_group_load( grp,            \
-                            G ## _p,  sizeof( G ## _p  ),   \
-                            G ## _a,  sizeof( G ## _a  ),   \
-                            G ## _b,  sizeof( G ## _b  ),   \
-                            G ## _gx, sizeof( G ## _gx ),   \
-                            G ## _gy, sizeof( G ## _gy ),   \
-                            G ## _n,  sizeof( G ## _n  ) )
-
-#define LOAD_GROUP( G )     ecp_group_load( grp,            \
-                            G ## _p,  sizeof( G ## _p  ),   \
-                            NULL,     0,                    \
-                            G ## _b,  sizeof( G ## _b  ),   \
-                            G ## _gx, sizeof( G ## _gx ),   \
-                            G ## _gy, sizeof( G ## _gy ),   \
-                            G ## _n,  sizeof( G ## _n  ) )
-#endif /* ECP_LOAD_GROUP */
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-/* Constants used by ecp_use_curve25519() */
-static const mbedtls_mpi_sint curve25519_a24 = 0x01DB42;
-static const unsigned char curve25519_part_of_n[] = {
-    0x14, 0xDE, 0xF9, 0xDE, 0xA2, 0xF7, 0x9C, 0xD6,
-    0x58, 0x12, 0x63, 0x1A, 0x5C, 0xF5, 0xD3, 0xED,
-};
-
-/*
- * Specialized function for creating the Curve25519 group
- */
-static int ecp_use_curve25519( mbedtls_ecp_group *grp )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    /* Actually ( A + 2 ) / 4 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->A, curve25519_a24 ) );
-
-    /* P = 2^255 - 19 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 255 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) );
-    grp->pbits = mbedtls_mpi_bitlen( &grp->P );
-
-    /* N = 2^252 + 27742317777372353535851937790883648493 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &grp->N,
-                     curve25519_part_of_n, sizeof( curve25519_part_of_n ) ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) );
-
-    /* Y intentionally not set, since we use x/z coordinates.
-     * This is used as a marker to identify Montgomery curves! */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
-    mbedtls_mpi_free( &grp->G.Y );
-
-    /* Actually, the required msb for private keys */
-    grp->nbits = 254;
-
-cleanup:
-    if( ret != 0 )
-        mbedtls_ecp_group_free( grp );
-
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-/* Constants used by ecp_use_curve448() */
-static const mbedtls_mpi_sint curve448_a24 = 0x98AA;
-static const unsigned char curve448_part_of_n[] = {
-    0x83, 0x35, 0xDC, 0x16, 0x3B, 0xB1, 0x24,
-    0xB6, 0x51, 0x29, 0xC9, 0x6F, 0xDE, 0x93,
-    0x3D, 0x8D, 0x72, 0x3A, 0x70, 0xAA, 0xDC,
-    0x87, 0x3D, 0x6D, 0x54, 0xA7, 0xBB, 0x0D,
-};
-
-/*
- * Specialized function for creating the Curve448 group
- */
-static int ecp_use_curve448( mbedtls_ecp_group *grp )
-{
-    mbedtls_mpi Ns;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    mbedtls_mpi_init( &Ns );
-
-    /* Actually ( A + 2 ) / 4 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->A, curve448_a24 ) );
-
-    /* P = 2^448 - 2^224 - 1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &grp->P, 224 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 1 ) );
-    grp->pbits = mbedtls_mpi_bitlen( &grp->P );
-
-    /* Y intentionally not set, since we use x/z coordinates.
-     * This is used as a marker to identify Montgomery curves! */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 5 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );
-    mbedtls_mpi_free( &grp->G.Y );
-
-    /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &Ns,
-                        curve448_part_of_n, sizeof( curve448_part_of_n ) ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &grp->N, &grp->N, &Ns ) );
-
-    /* Actually, the required msb for private keys */
-    grp->nbits = 447;
-
-cleanup:
-    mbedtls_mpi_free( &Ns );
-    if( ret != 0 )
-        mbedtls_ecp_group_free( grp );
-
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
-
-/*
- * Set a group using well-known domain parameters
- */
-int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
-{
-    ECP_VALIDATE_RET( grp != NULL );
-    mbedtls_ecp_group_free( grp );
-
-    mbedtls_ecp_group_init( grp );
-
-    grp->id = id;
-
-    switch( id )
-    {
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP192R1:
-            NIST_MODP( p192 );
-            return( LOAD_GROUP( secp192r1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP224R1:
-            NIST_MODP( p224 );
-            return( LOAD_GROUP( secp224r1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP256R1:
-            NIST_MODP( p256 );
-            return( LOAD_GROUP( secp256r1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP384R1:
-            NIST_MODP( p384 );
-            return( LOAD_GROUP( secp384r1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP521R1:
-            NIST_MODP( p521 );
-            return( LOAD_GROUP( secp521r1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP192K1:
-            grp->modp = ecp_mod_p192k1;
-            return( LOAD_GROUP_A( secp192k1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP224K1:
-            grp->modp = ecp_mod_p224k1;
-            return( LOAD_GROUP_A( secp224k1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-        case MBEDTLS_ECP_DP_SECP256K1:
-            grp->modp = ecp_mod_p256k1;
-            return( LOAD_GROUP_A( secp256k1 ) );
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-        case MBEDTLS_ECP_DP_BP256R1:
-            return( LOAD_GROUP_A( brainpoolP256r1 ) );
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-        case MBEDTLS_ECP_DP_BP384R1:
-            return( LOAD_GROUP_A( brainpoolP384r1 ) );
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-        case MBEDTLS_ECP_DP_BP512R1:
-            return( LOAD_GROUP_A( brainpoolP512r1 ) );
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-        case MBEDTLS_ECP_DP_CURVE25519:
-            grp->modp = ecp_mod_p255;
-            return( ecp_use_curve25519( grp ) );
-#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-        case MBEDTLS_ECP_DP_CURVE448:
-            grp->modp = ecp_mod_p448;
-            return( ecp_use_curve448( grp ) );
-#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
-
-        default:
-            grp->id = MBEDTLS_ECP_DP_NONE;
-            return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
-    }
-}
-
-#if defined(MBEDTLS_ECP_NIST_OPTIM)
-/*
- * Fast reduction modulo the primes used by the NIST curves.
- *
- * These functions are critical for speed, but not needed for correct
- * operations. So, we make the choice to heavily rely on the internals of our
- * bignum library, which creates a tight coupling between these functions and
- * our MPI implementation.  However, the coupling between the ECP module and
- * MPI remains loose, since these functions can be deactivated at will.
- */
-
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-/*
- * Compared to the way things are presented in FIPS 186-3 D.2,
- * we proceed in columns, from right (least significant chunk) to left,
- * adding chunks to N in place, and keeping a carry for the next chunk.
- * This avoids moving things around in memory, and uselessly adding zeros,
- * compared to the more straightforward, line-oriented approach.
- *
- * For this prime we need to handle data in chunks of 64 bits.
- * Since this is always a multiple of our basic mbedtls_mpi_uint, we can
- * use a mbedtls_mpi_uint * to designate such a chunk, and small loops to handle it.
- */
-
-/* Add 64-bit chunks (dst += src) and update carry */
-static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_mpi_uint *carry )
-{
-    unsigned char i;
-    mbedtls_mpi_uint c = 0;
-    for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++, src++ )
-    {
-        *dst += c;      c  = ( *dst < c );
-        *dst += *src;   c += ( *dst < *src );
-    }
-    *carry += c;
-}
-
-/* Add carry to a 64-bit chunk and update carry */
-static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry )
-{
-    unsigned char i;
-    for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++ )
-    {
-        *dst += *carry;
-        *carry  = ( *dst < *carry );
-    }
-}
-
-#define WIDTH       8 / sizeof( mbedtls_mpi_uint )
-#define A( i )      N->p + (i) * WIDTH
-#define ADD( i )    add64( p, A( i ), &c )
-#define NEXT        p += WIDTH; carry64( p, &c )
-#define LAST        p += WIDTH; *p = c; while( ++p < end ) *p = 0
-
-/*
- * Fast quasi-reduction modulo p192 (FIPS 186-3 D.2.1)
- */
-static int ecp_mod_p192( mbedtls_mpi *N )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi_uint c = 0;
-    mbedtls_mpi_uint *p, *end;
-
-    /* Make sure we have enough blocks so that A(5) is legal */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, 6 * WIDTH ) );
-
-    p = N->p;
-    end = p + N->n;
-
-    ADD( 3 ); ADD( 5 );             NEXT; // A0 += A3 + A5
-    ADD( 3 ); ADD( 4 ); ADD( 5 );   NEXT; // A1 += A3 + A4 + A5
-    ADD( 4 ); ADD( 5 );             LAST; // A2 += A4 + A5
-
-cleanup:
-    return( ret );
-}
-
-#undef WIDTH
-#undef A
-#undef ADD
-#undef NEXT
-#undef LAST
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-/*
- * The reader is advised to first understand ecp_mod_p192() since the same
- * general structure is used here, but with additional complications:
- * (1) chunks of 32 bits, and (2) subtractions.
- */
-
-/*
- * For these primes, we need to handle data in chunks of 32 bits.
- * This makes it more complicated if we use 64 bits limbs in MPI,
- * which prevents us from using a uniform access method as for p192.
- *
- * So, we define a mini abstraction layer to access 32 bit chunks,
- * load them in 'cur' for work, and store them back from 'cur' when done.
- *
- * While at it, also define the size of N in terms of 32-bit chunks.
- */
-#define LOAD32      cur = A( i );
-
-#if defined(MBEDTLS_HAVE_INT32)  /* 32 bit */
-
-#define MAX32       N->n
-#define A( j )      N->p[j]
-#define STORE32     N->p[i] = cur;
-
-#else                               /* 64-bit */
-
-#define MAX32       N->n * 2
-#define A( j ) (j) % 2 ? (uint32_t)( N->p[(j)/2] >> 32 ) : \
-                         (uint32_t)( N->p[(j)/2] )
-#define STORE32                                   \
-    if( i % 2 ) {                                 \
-        N->p[i/2] &= 0x00000000FFFFFFFF;          \
-        N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32;        \
-    } else {                                      \
-        N->p[i/2] &= 0xFFFFFFFF00000000;          \
-        N->p[i/2] |= (mbedtls_mpi_uint) cur;                \
-    }
-
-#endif /* sizeof( mbedtls_mpi_uint ) */
-
-/*
- * Helpers for addition and subtraction of chunks, with signed carry.
- */
-static inline void add32( uint32_t *dst, uint32_t src, signed char *carry )
-{
-    *dst += src;
-    *carry += ( *dst < src );
-}
-
-static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
-{
-    *carry -= ( *dst < src );
-    *dst -= src;
-}
-
-#define ADD( j )    add32( &cur, A( j ), &c );
-#define SUB( j )    sub32( &cur, A( j ), &c );
-
-#define ciL    (sizeof(mbedtls_mpi_uint))         /* chars in limb  */
-#define biL    (ciL << 3)                         /* bits  in limb  */
-
-/*
- * Helpers for the main 'loop'
- */
-#define INIT( b )                                                       \
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;                    \
-    signed char c = 0, cc;                                              \
-    uint32_t cur;                                                       \
-    size_t i = 0, bits = (b);                                           \
-    /* N is the size of the product of two b-bit numbers, plus one */   \
-    /* limb for fix_negative */                                         \
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, ( b ) * 2 / biL + 1 ) );      \
-    LOAD32;
-
-#define NEXT                    \
-    STORE32; i++; LOAD32;       \
-    cc = c; c = 0;              \
-    if( cc < 0 )                \
-        sub32( &cur, -cc, &c ); \
-    else                        \
-        add32( &cur, cc, &c );  \
-
-#define LAST                                    \
-    STORE32; i++;                               \
-    cur = c > 0 ? c : 0; STORE32;               \
-    cur = 0; while( ++i < MAX32 ) { STORE32; }  \
-    if( c < 0 ) mbedtls_ecp_fix_negative( N, c, bits );
-
-/*
- * If the result is negative, we get it in the form
- * c * 2^bits + N, with c negative and N positive shorter than 'bits'
- */
-MBEDTLS_STATIC_TESTABLE
-void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits )
-{
-    size_t i;
-
-    /* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so
-     * set the absolute value to 0xfff...fff - N. There is no carry
-     * since we're subtracting from all-bits-one.  */
-    for( i = 0; i <= bits / 8 / sizeof( mbedtls_mpi_uint ); i++ )
-    {
-        N->p[i] = ~(mbedtls_mpi_uint)0 - N->p[i];
-    }
-    /* Add 1, taking care of the carry. */
-    i = 0;
-    do
-        ++N->p[i];
-    while( N->p[i++] == 0 && i <= bits / 8 / sizeof( mbedtls_mpi_uint ) );
-    /* Invert the sign.
-     * Now N = N0 - 2^bits where N0 is the initial value of N. */
-    N->s = -1;
-
-    /* Add |c| * 2^bits to the absolute value. Since c and N are
-    * negative, this adds c * 2^bits. */
-    mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c;
-#if defined(MBEDTLS_HAVE_INT64)
-    if( bits == 224 )
-        msw <<= 32;
-#endif
-    N->p[bits / 8 / sizeof( mbedtls_mpi_uint)] += msw;
-}
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-/*
- * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2)
- */
-static int ecp_mod_p224( mbedtls_mpi *N )
-{
-    INIT( 224 );
-
-    SUB(  7 ); SUB( 11 );               NEXT; // A0 += -A7 - A11
-    SUB(  8 ); SUB( 12 );               NEXT; // A1 += -A8 - A12
-    SUB(  9 ); SUB( 13 );               NEXT; // A2 += -A9 - A13
-    SUB( 10 ); ADD(  7 ); ADD( 11 );    NEXT; // A3 += -A10 + A7 + A11
-    SUB( 11 ); ADD(  8 ); ADD( 12 );    NEXT; // A4 += -A11 + A8 + A12
-    SUB( 12 ); ADD(  9 ); ADD( 13 );    NEXT; // A5 += -A12 + A9 + A13
-    SUB( 13 ); ADD( 10 );               LAST; // A6 += -A13 + A10
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-/*
- * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3)
- */
-static int ecp_mod_p256( mbedtls_mpi *N )
-{
-    INIT( 256 );
-
-    ADD(  8 ); ADD(  9 );
-    SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 );             NEXT; // A0
-
-    ADD(  9 ); ADD( 10 );
-    SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 );             NEXT; // A1
-
-    ADD( 10 ); ADD( 11 );
-    SUB( 13 ); SUB( 14 ); SUB( 15 );                        NEXT; // A2
-
-    ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 );
-    SUB( 15 ); SUB(  8 ); SUB(  9 );                        NEXT; // A3
-
-    ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 );
-    SUB(  9 ); SUB( 10 );                                   NEXT; // A4
-
-    ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 );
-    SUB( 10 ); SUB( 11 );                                   NEXT; // A5
-
-    ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 );
-    SUB(  8 ); SUB(  9 );                                   NEXT; // A6
-
-    ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 );
-    SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 );             LAST; // A7
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-/*
- * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4)
- */
-static int ecp_mod_p384( mbedtls_mpi *N )
-{
-    INIT( 384 );
-
-    ADD( 12 ); ADD( 21 ); ADD( 20 );
-    SUB( 23 );                                              NEXT; // A0
-
-    ADD( 13 ); ADD( 22 ); ADD( 23 );
-    SUB( 12 ); SUB( 20 );                                   NEXT; // A2
-
-    ADD( 14 ); ADD( 23 );
-    SUB( 13 ); SUB( 21 );                                   NEXT; // A2
-
-    ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 );
-    SUB( 14 ); SUB( 22 ); SUB( 23 );                        NEXT; // A3
-
-    ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 );
-    SUB( 15 ); SUB( 23 ); SUB( 23 );                        NEXT; // A4
-
-    ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 );
-    SUB( 16 );                                              NEXT; // A5
-
-    ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 );
-    SUB( 17 );                                              NEXT; // A6
-
-    ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 );
-    SUB( 18 );                                              NEXT; // A7
-
-    ADD( 20 ); ADD( 17 ); ADD( 16 );
-    SUB( 19 );                                              NEXT; // A8
-
-    ADD( 21 ); ADD( 18 ); ADD( 17 );
-    SUB( 20 );                                              NEXT; // A9
-
-    ADD( 22 ); ADD( 19 ); ADD( 18 );
-    SUB( 21 );                                              NEXT; // A10
-
-    ADD( 23 ); ADD( 20 ); ADD( 19 );
-    SUB( 22 );                                              LAST; // A11
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-
-#undef A
-#undef LOAD32
-#undef STORE32
-#undef MAX32
-#undef INIT
-#undef NEXT
-#undef LAST
-
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED ||
-          MBEDTLS_ECP_DP_SECP256R1_ENABLED ||
-          MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-/*
- * Here we have an actual Mersenne prime, so things are more straightforward.
- * However, chunks are aligned on a 'weird' boundary (521 bits).
- */
-
-/* Size of p521 in terms of mbedtls_mpi_uint */
-#define P521_WIDTH      ( 521 / 8 / sizeof( mbedtls_mpi_uint ) + 1 )
-
-/* Bits to keep in the most significant mbedtls_mpi_uint */
-#define P521_MASK       0x01FF
-
-/*
- * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5)
- * Write N as A1 + 2^521 A0, return A0 + A1
- */
-static int ecp_mod_p521( mbedtls_mpi *N )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i;
-    mbedtls_mpi M;
-    mbedtls_mpi_uint Mp[P521_WIDTH + 1];
-    /* Worst case for the size of M is when mbedtls_mpi_uint is 16 bits:
-     * we need to hold bits 513 to 1056, which is 34 limbs, that is
-     * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */
-
-    if( N->n < P521_WIDTH )
-        return( 0 );
-
-    /* M = A1 */
-    M.s = 1;
-    M.n = N->n - ( P521_WIDTH - 1 );
-    if( M.n > P521_WIDTH + 1 )
-        M.n = P521_WIDTH + 1;
-    M.p = Mp;
-    memcpy( Mp, N->p + P521_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 521 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) );
-
-    /* N = A0 */
-    N->p[P521_WIDTH - 1] &= P521_MASK;
-    for( i = P521_WIDTH; i < N->n; i++ )
-        N->p[i] = 0;
-
-    /* N = A0 + A1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
-
-cleanup:
-    return( ret );
-}
-
-#undef P521_WIDTH
-#undef P521_MASK
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-
-#endif /* MBEDTLS_ECP_NIST_OPTIM */
-
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-
-/* Size of p255 in terms of mbedtls_mpi_uint */
-#define P255_WIDTH      ( 255 / 8 / sizeof( mbedtls_mpi_uint ) + 1 )
-
-/*
- * Fast quasi-reduction modulo p255 = 2^255 - 19
- * Write N as A0 + 2^255 A1, return A0 + 19 * A1
- */
-static int ecp_mod_p255( mbedtls_mpi *N )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i;
-    mbedtls_mpi M;
-    mbedtls_mpi_uint Mp[P255_WIDTH + 2];
-
-    if( N->n < P255_WIDTH )
-        return( 0 );
-
-    /* M = A1 */
-    M.s = 1;
-    M.n = N->n - ( P255_WIDTH - 1 );
-    if( M.n > P255_WIDTH + 1 )
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-    M.p = Mp;
-    memset( Mp, 0, sizeof Mp );
-    memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 255 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) );
-    M.n++; /* Make room for multiplication by 19 */
-
-    /* N = A0 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( N, 255, 0 ) );
-    for( i = P255_WIDTH; i < N->n; i++ )
-        N->p[i] = 0;
-
-    /* N = A0 + 19 * A1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &M, 19 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-
-/* Size of p448 in terms of mbedtls_mpi_uint */
-#define P448_WIDTH      ( 448 / 8 / sizeof( mbedtls_mpi_uint ) )
-
-/* Number of limbs fully occupied by 2^224 (max), and limbs used by it (min) */
-#define DIV_ROUND_UP( X, Y ) ( ( ( X ) + ( Y ) - 1 ) / ( Y ) )
-#define P224_WIDTH_MIN   ( 28 / sizeof( mbedtls_mpi_uint ) )
-#define P224_WIDTH_MAX   DIV_ROUND_UP( 28, sizeof( mbedtls_mpi_uint ) )
-#define P224_UNUSED_BITS ( ( P224_WIDTH_MAX * sizeof( mbedtls_mpi_uint ) * 8 ) - 224 )
-
-/*
- * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1
- * Write N as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return
- * A0 + A1 + B1 + (B0 + B1) * 2^224.  This is different to the reference
- * implementation of Curve448, which uses its own special 56-bit limbs rather
- * than a generic bignum library.  We could squeeze some extra speed out on
- * 32-bit machines by splitting N up into 32-bit limbs and doing the
- * arithmetic using the limbs directly as we do for the NIST primes above,
- * but for 64-bit targets it should use half the number of operations if we do
- * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds.
- */
-static int ecp_mod_p448( mbedtls_mpi *N )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i;
-    mbedtls_mpi M, Q;
-    mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH];
-
-    if( N->n <= P448_WIDTH )
-        return( 0 );
-
-    /* M = A1 */
-    M.s = 1;
-    M.n = N->n - ( P448_WIDTH );
-    if( M.n > P448_WIDTH )
-        /* Shouldn't be called with N larger than 2^896! */
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
-    M.p = Mp;
-    memset( Mp, 0, sizeof( Mp ) );
-    memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) );
-
-    /* N = A0 */
-    for( i = P448_WIDTH; i < N->n; i++ )
-        N->p[i] = 0;
-
-    /* N += A1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
-
-    /* Q = B1, N += B1 */
-    Q = M;
-    Q.p = Qp;
-    memcpy( Qp, Mp, sizeof( Qp ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Q, 224 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &Q ) );
-
-    /* M = (B0 + B1) * 2^224, N += M */
-    if( sizeof( mbedtls_mpi_uint ) > 4 )
-        Mp[P224_WIDTH_MIN] &= ( (mbedtls_mpi_uint)-1 ) >> ( P224_UNUSED_BITS );
-    for( i = P224_WIDTH_MAX; i < M.n; ++i )
-        Mp[i] = 0;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &M, &M, &Q ) );
-    M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &M, 224 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &M ) );
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-/*
- * Fast quasi-reduction modulo P = 2^s - R,
- * with R about 33 bits, used by the Koblitz curves.
- *
- * Write N as A0 + 2^224 A1, return A0 + R * A1.
- * Actually do two passes, since R is big.
- */
-#define P_KOBLITZ_MAX   ( 256 / 8 / sizeof( mbedtls_mpi_uint ) )  // Max limbs in P
-#define P_KOBLITZ_R     ( 8 / sizeof( mbedtls_mpi_uint ) )        // Limbs in R
-static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
-                                   size_t adjust, size_t shift, mbedtls_mpi_uint mask )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i;
-    mbedtls_mpi M, R;
-    mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
-
-    if( N->n < p_limbs )
-        return( 0 );
-
-    /* Init R */
-    R.s = 1;
-    R.p = Rp;
-    R.n = P_KOBLITZ_R;
-
-    /* Common setup for M */
-    M.s = 1;
-    M.p = Mp;
-
-    /* M = A1 */
-    M.n = N->n - ( p_limbs - adjust );
-    if( M.n > p_limbs + adjust )
-        M.n = p_limbs + adjust;
-    memset( Mp, 0, sizeof Mp );
-    memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
-    if( shift != 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
-    M.n += R.n; /* Make room for multiplication by R */
-
-    /* N = A0 */
-    if( mask != 0 )
-        N->p[p_limbs - 1] &= mask;
-    for( i = p_limbs; i < N->n; i++ )
-        N->p[i] = 0;
-
-    /* N = A0 + R * A1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
-
-    /* Second pass */
-
-    /* M = A1 */
-    M.n = N->n - ( p_limbs - adjust );
-    if( M.n > p_limbs + adjust )
-        M.n = p_limbs + adjust;
-    memset( Mp, 0, sizeof Mp );
-    memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
-    if( shift != 0 )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) );
-    M.n += R.n; /* Make room for multiplication by R */
-
-    /* N = A0 */
-    if( mask != 0 )
-        N->p[p_limbs - 1] &= mask;
-    for( i = p_limbs; i < N->n; i++ )
-        N->p[i] = 0;
-
-    /* N = A0 + R * A1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &M, &M, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) );
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||
-          MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||
-          MBEDTLS_ECP_DP_SECP256K1_ENABLED) */
-
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-/*
- * Fast quasi-reduction modulo p192k1 = 2^192 - R,
- * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
- */
-static int ecp_mod_p192k1( mbedtls_mpi *N )
-{
-    static mbedtls_mpi_uint Rp[] = {
-        MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
-                                   0x00 ) };
-
-    return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
-                             0 ) );
-}
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-/*
- * Fast quasi-reduction modulo p224k1 = 2^224 - R,
- * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
- */
-static int ecp_mod_p224k1( mbedtls_mpi *N )
-{
-    static mbedtls_mpi_uint Rp[] = {
-        MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
-                                   0x00 ) };
-
-#if defined(MBEDTLS_HAVE_INT64)
-    return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) );
-#else
-    return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
-                             0 ) );
-#endif
-}
-
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-/*
- * Fast quasi-reduction modulo p256k1 = 2^256 - R,
- * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
- */
-static int ecp_mod_p256k1( mbedtls_mpi *N )
-{
-    static mbedtls_mpi_uint Rp[] = {
-        MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
-                                   0x00 ) };
-    return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
-                             0 ) );
-}
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-
-#endif /* !MBEDTLS_ECP_ALT */
-
-#endif /* MBEDTLS_ECP_C */
diff --git a/Sources/mbedtls/library/ecp_invasive.h b/Sources/mbedtls/library/ecp_invasive.h
deleted file mode 100644
index 71c7702..0000000
--- a/Sources/mbedtls/library/ecp_invasive.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/**
- * \file ecp_invasive.h
- *
- * \brief ECP module: interfaces for invasive testing only.
- *
- * The interfaces in this file are intended for testing purposes only.
- * They SHOULD NOT be made available in library integrations except when
- * building the library for testing.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#ifndef MBEDTLS_ECP_INVASIVE_H
-#define MBEDTLS_ECP_INVASIVE_H
-
-#include "common.h"
-#include "mbedtls/bignum.h"
-#include "mbedtls/ecp.h"
-
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ECP_C)
-
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ||   \
-    defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-/* Preconditions:
- *   - bits is a multiple of 64 or is 224
- *   - c is -1 or -2
- *   - 0 <= N < 2^bits
- *   - N has room for bits plus one limb
- *
- * Behavior:
- * Set N to c * 2^bits + old_value_of_N.
- */
-void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits );
-#endif
-
-#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
-/** Generate a private key on a Montgomery curve (Curve25519 or Curve448).
- *
- * This function implements key generation for the set of secret keys
- * specified in [Curve25519] p. 5 and in [Curve448]. The resulting value
- * has the lower bits masked but is not necessarily canonical.
- *
- * \note            - [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
- *                  - [RFC7748] https://tools.ietf.org/html/rfc7748
- *
- * \p high_bit      The position of the high-order bit of the key to generate.
- *                  This is the bit-size of the key minus 1:
- *                  254 for Curve25519 or 447 for Curve448.
- * \param d         The randomly generated key. This is a number of size
- *                  exactly \p n_bits + 1 bits, with the least significant bits
- *                  masked as specified in [Curve25519] and in [RFC7748] §5.
- * \param f_rng     The RNG function.
- * \param p_rng     The RNG context to be passed to \p f_rng.
- *
- * \return          \c 0 on success.
- * \return          \c MBEDTLS_ERR_ECP_xxx or MBEDTLS_ERR_MPI_xxx on failure.
- */
-int mbedtls_ecp_gen_privkey_mx( size_t n_bits,
-                                mbedtls_mpi *d,
-                                int (*f_rng)(void *, unsigned char *, size_t),
-                                void *p_rng );
-
-#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
-
-#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */
-
-#endif /* MBEDTLS_ECP_INVASIVE_H */
diff --git a/Sources/mbedtls/library/entropy.c b/Sources/mbedtls/library/entropy.c
deleted file mode 100644
index e3b337f..0000000
--- a/Sources/mbedtls/library/entropy.c
+++ /dev/null
@@ -1,728 +0,0 @@
-/*
- *  Entropy accumulator implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_ENTROPY_C)
-
-#if defined(MBEDTLS_TEST_NULL_ENTROPY)
-#warning "**** WARNING!  MBEDTLS_TEST_NULL_ENTROPY defined! "
-#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES "
-#warning "**** THIS BUILD IS *NOT* SUITABLE FOR PRODUCTION USE "
-#endif
-
-#include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#endif
-
-#include "mbedtls/platform.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_HAVEGE_C)
-#include "mbedtls/havege.h"
-#endif
-
-#define ENTROPY_MAX_LOOP    256     /**< Maximum amount to loop before error */
-
-void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
-{
-    ctx->source_count = 0;
-    memset( ctx->source, 0, sizeof( ctx->source ) );
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
-#endif
-
-    ctx->accumulator_started = 0;
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-    mbedtls_sha512_init( &ctx->accumulator );
-#else
-    mbedtls_sha256_init( &ctx->accumulator );
-#endif
-#if defined(MBEDTLS_HAVEGE_C)
-    mbedtls_havege_init( &ctx->havege_data );
-#endif
-
-    /* Reminder: Update ENTROPY_HAVE_STRONG in the test files
-     *           when adding more strong entropy sources here. */
-
-#if defined(MBEDTLS_TEST_NULL_ENTROPY)
-    mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL,
-                                1, MBEDTLS_ENTROPY_SOURCE_STRONG );
-#endif
-
-#if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
-#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
-    mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL,
-                                MBEDTLS_ENTROPY_MIN_PLATFORM,
-                                MBEDTLS_ENTROPY_SOURCE_STRONG );
-#endif
-#if defined(MBEDTLS_TIMING_C)
-    mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL,
-                                MBEDTLS_ENTROPY_MIN_HARDCLOCK,
-                                MBEDTLS_ENTROPY_SOURCE_WEAK );
-#endif
-#if defined(MBEDTLS_HAVEGE_C)
-    mbedtls_entropy_add_source( ctx, mbedtls_havege_poll, &ctx->havege_data,
-                                MBEDTLS_ENTROPY_MIN_HAVEGE,
-                                MBEDTLS_ENTROPY_SOURCE_STRONG );
-#endif
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-    mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL,
-                                MBEDTLS_ENTROPY_MIN_HARDWARE,
-                                MBEDTLS_ENTROPY_SOURCE_STRONG );
-#endif
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-    mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL,
-                                MBEDTLS_ENTROPY_BLOCK_SIZE,
-                                MBEDTLS_ENTROPY_SOURCE_STRONG );
-    ctx->initial_entropy_run = 0;
-#endif
-#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
-}
-
-void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
-{
-    /* If the context was already free, don't call free() again.
-     * This is important for mutexes which don't allow double-free. */
-    if( ctx->accumulator_started == -1 )
-        return;
-
-#if defined(MBEDTLS_HAVEGE_C)
-    mbedtls_havege_free( &ctx->havege_data );
-#endif
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &ctx->mutex );
-#endif
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-    mbedtls_sha512_free( &ctx->accumulator );
-#else
-    mbedtls_sha256_free( &ctx->accumulator );
-#endif
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-    ctx->initial_entropy_run = 0;
-#endif
-    ctx->source_count = 0;
-    mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) );
-    ctx->accumulator_started = -1;
-}
-
-int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
-                        mbedtls_entropy_f_source_ptr f_source, void *p_source,
-                        size_t threshold, int strong )
-{
-    int idx, ret = 0;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    idx = ctx->source_count;
-    if( idx >= MBEDTLS_ENTROPY_MAX_SOURCES )
-    {
-        ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES;
-        goto exit;
-    }
-
-    ctx->source[idx].f_source  = f_source;
-    ctx->source[idx].p_source  = p_source;
-    ctx->source[idx].threshold = threshold;
-    ctx->source[idx].strong    = strong;
-
-    ctx->source_count++;
-
-exit:
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-/*
- * Entropy accumulator update
- */
-static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id,
-                           const unsigned char *data, size_t len )
-{
-    unsigned char header[2];
-    unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE];
-    size_t use_len = len;
-    const unsigned char *p = data;
-    int ret = 0;
-
-    if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE )
-    {
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-        if( ( ret = mbedtls_sha512_ret( data, len, tmp, 0 ) ) != 0 )
-            goto cleanup;
-#else
-        if( ( ret = mbedtls_sha256_ret( data, len, tmp, 0 ) ) != 0 )
-            goto cleanup;
-#endif
-        p = tmp;
-        use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
-    }
-
-    header[0] = source_id;
-    header[1] = use_len & 0xFF;
-
-    /*
-     * Start the accumulator if this has not already happened. Note that
-     * it is sufficient to start the accumulator here only because all calls to
-     * gather entropy eventually execute this code.
-     */
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-    if( ctx->accumulator_started == 0 &&
-        ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
-        goto cleanup;
-    else
-        ctx->accumulator_started = 1;
-    if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
-        goto cleanup;
-    ret = mbedtls_sha512_update_ret( &ctx->accumulator, p, use_len );
-#else
-    if( ctx->accumulator_started == 0 &&
-        ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
-        goto cleanup;
-    else
-        ctx->accumulator_started = 1;
-    if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, header, 2 ) ) != 0 )
-        goto cleanup;
-    ret = mbedtls_sha256_update_ret( &ctx->accumulator, p, use_len );
-#endif
-
-cleanup:
-    mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
-
-    return( ret );
-}
-
-int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
-                           const unsigned char *data, size_t len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    ret = entropy_update( ctx, MBEDTLS_ENTROPY_SOURCE_MANUAL, data, len );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-/*
- * Run through the different sources to add entropy to our accumulator
- */
-static int entropy_gather_internal( mbedtls_entropy_context *ctx )
-{
-    int ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-    int i;
-    int have_one_strong = 0;
-    unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER];
-    size_t olen;
-
-    if( ctx->source_count == 0 )
-        return( MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED );
-
-    /*
-     * Run through our entropy sources
-     */
-    for( i = 0; i < ctx->source_count; i++ )
-    {
-        if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG )
-            have_one_strong = 1;
-
-        olen = 0;
-        if( ( ret = ctx->source[i].f_source( ctx->source[i].p_source,
-                        buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 )
-        {
-            goto cleanup;
-        }
-
-        /*
-         * Add if we actually gathered something
-         */
-        if( olen > 0 )
-        {
-            if( ( ret = entropy_update( ctx, (unsigned char) i,
-                                        buf, olen ) ) != 0 )
-                return( ret );
-            ctx->source[i].size += olen;
-        }
-    }
-
-    if( have_one_strong == 0 )
-        ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
-
-cleanup:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-
-    return( ret );
-}
-
-/*
- * Thread-safe wrapper for entropy_gather_internal()
- */
-int mbedtls_entropy_gather( mbedtls_entropy_context *ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    ret = entropy_gather_internal( ctx );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
-{
-    int ret, count = 0, i, thresholds_reached;
-    size_t strong_size;
-    mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data;
-    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
-
-    if( len > MBEDTLS_ENTROPY_BLOCK_SIZE )
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-    /* Update the NV entropy seed before generating any entropy for outside
-     * use.
-     */
-    if( ctx->initial_entropy_run == 0 )
-    {
-        ctx->initial_entropy_run = 1;
-        if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 )
-            return( ret );
-    }
-#endif
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    /*
-     * Always gather extra entropy before a call
-     */
-    do
-    {
-        if( count++ > ENTROPY_MAX_LOOP )
-        {
-            ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-            goto exit;
-        }
-
-        if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
-            goto exit;
-
-        thresholds_reached = 1;
-        strong_size = 0;
-        for( i = 0; i < ctx->source_count; i++ )
-        {
-            if( ctx->source[i].size < ctx->source[i].threshold )
-                thresholds_reached = 0;
-            if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG )
-                strong_size += ctx->source[i].size;
-        }
-    }
-    while( ! thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE );
-
-    memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
-
-#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-    /*
-     * Note that at this stage it is assumed that the accumulator was started
-     * in a previous call to entropy_update(). If this is not guaranteed, the
-     * code below will fail.
-     */
-    if( ( ret = mbedtls_sha512_finish_ret( &ctx->accumulator, buf ) ) != 0 )
-        goto exit;
-
-    /*
-     * Reset accumulator and counters and recycle existing entropy
-     */
-    mbedtls_sha512_free( &ctx->accumulator );
-    mbedtls_sha512_init( &ctx->accumulator );
-    if( ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, buf,
-                                           MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
-        goto exit;
-
-    /*
-     * Perform second SHA-512 on entropy
-     */
-    if( ( ret = mbedtls_sha512_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
-                                    buf, 0 ) ) != 0 )
-        goto exit;
-#else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
-    if( ( ret = mbedtls_sha256_finish_ret( &ctx->accumulator, buf ) ) != 0 )
-        goto exit;
-
-    /*
-     * Reset accumulator and counters and recycle existing entropy
-     */
-    mbedtls_sha256_free( &ctx->accumulator );
-    mbedtls_sha256_init( &ctx->accumulator );
-    if( ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, buf,
-                                           MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
-        goto exit;
-
-    /*
-     * Perform second SHA-256 on entropy
-     */
-    if( ( ret = mbedtls_sha256_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
-                                    buf, 0 ) ) != 0 )
-        goto exit;
-#endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
-
-    for( i = 0; i < ctx->source_count; i++ )
-        ctx->source[i].size = 0;
-
-    memcpy( output, buf, len );
-
-    ret = 0;
-
-exit:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
-{
-    int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
-    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
-
-    /* Read new seed  and write it to NV */
-    if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
-        return( ret );
-
-    if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
-        return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
-
-    /* Manually update the remaining stream with a separator value to diverge */
-    memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
-    ret = mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
-
-    return( ret );
-}
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    FILE *f = NULL;
-    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
-
-    if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
-    {
-        ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-        goto exit;
-    }
-
-    if( ( f = fopen( path, "wb" ) ) == NULL )
-    {
-        ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
-        goto exit;
-    }
-
-    if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE )
-    {
-        ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
-        goto exit;
-    }
-
-    ret = 0;
-
-exit:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-
-    if( f != NULL )
-        fclose( f );
-
-    return( ret );
-}
-
-int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path )
-{
-    int ret = 0;
-    FILE *f;
-    size_t n;
-    unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
-
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
-
-    fseek( f, 0, SEEK_END );
-    n = (size_t) ftell( f );
-    fseek( f, 0, SEEK_SET );
-
-    if( n > MBEDTLS_ENTROPY_MAX_SEED_SIZE )
-        n = MBEDTLS_ENTROPY_MAX_SEED_SIZE;
-
-    if( fread( buf, 1, n, f ) != n )
-        ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
-    else
-        ret = mbedtls_entropy_update_manual( ctx, buf, n );
-
-    fclose( f );
-
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-
-    if( ret != 0 )
-        return( ret );
-
-    return( mbedtls_entropy_write_seed_file( ctx, path ) );
-}
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_SELF_TEST)
-#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
-/*
- * Dummy source function
- */
-static int entropy_dummy_source( void *data, unsigned char *output,
-                                 size_t len, size_t *olen )
-{
-    ((void) data);
-
-    memset( output, 0x2a, len );
-    *olen = len;
-
-    return( 0 );
-}
-#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
-
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-
-static int mbedtls_entropy_source_self_test_gather( unsigned char *buf, size_t buf_len )
-{
-    int ret = 0;
-    size_t entropy_len = 0;
-    size_t olen = 0;
-    size_t attempts = buf_len;
-
-    while( attempts > 0 && entropy_len < buf_len )
-    {
-        if( ( ret = mbedtls_hardware_poll( NULL, buf + entropy_len,
-            buf_len - entropy_len, &olen ) ) != 0 )
-            return( ret );
-
-        entropy_len += olen;
-        attempts--;
-    }
-
-    if( entropy_len < buf_len )
-    {
-        ret = 1;
-    }
-
-    return( ret );
-}
-
-
-static int mbedtls_entropy_source_self_test_check_bits( const unsigned char *buf,
-                                                        size_t buf_len )
-{
-    unsigned char set= 0xFF;
-    unsigned char unset = 0x00;
-    size_t i;
-
-    for( i = 0; i < buf_len; i++ )
-    {
-        set &= buf[i];
-        unset |= buf[i];
-    }
-
-    return( set == 0xFF || unset == 0x00 );
-}
-
-/*
- * A test to ensure hat the entropy sources are functioning correctly
- * and there is no obvious failure. The test performs the following checks:
- *  - The entropy source is not providing only 0s (all bits unset) or 1s (all
- *    bits set).
- *  - The entropy source is not providing values in a pattern. Because the
- *    hardware could be providing data in an arbitrary length, this check polls
- *    the hardware entropy source twice and compares the result to ensure they
- *    are not equal.
- *  - The error code returned by the entropy source is not an error.
- */
-int mbedtls_entropy_source_self_test( int verbose )
-{
-    int ret = 0;
-    unsigned char buf0[2 * sizeof( unsigned long long int )];
-    unsigned char buf1[2 * sizeof( unsigned long long int )];
-
-    if( verbose != 0 )
-        mbedtls_printf( "  ENTROPY_BIAS test: " );
-
-    memset( buf0, 0x00, sizeof( buf0 ) );
-    memset( buf1, 0x00, sizeof( buf1 ) );
-
-    if( ( ret = mbedtls_entropy_source_self_test_gather( buf0, sizeof( buf0 ) ) ) != 0 )
-        goto cleanup;
-    if( ( ret = mbedtls_entropy_source_self_test_gather( buf1, sizeof( buf1 ) ) ) != 0 )
-        goto cleanup;
-
-    /* Make sure that the returned values are not all 0 or 1 */
-    if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf0, sizeof( buf0 ) ) ) != 0 )
-        goto cleanup;
-    if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf1, sizeof( buf1 ) ) ) != 0 )
-        goto cleanup;
-
-    /* Make sure that the entropy source is not returning values in a
-     * pattern */
-    ret = memcmp( buf0, buf1, sizeof( buf0 ) ) == 0;
-
-cleanup:
-    if( verbose != 0 )
-    {
-        if( ret != 0 )
-            mbedtls_printf( "failed\n" );
-        else
-            mbedtls_printf( "passed\n" );
-
-        mbedtls_printf( "\n" );
-    }
-
-    return( ret != 0 );
-}
-
-#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
-
-/*
- * The actual entropy quality is hard to test, but we can at least
- * test that the functions don't cause errors and write the correct
- * amount of data to buffers.
- */
-int mbedtls_entropy_self_test( int verbose )
-{
-    int ret = 1;
-#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
-    mbedtls_entropy_context ctx;
-    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
-    unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
-    size_t i, j;
-#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
-
-    if( verbose != 0 )
-        mbedtls_printf( "  ENTROPY test: " );
-
-#if !defined(MBEDTLS_TEST_NULL_ENTROPY)
-    mbedtls_entropy_init( &ctx );
-
-    /* First do a gather to make sure we have default sources */
-    if( ( ret = mbedtls_entropy_gather( &ctx ) ) != 0 )
-        goto cleanup;
-
-    ret = mbedtls_entropy_add_source( &ctx, entropy_dummy_source, NULL, 16,
-                                      MBEDTLS_ENTROPY_SOURCE_WEAK );
-    if( ret != 0 )
-        goto cleanup;
-
-    if( ( ret = mbedtls_entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
-        goto cleanup;
-
-    /*
-     * To test that mbedtls_entropy_func writes correct number of bytes:
-     * - use the whole buffer and rely on ASan to detect overruns
-     * - collect entropy 8 times and OR the result in an accumulator:
-     *   any byte should then be 0 with probably 2^(-64), so requiring
-     *   each of the 32 or 64 bytes to be non-zero has a false failure rate
-     *   of at most 2^(-58) which is acceptable.
-     */
-    for( i = 0; i < 8; i++ )
-    {
-        if( ( ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
-            goto cleanup;
-
-        for( j = 0; j < sizeof( buf ); j++ )
-            acc[j] |= buf[j];
-    }
-
-    for( j = 0; j < sizeof( buf ); j++ )
-    {
-        if( acc[j] == 0 )
-        {
-            ret = 1;
-            goto cleanup;
-        }
-    }
-
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-    if( ( ret = mbedtls_entropy_source_self_test( 0 ) ) != 0 )
-        goto cleanup;
-#endif
-
-cleanup:
-    mbedtls_entropy_free( &ctx );
-#endif /* !MBEDTLS_TEST_NULL_ENTROPY */
-
-    if( verbose != 0 )
-    {
-        if( ret != 0 )
-            mbedtls_printf( "failed\n" );
-        else
-            mbedtls_printf( "passed\n" );
-
-        mbedtls_printf( "\n" );
-    }
-
-    return( ret != 0 );
-}
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_ENTROPY_C */
diff --git a/Sources/mbedtls/library/entropy_poll.c b/Sources/mbedtls/library/entropy_poll.c
deleted file mode 100644
index a858c18..0000000
--- a/Sources/mbedtls/library/entropy_poll.c
+++ /dev/null
@@ -1,289 +0,0 @@
-/*
- *  Platform-specific and custom entropy polling functions
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#if defined(__linux__) && !defined(_GNU_SOURCE)
-/* Ensure that syscall() is available even when compiling with -std=c99 */
-#define _GNU_SOURCE
-#endif
-
-#include "common.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_ENTROPY_C)
-
-#include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
-#include "mbedtls/error.h"
-
-#if defined(MBEDTLS_TIMING_C)
-#include "mbedtls/timing.h"
-#endif
-#if defined(MBEDTLS_HAVEGE_C)
-#include "mbedtls/havege.h"
-#endif
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
-
-#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
-    !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
-    !defined(__HAIKU__) && !defined(__midipix__)
-#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in config.h"
-#endif
-
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-
-#if !defined(_WIN32_WINNT)
-#define _WIN32_WINNT 0x0400
-#endif
-#include <windows.h>
-#include <wincrypt.h>
-
-int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len,
-                           size_t *olen )
-{
-    HCRYPTPROV provider;
-    ((void) data);
-    *olen = 0;
-
-    if( CryptAcquireContext( &provider, NULL, NULL,
-                              PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
-    {
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-    }
-
-    if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
-    {
-        CryptReleaseContext( provider, 0 );
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-    }
-
-    CryptReleaseContext( provider, 0 );
-    *olen = len;
-
-    return( 0 );
-}
-#else /* _WIN32 && !EFIX64 && !EFI32 */
-
-/*
- * Test for Linux getrandom() support.
- * Since there is no wrapper in the libc yet, use the generic syscall wrapper
- * available in GNU libc and compatible libc's (eg uClibc).
- */
-#if ((defined(__linux__) && defined(__GLIBC__)) || defined(__midipix__))
-#include <unistd.h>
-#include <sys/syscall.h>
-#if defined(SYS_getrandom)
-#define HAVE_GETRANDOM
-#include <errno.h>
-
-static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
-{
-    /* MemSan cannot understand that the syscall writes to the buffer */
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer)
-    memset( buf, 0, buflen );
-#endif
-#endif
-    return( syscall( SYS_getrandom, buf, buflen, flags ) );
-}
-#endif /* SYS_getrandom */
-#endif /* __linux__ || __midipix__ */
-
-#if defined(__FreeBSD__) || defined(__DragonFly__)
-#include <sys/param.h>
-#if (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || \
-    (defined(__DragonFly__) && __DragonFly_version >= 500700)
-#include <errno.h>
-#include <sys/random.h>
-#define HAVE_GETRANDOM
-static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
-{
-    return getrandom( buf, buflen, flags );
-}
-#endif /* (__FreeBSD__ && __FreeBSD_version >= 1200000) ||
-          (__DragonFly__ && __DragonFly_version >= 500700) */
-#endif /* __FreeBSD__ || __DragonFly__ */
-
-/*
- * Some BSD systems provide KERN_ARND.
- * This is equivalent to reading from /dev/urandom, only it doesn't require an
- * open file descriptor, and provides up to 256 bytes per call (basically the
- * same as getentropy(), but with a longer history).
- *
- * Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7
- */
-#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(HAVE_GETRANDOM)
-#include <sys/param.h>
-#include <sys/sysctl.h>
-#if defined(KERN_ARND)
-#define HAVE_SYSCTL_ARND
-
-static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen )
-{
-    int name[2];
-    size_t len;
-
-    name[0] = CTL_KERN;
-    name[1] = KERN_ARND;
-
-    while( buflen > 0 )
-    {
-        len = buflen > 256 ? 256 : buflen;
-        if( sysctl(name, 2, buf, &len, NULL, 0) == -1 )
-            return( -1 );
-        buflen -= len;
-        buf += len;
-    }
-    return( 0 );
-}
-#endif /* KERN_ARND */
-#endif /* __FreeBSD__ || __NetBSD__ */
-
-#include <stdio.h>
-
-int mbedtls_platform_entropy_poll( void *data,
-                           unsigned char *output, size_t len, size_t *olen )
-{
-    FILE *file;
-    size_t read_len;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ((void) data);
-
-#if defined(HAVE_GETRANDOM)
-    ret = getrandom_wrapper( output, len, 0 );
-    if( ret >= 0 )
-    {
-        *olen = ret;
-        return( 0 );
-    }
-    else if( errno != ENOSYS )
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-    /* Fall through if the system call isn't known. */
-#else
-    ((void) ret);
-#endif /* HAVE_GETRANDOM */
-
-#if defined(HAVE_SYSCTL_ARND)
-    ((void) file);
-    ((void) read_len);
-    if( sysctl_arnd_wrapper( output, len ) == -1 )
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-    *olen = len;
-    return( 0 );
-#else
-
-    *olen = 0;
-
-    file = fopen( "/dev/urandom", "rb" );
-    if( file == NULL )
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-
-    read_len = fread( output, 1, len, file );
-    if( read_len != len )
-    {
-        fclose( file );
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-    }
-
-    fclose( file );
-    *olen = len;
-
-    return( 0 );
-#endif /* HAVE_SYSCTL_ARND */
-}
-#endif /* _WIN32 && !EFIX64 && !EFI32 */
-#endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */
-
-#if defined(MBEDTLS_TEST_NULL_ENTROPY)
-int mbedtls_null_entropy_poll( void *data,
-                    unsigned char *output, size_t len, size_t *olen )
-{
-    ((void) data);
-    ((void) output);
-
-    *olen = 0;
-    if( len < sizeof(unsigned char) )
-        return( 0 );
-
-    output[0] = 0;
-    *olen = sizeof(unsigned char);
-    return( 0 );
-}
-#endif
-
-#if defined(MBEDTLS_TIMING_C)
-int mbedtls_hardclock_poll( void *data,
-                    unsigned char *output, size_t len, size_t *olen )
-{
-    unsigned long timer = mbedtls_timing_hardclock();
-    ((void) data);
-    *olen = 0;
-
-    if( len < sizeof(unsigned long) )
-        return( 0 );
-
-    memcpy( output, &timer, sizeof(unsigned long) );
-    *olen = sizeof(unsigned long);
-
-    return( 0 );
-}
-#endif /* MBEDTLS_TIMING_C */
-
-#if defined(MBEDTLS_HAVEGE_C)
-int mbedtls_havege_poll( void *data,
-                 unsigned char *output, size_t len, size_t *olen )
-{
-    mbedtls_havege_state *hs = (mbedtls_havege_state *) data;
-    *olen = 0;
-
-    if( mbedtls_havege_random( hs, output, len ) != 0 )
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-
-    *olen = len;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_HAVEGE_C */
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-int mbedtls_nv_seed_poll( void *data,
-                          unsigned char *output, size_t len, size_t *olen )
-{
-    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
-    size_t use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
-    ((void) data);
-
-    memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
-
-    if( mbedtls_nv_seed_read( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
-      return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-
-    if( len < use_len )
-      use_len = len;
-
-    memcpy( output, buf, use_len );
-    *olen = use_len;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#endif /* MBEDTLS_ENTROPY_C */
diff --git a/Sources/mbedtls/library/error.c b/Sources/mbedtls/library/error.c
deleted file mode 100644
index 8573369..0000000
--- a/Sources/mbedtls/library/error.c
+++ /dev/null
@@ -1,976 +0,0 @@
-/*
- *  Error message information
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#include "mbedtls/error.h"
-
-#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
-
-#if defined(MBEDTLS_ERROR_C)
-
-#include "mbedtls/platform.h"
-
-#include <stdio.h>
-#include <string.h>
-
-#if defined(MBEDTLS_AES_C)
-#include "mbedtls/aes.h"
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
-#include "mbedtls/arc4.h"
-#endif
-
-#if defined(MBEDTLS_ARIA_C)
-#include "mbedtls/aria.h"
-#endif
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-#include "mbedtls/asn1.h"
-#endif
-
-#if defined(MBEDTLS_BASE64_C)
-#include "mbedtls/base64.h"
-#endif
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#endif
-
-#if defined(MBEDTLS_BLOWFISH_C)
-#include "mbedtls/blowfish.h"
-#endif
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#include "mbedtls/camellia.h"
-#endif
-
-#if defined(MBEDTLS_CCM_C)
-#include "mbedtls/ccm.h"
-#endif
-
-#if defined(MBEDTLS_CHACHA20_C)
-#include "mbedtls/chacha20.h"
-#endif
-
-#if defined(MBEDTLS_CHACHAPOLY_C)
-#include "mbedtls/chachapoly.h"
-#endif
-
-#if defined(MBEDTLS_CIPHER_C)
-#include "mbedtls/cipher.h"
-#endif
-
-#if defined(MBEDTLS_CMAC_C)
-#include "mbedtls/cmac.h"
-#endif
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/ctr_drbg.h"
-#endif
-
-#if defined(MBEDTLS_DES_C)
-#include "mbedtls/des.h"
-#endif
-
-#if defined(MBEDTLS_DHM_C)
-#include "mbedtls/dhm.h"
-#endif
-
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-
-#if defined(MBEDTLS_ENTROPY_C)
-#include "mbedtls/entropy.h"
-#endif
-
-#if defined(MBEDTLS_ERROR_C)
-#include "mbedtls/error.h"
-#endif
-
-#if defined(MBEDTLS_GCM_C)
-#include "mbedtls/gcm.h"
-#endif
-
-#if defined(MBEDTLS_HKDF_C)
-#include "mbedtls/hkdf.h"
-#endif
-
-#if defined(MBEDTLS_HMAC_DRBG_C)
-#include "mbedtls/hmac_drbg.h"
-#endif
-
-#if defined(MBEDTLS_MD_C)
-#include "mbedtls/md.h"
-#endif
-
-#if defined(MBEDTLS_MD2_C)
-#include "mbedtls/md2.h"
-#endif
-
-#if defined(MBEDTLS_MD4_C)
-#include "mbedtls/md4.h"
-#endif
-
-#if defined(MBEDTLS_MD5_C)
-#include "mbedtls/md5.h"
-#endif
-
-#if defined(MBEDTLS_NET_C)
-#include "mbedtls/net_sockets.h"
-#endif
-
-#if defined(MBEDTLS_OID_C)
-#include "mbedtls/oid.h"
-#endif
-
-#if defined(MBEDTLS_PADLOCK_C)
-#include "mbedtls/padlock.h"
-#endif
-
-#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
-#include "mbedtls/pem.h"
-#endif
-
-#if defined(MBEDTLS_PK_C)
-#include "mbedtls/pk.h"
-#endif
-
-#if defined(MBEDTLS_PKCS12_C)
-#include "mbedtls/pkcs12.h"
-#endif
-
-#if defined(MBEDTLS_PKCS5_C)
-#include "mbedtls/pkcs5.h"
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#endif
-
-#if defined(MBEDTLS_POLY1305_C)
-#include "mbedtls/poly1305.h"
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-#include "mbedtls/ripemd160.h"
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-#include "mbedtls/sha1.h"
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-#include "mbedtls/sha256.h"
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#include "mbedtls/sha512.h"
-#endif
-
-#if defined(MBEDTLS_SSL_TLS_C)
-#include "mbedtls/ssl.h"
-#endif
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-#include "mbedtls/x509.h"
-#endif
-
-#if defined(MBEDTLS_XTEA_C)
-#include "mbedtls/xtea.h"
-#endif
-
-
-const char * mbedtls_high_level_strerr( int error_code )
-{
-    int high_level_error_code;
-
-    if( error_code < 0 )
-        error_code = -error_code;
-
-    /* Extract the high-level part from the error code. */
-    high_level_error_code = error_code & 0xFF80;
-
-    switch( high_level_error_code )
-    {
-        /* Begin Auto-Generated Code. */
-#if defined(MBEDTLS_CIPHER_C)
-        case -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE):
-            return( "CIPHER - The selected feature is not available" );
-        case -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA):
-            return( "CIPHER - Bad input parameters" );
-        case -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED):
-            return( "CIPHER - Failed to allocate memory" );
-        case -(MBEDTLS_ERR_CIPHER_INVALID_PADDING):
-            return( "CIPHER - Input data contains invalid padding and is rejected" );
-        case -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED):
-            return( "CIPHER - Decryption of block requires a full block" );
-        case -(MBEDTLS_ERR_CIPHER_AUTH_FAILED):
-            return( "CIPHER - Authentication failed (for AEAD modes)" );
-        case -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT):
-            return( "CIPHER - The context is invalid. For example, because it was freed" );
-        case -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED):
-            return( "CIPHER - Cipher hardware accelerator failed" );
-#endif /* MBEDTLS_CIPHER_C */
-
-#if defined(MBEDTLS_DHM_C)
-        case -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA):
-            return( "DHM - Bad input parameters" );
-        case -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED):
-            return( "DHM - Reading of the DHM parameters failed" );
-        case -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED):
-            return( "DHM - Making of the DHM parameters failed" );
-        case -(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED):
-            return( "DHM - Reading of the public values failed" );
-        case -(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED):
-            return( "DHM - Making of the public value failed" );
-        case -(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED):
-            return( "DHM - Calculation of the DHM secret failed" );
-        case -(MBEDTLS_ERR_DHM_INVALID_FORMAT):
-            return( "DHM - The ASN.1 data is not formatted correctly" );
-        case -(MBEDTLS_ERR_DHM_ALLOC_FAILED):
-            return( "DHM - Allocation of memory failed" );
-        case -(MBEDTLS_ERR_DHM_FILE_IO_ERROR):
-            return( "DHM - Read or write of file failed" );
-        case -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED):
-            return( "DHM - DHM hardware accelerator failed" );
-        case -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED):
-            return( "DHM - Setting the modulus and generator failed" );
-#endif /* MBEDTLS_DHM_C */
-
-#if defined(MBEDTLS_ECP_C)
-        case -(MBEDTLS_ERR_ECP_BAD_INPUT_DATA):
-            return( "ECP - Bad input parameters to function" );
-        case -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL):
-            return( "ECP - The buffer is too small to write to" );
-        case -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE):
-            return( "ECP - The requested feature is not available, for example, the requested curve is not supported" );
-        case -(MBEDTLS_ERR_ECP_VERIFY_FAILED):
-            return( "ECP - The signature is not valid" );
-        case -(MBEDTLS_ERR_ECP_ALLOC_FAILED):
-            return( "ECP - Memory allocation failed" );
-        case -(MBEDTLS_ERR_ECP_RANDOM_FAILED):
-            return( "ECP - Generation of random value, such as ephemeral key, failed" );
-        case -(MBEDTLS_ERR_ECP_INVALID_KEY):
-            return( "ECP - Invalid private or public key" );
-        case -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH):
-            return( "ECP - The buffer contains a valid signature followed by more data" );
-        case -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED):
-            return( "ECP - The ECP hardware accelerator failed" );
-        case -(MBEDTLS_ERR_ECP_IN_PROGRESS):
-            return( "ECP - Operation in progress, call again with the same parameters to continue" );
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_MD_C)
-        case -(MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE):
-            return( "MD - The selected feature is not available" );
-        case -(MBEDTLS_ERR_MD_BAD_INPUT_DATA):
-            return( "MD - Bad input parameters to function" );
-        case -(MBEDTLS_ERR_MD_ALLOC_FAILED):
-            return( "MD - Failed to allocate memory" );
-        case -(MBEDTLS_ERR_MD_FILE_IO_ERROR):
-            return( "MD - Opening or reading of file failed" );
-        case -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED):
-            return( "MD - MD hardware accelerator failed" );
-#endif /* MBEDTLS_MD_C */
-
-#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
-        case -(MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT):
-            return( "PEM - No PEM header or footer found" );
-        case -(MBEDTLS_ERR_PEM_INVALID_DATA):
-            return( "PEM - PEM string is not as expected" );
-        case -(MBEDTLS_ERR_PEM_ALLOC_FAILED):
-            return( "PEM - Failed to allocate memory" );
-        case -(MBEDTLS_ERR_PEM_INVALID_ENC_IV):
-            return( "PEM - RSA IV is not in hex-format" );
-        case -(MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG):
-            return( "PEM - Unsupported key encryption algorithm" );
-        case -(MBEDTLS_ERR_PEM_PASSWORD_REQUIRED):
-            return( "PEM - Private key password can't be empty" );
-        case -(MBEDTLS_ERR_PEM_PASSWORD_MISMATCH):
-            return( "PEM - Given private key password does not allow for correct decryption" );
-        case -(MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE):
-            return( "PEM - Unavailable feature, e.g. hashing/encryption combination" );
-        case -(MBEDTLS_ERR_PEM_BAD_INPUT_DATA):
-            return( "PEM - Bad input parameters to function" );
-#endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */
-
-#if defined(MBEDTLS_PK_C)
-        case -(MBEDTLS_ERR_PK_ALLOC_FAILED):
-            return( "PK - Memory allocation failed" );
-        case -(MBEDTLS_ERR_PK_TYPE_MISMATCH):
-            return( "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" );
-        case -(MBEDTLS_ERR_PK_BAD_INPUT_DATA):
-            return( "PK - Bad input parameters to function" );
-        case -(MBEDTLS_ERR_PK_FILE_IO_ERROR):
-            return( "PK - Read/write of file failed" );
-        case -(MBEDTLS_ERR_PK_KEY_INVALID_VERSION):
-            return( "PK - Unsupported key version" );
-        case -(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT):
-            return( "PK - Invalid key tag or value" );
-        case -(MBEDTLS_ERR_PK_UNKNOWN_PK_ALG):
-            return( "PK - Key algorithm is unsupported (only RSA and EC are supported)" );
-        case -(MBEDTLS_ERR_PK_PASSWORD_REQUIRED):
-            return( "PK - Private key password can't be empty" );
-        case -(MBEDTLS_ERR_PK_PASSWORD_MISMATCH):
-            return( "PK - Given private key password does not allow for correct decryption" );
-        case -(MBEDTLS_ERR_PK_INVALID_PUBKEY):
-            return( "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" );
-        case -(MBEDTLS_ERR_PK_INVALID_ALG):
-            return( "PK - The algorithm tag or value is invalid" );
-        case -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE):
-            return( "PK - Elliptic curve is unsupported (only NIST curves are supported)" );
-        case -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE):
-            return( "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
-        case -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH):
-            return( "PK - The buffer contains a valid signature followed by more data" );
-        case -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED):
-            return( "PK - PK hardware accelerator failed" );
-#endif /* MBEDTLS_PK_C */
-
-#if defined(MBEDTLS_PKCS12_C)
-        case -(MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA):
-            return( "PKCS12 - Bad input parameters to function" );
-        case -(MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE):
-            return( "PKCS12 - Feature not available, e.g. unsupported encryption scheme" );
-        case -(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT):
-            return( "PKCS12 - PBE ASN.1 data not as expected" );
-        case -(MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH):
-            return( "PKCS12 - Given private key password does not allow for correct decryption" );
-#endif /* MBEDTLS_PKCS12_C */
-
-#if defined(MBEDTLS_PKCS5_C)
-        case -(MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA):
-            return( "PKCS5 - Bad input parameters to function" );
-        case -(MBEDTLS_ERR_PKCS5_INVALID_FORMAT):
-            return( "PKCS5 - Unexpected ASN.1 data" );
-        case -(MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE):
-            return( "PKCS5 - Requested encryption or digest alg not available" );
-        case -(MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH):
-            return( "PKCS5 - Given private key password does not allow for correct decryption" );
-#endif /* MBEDTLS_PKCS5_C */
-
-#if defined(MBEDTLS_RSA_C)
-        case -(MBEDTLS_ERR_RSA_BAD_INPUT_DATA):
-            return( "RSA - Bad input parameters to function" );
-        case -(MBEDTLS_ERR_RSA_INVALID_PADDING):
-            return( "RSA - Input data contains invalid padding and is rejected" );
-        case -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED):
-            return( "RSA - Something failed during generation of a key" );
-        case -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED):
-            return( "RSA - Key failed to pass the validity check of the library" );
-        case -(MBEDTLS_ERR_RSA_PUBLIC_FAILED):
-            return( "RSA - The public key operation failed" );
-        case -(MBEDTLS_ERR_RSA_PRIVATE_FAILED):
-            return( "RSA - The private key operation failed" );
-        case -(MBEDTLS_ERR_RSA_VERIFY_FAILED):
-            return( "RSA - The PKCS#1 verification failed" );
-        case -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE):
-            return( "RSA - The output buffer for decryption is not large enough" );
-        case -(MBEDTLS_ERR_RSA_RNG_FAILED):
-            return( "RSA - The random generator failed to generate non-zeros" );
-        case -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION):
-            return( "RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality" );
-        case -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED):
-            return( "RSA - RSA hardware accelerator failed" );
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_SSL_TLS_C)
-        case -(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE):
-            return( "SSL - The requested feature is not available" );
-        case -(MBEDTLS_ERR_SSL_BAD_INPUT_DATA):
-            return( "SSL - Bad input parameters to function" );
-        case -(MBEDTLS_ERR_SSL_INVALID_MAC):
-            return( "SSL - Verification of the message MAC failed" );
-        case -(MBEDTLS_ERR_SSL_INVALID_RECORD):
-            return( "SSL - An invalid SSL record was received" );
-        case -(MBEDTLS_ERR_SSL_CONN_EOF):
-            return( "SSL - The connection indicated an EOF" );
-        case -(MBEDTLS_ERR_SSL_UNKNOWN_CIPHER):
-            return( "SSL - An unknown cipher was received" );
-        case -(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN):
-            return( "SSL - The server has no ciphersuites in common with the client" );
-        case -(MBEDTLS_ERR_SSL_NO_RNG):
-            return( "SSL - No RNG was provided to the SSL module" );
-        case -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE):
-            return( "SSL - No client certification received from the client, but required by the authentication mode" );
-        case -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE):
-            return( "SSL - Our own certificate(s) is/are too large to send in an SSL message" );
-        case -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED):
-            return( "SSL - The own certificate is not set, but needed by the server" );
-        case -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED):
-            return( "SSL - The own private key or pre-shared key is not set, but needed" );
-        case -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED):
-            return( "SSL - No CA Chain is set, but required to operate" );
-        case -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE):
-            return( "SSL - An unexpected message was received from our peer" );
-        case -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE):
-            return( "SSL - A fatal alert message was received from our peer" );
-        case -(MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED):
-            return( "SSL - Verification of our peer failed" );
-        case -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY):
-            return( "SSL - The peer notified us that the connection is going to be closed" );
-        case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO):
-            return( "SSL - Processing of the ClientHello handshake message failed" );
-        case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO):
-            return( "SSL - Processing of the ServerHello handshake message failed" );
-        case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE):
-            return( "SSL - Processing of the Certificate handshake message failed" );
-        case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST):
-            return( "SSL - Processing of the CertificateRequest handshake message failed" );
-        case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE):
-            return( "SSL - Processing of the ServerKeyExchange handshake message failed" );
-        case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE):
-            return( "SSL - Processing of the ServerHelloDone handshake message failed" );
-        case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE):
-            return( "SSL - Processing of the ClientKeyExchange handshake message failed" );
-        case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP):
-            return( "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public" );
-        case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS):
-            return( "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret" );
-        case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY):
-            return( "SSL - Processing of the CertificateVerify handshake message failed" );
-        case -(MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC):
-            return( "SSL - Processing of the ChangeCipherSpec handshake message failed" );
-        case -(MBEDTLS_ERR_SSL_BAD_HS_FINISHED):
-            return( "SSL - Processing of the Finished handshake message failed" );
-        case -(MBEDTLS_ERR_SSL_ALLOC_FAILED):
-            return( "SSL - Memory allocation failed" );
-        case -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED):
-            return( "SSL - Hardware acceleration function returned with error" );
-        case -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH):
-            return( "SSL - Hardware acceleration function skipped / left alone data" );
-        case -(MBEDTLS_ERR_SSL_COMPRESSION_FAILED):
-            return( "SSL - Processing of the compression / decompression failed" );
-        case -(MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION):
-            return( "SSL - Handshake protocol not within min/max boundaries" );
-        case -(MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET):
-            return( "SSL - Processing of the NewSessionTicket handshake message failed" );
-        case -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED):
-            return( "SSL - Session ticket has expired" );
-        case -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH):
-            return( "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" );
-        case -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY):
-            return( "SSL - Unknown identity received (eg, PSK identity)" );
-        case -(MBEDTLS_ERR_SSL_INTERNAL_ERROR):
-            return( "SSL - Internal error (eg, unexpected failure in lower-level module)" );
-        case -(MBEDTLS_ERR_SSL_COUNTER_WRAPPING):
-            return( "SSL - A counter would wrap (eg, too many messages exchanged)" );
-        case -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO):
-            return( "SSL - Unexpected message at ServerHello in renegotiation" );
-        case -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED):
-            return( "SSL - DTLS client must retry for hello verification" );
-        case -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL):
-            return( "SSL - A buffer is too small to receive or write a message" );
-        case -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE):
-            return( "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" );
-        case -(MBEDTLS_ERR_SSL_WANT_READ):
-            return( "SSL - No data of requested type currently available on underlying transport" );
-        case -(MBEDTLS_ERR_SSL_WANT_WRITE):
-            return( "SSL - Connection requires a write call" );
-        case -(MBEDTLS_ERR_SSL_TIMEOUT):
-            return( "SSL - The operation timed out" );
-        case -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT):
-            return( "SSL - The client initiated a reconnect from the same port" );
-        case -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD):
-            return( "SSL - Record header looks valid but is not expected" );
-        case -(MBEDTLS_ERR_SSL_NON_FATAL):
-            return( "SSL - The alert message received indicates a non-fatal error" );
-        case -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH):
-            return( "SSL - Couldn't set the hash for verifying CertificateVerify" );
-        case -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING):
-            return( "SSL - Internal-only message signaling that further message-processing should be done" );
-        case -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS):
-            return( "SSL - The asynchronous operation is not completed yet" );
-        case -(MBEDTLS_ERR_SSL_EARLY_MESSAGE):
-            return( "SSL - Internal-only message signaling that a message arrived early" );
-        case -(MBEDTLS_ERR_SSL_UNEXPECTED_CID):
-            return( "SSL - An encrypted DTLS-frame with an unexpected CID was received" );
-        case -(MBEDTLS_ERR_SSL_VERSION_MISMATCH):
-            return( "SSL - An operation failed due to an unexpected version or configuration" );
-        case -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS):
-            return( "SSL - A cryptographic operation is in progress. Try again later" );
-        case -(MBEDTLS_ERR_SSL_BAD_CONFIG):
-            return( "SSL - Invalid value in SSL config" );
-#endif /* MBEDTLS_SSL_TLS_C */
-
-#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
-        case -(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE):
-            return( "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" );
-        case -(MBEDTLS_ERR_X509_UNKNOWN_OID):
-            return( "X509 - Requested OID is unknown" );
-        case -(MBEDTLS_ERR_X509_INVALID_FORMAT):
-            return( "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" );
-        case -(MBEDTLS_ERR_X509_INVALID_VERSION):
-            return( "X509 - The CRT/CRL/CSR version element is invalid" );
-        case -(MBEDTLS_ERR_X509_INVALID_SERIAL):
-            return( "X509 - The serial tag or value is invalid" );
-        case -(MBEDTLS_ERR_X509_INVALID_ALG):
-            return( "X509 - The algorithm tag or value is invalid" );
-        case -(MBEDTLS_ERR_X509_INVALID_NAME):
-            return( "X509 - The name tag or value is invalid" );
-        case -(MBEDTLS_ERR_X509_INVALID_DATE):
-            return( "X509 - The date tag or value is invalid" );
-        case -(MBEDTLS_ERR_X509_INVALID_SIGNATURE):
-            return( "X509 - The signature tag or value invalid" );
-        case -(MBEDTLS_ERR_X509_INVALID_EXTENSIONS):
-            return( "X509 - The extension tag or value is invalid" );
-        case -(MBEDTLS_ERR_X509_UNKNOWN_VERSION):
-            return( "X509 - CRT/CRL/CSR has an unsupported version number" );
-        case -(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG):
-            return( "X509 - Signature algorithm (oid) is unsupported" );
-        case -(MBEDTLS_ERR_X509_SIG_MISMATCH):
-            return( "X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)" );
-        case -(MBEDTLS_ERR_X509_CERT_VERIFY_FAILED):
-            return( "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" );
-        case -(MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT):
-            return( "X509 - Format not recognized as DER or PEM" );
-        case -(MBEDTLS_ERR_X509_BAD_INPUT_DATA):
-            return( "X509 - Input invalid" );
-        case -(MBEDTLS_ERR_X509_ALLOC_FAILED):
-            return( "X509 - Allocation of memory failed" );
-        case -(MBEDTLS_ERR_X509_FILE_IO_ERROR):
-            return( "X509 - Read/write of file failed" );
-        case -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL):
-            return( "X509 - Destination buffer is too small" );
-        case -(MBEDTLS_ERR_X509_FATAL_ERROR):
-            return( "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed" );
-#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
-        /* End Auto-Generated Code. */
-
-        default:
-            break;
-    }
-
-    return( NULL );
-}
-
-const char * mbedtls_low_level_strerr( int error_code )
-{
-    int low_level_error_code;
-
-    if( error_code < 0 )
-        error_code = -error_code;
-
-    /* Extract the low-level part from the error code. */
-    low_level_error_code = error_code & ~0xFF80;
-
-    switch( low_level_error_code )
-    {
-        /* Begin Auto-Generated Code. */
-#if defined(MBEDTLS_AES_C)
-        case -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH):
-            return( "AES - Invalid key length" );
-        case -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH):
-            return( "AES - Invalid data input length" );
-        case -(MBEDTLS_ERR_AES_BAD_INPUT_DATA):
-            return( "AES - Invalid input data" );
-        case -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE):
-            return( "AES - Feature not available. For example, an unsupported AES key size" );
-        case -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED):
-            return( "AES - AES hardware accelerator failed" );
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-        case -(MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED):
-            return( "ARC4 - ARC4 hardware accelerator failed" );
-#endif /* MBEDTLS_ARC4_C */
-
-#if defined(MBEDTLS_ARIA_C)
-        case -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA):
-            return( "ARIA - Bad input data" );
-        case -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH):
-            return( "ARIA - Invalid data input length" );
-        case -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE):
-            return( "ARIA - Feature not available. For example, an unsupported ARIA key size" );
-        case -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED):
-            return( "ARIA - ARIA hardware accelerator failed" );
-#endif /* MBEDTLS_ARIA_C */
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-        case -(MBEDTLS_ERR_ASN1_OUT_OF_DATA):
-            return( "ASN1 - Out of data when parsing an ASN1 data structure" );
-        case -(MBEDTLS_ERR_ASN1_UNEXPECTED_TAG):
-            return( "ASN1 - ASN1 tag was of an unexpected value" );
-        case -(MBEDTLS_ERR_ASN1_INVALID_LENGTH):
-            return( "ASN1 - Error when trying to determine the length or invalid length" );
-        case -(MBEDTLS_ERR_ASN1_LENGTH_MISMATCH):
-            return( "ASN1 - Actual length differs from expected length" );
-        case -(MBEDTLS_ERR_ASN1_INVALID_DATA):
-            return( "ASN1 - Data is invalid" );
-        case -(MBEDTLS_ERR_ASN1_ALLOC_FAILED):
-            return( "ASN1 - Memory allocation failed" );
-        case -(MBEDTLS_ERR_ASN1_BUF_TOO_SMALL):
-            return( "ASN1 - Buffer too small when writing ASN.1 data structure" );
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-#if defined(MBEDTLS_BASE64_C)
-        case -(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL):
-            return( "BASE64 - Output buffer too small" );
-        case -(MBEDTLS_ERR_BASE64_INVALID_CHARACTER):
-            return( "BASE64 - Invalid character in input" );
-#endif /* MBEDTLS_BASE64_C */
-
-#if defined(MBEDTLS_BIGNUM_C)
-        case -(MBEDTLS_ERR_MPI_FILE_IO_ERROR):
-            return( "BIGNUM - An error occurred while reading from or writing to a file" );
-        case -(MBEDTLS_ERR_MPI_BAD_INPUT_DATA):
-            return( "BIGNUM - Bad input parameters to function" );
-        case -(MBEDTLS_ERR_MPI_INVALID_CHARACTER):
-            return( "BIGNUM - There is an invalid character in the digit string" );
-        case -(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL):
-            return( "BIGNUM - The buffer is too small to write to" );
-        case -(MBEDTLS_ERR_MPI_NEGATIVE_VALUE):
-            return( "BIGNUM - The input arguments are negative or result in illegal output" );
-        case -(MBEDTLS_ERR_MPI_DIVISION_BY_ZERO):
-            return( "BIGNUM - The input argument for division is zero, which is not allowed" );
-        case -(MBEDTLS_ERR_MPI_NOT_ACCEPTABLE):
-            return( "BIGNUM - The input arguments are not acceptable" );
-        case -(MBEDTLS_ERR_MPI_ALLOC_FAILED):
-            return( "BIGNUM - Memory allocation failed" );
-#endif /* MBEDTLS_BIGNUM_C */
-
-#if defined(MBEDTLS_BLOWFISH_C)
-        case -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA):
-            return( "BLOWFISH - Bad input data" );
-        case -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH):
-            return( "BLOWFISH - Invalid data input length" );
-        case -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED):
-            return( "BLOWFISH - Blowfish hardware accelerator failed" );
-#endif /* MBEDTLS_BLOWFISH_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-        case -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA):
-            return( "CAMELLIA - Bad input data" );
-        case -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH):
-            return( "CAMELLIA - Invalid data input length" );
-        case -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED):
-            return( "CAMELLIA - Camellia hardware accelerator failed" );
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_CCM_C)
-        case -(MBEDTLS_ERR_CCM_BAD_INPUT):
-            return( "CCM - Bad input parameters to the function" );
-        case -(MBEDTLS_ERR_CCM_AUTH_FAILED):
-            return( "CCM - Authenticated decryption failed" );
-        case -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED):
-            return( "CCM - CCM hardware accelerator failed" );
-#endif /* MBEDTLS_CCM_C */
-
-#if defined(MBEDTLS_CHACHA20_C)
-        case -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA):
-            return( "CHACHA20 - Invalid input parameter(s)" );
-        case -(MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE):
-            return( "CHACHA20 - Feature not available. For example, s part of the API is not implemented" );
-        case -(MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED):
-            return( "CHACHA20 - Chacha20 hardware accelerator failed" );
-#endif /* MBEDTLS_CHACHA20_C */
-
-#if defined(MBEDTLS_CHACHAPOLY_C)
-        case -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE):
-            return( "CHACHAPOLY - The requested operation is not permitted in the current state" );
-        case -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED):
-            return( "CHACHAPOLY - Authenticated decryption failed: data was not authentic" );
-#endif /* MBEDTLS_CHACHAPOLY_C */
-
-#if defined(MBEDTLS_CMAC_C)
-        case -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED):
-            return( "CMAC - CMAC hardware accelerator failed" );
-#endif /* MBEDTLS_CMAC_C */
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-        case -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED):
-            return( "CTR_DRBG - The entropy source failed" );
-        case -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG):
-            return( "CTR_DRBG - The requested random buffer length is too big" );
-        case -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG):
-            return( "CTR_DRBG - The input (entropy + additional data) is too large" );
-        case -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR):
-            return( "CTR_DRBG - Read or write error in file" );
-#endif /* MBEDTLS_CTR_DRBG_C */
-
-#if defined(MBEDTLS_DES_C)
-        case -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH):
-            return( "DES - The data input has an invalid length" );
-        case -(MBEDTLS_ERR_DES_HW_ACCEL_FAILED):
-            return( "DES - DES hardware accelerator failed" );
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ENTROPY_C)
-        case -(MBEDTLS_ERR_ENTROPY_SOURCE_FAILED):
-            return( "ENTROPY - Critical entropy source failure" );
-        case -(MBEDTLS_ERR_ENTROPY_MAX_SOURCES):
-            return( "ENTROPY - No more sources can be added" );
-        case -(MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED):
-            return( "ENTROPY - No sources have been added to poll" );
-        case -(MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE):
-            return( "ENTROPY - No strong sources have been added to poll" );
-        case -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR):
-            return( "ENTROPY - Read/write error in file" );
-#endif /* MBEDTLS_ENTROPY_C */
-
-#if defined(MBEDTLS_ERROR_C)
-        case -(MBEDTLS_ERR_ERROR_GENERIC_ERROR):
-            return( "ERROR - Generic error" );
-        case -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED):
-            return( "ERROR - This is a bug in the library" );
-#endif /* MBEDTLS_ERROR_C */
-
-#if defined(MBEDTLS_GCM_C)
-        case -(MBEDTLS_ERR_GCM_AUTH_FAILED):
-            return( "GCM - Authenticated decryption failed" );
-        case -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED):
-            return( "GCM - GCM hardware accelerator failed" );
-        case -(MBEDTLS_ERR_GCM_BAD_INPUT):
-            return( "GCM - Bad input parameters to function" );
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_HKDF_C)
-        case -(MBEDTLS_ERR_HKDF_BAD_INPUT_DATA):
-            return( "HKDF - Bad input parameters to function" );
-#endif /* MBEDTLS_HKDF_C */
-
-#if defined(MBEDTLS_HMAC_DRBG_C)
-        case -(MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG):
-            return( "HMAC_DRBG - Too many random requested in single call" );
-        case -(MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG):
-            return( "HMAC_DRBG - Input too large (Entropy + additional)" );
-        case -(MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR):
-            return( "HMAC_DRBG - Read/write error in file" );
-        case -(MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED):
-            return( "HMAC_DRBG - The entropy source failed" );
-#endif /* MBEDTLS_HMAC_DRBG_C */
-
-#if defined(MBEDTLS_MD2_C)
-        case -(MBEDTLS_ERR_MD2_HW_ACCEL_FAILED):
-            return( "MD2 - MD2 hardware accelerator failed" );
-#endif /* MBEDTLS_MD2_C */
-
-#if defined(MBEDTLS_MD4_C)
-        case -(MBEDTLS_ERR_MD4_HW_ACCEL_FAILED):
-            return( "MD4 - MD4 hardware accelerator failed" );
-#endif /* MBEDTLS_MD4_C */
-
-#if defined(MBEDTLS_MD5_C)
-        case -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED):
-            return( "MD5 - MD5 hardware accelerator failed" );
-#endif /* MBEDTLS_MD5_C */
-
-#if defined(MBEDTLS_NET_C)
-        case -(MBEDTLS_ERR_NET_SOCKET_FAILED):
-            return( "NET - Failed to open a socket" );
-        case -(MBEDTLS_ERR_NET_CONNECT_FAILED):
-            return( "NET - The connection to the given server / port failed" );
-        case -(MBEDTLS_ERR_NET_BIND_FAILED):
-            return( "NET - Binding of the socket failed" );
-        case -(MBEDTLS_ERR_NET_LISTEN_FAILED):
-            return( "NET - Could not listen on the socket" );
-        case -(MBEDTLS_ERR_NET_ACCEPT_FAILED):
-            return( "NET - Could not accept the incoming connection" );
-        case -(MBEDTLS_ERR_NET_RECV_FAILED):
-            return( "NET - Reading information from the socket failed" );
-        case -(MBEDTLS_ERR_NET_SEND_FAILED):
-            return( "NET - Sending information through the socket failed" );
-        case -(MBEDTLS_ERR_NET_CONN_RESET):
-            return( "NET - Connection was reset by peer" );
-        case -(MBEDTLS_ERR_NET_UNKNOWN_HOST):
-            return( "NET - Failed to get an IP address for the given hostname" );
-        case -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL):
-            return( "NET - Buffer is too small to hold the data" );
-        case -(MBEDTLS_ERR_NET_INVALID_CONTEXT):
-            return( "NET - The context is invalid, eg because it was free()ed" );
-        case -(MBEDTLS_ERR_NET_POLL_FAILED):
-            return( "NET - Polling the net context failed" );
-        case -(MBEDTLS_ERR_NET_BAD_INPUT_DATA):
-            return( "NET - Input invalid" );
-#endif /* MBEDTLS_NET_C */
-
-#if defined(MBEDTLS_OID_C)
-        case -(MBEDTLS_ERR_OID_NOT_FOUND):
-            return( "OID - OID is not found" );
-        case -(MBEDTLS_ERR_OID_BUF_TOO_SMALL):
-            return( "OID - output buffer is too small" );
-#endif /* MBEDTLS_OID_C */
-
-#if defined(MBEDTLS_PADLOCK_C)
-        case -(MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED):
-            return( "PADLOCK - Input data should be aligned" );
-#endif /* MBEDTLS_PADLOCK_C */
-
-#if defined(MBEDTLS_PLATFORM_C)
-        case -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED):
-            return( "PLATFORM - Hardware accelerator failed" );
-        case -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED):
-            return( "PLATFORM - The requested feature is not supported by the platform" );
-#endif /* MBEDTLS_PLATFORM_C */
-
-#if defined(MBEDTLS_POLY1305_C)
-        case -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA):
-            return( "POLY1305 - Invalid input parameter(s)" );
-        case -(MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE):
-            return( "POLY1305 - Feature not available. For example, s part of the API is not implemented" );
-        case -(MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED):
-            return( "POLY1305 - Poly1305 hardware accelerator failed" );
-#endif /* MBEDTLS_POLY1305_C */
-
-#if defined(MBEDTLS_RIPEMD160_C)
-        case -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED):
-            return( "RIPEMD160 - RIPEMD160 hardware accelerator failed" );
-#endif /* MBEDTLS_RIPEMD160_C */
-
-#if defined(MBEDTLS_SHA1_C)
-        case -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED):
-            return( "SHA1 - SHA-1 hardware accelerator failed" );
-        case -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA):
-            return( "SHA1 - SHA-1 input data was malformed" );
-#endif /* MBEDTLS_SHA1_C */
-
-#if defined(MBEDTLS_SHA256_C)
-        case -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED):
-            return( "SHA256 - SHA-256 hardware accelerator failed" );
-        case -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA):
-            return( "SHA256 - SHA-256 input data was malformed" );
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA512_C)
-        case -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED):
-            return( "SHA512 - SHA-512 hardware accelerator failed" );
-        case -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA):
-            return( "SHA512 - SHA-512 input data was malformed" );
-#endif /* MBEDTLS_SHA512_C */
-
-#if defined(MBEDTLS_THREADING_C)
-        case -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE):
-            return( "THREADING - The selected feature is not available" );
-        case -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA):
-            return( "THREADING - Bad input parameters to function" );
-        case -(MBEDTLS_ERR_THREADING_MUTEX_ERROR):
-            return( "THREADING - Locking / unlocking / free failed with error code" );
-#endif /* MBEDTLS_THREADING_C */
-
-#if defined(MBEDTLS_XTEA_C)
-        case -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH):
-            return( "XTEA - The data input has an invalid length" );
-        case -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED):
-            return( "XTEA - XTEA hardware accelerator failed" );
-#endif /* MBEDTLS_XTEA_C */
-        /* End Auto-Generated Code. */
-
-        default:
-            break;
-    }
-
-    return( NULL );
-}
-
-void mbedtls_strerror( int ret, char *buf, size_t buflen )
-{
-    size_t len;
-    int use_ret;
-    const char * high_level_error_description = NULL;
-    const char * low_level_error_description = NULL;
-
-    if( buflen == 0 )
-        return;
-
-    memset( buf, 0x00, buflen );
-
-    if( ret < 0 )
-        ret = -ret;
-
-    if( ret & 0xFF80 )
-    {
-        use_ret = ret & 0xFF80;
-
-        // Translate high level error code.
-        high_level_error_description = mbedtls_high_level_strerr( ret );
-
-        if( high_level_error_description == NULL )
-            mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret );
-        else
-            mbedtls_snprintf( buf, buflen, "%s", high_level_error_description );
-
-#if defined(MBEDTLS_SSL_TLS_C)
-        // Early return in case of a fatal error - do not try to translate low
-        // level code.
-        if(use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE))
-            return;
-#endif /* MBEDTLS_SSL_TLS_C */
-    }
-
-    use_ret = ret & ~0xFF80;
-
-    if( use_ret == 0 )
-        return;
-
-    // If high level code is present, make a concatenation between both
-    // error strings.
-    //
-    len = strlen( buf );
-
-    if( len > 0 )
-    {
-        if( buflen - len < 5 )
-            return;
-
-        mbedtls_snprintf( buf + len, buflen - len, " : " );
-
-        buf += len + 3;
-        buflen -= len + 3;
-    }
-
-    // Translate low level error code.
-    low_level_error_description = mbedtls_low_level_strerr( ret );
-
-    if( low_level_error_description == NULL )
-        mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret );
-    else
-        mbedtls_snprintf( buf, buflen, "%s", low_level_error_description );
-}
-
-#else /* MBEDTLS_ERROR_C */
-
-/*
- * Provide a dummy implementation when MBEDTLS_ERROR_C is not defined
- */
-void mbedtls_strerror( int ret, char *buf, size_t buflen )
-{
-    ((void) ret);
-
-    if( buflen > 0 )
-        buf[0] = '\0';
-}
-
-#endif /* MBEDTLS_ERROR_C */
-
-#if defined(MBEDTLS_TEST_HOOKS)
-void (*mbedtls_test_hook_error_add)( int, int, const char *, int );
-#endif
-
-#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */
diff --git a/Sources/mbedtls/library/gcm.c b/Sources/mbedtls/library/gcm.c
deleted file mode 100644
index d0b7337..0000000
--- a/Sources/mbedtls/library/gcm.c
+++ /dev/null
@@ -1,995 +0,0 @@
-/*
- *  NIST SP800-38D compliant GCM implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- * http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
- *
- * See also:
- * [MGV] http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
- *
- * We use the algorithm described as Shoup's method with 4-bit tables in
- * [MGV] 4.1, pp. 12-13, to enhance speed without using too much memory.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_GCM_C)
-
-#include "mbedtls/gcm.h"
-#include "mbedtls/platform.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_AESNI_C)
-#include "mbedtls/aesni.h"
-#endif
-
-#if !defined(MBEDTLS_GCM_ALT)
-
-/* Parameter validation macros */
-#define GCM_VALIDATE_RET( cond ) \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT )
-#define GCM_VALIDATE( cond ) \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-/*
- * Initialize a context
- */
-void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
-{
-    GCM_VALIDATE( ctx != NULL );
-    memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
-}
-
-/*
- * Precompute small multiples of H, that is set
- *      HH[i] || HL[i] = H times i,
- * where i is seen as a field element as in [MGV], ie high-order bits
- * correspond to low powers of P. The result is stored in the same way, that
- * is the high-order bit of HH corresponds to P^0 and the low-order bit of HL
- * corresponds to P^127.
- */
-static int gcm_gen_table( mbedtls_gcm_context *ctx )
-{
-    int ret, i, j;
-    uint64_t hi, lo;
-    uint64_t vl, vh;
-    unsigned char h[16];
-    size_t olen = 0;
-
-    memset( h, 0, 16 );
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 )
-        return( ret );
-
-    /* pack h as two 64-bits ints, big-endian */
-    hi = MBEDTLS_GET_UINT32_BE( h,  0  );
-    lo = MBEDTLS_GET_UINT32_BE( h,  4  );
-    vh = (uint64_t) hi << 32 | lo;
-
-    hi = MBEDTLS_GET_UINT32_BE( h,  8  );
-    lo = MBEDTLS_GET_UINT32_BE( h,  12 );
-    vl = (uint64_t) hi << 32 | lo;
-
-    /* 8 = 1000 corresponds to 1 in GF(2^128) */
-    ctx->HL[8] = vl;
-    ctx->HH[8] = vh;
-
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
-    /* With CLMUL support, we need only h, not the rest of the table */
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) )
-        return( 0 );
-#endif
-
-    /* 0 corresponds to 0 in GF(2^128) */
-    ctx->HH[0] = 0;
-    ctx->HL[0] = 0;
-
-    for( i = 4; i > 0; i >>= 1 )
-    {
-        uint32_t T = ( vl & 1 ) * 0xe1000000U;
-        vl  = ( vh << 63 ) | ( vl >> 1 );
-        vh  = ( vh >> 1 ) ^ ( (uint64_t) T << 32);
-
-        ctx->HL[i] = vl;
-        ctx->HH[i] = vh;
-    }
-
-    for( i = 2; i <= 8; i *= 2 )
-    {
-        uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i;
-        vh = *HiH;
-        vl = *HiL;
-        for( j = 1; j < i; j++ )
-        {
-            HiH[j] = vh ^ ctx->HH[j];
-            HiL[j] = vl ^ ctx->HL[j];
-        }
-    }
-
-    return( 0 );
-}
-
-int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
-                        mbedtls_cipher_id_t cipher,
-                        const unsigned char *key,
-                        unsigned int keybits )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const mbedtls_cipher_info_t *cipher_info;
-
-    GCM_VALIDATE_RET( ctx != NULL );
-    GCM_VALIDATE_RET( key != NULL );
-    GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 );
-
-    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits,
-                                                   MBEDTLS_MODE_ECB );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
-    if( cipher_info->block_size != 16 )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-
-    if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
-                               MBEDTLS_ENCRYPT ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = gcm_gen_table( ctx ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-/*
- * Shoup's method for multiplication use this table with
- *      last4[x] = x times P^128
- * where x and last4[x] are seen as elements of GF(2^128) as in [MGV]
- */
-static const uint64_t last4[16] =
-{
-    0x0000, 0x1c20, 0x3840, 0x2460,
-    0x7080, 0x6ca0, 0x48c0, 0x54e0,
-    0xe100, 0xfd20, 0xd940, 0xc560,
-    0x9180, 0x8da0, 0xa9c0, 0xb5e0
-};
-
-/*
- * Sets output to x times H using the precomputed tables.
- * x and output are seen as elements of GF(2^128) as in [MGV].
- */
-static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
-                      unsigned char output[16] )
-{
-    int i = 0;
-    unsigned char lo, hi, rem;
-    uint64_t zh, zl;
-
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) ) {
-        unsigned char h[16];
-
-        MBEDTLS_PUT_UINT32_BE( ctx->HH[8] >> 32, h,  0 );
-        MBEDTLS_PUT_UINT32_BE( ctx->HH[8],       h,  4 );
-        MBEDTLS_PUT_UINT32_BE( ctx->HL[8] >> 32, h,  8 );
-        MBEDTLS_PUT_UINT32_BE( ctx->HL[8],       h, 12 );
-
-        mbedtls_aesni_gcm_mult( output, x, h );
-        return;
-    }
-#endif /* MBEDTLS_AESNI_C && MBEDTLS_HAVE_X86_64 */
-
-    lo = x[15] & 0xf;
-
-    zh = ctx->HH[lo];
-    zl = ctx->HL[lo];
-
-    for( i = 15; i >= 0; i-- )
-    {
-        lo = x[i] & 0xf;
-        hi = ( x[i] >> 4 ) & 0xf;
-
-        if( i != 15 )
-        {
-            rem = (unsigned char) zl & 0xf;
-            zl = ( zh << 60 ) | ( zl >> 4 );
-            zh = ( zh >> 4 );
-            zh ^= (uint64_t) last4[rem] << 48;
-            zh ^= ctx->HH[lo];
-            zl ^= ctx->HL[lo];
-
-        }
-
-        rem = (unsigned char) zl & 0xf;
-        zl = ( zh << 60 ) | ( zl >> 4 );
-        zh = ( zh >> 4 );
-        zh ^= (uint64_t) last4[rem] << 48;
-        zh ^= ctx->HH[hi];
-        zl ^= ctx->HL[hi];
-    }
-
-    MBEDTLS_PUT_UINT32_BE( zh >> 32, output, 0 );
-    MBEDTLS_PUT_UINT32_BE( zh, output, 4 );
-    MBEDTLS_PUT_UINT32_BE( zl >> 32, output, 8 );
-    MBEDTLS_PUT_UINT32_BE( zl, output, 12 );
-}
-
-int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
-                int mode,
-                const unsigned char *iv,
-                size_t iv_len,
-                const unsigned char *add,
-                size_t add_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char work_buf[16];
-    size_t i;
-    const unsigned char *p;
-    size_t use_len, olen = 0;
-    uint64_t iv_bits;
-
-    GCM_VALIDATE_RET( ctx != NULL );
-    GCM_VALIDATE_RET( iv != NULL );
-    GCM_VALIDATE_RET( add_len == 0 || add != NULL );
-
-    /* IV and AD are limited to 2^64 bits, so 2^61 bytes */
-    /* IV is not allowed to be zero length */
-    if( iv_len == 0 ||
-      ( (uint64_t) iv_len  ) >> 61 != 0 ||
-      ( (uint64_t) add_len ) >> 61 != 0 )
-    {
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-    }
-
-    memset( ctx->y, 0x00, sizeof(ctx->y) );
-    memset( ctx->buf, 0x00, sizeof(ctx->buf) );
-
-    ctx->mode = mode;
-    ctx->len = 0;
-    ctx->add_len = 0;
-
-    if( iv_len == 12 )
-    {
-        memcpy( ctx->y, iv, iv_len );
-        ctx->y[15] = 1;
-    }
-    else
-    {
-        memset( work_buf, 0x00, 16 );
-        iv_bits = (uint64_t)iv_len * 8;
-        MBEDTLS_PUT_UINT64_BE( iv_bits, work_buf, 8 );
-
-        p = iv;
-        while( iv_len > 0 )
-        {
-            use_len = ( iv_len < 16 ) ? iv_len : 16;
-
-            for( i = 0; i < use_len; i++ )
-                ctx->y[i] ^= p[i];
-
-            gcm_mult( ctx, ctx->y, ctx->y );
-
-            iv_len -= use_len;
-            p += use_len;
-        }
-
-        for( i = 0; i < 16; i++ )
-            ctx->y[i] ^= work_buf[i];
-
-        gcm_mult( ctx, ctx->y, ctx->y );
-    }
-
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16,
-                                       ctx->base_ectr, &olen ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    ctx->add_len = add_len;
-    p = add;
-    while( add_len > 0 )
-    {
-        use_len = ( add_len < 16 ) ? add_len : 16;
-
-        for( i = 0; i < use_len; i++ )
-            ctx->buf[i] ^= p[i];
-
-        gcm_mult( ctx, ctx->buf, ctx->buf );
-
-        add_len -= use_len;
-        p += use_len;
-    }
-
-    return( 0 );
-}
-
-int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
-                size_t length,
-                const unsigned char *input,
-                unsigned char *output )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char ectr[16];
-    size_t i;
-    const unsigned char *p;
-    unsigned char *out_p = output;
-    size_t use_len, olen = 0;
-
-    GCM_VALIDATE_RET( ctx != NULL );
-    GCM_VALIDATE_RET( length == 0 || input != NULL );
-    GCM_VALIDATE_RET( length == 0 || output != NULL );
-
-    if( output > input && (size_t) ( output - input ) < length )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
-    /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
-     * Also check for possible overflow */
-    if( ctx->len + length < ctx->len ||
-        (uint64_t) ctx->len + length > 0xFFFFFFFE0ull )
-    {
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-    }
-
-    ctx->len += length;
-
-    p = input;
-    while( length > 0 )
-    {
-        use_len = ( length < 16 ) ? length : 16;
-
-        for( i = 16; i > 12; i-- )
-            if( ++ctx->y[i - 1] != 0 )
-                break;
-
-        if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ectr,
-                                   &olen ) ) != 0 )
-        {
-            return( ret );
-        }
-
-        for( i = 0; i < use_len; i++ )
-        {
-            if( ctx->mode == MBEDTLS_GCM_DECRYPT )
-                ctx->buf[i] ^= p[i];
-            out_p[i] = ectr[i] ^ p[i];
-            if( ctx->mode == MBEDTLS_GCM_ENCRYPT )
-                ctx->buf[i] ^= out_p[i];
-        }
-
-        gcm_mult( ctx, ctx->buf, ctx->buf );
-
-        length -= use_len;
-        p += use_len;
-        out_p += use_len;
-    }
-
-    return( 0 );
-}
-
-int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
-                unsigned char *tag,
-                size_t tag_len )
-{
-    unsigned char work_buf[16];
-    size_t i;
-    uint64_t orig_len;
-    uint64_t orig_add_len;
-
-    GCM_VALIDATE_RET( ctx != NULL );
-    GCM_VALIDATE_RET( tag != NULL );
-
-    orig_len = ctx->len * 8;
-    orig_add_len = ctx->add_len * 8;
-
-    if( tag_len > 16 || tag_len < 4 )
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
-
-    memcpy( tag, ctx->base_ectr, tag_len );
-
-    if( orig_len || orig_add_len )
-    {
-        memset( work_buf, 0x00, 16 );
-
-        MBEDTLS_PUT_UINT32_BE( ( orig_add_len >> 32 ), work_buf, 0  );
-        MBEDTLS_PUT_UINT32_BE( ( orig_add_len       ), work_buf, 4  );
-        MBEDTLS_PUT_UINT32_BE( ( orig_len     >> 32 ), work_buf, 8  );
-        MBEDTLS_PUT_UINT32_BE( ( orig_len           ), work_buf, 12 );
-
-        for( i = 0; i < 16; i++ )
-            ctx->buf[i] ^= work_buf[i];
-
-        gcm_mult( ctx, ctx->buf, ctx->buf );
-
-        for( i = 0; i < tag_len; i++ )
-            tag[i] ^= ctx->buf[i];
-    }
-
-    return( 0 );
-}
-
-int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
-                       int mode,
-                       size_t length,
-                       const unsigned char *iv,
-                       size_t iv_len,
-                       const unsigned char *add,
-                       size_t add_len,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t tag_len,
-                       unsigned char *tag )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    GCM_VALIDATE_RET( ctx != NULL );
-    GCM_VALIDATE_RET( iv != NULL );
-    GCM_VALIDATE_RET( add_len == 0 || add != NULL );
-    GCM_VALIDATE_RET( length == 0 || input != NULL );
-    GCM_VALIDATE_RET( length == 0 || output != NULL );
-    GCM_VALIDATE_RET( tag != NULL );
-
-    if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_gcm_update( ctx, length, input, output ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_gcm_finish( ctx, tag, tag_len ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
-                      size_t length,
-                      const unsigned char *iv,
-                      size_t iv_len,
-                      const unsigned char *add,
-                      size_t add_len,
-                      const unsigned char *tag,
-                      size_t tag_len,
-                      const unsigned char *input,
-                      unsigned char *output )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char check_tag[16];
-    size_t i;
-    int diff;
-
-    GCM_VALIDATE_RET( ctx != NULL );
-    GCM_VALIDATE_RET( iv != NULL );
-    GCM_VALIDATE_RET( add_len == 0 || add != NULL );
-    GCM_VALIDATE_RET( tag != NULL );
-    GCM_VALIDATE_RET( length == 0 || input != NULL );
-    GCM_VALIDATE_RET( length == 0 || output != NULL );
-
-    if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,
-                                   iv, iv_len, add, add_len,
-                                   input, output, tag_len, check_tag ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    /* Check tag in "constant-time" */
-    for( diff = 0, i = 0; i < tag_len; i++ )
-        diff |= tag[i] ^ check_tag[i];
-
-    if( diff != 0 )
-    {
-        mbedtls_platform_zeroize( output, length );
-        return( MBEDTLS_ERR_GCM_AUTH_FAILED );
-    }
-
-    return( 0 );
-}
-
-void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
-}
-
-#endif /* !MBEDTLS_GCM_ALT */
-
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
-/*
- * AES-GCM test vectors from:
- *
- * http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip
- */
-#define MAX_TESTS   6
-
-static const int key_index_test_data[MAX_TESTS] =
-    { 0, 0, 1, 1, 1, 1 };
-
-static const unsigned char key_test_data[MAX_TESTS][32] =
-{
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-    { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
-      0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
-};
-
-static const size_t iv_len_test_data[MAX_TESTS] =
-    { 12, 12, 12, 12, 8, 60 };
-
-static const int iv_index_test_data[MAX_TESTS] =
-    { 0, 0, 1, 1, 1, 2 };
-
-static const unsigned char iv_test_data[MAX_TESTS][64] =
-{
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00 },
-    { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
-      0xde, 0xca, 0xf8, 0x88 },
-    { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
-      0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
-      0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
-      0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
-      0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
-      0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
-      0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
-      0xa6, 0x37, 0xb3, 0x9b },
-};
-
-static const size_t add_len_test_data[MAX_TESTS] =
-    { 0, 0, 0, 20, 20, 20 };
-
-static const int add_index_test_data[MAX_TESTS] =
-    { 0, 0, 0, 1, 1, 1 };
-
-static const unsigned char additional_test_data[MAX_TESTS][64] =
-{
-    { 0x00 },
-    { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-      0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
-      0xab, 0xad, 0xda, 0xd2 },
-};
-
-static const size_t pt_len_test_data[MAX_TESTS] =
-    { 0, 16, 64, 60, 60, 60 };
-
-static const int pt_index_test_data[MAX_TESTS] =
-    { 0, 0, 1, 1, 1, 1 };
-
-static const unsigned char pt_test_data[MAX_TESTS][64] =
-{
-    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-    { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-      0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-      0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-      0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-      0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-      0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-      0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-      0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
-};
-
-static const unsigned char ct_test_data[MAX_TESTS * 3][64] =
-{
-    { 0x00 },
-    { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
-      0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 },
-    { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
-      0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
-      0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
-      0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
-      0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
-      0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
-      0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
-      0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 },
-    { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
-      0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
-      0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
-      0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
-      0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
-      0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
-      0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
-      0x3d, 0x58, 0xe0, 0x91 },
-    { 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
-      0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
-      0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
-      0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
-      0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
-      0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
-      0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
-      0xc2, 0x3f, 0x45, 0x98 },
-    { 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
-      0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
-      0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
-      0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
-      0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
-      0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
-      0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
-      0x4c, 0x34, 0xae, 0xe5 },
-    { 0x00 },
-    { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
-      0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 },
-    { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
-      0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
-      0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
-      0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
-      0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
-      0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
-      0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
-      0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 },
-    { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
-      0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
-      0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
-      0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
-      0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
-      0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
-      0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
-      0xcc, 0xda, 0x27, 0x10 },
-    { 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
-      0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
-      0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
-      0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
-      0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
-      0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
-      0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
-      0xa0, 0xf0, 0x62, 0xf7 },
-    { 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
-      0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
-      0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
-      0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
-      0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
-      0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
-      0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
-      0xe9, 0xb7, 0x37, 0x3b },
-    { 0x00 },
-    { 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
-      0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 },
-    { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
-      0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
-      0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
-      0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
-      0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
-      0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
-      0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
-      0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad },
-    { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
-      0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
-      0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
-      0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
-      0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
-      0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
-      0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
-      0xbc, 0xc9, 0xf6, 0x62 },
-    { 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
-      0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
-      0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
-      0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
-      0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
-      0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
-      0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
-      0xf4, 0x7c, 0x9b, 0x1f },
-    { 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
-      0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
-      0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
-      0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
-      0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
-      0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
-      0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
-      0x44, 0xae, 0x7e, 0x3f },
-};
-
-static const unsigned char tag_test_data[MAX_TESTS * 3][16] =
-{
-    { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
-      0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
-    { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
-      0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf },
-    { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
-      0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 },
-    { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
-      0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 },
-    { 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
-      0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb },
-    { 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
-      0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 },
-    { 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
-      0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 },
-    { 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
-      0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb },
-    { 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
-      0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 },
-    { 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
-      0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c },
-    { 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
-      0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 },
-    { 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
-      0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 },
-    { 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
-      0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b },
-    { 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
-      0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 },
-    { 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
-      0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c },
-    { 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
-      0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b },
-    { 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
-      0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 },
-    { 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
-      0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a },
-};
-
-int mbedtls_gcm_self_test( int verbose )
-{
-    mbedtls_gcm_context ctx;
-    unsigned char buf[64];
-    unsigned char tag_buf[16];
-    int i, j, ret;
-    mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
-
-    for( j = 0; j < 3; j++ )
-    {
-        int key_len = 128 + 64 * j;
-
-        for( i = 0; i < MAX_TESTS; i++ )
-        {
-            mbedtls_gcm_init( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "  AES-GCM-%3d #%d (%s): ",
-                                key_len, i, "enc" );
-
-            ret = mbedtls_gcm_setkey( &ctx, cipher,
-                                      key_test_data[key_index_test_data[i]],
-                                      key_len );
-            /*
-             * AES-192 is an optional feature that may be unavailable when
-             * there is an alternative underlying implementation i.e. when
-             * MBEDTLS_AES_ALT is defined.
-             */
-            if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192 )
-            {
-                mbedtls_printf( "skipped\n" );
-                break;
-            }
-            else if( ret != 0 )
-            {
-                goto exit;
-            }
-
-            ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT,
-                                pt_len_test_data[i],
-                                iv_test_data[iv_index_test_data[i]],
-                                iv_len_test_data[i],
-                                additional_test_data[add_index_test_data[i]],
-                                add_len_test_data[i],
-                                pt_test_data[pt_index_test_data[i]],
-                                buf, 16, tag_buf );
-#if defined(MBEDTLS_GCM_ALT)
-            /* Allow alternative implementations to only support 12-byte nonces. */
-            if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED &&
-                iv_len_test_data[i] != 12 )
-            {
-                mbedtls_printf( "skipped\n" );
-                break;
-            }
-#endif /* defined(MBEDTLS_GCM_ALT) */
-            if( ret != 0 )
-                goto exit;
-
-            if ( memcmp( buf, ct_test_data[j * 6 + i],
-                         pt_len_test_data[i] ) != 0 ||
-                 memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            mbedtls_gcm_free( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "passed\n" );
-
-            mbedtls_gcm_init( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "  AES-GCM-%3d #%d (%s): ",
-                                key_len, i, "dec" );
-
-            ret = mbedtls_gcm_setkey( &ctx, cipher,
-                                      key_test_data[key_index_test_data[i]],
-                                      key_len );
-            if( ret != 0 )
-                goto exit;
-
-            ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT,
-                                pt_len_test_data[i],
-                                iv_test_data[iv_index_test_data[i]],
-                                iv_len_test_data[i],
-                                additional_test_data[add_index_test_data[i]],
-                                add_len_test_data[i],
-                                ct_test_data[j * 6 + i], buf, 16, tag_buf );
-
-            if( ret != 0 )
-                goto exit;
-
-            if( memcmp( buf, pt_test_data[pt_index_test_data[i]],
-                        pt_len_test_data[i] ) != 0 ||
-                memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            mbedtls_gcm_free( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "passed\n" );
-
-            mbedtls_gcm_init( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "  AES-GCM-%3d #%d split (%s): ",
-                                key_len, i, "enc" );
-
-            ret = mbedtls_gcm_setkey( &ctx, cipher,
-                                      key_test_data[key_index_test_data[i]],
-                                      key_len );
-            if( ret != 0 )
-                goto exit;
-
-            ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT,
-                                  iv_test_data[iv_index_test_data[i]],
-                                  iv_len_test_data[i],
-                                  additional_test_data[add_index_test_data[i]],
-                                  add_len_test_data[i] );
-            if( ret != 0 )
-                goto exit;
-
-            if( pt_len_test_data[i] > 32 )
-            {
-                size_t rest_len = pt_len_test_data[i] - 32;
-                ret = mbedtls_gcm_update( &ctx, 32,
-                                          pt_test_data[pt_index_test_data[i]],
-                                          buf );
-                if( ret != 0 )
-                    goto exit;
-
-                ret = mbedtls_gcm_update( &ctx, rest_len,
-                                      pt_test_data[pt_index_test_data[i]] + 32,
-                                      buf + 32 );
-                if( ret != 0 )
-                    goto exit;
-            }
-            else
-            {
-                ret = mbedtls_gcm_update( &ctx, pt_len_test_data[i],
-                                          pt_test_data[pt_index_test_data[i]],
-                                          buf );
-                if( ret != 0 )
-                    goto exit;
-            }
-
-            ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
-            if( ret != 0 )
-                goto exit;
-
-            if( memcmp( buf, ct_test_data[j * 6 + i],
-                        pt_len_test_data[i] ) != 0 ||
-                memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            mbedtls_gcm_free( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "passed\n" );
-
-            mbedtls_gcm_init( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "  AES-GCM-%3d #%d split (%s): ",
-                                key_len, i, "dec" );
-
-            ret = mbedtls_gcm_setkey( &ctx, cipher,
-                                      key_test_data[key_index_test_data[i]],
-                                      key_len );
-            if( ret != 0 )
-                goto exit;
-
-            ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT,
-                              iv_test_data[iv_index_test_data[i]],
-                              iv_len_test_data[i],
-                              additional_test_data[add_index_test_data[i]],
-                              add_len_test_data[i] );
-            if( ret != 0 )
-                goto exit;
-
-            if( pt_len_test_data[i] > 32 )
-            {
-                size_t rest_len = pt_len_test_data[i] - 32;
-                ret = mbedtls_gcm_update( &ctx, 32, ct_test_data[j * 6 + i],
-                                          buf );
-                if( ret != 0 )
-                    goto exit;
-
-                ret = mbedtls_gcm_update( &ctx, rest_len,
-                                          ct_test_data[j * 6 + i] + 32,
-                                          buf + 32 );
-                if( ret != 0 )
-                    goto exit;
-            }
-            else
-            {
-                ret = mbedtls_gcm_update( &ctx, pt_len_test_data[i],
-                                          ct_test_data[j * 6 + i],
-                                          buf );
-                if( ret != 0 )
-                    goto exit;
-            }
-
-            ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
-            if( ret != 0 )
-                goto exit;
-
-            if( memcmp( buf, pt_test_data[pt_index_test_data[i]],
-                        pt_len_test_data[i] ) != 0 ||
-                memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            mbedtls_gcm_free( &ctx );
-
-            if( verbose != 0 )
-                mbedtls_printf( "passed\n" );
-        }
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    ret = 0;
-
-exit:
-    if( ret != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-        mbedtls_gcm_free( &ctx );
-    }
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-
-#endif /* MBEDTLS_GCM_C */
diff --git a/Sources/mbedtls/library/havege.c b/Sources/mbedtls/library/havege.c
deleted file mode 100644
index 2a360a1..0000000
--- a/Sources/mbedtls/library/havege.c
+++ /dev/null
@@ -1,237 +0,0 @@
-/**
- *  \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The HAVEGE RNG was designed by Andre Seznec in 2002.
- *
- *  http://www.irisa.fr/caps/projects/hipsor/publi.php
- *
- *  Contact: seznec(at)irisa_dot_fr - orocheco(at)irisa_dot_fr
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_HAVEGE_C)
-
-#include "mbedtls/havege.h"
-#include "mbedtls/timing.h"
-#include "mbedtls/platform_util.h"
-
-#include <stdint.h>
-#include <string.h>
-
-/* ------------------------------------------------------------------------
- * On average, one iteration accesses two 8-word blocks in the havege WALK
- * table, and generates 16 words in the RES array.
- *
- * The data read in the WALK table is updated and permuted after each use.
- * The result of the hardware clock counter read is used  for this update.
- *
- * 25 conditional tests are present.  The conditional tests are grouped in
- * two nested  groups of 12 conditional tests and 1 test that controls the
- * permutation; on average, there should be 6 tests executed and 3 of them
- * should be mispredicted.
- * ------------------------------------------------------------------------
- */
-
-#define SWAP(X,Y) { uint32_t *T = (X); (X) = (Y); (Y) = T; }
-
-#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
-#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
-
-#define TST1_LEAVE U1++; }
-#define TST2_LEAVE U2++; }
-
-#define ONE_ITERATION                                   \
-                                                        \
-    PTEST = PT1 >> 20;                                  \
-                                                        \
-    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \
-    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \
-    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \
-                                                        \
-    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \
-    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \
-    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \
-                                                        \
-    PTX = (PT1 >> 18) & 7;                              \
-    PT1 &= 0x1FFF;                                      \
-    PT2 &= 0x1FFF;                                      \
-    CLK = (uint32_t) mbedtls_timing_hardclock();        \
-                                                        \
-    i = 0;                                              \
-    A = &WALK[PT1    ]; RES[i++] ^= *A;                 \
-    B = &WALK[PT2    ]; RES[i++] ^= *B;                 \
-    C = &WALK[PT1 ^ 1]; RES[i++] ^= *C;                 \
-    D = &WALK[PT2 ^ 4]; RES[i++] ^= *D;                 \
-                                                        \
-    IN = (*A >> (1)) ^ (*A << (31)) ^ CLK;              \
-    *A = (*B >> (2)) ^ (*B << (30)) ^ CLK;              \
-    *B = IN ^ U1;                                       \
-    *C = (*C >> (3)) ^ (*C << (29)) ^ CLK;              \
-    *D = (*D >> (4)) ^ (*D << (28)) ^ CLK;              \
-                                                        \
-    A = &WALK[PT1 ^ 2]; RES[i++] ^= *A;                 \
-    B = &WALK[PT2 ^ 2]; RES[i++] ^= *B;                 \
-    C = &WALK[PT1 ^ 3]; RES[i++] ^= *C;                 \
-    D = &WALK[PT2 ^ 6]; RES[i++] ^= *D;                 \
-                                                        \
-    if( PTEST & 1 ) SWAP( A, C );                       \
-                                                        \
-    IN = (*A >> (5)) ^ (*A << (27)) ^ CLK;              \
-    *A = (*B >> (6)) ^ (*B << (26)) ^ CLK;              \
-    *B = IN; CLK = (uint32_t) mbedtls_timing_hardclock();       \
-    *C = (*C >> (7)) ^ (*C << (25)) ^ CLK;              \
-    *D = (*D >> (8)) ^ (*D << (24)) ^ CLK;              \
-                                                        \
-    A = &WALK[PT1 ^ 4];                                 \
-    B = &WALK[PT2 ^ 1];                                 \
-                                                        \
-    PTEST = PT2 >> 1;                                   \
-                                                        \
-    PT2 = (RES[(i - 8) ^ PTY] ^ WALK[PT2 ^ PTY ^ 7]);   \
-    PT2 = ((PT2 & 0x1FFF) & (~8)) ^ ((PT1 ^ 8) & 0x8);  \
-    PTY = (PT2 >> 10) & 7;                              \
-                                                        \
-    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \
-    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \
-    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \
-                                                        \
-    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \
-    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \
-    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \
-                                                        \
-    C = &WALK[PT1 ^ 5];                                 \
-    D = &WALK[PT2 ^ 5];                                 \
-                                                        \
-    RES[i++] ^= *A;                                     \
-    RES[i++] ^= *B;                                     \
-    RES[i++] ^= *C;                                     \
-    RES[i++] ^= *D;                                     \
-                                                        \
-    IN = (*A >> ( 9)) ^ (*A << (23)) ^ CLK;             \
-    *A = (*B >> (10)) ^ (*B << (22)) ^ CLK;             \
-    *B = IN ^ U2;                                       \
-    *C = (*C >> (11)) ^ (*C << (21)) ^ CLK;             \
-    *D = (*D >> (12)) ^ (*D << (20)) ^ CLK;             \
-                                                        \
-    A = &WALK[PT1 ^ 6]; RES[i++] ^= *A;                 \
-    B = &WALK[PT2 ^ 3]; RES[i++] ^= *B;                 \
-    C = &WALK[PT1 ^ 7]; RES[i++] ^= *C;                 \
-    D = &WALK[PT2 ^ 7]; RES[i++] ^= *D;                 \
-                                                        \
-    IN = (*A >> (13)) ^ (*A << (19)) ^ CLK;             \
-    *A = (*B >> (14)) ^ (*B << (18)) ^ CLK;             \
-    *B = IN;                                            \
-    *C = (*C >> (15)) ^ (*C << (17)) ^ CLK;             \
-    *D = (*D >> (16)) ^ (*D << (16)) ^ CLK;             \
-                                                        \
-    PT1 = ( RES[( i - 8 ) ^ PTX] ^                      \
-            WALK[PT1 ^ PTX ^ 7] ) & (~1);               \
-    PT1 ^= (PT2 ^ 0x10) & 0x10;                         \
-                                                        \
-    for( n++, i = 0; i < 16; i++ )                      \
-        hs->pool[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i];
-
-/*
- * Entropy gathering function
- */
-static void havege_fill( mbedtls_havege_state *hs )
-{
-    size_t n = 0;
-    size_t i;
-    uint32_t  U1,  U2, *A, *B, *C, *D;
-    uint32_t PT1, PT2, *WALK, RES[16];
-    uint32_t PTX, PTY, CLK, PTEST, IN;
-
-    WALK = hs->WALK;
-    PT1  = hs->PT1;
-    PT2  = hs->PT2;
-
-    PTX  = U1 = 0;
-    PTY  = U2 = 0;
-
-    (void)PTX;
-
-    memset( RES, 0, sizeof( RES ) );
-
-    while( n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4 )
-    {
-        ONE_ITERATION
-        ONE_ITERATION
-        ONE_ITERATION
-        ONE_ITERATION
-    }
-
-    hs->PT1 = PT1;
-    hs->PT2 = PT2;
-
-    hs->offset[0] = 0;
-    hs->offset[1] = MBEDTLS_HAVEGE_COLLECT_SIZE / 2;
-}
-
-/*
- * HAVEGE initialization
- */
-void mbedtls_havege_init( mbedtls_havege_state *hs )
-{
-    memset( hs, 0, sizeof( mbedtls_havege_state ) );
-
-    havege_fill( hs );
-}
-
-void mbedtls_havege_free( mbedtls_havege_state *hs )
-{
-    if( hs == NULL )
-        return;
-
-    mbedtls_platform_zeroize( hs, sizeof( mbedtls_havege_state ) );
-}
-
-/*
- * HAVEGE rand function
- */
-int mbedtls_havege_random( void *p_rng, unsigned char *buf, size_t len )
-{
-    uint32_t val;
-    size_t use_len;
-    mbedtls_havege_state *hs = (mbedtls_havege_state *) p_rng;
-    unsigned char *p = buf;
-
-    while( len > 0 )
-    {
-        use_len = len;
-        if( use_len > sizeof( val ) )
-            use_len = sizeof( val );
-
-        if( hs->offset[1] >= MBEDTLS_HAVEGE_COLLECT_SIZE )
-            havege_fill( hs );
-
-        val  = hs->pool[hs->offset[0]++];
-        val ^= hs->pool[hs->offset[1]++];
-
-        memcpy( p, &val, use_len );
-
-        len -= use_len;
-        p += use_len;
-    }
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_HAVEGE_C */
diff --git a/Sources/mbedtls/library/hkdf.c b/Sources/mbedtls/library/hkdf.c
deleted file mode 100644
index 5013729..0000000
--- a/Sources/mbedtls/library/hkdf.c
+++ /dev/null
@@ -1,189 +0,0 @@
-/*
- *  HKDF implementation -- RFC 5869
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#include "common.h"
-
-#if defined(MBEDTLS_HKDF_C)
-
-#include <string.h>
-#include "mbedtls/hkdf.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
-                  size_t salt_len, const unsigned char *ikm, size_t ikm_len,
-                  const unsigned char *info, size_t info_len,
-                  unsigned char *okm, size_t okm_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char prk[MBEDTLS_MD_MAX_SIZE];
-
-    ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, prk );
-
-    if( ret == 0 )
-    {
-        ret = mbedtls_hkdf_expand( md, prk, mbedtls_md_get_size( md ),
-                                   info, info_len, okm, okm_len );
-    }
-
-    mbedtls_platform_zeroize( prk, sizeof( prk ) );
-
-    return( ret );
-}
-
-int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
-                          const unsigned char *salt, size_t salt_len,
-                          const unsigned char *ikm, size_t ikm_len,
-                          unsigned char *prk )
-{
-    unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' };
-
-    if( salt == NULL )
-    {
-        size_t hash_len;
-
-        if( salt_len != 0 )
-        {
-            return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
-        }
-
-        hash_len = mbedtls_md_get_size( md );
-
-        if( hash_len == 0 )
-        {
-            return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
-        }
-
-        salt = null_salt;
-        salt_len = hash_len;
-    }
-
-    return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) );
-}
-
-int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
-                         size_t prk_len, const unsigned char *info,
-                         size_t info_len, unsigned char *okm, size_t okm_len )
-{
-    size_t hash_len;
-    size_t where = 0;
-    size_t n;
-    size_t t_len = 0;
-    size_t i;
-    int ret = 0;
-    mbedtls_md_context_t ctx;
-    unsigned char t[MBEDTLS_MD_MAX_SIZE];
-
-    if( okm == NULL )
-    {
-        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
-    }
-
-    hash_len = mbedtls_md_get_size( md );
-
-    if( prk_len < hash_len || hash_len == 0 )
-    {
-        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
-    }
-
-    if( info == NULL )
-    {
-        info = (const unsigned char *) "";
-        info_len = 0;
-    }
-
-    n = okm_len / hash_len;
-
-    if( okm_len % hash_len != 0 )
-    {
-        n++;
-    }
-
-    /*
-     * Per RFC 5869 Section 2.3, okm_len must not exceed
-     * 255 times the hash length
-     */
-    if( n > 255 )
-    {
-        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
-    }
-
-    mbedtls_md_init( &ctx );
-
-    if( ( ret = mbedtls_md_setup( &ctx, md, 1 ) ) != 0 )
-    {
-        goto exit;
-    }
-
-    memset( t, 0, hash_len );
-
-    /*
-     * Compute T = T(1) | T(2) | T(3) | ... | T(N)
-     * Where T(N) is defined in RFC 5869 Section 2.3
-     */
-    for( i = 1; i <= n; i++ )
-    {
-        size_t num_to_copy;
-        unsigned char c = i & 0xff;
-
-        ret = mbedtls_md_hmac_starts( &ctx, prk, prk_len );
-        if( ret != 0 )
-        {
-            goto exit;
-        }
-
-        ret = mbedtls_md_hmac_update( &ctx, t, t_len );
-        if( ret != 0 )
-        {
-            goto exit;
-        }
-
-        ret = mbedtls_md_hmac_update( &ctx, info, info_len );
-        if( ret != 0 )
-        {
-            goto exit;
-        }
-
-        /* The constant concatenated to the end of each T(n) is a single octet.
-         * */
-        ret = mbedtls_md_hmac_update( &ctx, &c, 1 );
-        if( ret != 0 )
-        {
-            goto exit;
-        }
-
-        ret = mbedtls_md_hmac_finish( &ctx, t );
-        if( ret != 0 )
-        {
-            goto exit;
-        }
-
-        num_to_copy = i != n ? hash_len : okm_len - where;
-        memcpy( okm + where, t, num_to_copy );
-        where += hash_len;
-        t_len = hash_len;
-    }
-
-exit:
-    mbedtls_md_free( &ctx );
-    mbedtls_platform_zeroize( t, sizeof( t ) );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_HKDF_C */
diff --git a/Sources/mbedtls/library/hmac_drbg.c b/Sources/mbedtls/library/hmac_drbg.c
deleted file mode 100644
index 69272fa..0000000
--- a/Sources/mbedtls/library/hmac_drbg.c
+++ /dev/null
@@ -1,622 +0,0 @@
-/*
- *  HMAC_DRBG implementation (NIST SP 800-90)
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- *  The NIST SP 800-90A DRBGs are described in the following publication.
- *  http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
- *  References below are based on rev. 1 (January 2012).
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_HMAC_DRBG_C)
-
-#include "mbedtls/hmac_drbg.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#endif
-
-#include "mbedtls/platform.h"
-
-/*
- * HMAC_DRBG context initialization
- */
-void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) );
-
-    ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
-}
-
-/*
- * HMAC_DRBG update, using optional additional data (10.1.2.2)
- */
-int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
-                                  const unsigned char *additional,
-                                  size_t add_len )
-{
-    size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
-    unsigned char rounds = ( additional != NULL && add_len != 0 ) ? 2 : 1;
-    unsigned char sep[1];
-    unsigned char K[MBEDTLS_MD_MAX_SIZE];
-    int ret = MBEDTLS_ERR_MD_BAD_INPUT_DATA;
-
-    for( sep[0] = 0; sep[0] < rounds; sep[0]++ )
-    {
-        /* Step 1 or 4 */
-        if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
-                                            ctx->V, md_len ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
-                                            sep, 1 ) ) != 0 )
-            goto exit;
-        if( rounds == 2 )
-        {
-            if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
-                                                additional, add_len ) ) != 0 )
-            goto exit;
-        }
-        if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, K ) ) != 0 )
-            goto exit;
-
-        /* Step 2 or 5 */
-        if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, K, md_len ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
-                                            ctx->V, md_len ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
-            goto exit;
-    }
-
-exit:
-    mbedtls_platform_zeroize( K, sizeof( K ) );
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
-                               const unsigned char *additional,
-                               size_t add_len )
-{
-    (void) mbedtls_hmac_drbg_update_ret( ctx, additional, add_len );
-}
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
-/*
- * Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
- */
-int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
-                        const mbedtls_md_info_t * md_info,
-                        const unsigned char *data, size_t data_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
-        return( ret );
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
-#endif
-
-    /*
-     * Set initial working state.
-     * Use the V memory location, which is currently all 0, to initialize the
-     * MD context with an all-zero key. Then set V to its initial value.
-     */
-    if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V,
-                                        mbedtls_md_get_size( md_info ) ) ) != 0 )
-        return( ret );
-    memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) );
-
-    if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-/*
- * Internal function used both for seeding and reseeding the DRBG.
- * Comments starting with arabic numbers refer to section 10.1.2.4
- * of SP800-90A, while roman numbers refer to section 9.2.
- */
-static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx,
-                                  const unsigned char *additional, size_t len,
-                                  int use_nonce )
-{
-    unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT];
-    size_t seedlen = 0;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    {
-        size_t total_entropy_len;
-
-        if( use_nonce == 0 )
-            total_entropy_len = ctx->entropy_len;
-        else
-            total_entropy_len = ctx->entropy_len * 3 / 2;
-
-        /* III. Check input length */
-        if( len > MBEDTLS_HMAC_DRBG_MAX_INPUT ||
-            total_entropy_len + len > MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT )
-        {
-            return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
-        }
-    }
-
-    memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
-
-    /* IV. Gather entropy_len bytes of entropy for the seed */
-    if( ( ret = ctx->f_entropy( ctx->p_entropy,
-                                seed, ctx->entropy_len ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
-    }
-    seedlen += ctx->entropy_len;
-
-    /* For initial seeding, allow adding of nonce generated
-     * from the entropy source. See Sect 8.6.7 in SP800-90A. */
-    if( use_nonce )
-    {
-        /* Note: We don't merge the two calls to f_entropy() in order
-         *       to avoid requesting too much entropy from f_entropy()
-         *       at once. Specifically, if the underlying digest is not
-         *       SHA-1, 3 / 2 * entropy_len is at least 36 Bytes, which
-         *       is larger than the maximum of 32 Bytes that our own
-         *       entropy source implementation can emit in a single
-         *       call in configurations disabling SHA-512. */
-        if( ( ret = ctx->f_entropy( ctx->p_entropy,
-                                    seed + seedlen,
-                                    ctx->entropy_len / 2 ) ) != 0 )
-        {
-            return( MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED );
-        }
-
-        seedlen += ctx->entropy_len / 2;
-    }
-
-
-    /* 1. Concatenate entropy and additional data if any */
-    if( additional != NULL && len != 0 )
-    {
-        memcpy( seed + seedlen, additional, len );
-        seedlen += len;
-    }
-
-    /* 2. Update state */
-    if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, seed, seedlen ) ) != 0 )
-        goto exit;
-
-    /* 3. Reset reseed_counter */
-    ctx->reseed_counter = 1;
-
-exit:
-    /* 4. Done */
-    mbedtls_platform_zeroize( seed, seedlen );
-    return( ret );
-}
-
-/*
- * HMAC_DRBG reseeding: 10.1.2.4 + 9.2
- */
-int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
-                      const unsigned char *additional, size_t len )
-{
-    return( hmac_drbg_reseed_core( ctx, additional, len, 0 ) );
-}
-
-/*
- * HMAC_DRBG initialisation (10.1.2.3 + 9.1)
- *
- * The nonce is not passed as a separate parameter but extracted
- * from the entropy source as suggested in 8.6.7.
- */
-int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
-                    const mbedtls_md_info_t * md_info,
-                    int (*f_entropy)(void *, unsigned char *, size_t),
-                    void *p_entropy,
-                    const unsigned char *custom,
-                    size_t len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t md_size;
-
-    if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 )
-        return( ret );
-
-    /* The mutex is initialized iff the md context is set up. */
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
-#endif
-
-    md_size = mbedtls_md_get_size( md_info );
-
-    /*
-     * Set initial working state.
-     * Use the V memory location, which is currently all 0, to initialize the
-     * MD context with an all-zero key. Then set V to its initial value.
-     */
-    if( ( ret = mbedtls_md_hmac_starts( &ctx->md_ctx, ctx->V, md_size ) ) != 0 )
-        return( ret );
-    memset( ctx->V, 0x01, md_size );
-
-    ctx->f_entropy = f_entropy;
-    ctx->p_entropy = p_entropy;
-
-    if( ctx->entropy_len == 0 )
-    {
-        /*
-         * See SP800-57 5.6.1 (p. 65-66) for the security strength provided by
-         * each hash function, then according to SP800-90A rev1 10.1 table 2,
-         * min_entropy_len (in bits) is security_strength.
-         *
-         * (This also matches the sizes used in the NIST test vectors.)
-         */
-        ctx->entropy_len = md_size <= 20 ? 16 : /* 160-bits hash -> 128 bits */
-                           md_size <= 28 ? 24 : /* 224-bits hash -> 192 bits */
-                           32;  /* better (256+) -> 256 bits */
-    }
-
-    if( ( ret = hmac_drbg_reseed_core( ctx, custom, len,
-                                       1 /* add nonce */ ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    return( 0 );
-}
-
-/*
- * Set prediction resistance
- */
-void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
-                                          int resistance )
-{
-    ctx->prediction_resistance = resistance;
-}
-
-/*
- * Set entropy length grabbed for seeding
- */
-void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx, size_t len )
-{
-    ctx->entropy_len = len;
-}
-
-/*
- * Set reseed interval
- */
-void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, int interval )
-{
-    ctx->reseed_interval = interval;
-}
-
-/*
- * HMAC_DRBG random function with optional additional data:
- * 10.1.2.5 (arabic) + 9.3 (Roman)
- */
-int mbedtls_hmac_drbg_random_with_add( void *p_rng,
-                               unsigned char *output, size_t out_len,
-                               const unsigned char *additional, size_t add_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
-    size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info );
-    size_t left = out_len;
-    unsigned char *out = output;
-
-    /* II. Check request length */
-    if( out_len > MBEDTLS_HMAC_DRBG_MAX_REQUEST )
-        return( MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG );
-
-    /* III. Check input length */
-    if( add_len > MBEDTLS_HMAC_DRBG_MAX_INPUT )
-        return( MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG );
-
-    /* 1. (aka VII and IX) Check reseed counter and PR */
-    if( ctx->f_entropy != NULL && /* For no-reseeding instances */
-        ( ctx->prediction_resistance == MBEDTLS_HMAC_DRBG_PR_ON ||
-          ctx->reseed_counter > ctx->reseed_interval ) )
-    {
-        if( ( ret = mbedtls_hmac_drbg_reseed( ctx, additional, add_len ) ) != 0 )
-            return( ret );
-
-        add_len = 0; /* VII.4 */
-    }
-
-    /* 2. Use additional data if any */
-    if( additional != NULL && add_len != 0 )
-    {
-        if( ( ret = mbedtls_hmac_drbg_update_ret( ctx,
-                                                  additional, add_len ) ) != 0 )
-            goto exit;
-    }
-
-    /* 3, 4, 5. Generate bytes */
-    while( left != 0 )
-    {
-        size_t use_len = left > md_len ? md_len : left;
-
-        if( ( ret = mbedtls_md_hmac_reset( &ctx->md_ctx ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md_hmac_update( &ctx->md_ctx,
-                                            ctx->V, md_len ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md_hmac_finish( &ctx->md_ctx, ctx->V ) ) != 0 )
-            goto exit;
-
-        memcpy( out, ctx->V, use_len );
-        out += use_len;
-        left -= use_len;
-    }
-
-    /* 6. Update */
-    if( ( ret = mbedtls_hmac_drbg_update_ret( ctx,
-                                              additional, add_len ) ) != 0 )
-        goto exit;
-
-    /* 7. Update reseed counter */
-    ctx->reseed_counter++;
-
-exit:
-    /* 8. Done */
-    return( ret );
-}
-
-/*
- * HMAC_DRBG random function
- */
-int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    ret = mbedtls_hmac_drbg_random_with_add( ctx, output, out_len, NULL, 0 );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    return( ret );
-}
-
-/*
- *  This function resets HMAC_DRBG context to the state immediately
- *  after initial call of mbedtls_hmac_drbg_init().
- */
-void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-#if defined(MBEDTLS_THREADING_C)
-    /* The mutex is initialized iff the md context is set up. */
-    if( ctx->md_ctx.md_info != NULL )
-        mbedtls_mutex_free( &ctx->mutex );
-#endif
-    mbedtls_md_free( &ctx->md_ctx );
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) );
-    ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL;
-}
-
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    FILE *f;
-    unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
-
-    if( ( f = fopen( path, "wb" ) ) == NULL )
-        return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
-
-    if( ( ret = mbedtls_hmac_drbg_random( ctx, buf, sizeof( buf ) ) ) != 0 )
-        goto exit;
-
-    if( fwrite( buf, 1, sizeof( buf ), f ) != sizeof( buf ) )
-    {
-        ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
-        goto exit;
-    }
-
-    ret = 0;
-
-exit:
-    fclose( f );
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-
-    return( ret );
-}
-
-int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path )
-{
-    int ret = 0;
-    FILE *f = NULL;
-    size_t n;
-    unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
-    unsigned char c;
-
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR );
-
-    n = fread( buf, 1, sizeof( buf ), f );
-    if( fread( &c, 1, 1, f ) != 0 )
-    {
-        ret = MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG;
-        goto exit;
-    }
-    if( n == 0 || ferror( f ) )
-    {
-        ret = MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR;
-        goto exit;
-    }
-    fclose( f );
-    f = NULL;
-
-    ret = mbedtls_hmac_drbg_update_ret( ctx, buf, n );
-
-exit:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-    if( f != NULL )
-        fclose( f );
-    if( ret != 0 )
-        return( ret );
-    return( mbedtls_hmac_drbg_write_seed_file( ctx, path ) );
-}
-#endif /* MBEDTLS_FS_IO */
-
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#if !defined(MBEDTLS_SHA1_C)
-/* Dummy checkup routine */
-int mbedtls_hmac_drbg_self_test( int verbose )
-{
-    (void) verbose;
-    return( 0 );
-}
-#else
-
-#define OUTPUT_LEN  80
-
-/* From a NIST PR=true test vector */
-static const unsigned char entropy_pr[] = {
-    0xa0, 0xc9, 0xab, 0x58, 0xf1, 0xe2, 0xe5, 0xa4, 0xde, 0x3e, 0xbd, 0x4f,
-    0xf7, 0x3e, 0x9c, 0x5b, 0x64, 0xef, 0xd8, 0xca, 0x02, 0x8c, 0xf8, 0x11,
-    0x48, 0xa5, 0x84, 0xfe, 0x69, 0xab, 0x5a, 0xee, 0x42, 0xaa, 0x4d, 0x42,
-    0x17, 0x60, 0x99, 0xd4, 0x5e, 0x13, 0x97, 0xdc, 0x40, 0x4d, 0x86, 0xa3,
-    0x7b, 0xf5, 0x59, 0x54, 0x75, 0x69, 0x51, 0xe4 };
-static const unsigned char result_pr[OUTPUT_LEN] = {
-    0x9a, 0x00, 0xa2, 0xd0, 0x0e, 0xd5, 0x9b, 0xfe, 0x31, 0xec, 0xb1, 0x39,
-    0x9b, 0x60, 0x81, 0x48, 0xd1, 0x96, 0x9d, 0x25, 0x0d, 0x3c, 0x1e, 0x94,
-    0x10, 0x10, 0x98, 0x12, 0x93, 0x25, 0xca, 0xb8, 0xfc, 0xcc, 0x2d, 0x54,
-    0x73, 0x19, 0x70, 0xc0, 0x10, 0x7a, 0xa4, 0x89, 0x25, 0x19, 0x95, 0x5e,
-    0x4b, 0xc6, 0x00, 0x1d, 0x7f, 0x4e, 0x6a, 0x2b, 0xf8, 0xa3, 0x01, 0xab,
-    0x46, 0x05, 0x5c, 0x09, 0xa6, 0x71, 0x88, 0xf1, 0xa7, 0x40, 0xee, 0xf3,
-    0xe1, 0x5c, 0x02, 0x9b, 0x44, 0xaf, 0x03, 0x44 };
-
-/* From a NIST PR=false test vector */
-static const unsigned char entropy_nopr[] = {
-    0x79, 0x34, 0x9b, 0xbf, 0x7c, 0xdd, 0xa5, 0x79, 0x95, 0x57, 0x86, 0x66,
-    0x21, 0xc9, 0x13, 0x83, 0x11, 0x46, 0x73, 0x3a, 0xbf, 0x8c, 0x35, 0xc8,
-    0xc7, 0x21, 0x5b, 0x5b, 0x96, 0xc4, 0x8e, 0x9b, 0x33, 0x8c, 0x74, 0xe3,
-    0xe9, 0x9d, 0xfe, 0xdf };
-static const unsigned char result_nopr[OUTPUT_LEN] = {
-    0xc6, 0xa1, 0x6a, 0xb8, 0xd4, 0x20, 0x70, 0x6f, 0x0f, 0x34, 0xab, 0x7f,
-    0xec, 0x5a, 0xdc, 0xa9, 0xd8, 0xca, 0x3a, 0x13, 0x3e, 0x15, 0x9c, 0xa6,
-    0xac, 0x43, 0xc6, 0xf8, 0xa2, 0xbe, 0x22, 0x83, 0x4a, 0x4c, 0x0a, 0x0a,
-    0xff, 0xb1, 0x0d, 0x71, 0x94, 0xf1, 0xc1, 0xa5, 0xcf, 0x73, 0x22, 0xec,
-    0x1a, 0xe0, 0x96, 0x4e, 0xd4, 0xbf, 0x12, 0x27, 0x46, 0xe0, 0x87, 0xfd,
-    0xb5, 0xb3, 0xe9, 0x1b, 0x34, 0x93, 0xd5, 0xbb, 0x98, 0xfa, 0xed, 0x49,
-    0xe8, 0x5f, 0x13, 0x0f, 0xc8, 0xa4, 0x59, 0xb7 };
-
-/* "Entropy" from buffer */
-static size_t test_offset;
-static int hmac_drbg_self_test_entropy( void *data,
-                                        unsigned char *buf, size_t len )
-{
-    const unsigned char *p = data;
-    memcpy( buf, p + test_offset, len );
-    test_offset += len;
-    return( 0 );
-}
-
-#define CHK( c )    if( (c) != 0 )                          \
-                    {                                       \
-                        if( verbose != 0 )                  \
-                            mbedtls_printf( "failed\n" );  \
-                        return( 1 );                        \
-                    }
-
-/*
- * Checkup routine for HMAC_DRBG with SHA-1
- */
-int mbedtls_hmac_drbg_self_test( int verbose )
-{
-    mbedtls_hmac_drbg_context ctx;
-    unsigned char buf[OUTPUT_LEN];
-    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
-
-    mbedtls_hmac_drbg_init( &ctx );
-
-    /*
-     * PR = True
-     */
-    if( verbose != 0 )
-        mbedtls_printf( "  HMAC_DRBG (PR = True) : " );
-
-    test_offset = 0;
-    CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
-                         hmac_drbg_self_test_entropy, (void *) entropy_pr,
-                         NULL, 0 ) );
-    mbedtls_hmac_drbg_set_prediction_resistance( &ctx, MBEDTLS_HMAC_DRBG_PR_ON );
-    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
-    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
-    CHK( memcmp( buf, result_pr, OUTPUT_LEN ) );
-    mbedtls_hmac_drbg_free( &ctx );
-
-    mbedtls_hmac_drbg_free( &ctx );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    /*
-     * PR = False
-     */
-    if( verbose != 0 )
-        mbedtls_printf( "  HMAC_DRBG (PR = False) : " );
-
-    mbedtls_hmac_drbg_init( &ctx );
-
-    test_offset = 0;
-    CHK( mbedtls_hmac_drbg_seed( &ctx, md_info,
-                         hmac_drbg_self_test_entropy, (void *) entropy_nopr,
-                         NULL, 0 ) );
-    CHK( mbedtls_hmac_drbg_reseed( &ctx, NULL, 0 ) );
-    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
-    CHK( mbedtls_hmac_drbg_random( &ctx, buf, OUTPUT_LEN ) );
-    CHK( memcmp( buf, result_nopr, OUTPUT_LEN ) );
-    mbedtls_hmac_drbg_free( &ctx );
-
-    mbedtls_hmac_drbg_free( &ctx );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_HMAC_DRBG_C */
diff --git a/Sources/mbedtls/library/md.c b/Sources/mbedtls/library/md.c
deleted file mode 100644
index 53a84b0..0000000
--- a/Sources/mbedtls/library/md.c
+++ /dev/null
@@ -1,884 +0,0 @@
-/**
- * \file md.c
- *
- * \brief Generic message digest wrapper for mbed TLS
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_MD_C)
-
-#include "mbedtls/md.h"
-#include "mbedtls/md_internal.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
-#include "mbedtls/md5.h"
-#include "mbedtls/ripemd160.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/sha512.h"
-
-#include "mbedtls/platform.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
-#endif
-
-#if defined(MBEDTLS_MD2_C)
-const mbedtls_md_info_t mbedtls_md2_info = {
-    "MD2",
-    MBEDTLS_MD_MD2,
-    16,
-    16,
-};
-#endif
-
-#if defined(MBEDTLS_MD4_C)
-const mbedtls_md_info_t mbedtls_md4_info = {
-    "MD4",
-    MBEDTLS_MD_MD4,
-    16,
-    64,
-};
-#endif
-
-#if defined(MBEDTLS_MD5_C)
-const mbedtls_md_info_t mbedtls_md5_info = {
-    "MD5",
-    MBEDTLS_MD_MD5,
-    16,
-    64,
-};
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-const mbedtls_md_info_t mbedtls_ripemd160_info = {
-    "RIPEMD160",
-    MBEDTLS_MD_RIPEMD160,
-    20,
-    64,
-};
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-const mbedtls_md_info_t mbedtls_sha1_info = {
-    "SHA1",
-    MBEDTLS_MD_SHA1,
-    20,
-    64,
-};
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-const mbedtls_md_info_t mbedtls_sha224_info = {
-    "SHA224",
-    MBEDTLS_MD_SHA224,
-    28,
-    64,
-};
-
-const mbedtls_md_info_t mbedtls_sha256_info = {
-    "SHA256",
-    MBEDTLS_MD_SHA256,
-    32,
-    64,
-};
-#endif
-
-#if defined(MBEDTLS_SHA512_C)
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-const mbedtls_md_info_t mbedtls_sha384_info = {
-    "SHA384",
-    MBEDTLS_MD_SHA384,
-    48,
-    128,
-};
-#endif
-
-const mbedtls_md_info_t mbedtls_sha512_info = {
-    "SHA512",
-    MBEDTLS_MD_SHA512,
-    64,
-    128,
-};
-#endif
-
-/*
- * Reminder: update profiles in x509_crt.c when adding a new hash!
- */
-static const int supported_digests[] = {
-
-#if defined(MBEDTLS_SHA512_C)
-        MBEDTLS_MD_SHA512,
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-        MBEDTLS_MD_SHA384,
-#endif
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-        MBEDTLS_MD_SHA256,
-        MBEDTLS_MD_SHA224,
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-        MBEDTLS_MD_SHA1,
-#endif
-
-#if defined(MBEDTLS_RIPEMD160_C)
-        MBEDTLS_MD_RIPEMD160,
-#endif
-
-#if defined(MBEDTLS_MD5_C)
-        MBEDTLS_MD_MD5,
-#endif
-
-#if defined(MBEDTLS_MD4_C)
-        MBEDTLS_MD_MD4,
-#endif
-
-#if defined(MBEDTLS_MD2_C)
-        MBEDTLS_MD_MD2,
-#endif
-
-        MBEDTLS_MD_NONE
-};
-
-const int *mbedtls_md_list( void )
-{
-    return( supported_digests );
-}
-
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
-{
-    if( NULL == md_name )
-        return( NULL );
-
-    /* Get the appropriate digest information */
-#if defined(MBEDTLS_MD2_C)
-    if( !strcmp( "MD2", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_MD2 );
-#endif
-#if defined(MBEDTLS_MD4_C)
-    if( !strcmp( "MD4", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_MD4 );
-#endif
-#if defined(MBEDTLS_MD5_C)
-    if( !strcmp( "MD5", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_MD5 );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-    if( !strcmp( "RIPEMD160", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_RIPEMD160 );
-#endif
-#if defined(MBEDTLS_SHA1_C)
-    if( !strcmp( "SHA1", md_name ) || !strcmp( "SHA", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
-#endif
-#if defined(MBEDTLS_SHA256_C)
-    if( !strcmp( "SHA224", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA224 );
-    if( !strcmp( "SHA256", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-    if( !strcmp( "SHA384", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA384 );
-#endif
-    if( !strcmp( "SHA512", md_name ) )
-        return mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 );
-#endif
-    return( NULL );
-}
-
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
-{
-    switch( md_type )
-    {
-#if defined(MBEDTLS_MD2_C)
-        case MBEDTLS_MD_MD2:
-            return( &mbedtls_md2_info );
-#endif
-#if defined(MBEDTLS_MD4_C)
-        case MBEDTLS_MD_MD4:
-            return( &mbedtls_md4_info );
-#endif
-#if defined(MBEDTLS_MD5_C)
-        case MBEDTLS_MD_MD5:
-            return( &mbedtls_md5_info );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-        case MBEDTLS_MD_RIPEMD160:
-            return( &mbedtls_ripemd160_info );
-#endif
-#if defined(MBEDTLS_SHA1_C)
-        case MBEDTLS_MD_SHA1:
-            return( &mbedtls_sha1_info );
-#endif
-#if defined(MBEDTLS_SHA256_C)
-        case MBEDTLS_MD_SHA224:
-            return( &mbedtls_sha224_info );
-        case MBEDTLS_MD_SHA256:
-            return( &mbedtls_sha256_info );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-        case MBEDTLS_MD_SHA384:
-            return( &mbedtls_sha384_info );
-#endif
-        case MBEDTLS_MD_SHA512:
-            return( &mbedtls_sha512_info );
-#endif
-        default:
-            return( NULL );
-    }
-}
-
-void mbedtls_md_init( mbedtls_md_context_t *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_md_context_t ) );
-}
-
-void mbedtls_md_free( mbedtls_md_context_t *ctx )
-{
-    if( ctx == NULL || ctx->md_info == NULL )
-        return;
-
-    if( ctx->md_ctx != NULL )
-    {
-        switch( ctx->md_info->type )
-        {
-#if defined(MBEDTLS_MD2_C)
-            case MBEDTLS_MD_MD2:
-                mbedtls_md2_free( ctx->md_ctx );
-                break;
-#endif
-#if defined(MBEDTLS_MD4_C)
-            case MBEDTLS_MD_MD4:
-                mbedtls_md4_free( ctx->md_ctx );
-                break;
-#endif
-#if defined(MBEDTLS_MD5_C)
-            case MBEDTLS_MD_MD5:
-                mbedtls_md5_free( ctx->md_ctx );
-                break;
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-            case MBEDTLS_MD_RIPEMD160:
-                mbedtls_ripemd160_free( ctx->md_ctx );
-                break;
-#endif
-#if defined(MBEDTLS_SHA1_C)
-            case MBEDTLS_MD_SHA1:
-                mbedtls_sha1_free( ctx->md_ctx );
-                break;
-#endif
-#if defined(MBEDTLS_SHA256_C)
-            case MBEDTLS_MD_SHA224:
-            case MBEDTLS_MD_SHA256:
-                mbedtls_sha256_free( ctx->md_ctx );
-                break;
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-            case MBEDTLS_MD_SHA384:
-#endif
-            case MBEDTLS_MD_SHA512:
-                mbedtls_sha512_free( ctx->md_ctx );
-                break;
-#endif
-            default:
-                /* Shouldn't happen */
-                break;
-        }
-        mbedtls_free( ctx->md_ctx );
-    }
-
-    if( ctx->hmac_ctx != NULL )
-    {
-        mbedtls_platform_zeroize( ctx->hmac_ctx,
-                                  2 * ctx->md_info->block_size );
-        mbedtls_free( ctx->hmac_ctx );
-    }
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) );
-}
-
-int mbedtls_md_clone( mbedtls_md_context_t *dst,
-                      const mbedtls_md_context_t *src )
-{
-    if( dst == NULL || dst->md_info == NULL ||
-        src == NULL || src->md_info == NULL ||
-        dst->md_info != src->md_info )
-    {
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-    }
-
-    switch( src->md_info->type )
-    {
-#if defined(MBEDTLS_MD2_C)
-        case MBEDTLS_MD_MD2:
-            mbedtls_md2_clone( dst->md_ctx, src->md_ctx );
-            break;
-#endif
-#if defined(MBEDTLS_MD4_C)
-        case MBEDTLS_MD_MD4:
-            mbedtls_md4_clone( dst->md_ctx, src->md_ctx );
-            break;
-#endif
-#if defined(MBEDTLS_MD5_C)
-        case MBEDTLS_MD_MD5:
-            mbedtls_md5_clone( dst->md_ctx, src->md_ctx );
-            break;
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-        case MBEDTLS_MD_RIPEMD160:
-            mbedtls_ripemd160_clone( dst->md_ctx, src->md_ctx );
-            break;
-#endif
-#if defined(MBEDTLS_SHA1_C)
-        case MBEDTLS_MD_SHA1:
-            mbedtls_sha1_clone( dst->md_ctx, src->md_ctx );
-            break;
-#endif
-#if defined(MBEDTLS_SHA256_C)
-        case MBEDTLS_MD_SHA224:
-        case MBEDTLS_MD_SHA256:
-            mbedtls_sha256_clone( dst->md_ctx, src->md_ctx );
-            break;
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-        case MBEDTLS_MD_SHA384:
-#endif
-        case MBEDTLS_MD_SHA512:
-            mbedtls_sha512_clone( dst->md_ctx, src->md_ctx );
-            break;
-#endif
-        default:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-    }
-
-    return( 0 );
-}
-
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info )
-{
-    return mbedtls_md_setup( ctx, md_info, 1 );
-}
-#endif
-
-#define ALLOC( type )                                                   \
-    do {                                                                \
-        ctx->md_ctx = mbedtls_calloc( 1, sizeof( mbedtls_##type##_context ) ); \
-        if( ctx->md_ctx == NULL )                                       \
-            return( MBEDTLS_ERR_MD_ALLOC_FAILED );                      \
-        mbedtls_##type##_init( ctx->md_ctx );                           \
-    }                                                                   \
-    while( 0 )
-
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac )
-{
-    if( md_info == NULL || ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    ctx->md_info = md_info;
-    ctx->md_ctx = NULL;
-    ctx->hmac_ctx = NULL;
-
-    switch( md_info->type )
-    {
-#if defined(MBEDTLS_MD2_C)
-        case MBEDTLS_MD_MD2:
-            ALLOC( md2 );
-            break;
-#endif
-#if defined(MBEDTLS_MD4_C)
-        case MBEDTLS_MD_MD4:
-            ALLOC( md4 );
-            break;
-#endif
-#if defined(MBEDTLS_MD5_C)
-        case MBEDTLS_MD_MD5:
-            ALLOC( md5 );
-            break;
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-        case MBEDTLS_MD_RIPEMD160:
-            ALLOC( ripemd160 );
-            break;
-#endif
-#if defined(MBEDTLS_SHA1_C)
-        case MBEDTLS_MD_SHA1:
-            ALLOC( sha1 );
-            break;
-#endif
-#if defined(MBEDTLS_SHA256_C)
-        case MBEDTLS_MD_SHA224:
-        case MBEDTLS_MD_SHA256:
-            ALLOC( sha256 );
-            break;
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-        case MBEDTLS_MD_SHA384:
-#endif
-        case MBEDTLS_MD_SHA512:
-            ALLOC( sha512 );
-            break;
-#endif
-        default:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-    }
-
-    if( hmac != 0 )
-    {
-        ctx->hmac_ctx = mbedtls_calloc( 2, md_info->block_size );
-        if( ctx->hmac_ctx == NULL )
-        {
-            mbedtls_md_free( ctx );
-            return( MBEDTLS_ERR_MD_ALLOC_FAILED );
-        }
-    }
-
-    return( 0 );
-}
-#undef ALLOC
-
-int mbedtls_md_starts( mbedtls_md_context_t *ctx )
-{
-    if( ctx == NULL || ctx->md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    switch( ctx->md_info->type )
-    {
-#if defined(MBEDTLS_MD2_C)
-        case MBEDTLS_MD_MD2:
-            return( mbedtls_md2_starts_ret( ctx->md_ctx ) );
-#endif
-#if defined(MBEDTLS_MD4_C)
-        case MBEDTLS_MD_MD4:
-            return( mbedtls_md4_starts_ret( ctx->md_ctx ) );
-#endif
-#if defined(MBEDTLS_MD5_C)
-        case MBEDTLS_MD_MD5:
-            return( mbedtls_md5_starts_ret( ctx->md_ctx ) );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-        case MBEDTLS_MD_RIPEMD160:
-            return( mbedtls_ripemd160_starts_ret( ctx->md_ctx ) );
-#endif
-#if defined(MBEDTLS_SHA1_C)
-        case MBEDTLS_MD_SHA1:
-            return( mbedtls_sha1_starts_ret( ctx->md_ctx ) );
-#endif
-#if defined(MBEDTLS_SHA256_C)
-        case MBEDTLS_MD_SHA224:
-            return( mbedtls_sha256_starts_ret( ctx->md_ctx, 1 ) );
-        case MBEDTLS_MD_SHA256:
-            return( mbedtls_sha256_starts_ret( ctx->md_ctx, 0 ) );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-        case MBEDTLS_MD_SHA384:
-            return( mbedtls_sha512_starts_ret( ctx->md_ctx, 1 ) );
-#endif
-        case MBEDTLS_MD_SHA512:
-            return( mbedtls_sha512_starts_ret( ctx->md_ctx, 0 ) );
-#endif
-        default:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-    }
-}
-
-int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
-{
-    if( ctx == NULL || ctx->md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    switch( ctx->md_info->type )
-    {
-#if defined(MBEDTLS_MD2_C)
-        case MBEDTLS_MD_MD2:
-            return( mbedtls_md2_update_ret( ctx->md_ctx, input, ilen ) );
-#endif
-#if defined(MBEDTLS_MD4_C)
-        case MBEDTLS_MD_MD4:
-            return( mbedtls_md4_update_ret( ctx->md_ctx, input, ilen ) );
-#endif
-#if defined(MBEDTLS_MD5_C)
-        case MBEDTLS_MD_MD5:
-            return( mbedtls_md5_update_ret( ctx->md_ctx, input, ilen ) );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-        case MBEDTLS_MD_RIPEMD160:
-            return( mbedtls_ripemd160_update_ret( ctx->md_ctx, input, ilen ) );
-#endif
-#if defined(MBEDTLS_SHA1_C)
-        case MBEDTLS_MD_SHA1:
-            return( mbedtls_sha1_update_ret( ctx->md_ctx, input, ilen ) );
-#endif
-#if defined(MBEDTLS_SHA256_C)
-        case MBEDTLS_MD_SHA224:
-        case MBEDTLS_MD_SHA256:
-            return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-        case MBEDTLS_MD_SHA384:
-#endif
-        case MBEDTLS_MD_SHA512:
-            return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) );
-#endif
-        default:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-    }
-}
-
-int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
-{
-    if( ctx == NULL || ctx->md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    switch( ctx->md_info->type )
-    {
-#if defined(MBEDTLS_MD2_C)
-        case MBEDTLS_MD_MD2:
-            return( mbedtls_md2_finish_ret( ctx->md_ctx, output ) );
-#endif
-#if defined(MBEDTLS_MD4_C)
-        case MBEDTLS_MD_MD4:
-            return( mbedtls_md4_finish_ret( ctx->md_ctx, output ) );
-#endif
-#if defined(MBEDTLS_MD5_C)
-        case MBEDTLS_MD_MD5:
-            return( mbedtls_md5_finish_ret( ctx->md_ctx, output ) );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-        case MBEDTLS_MD_RIPEMD160:
-            return( mbedtls_ripemd160_finish_ret( ctx->md_ctx, output ) );
-#endif
-#if defined(MBEDTLS_SHA1_C)
-        case MBEDTLS_MD_SHA1:
-            return( mbedtls_sha1_finish_ret( ctx->md_ctx, output ) );
-#endif
-#if defined(MBEDTLS_SHA256_C)
-        case MBEDTLS_MD_SHA224:
-        case MBEDTLS_MD_SHA256:
-            return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-        case MBEDTLS_MD_SHA384:
-#endif
-        case MBEDTLS_MD_SHA512:
-            return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) );
-#endif
-        default:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-    }
-}
-
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
-            unsigned char *output )
-{
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    switch( md_info->type )
-    {
-#if defined(MBEDTLS_MD2_C)
-        case MBEDTLS_MD_MD2:
-            return( mbedtls_md2_ret( input, ilen, output ) );
-#endif
-#if defined(MBEDTLS_MD4_C)
-        case MBEDTLS_MD_MD4:
-            return( mbedtls_md4_ret( input, ilen, output ) );
-#endif
-#if defined(MBEDTLS_MD5_C)
-        case MBEDTLS_MD_MD5:
-            return( mbedtls_md5_ret( input, ilen, output ) );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-        case MBEDTLS_MD_RIPEMD160:
-            return( mbedtls_ripemd160_ret( input, ilen, output ) );
-#endif
-#if defined(MBEDTLS_SHA1_C)
-        case MBEDTLS_MD_SHA1:
-            return( mbedtls_sha1_ret( input, ilen, output ) );
-#endif
-#if defined(MBEDTLS_SHA256_C)
-        case MBEDTLS_MD_SHA224:
-            return( mbedtls_sha256_ret( input, ilen, output, 1 ) );
-        case MBEDTLS_MD_SHA256:
-            return( mbedtls_sha256_ret( input, ilen, output, 0 ) );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-        case MBEDTLS_MD_SHA384:
-            return( mbedtls_sha512_ret( input, ilen, output, 1 ) );
-#endif
-        case MBEDTLS_MD_SHA512:
-            return( mbedtls_sha512_ret( input, ilen, output, 0 ) );
-#endif
-        default:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-    }
-}
-
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    FILE *f;
-    size_t n;
-    mbedtls_md_context_t ctx;
-    unsigned char buf[1024];
-
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_MD_FILE_IO_ERROR );
-
-    mbedtls_md_init( &ctx );
-
-    if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
-        goto cleanup;
-
-    if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 )
-        goto cleanup;
-
-    while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 )
-        if( ( ret = mbedtls_md_update( &ctx, buf, n ) ) != 0 )
-            goto cleanup;
-
-    if( ferror( f ) != 0 )
-        ret = MBEDTLS_ERR_MD_FILE_IO_ERROR;
-    else
-        ret = mbedtls_md_finish( &ctx, output );
-
-cleanup:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-    fclose( f );
-    mbedtls_md_free( &ctx );
-
-    return( ret );
-}
-#endif /* MBEDTLS_FS_IO */
-
-int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char sum[MBEDTLS_MD_MAX_SIZE];
-    unsigned char *ipad, *opad;
-    size_t i;
-
-    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    if( keylen > (size_t) ctx->md_info->block_size )
-    {
-        if( ( ret = mbedtls_md_starts( ctx ) ) != 0 )
-            goto cleanup;
-        if( ( ret = mbedtls_md_update( ctx, key, keylen ) ) != 0 )
-            goto cleanup;
-        if( ( ret = mbedtls_md_finish( ctx, sum ) ) != 0 )
-            goto cleanup;
-
-        keylen = ctx->md_info->size;
-        key = sum;
-    }
-
-    ipad = (unsigned char *) ctx->hmac_ctx;
-    opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
-
-    memset( ipad, 0x36, ctx->md_info->block_size );
-    memset( opad, 0x5C, ctx->md_info->block_size );
-
-    for( i = 0; i < keylen; i++ )
-    {
-        ipad[i] = (unsigned char)( ipad[i] ^ key[i] );
-        opad[i] = (unsigned char)( opad[i] ^ key[i] );
-    }
-
-    if( ( ret = mbedtls_md_starts( ctx ) ) != 0 )
-        goto cleanup;
-    if( ( ret = mbedtls_md_update( ctx, ipad,
-                                   ctx->md_info->block_size ) ) != 0 )
-        goto cleanup;
-
-cleanup:
-    mbedtls_platform_zeroize( sum, sizeof( sum ) );
-
-    return( ret );
-}
-
-int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
-{
-    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    return( mbedtls_md_update( ctx, input, ilen ) );
-}
-
-int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
-    unsigned char *opad;
-
-    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
-
-    if( ( ret = mbedtls_md_finish( ctx, tmp ) ) != 0 )
-        return( ret );
-    if( ( ret = mbedtls_md_starts( ctx ) ) != 0 )
-        return( ret );
-    if( ( ret = mbedtls_md_update( ctx, opad,
-                                   ctx->md_info->block_size ) ) != 0 )
-        return( ret );
-    if( ( ret = mbedtls_md_update( ctx, tmp,
-                                   ctx->md_info->size ) ) != 0 )
-        return( ret );
-    return( mbedtls_md_finish( ctx, output ) );
-}
-
-int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *ipad;
-
-    if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    ipad = (unsigned char *) ctx->hmac_ctx;
-
-    if( ( ret = mbedtls_md_starts( ctx ) ) != 0 )
-        return( ret );
-    return( mbedtls_md_update( ctx, ipad, ctx->md_info->block_size ) );
-}
-
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info,
-                     const unsigned char *key, size_t keylen,
-                     const unsigned char *input, size_t ilen,
-                     unsigned char *output )
-{
-    mbedtls_md_context_t ctx;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    mbedtls_md_init( &ctx );
-
-    if( ( ret = mbedtls_md_setup( &ctx, md_info, 1 ) ) != 0 )
-        goto cleanup;
-
-    if( ( ret = mbedtls_md_hmac_starts( &ctx, key, keylen ) ) != 0 )
-        goto cleanup;
-    if( ( ret = mbedtls_md_hmac_update( &ctx, input, ilen ) ) != 0 )
-        goto cleanup;
-    if( ( ret = mbedtls_md_hmac_finish( &ctx, output ) ) != 0 )
-        goto cleanup;
-
-cleanup:
-    mbedtls_md_free( &ctx );
-
-    return( ret );
-}
-
-int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
-{
-    if( ctx == NULL || ctx->md_info == NULL )
-        return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-
-    switch( ctx->md_info->type )
-    {
-#if defined(MBEDTLS_MD2_C)
-        case MBEDTLS_MD_MD2:
-            return( mbedtls_internal_md2_process( ctx->md_ctx ) );
-#endif
-#if defined(MBEDTLS_MD4_C)
-        case MBEDTLS_MD_MD4:
-            return( mbedtls_internal_md4_process( ctx->md_ctx, data ) );
-#endif
-#if defined(MBEDTLS_MD5_C)
-        case MBEDTLS_MD_MD5:
-            return( mbedtls_internal_md5_process( ctx->md_ctx, data ) );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-        case MBEDTLS_MD_RIPEMD160:
-            return( mbedtls_internal_ripemd160_process( ctx->md_ctx, data ) );
-#endif
-#if defined(MBEDTLS_SHA1_C)
-        case MBEDTLS_MD_SHA1:
-            return( mbedtls_internal_sha1_process( ctx->md_ctx, data ) );
-#endif
-#if defined(MBEDTLS_SHA256_C)
-        case MBEDTLS_MD_SHA224:
-        case MBEDTLS_MD_SHA256:
-            return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-        case MBEDTLS_MD_SHA384:
-#endif
-        case MBEDTLS_MD_SHA512:
-            return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) );
-#endif
-        default:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
-    }
-}
-
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info )
-{
-    if( md_info == NULL )
-        return( 0 );
-
-    return md_info->size;
-}
-
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info )
-{
-    if( md_info == NULL )
-        return( MBEDTLS_MD_NONE );
-
-    return md_info->type;
-}
-
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info )
-{
-    if( md_info == NULL )
-        return( NULL );
-
-    return md_info->name;
-}
-
-#endif /* MBEDTLS_MD_C */
diff --git a/Sources/mbedtls/library/md2.c b/Sources/mbedtls/library/md2.c
deleted file mode 100644
index f8293a1..0000000
--- a/Sources/mbedtls/library/md2.c
+++ /dev/null
@@ -1,353 +0,0 @@
-/*
- *  RFC 1115/1319 compliant MD2 implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The MD2 algorithm was designed by Ron Rivest in 1989.
- *
- *  http://www.ietf.org/rfc/rfc1115.txt
- *  http://www.ietf.org/rfc/rfc1319.txt
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_MD2_C)
-
-#include "mbedtls/md2.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_MD2_ALT)
-
-static const unsigned char PI_SUBST[256] =
-{
-    0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36,
-    0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3,
-    0xC0, 0xC7, 0x73, 0x8C, 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C,
-    0x82, 0xCA, 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
-    0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, 0xBE, 0x4E,
-    0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, 0xA0, 0xFB, 0xF5, 0x8E,
-    0xBB, 0x2F, 0xEE, 0x7A, 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2,
-    0x07, 0x3F, 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
-    0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, 0x35, 0x3E,
-    0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, 0xFF, 0x19, 0x30, 0xB3,
-    0x48, 0xA5, 0xB5, 0xD1, 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56,
-    0xAA, 0xC6, 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
-    0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, 0x45, 0x9D,
-    0x70, 0x59, 0x64, 0x71, 0x87, 0x20, 0x86, 0x5B, 0xCF, 0x65,
-    0xE6, 0x2D, 0xA8, 0x02, 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0,
-    0xB9, 0xF6, 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
-    0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, 0xC3, 0x5C,
-    0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, 0x2C, 0x53, 0x0D, 0x6E,
-    0x85, 0x28, 0x84, 0x09, 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81,
-    0x4D, 0x52, 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
-    0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, 0x78, 0x88,
-    0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, 0xE9, 0xCB, 0xD5, 0xFE,
-    0x3B, 0x00, 0x1D, 0x39, 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58,
-    0xD0, 0xE4, 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
-    0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99,
-    0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14
-};
-
-void mbedtls_md2_init( mbedtls_md2_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_md2_context ) );
-}
-
-void mbedtls_md2_free( mbedtls_md2_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md2_context ) );
-}
-
-void mbedtls_md2_clone( mbedtls_md2_context *dst,
-                        const mbedtls_md2_context *src )
-{
-    *dst = *src;
-}
-
-/*
- * MD2 context setup
- */
-int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx )
-{
-    memset( ctx->cksum, 0, 16 );
-    memset( ctx->state, 0, 46 );
-    memset( ctx->buffer, 0, 16 );
-    ctx->left = 0;
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_starts( mbedtls_md2_context *ctx )
-{
-    mbedtls_md2_starts_ret( ctx );
-}
-#endif
-
-#if !defined(MBEDTLS_MD2_PROCESS_ALT)
-int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
-{
-    int i, j;
-    unsigned char t = 0;
-
-    for( i = 0; i < 16; i++ )
-    {
-        ctx->state[i + 16] = ctx->buffer[i];
-        ctx->state[i + 32] =
-            (unsigned char)( ctx->buffer[i] ^ ctx->state[i]);
-    }
-
-    for( i = 0; i < 18; i++ )
-    {
-        for( j = 0; j < 48; j++ )
-        {
-            ctx->state[j] = (unsigned char)
-               ( ctx->state[j] ^ PI_SUBST[t] );
-            t  = ctx->state[j];
-        }
-
-        t = (unsigned char)( t + i );
-    }
-
-    t = ctx->cksum[15];
-
-    for( i = 0; i < 16; i++ )
-    {
-        ctx->cksum[i] = (unsigned char)
-           ( ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t] );
-        t  = ctx->cksum[i];
-    }
-
-    /* Zeroise variables to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( &t, sizeof( t ) );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_process( mbedtls_md2_context *ctx )
-{
-    mbedtls_internal_md2_process( ctx );
-}
-#endif
-#endif /* !MBEDTLS_MD2_PROCESS_ALT */
-
-/*
- * MD2 process buffer
- */
-int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t fill;
-
-    while( ilen > 0 )
-    {
-        if( ilen > 16 - ctx->left )
-            fill = 16 - ctx->left;
-        else
-            fill = ilen;
-
-        memcpy( ctx->buffer + ctx->left, input, fill );
-
-        ctx->left += fill;
-        input += fill;
-        ilen  -= fill;
-
-        if( ctx->left == 16 )
-        {
-            ctx->left = 0;
-            if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
-                return( ret );
-        }
-    }
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_update( mbedtls_md2_context *ctx,
-                         const unsigned char *input,
-                         size_t ilen )
-{
-    mbedtls_md2_update_ret( ctx, input, ilen );
-}
-#endif
-
-/*
- * MD2 final digest
- */
-int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
-                            unsigned char output[16] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i;
-    unsigned char x;
-
-    x = (unsigned char)( 16 - ctx->left );
-
-    for( i = ctx->left; i < 16; i++ )
-        ctx->buffer[i] = x;
-
-    if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
-        return( ret );
-
-    memcpy( ctx->buffer, ctx->cksum, 16 );
-    if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 )
-        return( ret );
-
-    memcpy( output, ctx->state, 16 );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2_finish( mbedtls_md2_context *ctx,
-                         unsigned char output[16] )
-{
-    mbedtls_md2_finish_ret( ctx, output );
-}
-#endif
-
-#endif /* !MBEDTLS_MD2_ALT */
-
-/*
- * output = MD2( input buffer )
- */
-int mbedtls_md2_ret( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[16] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_md2_context ctx;
-
-    mbedtls_md2_init( &ctx );
-
-    if( ( ret = mbedtls_md2_starts_ret( &ctx ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_md2_update_ret( &ctx, input, ilen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_md2_finish_ret( &ctx, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_md2_free( &ctx );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md2( const unsigned char *input,
-                  size_t ilen,
-                  unsigned char output[16] )
-{
-    mbedtls_md2_ret( input, ilen, output );
-}
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * RFC 1319 test vectors
- */
-static const unsigned char md2_test_str[7][81] =
-{
-    { "" },
-    { "a" },
-    { "abc" },
-    { "message digest" },
-    { "abcdefghijklmnopqrstuvwxyz" },
-    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
-    { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }
-};
-
-static const size_t md2_test_strlen[7] =
-{
-    0, 1, 3, 14, 26, 62, 80
-};
-
-static const unsigned char md2_test_sum[7][16] =
-{
-    { 0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D,
-      0xF2, 0x27, 0x5C, 0x9F, 0x80, 0x69, 0x27, 0x73 },
-    { 0x32, 0xEC, 0x01, 0xEC, 0x4A, 0x6D, 0xAC, 0x72,
-      0xC0, 0xAB, 0x96, 0xFB, 0x34, 0xC0, 0xB5, 0xD1 },
-    { 0xDA, 0x85, 0x3B, 0x0D, 0x3F, 0x88, 0xD9, 0x9B,
-      0x30, 0x28, 0x3A, 0x69, 0xE6, 0xDE, 0xD6, 0xBB },
-    { 0xAB, 0x4F, 0x49, 0x6B, 0xFB, 0x2A, 0x53, 0x0B,
-      0x21, 0x9F, 0xF3, 0x30, 0x31, 0xFE, 0x06, 0xB0 },
-    { 0x4E, 0x8D, 0xDF, 0xF3, 0x65, 0x02, 0x92, 0xAB,
-      0x5A, 0x41, 0x08, 0xC3, 0xAA, 0x47, 0x94, 0x0B },
-    { 0xDA, 0x33, 0xDE, 0xF2, 0xA4, 0x2D, 0xF1, 0x39,
-      0x75, 0x35, 0x28, 0x46, 0xC3, 0x03, 0x38, 0xCD },
-    { 0xD5, 0x97, 0x6F, 0x79, 0xD8, 0x3D, 0x3A, 0x0D,
-      0xC9, 0x80, 0x6C, 0x3C, 0x66, 0xF3, 0xEF, 0xD8 }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_md2_self_test( int verbose )
-{
-    int i, ret = 0;
-    unsigned char md2sum[16];
-
-    for( i = 0; i < 7; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  MD2 test #%d: ", i + 1 );
-
-        ret = mbedtls_md2_ret( md2_test_str[i], md2_test_strlen[i], md2sum );
-        if( ret != 0 )
-            goto fail;
-
-        if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 )
-        {
-            ret = 1;
-            goto fail;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-
-fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_MD2_C */
diff --git a/Sources/mbedtls/library/md4.c b/Sources/mbedtls/library/md4.c
deleted file mode 100644
index a412213..0000000
--- a/Sources/mbedtls/library/md4.c
+++ /dev/null
@@ -1,454 +0,0 @@
-/*
- *  RFC 1186/1320 compliant MD4 implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The MD4 algorithm was designed by Ron Rivest in 1990.
- *
- *  http://www.ietf.org/rfc/rfc1186.txt
- *  http://www.ietf.org/rfc/rfc1320.txt
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_MD4_C)
-
-#include "mbedtls/md4.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_MD4_ALT)
-
-void mbedtls_md4_init( mbedtls_md4_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_md4_context ) );
-}
-
-void mbedtls_md4_free( mbedtls_md4_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md4_context ) );
-}
-
-void mbedtls_md4_clone( mbedtls_md4_context *dst,
-                        const mbedtls_md4_context *src )
-{
-    *dst = *src;
-}
-
-/*
- * MD4 context setup
- */
-int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx )
-{
-    ctx->total[0] = 0;
-    ctx->total[1] = 0;
-
-    ctx->state[0] = 0x67452301;
-    ctx->state[1] = 0xEFCDAB89;
-    ctx->state[2] = 0x98BADCFE;
-    ctx->state[3] = 0x10325476;
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_starts( mbedtls_md4_context *ctx )
-{
-    mbedtls_md4_starts_ret( ctx );
-}
-#endif
-
-#if !defined(MBEDTLS_MD4_PROCESS_ALT)
-int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
-                                  const unsigned char data[64] )
-{
-    struct
-    {
-        uint32_t X[16], A, B, C, D;
-    } local;
-
-    local.X[ 0] = MBEDTLS_GET_UINT32_LE( data,  0 );
-    local.X[ 1] = MBEDTLS_GET_UINT32_LE( data,  4 );
-    local.X[ 2] = MBEDTLS_GET_UINT32_LE( data,  8 );
-    local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
-    local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
-    local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
-    local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
-    local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
-    local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
-    local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
-    local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
-    local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
-    local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
-    local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
-    local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
-    local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
-
-#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
-
-    local.A = ctx->state[0];
-    local.B = ctx->state[1];
-    local.C = ctx->state[2];
-    local.D = ctx->state[3];
-
-#define F(x, y, z) (((x) & (y)) | ((~(x)) & (z)))
-#define P(a,b,c,d,x,s)                           \
-    do                                           \
-    {                                            \
-        (a) += F((b),(c),(d)) + (x);             \
-        (a) = S((a),(s));                        \
-    } while( 0 )
-
-
-    P( local.A, local.B, local.C, local.D, local.X[ 0],  3 );
-    P( local.D, local.A, local.B, local.C, local.X[ 1],  7 );
-    P( local.C, local.D, local.A, local.B, local.X[ 2], 11 );
-    P( local.B, local.C, local.D, local.A, local.X[ 3], 19 );
-    P( local.A, local.B, local.C, local.D, local.X[ 4],  3 );
-    P( local.D, local.A, local.B, local.C, local.X[ 5],  7 );
-    P( local.C, local.D, local.A, local.B, local.X[ 6], 11 );
-    P( local.B, local.C, local.D, local.A, local.X[ 7], 19 );
-    P( local.A, local.B, local.C, local.D, local.X[ 8],  3 );
-    P( local.D, local.A, local.B, local.C, local.X[ 9],  7 );
-    P( local.C, local.D, local.A, local.B, local.X[10], 11 );
-    P( local.B, local.C, local.D, local.A, local.X[11], 19 );
-    P( local.A, local.B, local.C, local.D, local.X[12],  3 );
-    P( local.D, local.A, local.B, local.C, local.X[13],  7 );
-    P( local.C, local.D, local.A, local.B, local.X[14], 11 );
-    P( local.B, local.C, local.D, local.A, local.X[15], 19 );
-
-#undef P
-#undef F
-
-#define F(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
-#define P(a,b,c,d,x,s)                          \
-    do                                          \
-    {                                           \
-        (a) += F((b),(c),(d)) + (x) + 0x5A827999;       \
-        (a) = S((a),(s));                               \
-    } while( 0 )
-
-    P( local.A, local.B, local.C, local.D, local.X[ 0],  3 );
-    P( local.D, local.A, local.B, local.C, local.X[ 4],  5 );
-    P( local.C, local.D, local.A, local.B, local.X[ 8],  9 );
-    P( local.B, local.C, local.D, local.A, local.X[12], 13 );
-    P( local.A, local.B, local.C, local.D, local.X[ 1],  3 );
-    P( local.D, local.A, local.B, local.C, local.X[ 5],  5 );
-    P( local.C, local.D, local.A, local.B, local.X[ 9],  9 );
-    P( local.B, local.C, local.D, local.A, local.X[13], 13 );
-    P( local.A, local.B, local.C, local.D, local.X[ 2],  3 );
-    P( local.D, local.A, local.B, local.C, local.X[ 6],  5 );
-    P( local.C, local.D, local.A, local.B, local.X[10],  9 );
-    P( local.B, local.C, local.D, local.A, local.X[14], 13 );
-    P( local.A, local.B, local.C, local.D, local.X[ 3],  3 );
-    P( local.D, local.A, local.B, local.C, local.X[ 7],  5 );
-    P( local.C, local.D, local.A, local.B, local.X[11],  9 );
-    P( local.B, local.C, local.D, local.A, local.X[15], 13 );
-
-#undef P
-#undef F
-
-#define F(x,y,z) ((x) ^ (y) ^ (z))
-#define P(a,b,c,d,x,s)                                  \
-    do                                                  \
-    {                                                   \
-        (a) += F((b),(c),(d)) + (x) + 0x6ED9EBA1;       \
-        (a) = S((a),(s));                               \
-    } while( 0 )
-
-    P( local.A, local.B, local.C, local.D, local.X[ 0],  3 );
-    P( local.D, local.A, local.B, local.C, local.X[ 8],  9 );
-    P( local.C, local.D, local.A, local.B, local.X[ 4], 11 );
-    P( local.B, local.C, local.D, local.A, local.X[12], 15 );
-    P( local.A, local.B, local.C, local.D, local.X[ 2],  3 );
-    P( local.D, local.A, local.B, local.C, local.X[10],  9 );
-    P( local.C, local.D, local.A, local.B, local.X[ 6], 11 );
-    P( local.B, local.C, local.D, local.A, local.X[14], 15 );
-    P( local.A, local.B, local.C, local.D, local.X[ 1],  3 );
-    P( local.D, local.A, local.B, local.C, local.X[ 9],  9 );
-    P( local.C, local.D, local.A, local.B, local.X[ 5], 11 );
-    P( local.B, local.C, local.D, local.A, local.X[13], 15 );
-    P( local.A, local.B, local.C, local.D, local.X[ 3],  3 );
-    P( local.D, local.A, local.B, local.C, local.X[11],  9 );
-    P( local.C, local.D, local.A, local.B, local.X[ 7], 11 );
-    P( local.B, local.C, local.D, local.A, local.X[15], 15 );
-
-#undef F
-#undef P
-
-    ctx->state[0] += local.A;
-    ctx->state[1] += local.B;
-    ctx->state[2] += local.C;
-    ctx->state[3] += local.D;
-
-    /* Zeroise variables to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( &local, sizeof( local ) );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_process( mbedtls_md4_context *ctx,
-                          const unsigned char data[64] )
-{
-    mbedtls_internal_md4_process( ctx, data );
-}
-#endif
-#endif /* !MBEDTLS_MD4_PROCESS_ALT */
-
-/*
- * MD4 process buffer
- */
-int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t fill;
-    uint32_t left;
-
-    if( ilen == 0 )
-        return( 0 );
-
-    left = ctx->total[0] & 0x3F;
-    fill = 64 - left;
-
-    ctx->total[0] += (uint32_t) ilen;
-    ctx->total[0] &= 0xFFFFFFFF;
-
-    if( ctx->total[0] < (uint32_t) ilen )
-        ctx->total[1]++;
-
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left),
-                (void *) input, fill );
-
-        if( ( ret = mbedtls_internal_md4_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
-
-        input += fill;
-        ilen  -= fill;
-        left = 0;
-    }
-
-    while( ilen >= 64 )
-    {
-        if( ( ret = mbedtls_internal_md4_process( ctx, input ) ) != 0 )
-            return( ret );
-
-        input += 64;
-        ilen  -= 64;
-    }
-
-    if( ilen > 0 )
-    {
-        memcpy( (void *) (ctx->buffer + left),
-                (void *) input, ilen );
-    }
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_update( mbedtls_md4_context *ctx,
-                         const unsigned char *input,
-                         size_t ilen )
-{
-    mbedtls_md4_update_ret( ctx, input, ilen );
-}
-#endif
-
-static const unsigned char md4_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/*
- * MD4 final digest
- */
-int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
-                            unsigned char output[16] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    uint32_t last, padn;
-    uint32_t high, low;
-    unsigned char msglen[8];
-
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
-
-    MBEDTLS_PUT_UINT32_LE( low,  msglen, 0 );
-    MBEDTLS_PUT_UINT32_LE( high, msglen, 4 );
-
-    last = ctx->total[0] & 0x3F;
-    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
-
-    ret = mbedtls_md4_update_ret( ctx, (unsigned char *)md4_padding, padn );
-    if( ret != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_md4_update_ret( ctx, msglen, 8 ) ) != 0 )
-        return( ret );
-
-
-    MBEDTLS_PUT_UINT32_LE( ctx->state[0], output,  0 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[1], output,  4 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[2], output,  8 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4_finish( mbedtls_md4_context *ctx,
-                         unsigned char output[16] )
-{
-    mbedtls_md4_finish_ret( ctx, output );
-}
-#endif
-
-#endif /* !MBEDTLS_MD4_ALT */
-
-/*
- * output = MD4( input buffer )
- */
-int mbedtls_md4_ret( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[16] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_md4_context ctx;
-
-    mbedtls_md4_init( &ctx );
-
-    if( ( ret = mbedtls_md4_starts_ret( &ctx ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_md4_update_ret( &ctx, input, ilen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_md4_finish_ret( &ctx, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_md4_free( &ctx );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md4( const unsigned char *input,
-                  size_t ilen,
-                  unsigned char output[16] )
-{
-    mbedtls_md4_ret( input, ilen, output );
-}
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * RFC 1320 test vectors
- */
-static const unsigned char md4_test_str[7][81] =
-{
-    { "" },
-    { "a" },
-    { "abc" },
-    { "message digest" },
-    { "abcdefghijklmnopqrstuvwxyz" },
-    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
-    { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }
-};
-
-static const size_t md4_test_strlen[7] =
-{
-    0, 1, 3, 14, 26, 62, 80
-};
-
-static const unsigned char md4_test_sum[7][16] =
-{
-    { 0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31,
-      0xB7, 0x3C, 0x59, 0xD7, 0xE0, 0xC0, 0x89, 0xC0 },
-    { 0xBD, 0xE5, 0x2C, 0xB3, 0x1D, 0xE3, 0x3E, 0x46,
-      0x24, 0x5E, 0x05, 0xFB, 0xDB, 0xD6, 0xFB, 0x24 },
-    { 0xA4, 0x48, 0x01, 0x7A, 0xAF, 0x21, 0xD8, 0x52,
-      0x5F, 0xC1, 0x0A, 0xE8, 0x7A, 0xA6, 0x72, 0x9D },
-    { 0xD9, 0x13, 0x0A, 0x81, 0x64, 0x54, 0x9F, 0xE8,
-      0x18, 0x87, 0x48, 0x06, 0xE1, 0xC7, 0x01, 0x4B },
-    { 0xD7, 0x9E, 0x1C, 0x30, 0x8A, 0xA5, 0xBB, 0xCD,
-      0xEE, 0xA8, 0xED, 0x63, 0xDF, 0x41, 0x2D, 0xA9 },
-    { 0x04, 0x3F, 0x85, 0x82, 0xF2, 0x41, 0xDB, 0x35,
-      0x1C, 0xE6, 0x27, 0xE1, 0x53, 0xE7, 0xF0, 0xE4 },
-    { 0xE3, 0x3B, 0x4D, 0xDC, 0x9C, 0x38, 0xF2, 0x19,
-      0x9C, 0x3E, 0x7B, 0x16, 0x4F, 0xCC, 0x05, 0x36 }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_md4_self_test( int verbose )
-{
-    int i, ret = 0;
-    unsigned char md4sum[16];
-
-    for( i = 0; i < 7; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  MD4 test #%d: ", i + 1 );
-
-        ret = mbedtls_md4_ret( md4_test_str[i], md4_test_strlen[i], md4sum );
-        if( ret != 0 )
-            goto fail;
-
-        if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 )
-        {
-            ret = 1;
-            goto fail;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-
-fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_MD4_C */
diff --git a/Sources/mbedtls/library/md5.c b/Sources/mbedtls/library/md5.c
deleted file mode 100644
index e53bfe6..0000000
--- a/Sources/mbedtls/library/md5.c
+++ /dev/null
@@ -1,468 +0,0 @@
-/*
- *  RFC 1321 compliant MD5 implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The MD5 algorithm was designed by Ron Rivest in 1991.
- *
- *  http://www.ietf.org/rfc/rfc1321.txt
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_MD5_C)
-
-#include "mbedtls/md5.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_MD5_ALT)
-
-void mbedtls_md5_init( mbedtls_md5_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_md5_context ) );
-}
-
-void mbedtls_md5_free( mbedtls_md5_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) );
-}
-
-void mbedtls_md5_clone( mbedtls_md5_context *dst,
-                        const mbedtls_md5_context *src )
-{
-    *dst = *src;
-}
-
-/*
- * MD5 context setup
- */
-int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx )
-{
-    ctx->total[0] = 0;
-    ctx->total[1] = 0;
-
-    ctx->state[0] = 0x67452301;
-    ctx->state[1] = 0xEFCDAB89;
-    ctx->state[2] = 0x98BADCFE;
-    ctx->state[3] = 0x10325476;
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_starts( mbedtls_md5_context *ctx )
-{
-    mbedtls_md5_starts_ret( ctx );
-}
-#endif
-
-#if !defined(MBEDTLS_MD5_PROCESS_ALT)
-int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
-                                  const unsigned char data[64] )
-{
-    struct
-    {
-        uint32_t X[16], A, B, C, D;
-    } local;
-
-    local.X[ 0] = MBEDTLS_GET_UINT32_LE( data,  0 );
-    local.X[ 1] = MBEDTLS_GET_UINT32_LE( data,  4 );
-    local.X[ 2] = MBEDTLS_GET_UINT32_LE( data,  8 );
-    local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
-    local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
-    local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
-    local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
-    local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
-    local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
-    local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
-    local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
-    local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
-    local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
-    local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
-    local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
-    local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
-
-#define S(x,n)                                                          \
-    ( ( (x) << (n) ) | ( ( (x) & 0xFFFFFFFF) >> ( 32 - (n) ) ) )
-
-#define P(a,b,c,d,k,s,t)                                                \
-    do                                                                  \
-    {                                                                   \
-        (a) += F((b),(c),(d)) + local.X[(k)] + (t);                     \
-        (a) = S((a),(s)) + (b);                                         \
-    } while( 0 )
-
-    local.A = ctx->state[0];
-    local.B = ctx->state[1];
-    local.C = ctx->state[2];
-    local.D = ctx->state[3];
-
-#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
-
-    P( local.A, local.B, local.C, local.D,  0,  7, 0xD76AA478 );
-    P( local.D, local.A, local.B, local.C,  1, 12, 0xE8C7B756 );
-    P( local.C, local.D, local.A, local.B,  2, 17, 0x242070DB );
-    P( local.B, local.C, local.D, local.A,  3, 22, 0xC1BDCEEE );
-    P( local.A, local.B, local.C, local.D,  4,  7, 0xF57C0FAF );
-    P( local.D, local.A, local.B, local.C,  5, 12, 0x4787C62A );
-    P( local.C, local.D, local.A, local.B,  6, 17, 0xA8304613 );
-    P( local.B, local.C, local.D, local.A,  7, 22, 0xFD469501 );
-    P( local.A, local.B, local.C, local.D,  8,  7, 0x698098D8 );
-    P( local.D, local.A, local.B, local.C,  9, 12, 0x8B44F7AF );
-    P( local.C, local.D, local.A, local.B, 10, 17, 0xFFFF5BB1 );
-    P( local.B, local.C, local.D, local.A, 11, 22, 0x895CD7BE );
-    P( local.A, local.B, local.C, local.D, 12,  7, 0x6B901122 );
-    P( local.D, local.A, local.B, local.C, 13, 12, 0xFD987193 );
-    P( local.C, local.D, local.A, local.B, 14, 17, 0xA679438E );
-    P( local.B, local.C, local.D, local.A, 15, 22, 0x49B40821 );
-
-#undef F
-
-#define F(x,y,z) ((y) ^ ((z) & ((x) ^ (y))))
-
-    P( local.A, local.B, local.C, local.D,  1,  5, 0xF61E2562 );
-    P( local.D, local.A, local.B, local.C,  6,  9, 0xC040B340 );
-    P( local.C, local.D, local.A, local.B, 11, 14, 0x265E5A51 );
-    P( local.B, local.C, local.D, local.A,  0, 20, 0xE9B6C7AA );
-    P( local.A, local.B, local.C, local.D,  5,  5, 0xD62F105D );
-    P( local.D, local.A, local.B, local.C, 10,  9, 0x02441453 );
-    P( local.C, local.D, local.A, local.B, 15, 14, 0xD8A1E681 );
-    P( local.B, local.C, local.D, local.A,  4, 20, 0xE7D3FBC8 );
-    P( local.A, local.B, local.C, local.D,  9,  5, 0x21E1CDE6 );
-    P( local.D, local.A, local.B, local.C, 14,  9, 0xC33707D6 );
-    P( local.C, local.D, local.A, local.B,  3, 14, 0xF4D50D87 );
-    P( local.B, local.C, local.D, local.A,  8, 20, 0x455A14ED );
-    P( local.A, local.B, local.C, local.D, 13,  5, 0xA9E3E905 );
-    P( local.D, local.A, local.B, local.C,  2,  9, 0xFCEFA3F8 );
-    P( local.C, local.D, local.A, local.B,  7, 14, 0x676F02D9 );
-    P( local.B, local.C, local.D, local.A, 12, 20, 0x8D2A4C8A );
-
-#undef F
-
-#define F(x,y,z) ((x) ^ (y) ^ (z))
-
-    P( local.A, local.B, local.C, local.D,  5,  4, 0xFFFA3942 );
-    P( local.D, local.A, local.B, local.C,  8, 11, 0x8771F681 );
-    P( local.C, local.D, local.A, local.B, 11, 16, 0x6D9D6122 );
-    P( local.B, local.C, local.D, local.A, 14, 23, 0xFDE5380C );
-    P( local.A, local.B, local.C, local.D,  1,  4, 0xA4BEEA44 );
-    P( local.D, local.A, local.B, local.C,  4, 11, 0x4BDECFA9 );
-    P( local.C, local.D, local.A, local.B,  7, 16, 0xF6BB4B60 );
-    P( local.B, local.C, local.D, local.A, 10, 23, 0xBEBFBC70 );
-    P( local.A, local.B, local.C, local.D, 13,  4, 0x289B7EC6 );
-    P( local.D, local.A, local.B, local.C,  0, 11, 0xEAA127FA );
-    P( local.C, local.D, local.A, local.B,  3, 16, 0xD4EF3085 );
-    P( local.B, local.C, local.D, local.A,  6, 23, 0x04881D05 );
-    P( local.A, local.B, local.C, local.D,  9,  4, 0xD9D4D039 );
-    P( local.D, local.A, local.B, local.C, 12, 11, 0xE6DB99E5 );
-    P( local.C, local.D, local.A, local.B, 15, 16, 0x1FA27CF8 );
-    P( local.B, local.C, local.D, local.A,  2, 23, 0xC4AC5665 );
-
-#undef F
-
-#define F(x,y,z) ((y) ^ ((x) | ~(z)))
-
-    P( local.A, local.B, local.C, local.D,  0,  6, 0xF4292244 );
-    P( local.D, local.A, local.B, local.C,  7, 10, 0x432AFF97 );
-    P( local.C, local.D, local.A, local.B, 14, 15, 0xAB9423A7 );
-    P( local.B, local.C, local.D, local.A,  5, 21, 0xFC93A039 );
-    P( local.A, local.B, local.C, local.D, 12,  6, 0x655B59C3 );
-    P( local.D, local.A, local.B, local.C,  3, 10, 0x8F0CCC92 );
-    P( local.C, local.D, local.A, local.B, 10, 15, 0xFFEFF47D );
-    P( local.B, local.C, local.D, local.A,  1, 21, 0x85845DD1 );
-    P( local.A, local.B, local.C, local.D,  8,  6, 0x6FA87E4F );
-    P( local.D, local.A, local.B, local.C, 15, 10, 0xFE2CE6E0 );
-    P( local.C, local.D, local.A, local.B,  6, 15, 0xA3014314 );
-    P( local.B, local.C, local.D, local.A, 13, 21, 0x4E0811A1 );
-    P( local.A, local.B, local.C, local.D,  4,  6, 0xF7537E82 );
-    P( local.D, local.A, local.B, local.C, 11, 10, 0xBD3AF235 );
-    P( local.C, local.D, local.A, local.B,  2, 15, 0x2AD7D2BB );
-    P( local.B, local.C, local.D, local.A,  9, 21, 0xEB86D391 );
-
-#undef F
-
-    ctx->state[0] += local.A;
-    ctx->state[1] += local.B;
-    ctx->state[2] += local.C;
-    ctx->state[3] += local.D;
-
-    /* Zeroise variables to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( &local, sizeof( local ) );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_process( mbedtls_md5_context *ctx,
-                          const unsigned char data[64] )
-{
-    mbedtls_internal_md5_process( ctx, data );
-}
-#endif
-#endif /* !MBEDTLS_MD5_PROCESS_ALT */
-
-/*
- * MD5 process buffer
- */
-int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t fill;
-    uint32_t left;
-
-    if( ilen == 0 )
-        return( 0 );
-
-    left = ctx->total[0] & 0x3F;
-    fill = 64 - left;
-
-    ctx->total[0] += (uint32_t) ilen;
-    ctx->total[0] &= 0xFFFFFFFF;
-
-    if( ctx->total[0] < (uint32_t) ilen )
-        ctx->total[1]++;
-
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
-        if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
-
-        input += fill;
-        ilen  -= fill;
-        left = 0;
-    }
-
-    while( ilen >= 64 )
-    {
-        if( ( ret = mbedtls_internal_md5_process( ctx, input ) ) != 0 )
-            return( ret );
-
-        input += 64;
-        ilen  -= 64;
-    }
-
-    if( ilen > 0 )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
-    }
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_update( mbedtls_md5_context *ctx,
-                         const unsigned char *input,
-                         size_t ilen )
-{
-    mbedtls_md5_update_ret( ctx, input, ilen );
-}
-#endif
-
-/*
- * MD5 final digest
- */
-int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
-                            unsigned char output[16] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    uint32_t used;
-    uint32_t high, low;
-
-    /*
-     * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
-     */
-    used = ctx->total[0] & 0x3F;
-
-    ctx->buffer[used++] = 0x80;
-
-    if( used <= 56 )
-    {
-        /* Enough room for padding + length in current block */
-        memset( ctx->buffer + used, 0, 56 - used );
-    }
-    else
-    {
-        /* We'll need an extra block */
-        memset( ctx->buffer + used, 0, 64 - used );
-
-        if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
-
-        memset( ctx->buffer, 0, 56 );
-    }
-
-    /*
-     * Add message length
-     */
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
-
-    MBEDTLS_PUT_UINT32_LE( low,  ctx->buffer, 56 );
-    MBEDTLS_PUT_UINT32_LE( high, ctx->buffer, 60 );
-
-    if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 )
-        return( ret );
-
-    /*
-     * Output final state
-     */
-    MBEDTLS_PUT_UINT32_LE( ctx->state[0], output,  0 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[1], output,  4 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[2], output,  8 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5_finish( mbedtls_md5_context *ctx,
-                         unsigned char output[16] )
-{
-    mbedtls_md5_finish_ret( ctx, output );
-}
-#endif
-
-#endif /* !MBEDTLS_MD5_ALT */
-
-/*
- * output = MD5( input buffer )
- */
-int mbedtls_md5_ret( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[16] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_md5_context ctx;
-
-    mbedtls_md5_init( &ctx );
-
-    if( ( ret = mbedtls_md5_starts_ret( &ctx ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_md5_update_ret( &ctx, input, ilen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_md5_finish_ret( &ctx, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_md5_free( &ctx );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_md5( const unsigned char *input,
-                  size_t ilen,
-                  unsigned char output[16] )
-{
-    mbedtls_md5_ret( input, ilen, output );
-}
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * RFC 1321 test vectors
- */
-static const unsigned char md5_test_buf[7][81] =
-{
-    { "" },
-    { "a" },
-    { "abc" },
-    { "message digest" },
-    { "abcdefghijklmnopqrstuvwxyz" },
-    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
-    { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" }
-};
-
-static const size_t md5_test_buflen[7] =
-{
-    0, 1, 3, 14, 26, 62, 80
-};
-
-static const unsigned char md5_test_sum[7][16] =
-{
-    { 0xD4, 0x1D, 0x8C, 0xD9, 0x8F, 0x00, 0xB2, 0x04,
-      0xE9, 0x80, 0x09, 0x98, 0xEC, 0xF8, 0x42, 0x7E },
-    { 0x0C, 0xC1, 0x75, 0xB9, 0xC0, 0xF1, 0xB6, 0xA8,
-      0x31, 0xC3, 0x99, 0xE2, 0x69, 0x77, 0x26, 0x61 },
-    { 0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0,
-      0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72 },
-    { 0xF9, 0x6B, 0x69, 0x7D, 0x7C, 0xB7, 0x93, 0x8D,
-      0x52, 0x5A, 0x2F, 0x31, 0xAA, 0xF1, 0x61, 0xD0 },
-    { 0xC3, 0xFC, 0xD3, 0xD7, 0x61, 0x92, 0xE4, 0x00,
-      0x7D, 0xFB, 0x49, 0x6C, 0xCA, 0x67, 0xE1, 0x3B },
-    { 0xD1, 0x74, 0xAB, 0x98, 0xD2, 0x77, 0xD9, 0xF5,
-      0xA5, 0x61, 0x1C, 0x2C, 0x9F, 0x41, 0x9D, 0x9F },
-    { 0x57, 0xED, 0xF4, 0xA2, 0x2B, 0xE3, 0xC9, 0x55,
-      0xAC, 0x49, 0xDA, 0x2E, 0x21, 0x07, 0xB6, 0x7A }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_md5_self_test( int verbose )
-{
-    int i, ret = 0;
-    unsigned char md5sum[16];
-
-    for( i = 0; i < 7; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  MD5 test #%d: ", i + 1 );
-
-        ret = mbedtls_md5_ret( md5_test_buf[i], md5_test_buflen[i], md5sum );
-        if( ret != 0 )
-            goto fail;
-
-        if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 )
-        {
-            ret = 1;
-            goto fail;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-
-fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_MD5_C */
diff --git a/Sources/mbedtls/library/memory_buffer_alloc.c b/Sources/mbedtls/library/memory_buffer_alloc.c
deleted file mode 100644
index cc62324..0000000
--- a/Sources/mbedtls/library/memory_buffer_alloc.c
+++ /dev/null
@@ -1,744 +0,0 @@
-/*
- *  Buffer-based memory allocator
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#include "mbedtls/memory_buffer_alloc.h"
-
-/* No need for the header guard as MBEDTLS_MEMORY_BUFFER_ALLOC_C
-   is dependent upon MBEDTLS_PLATFORM_C */
-#include "mbedtls/platform.h"
-#include "mbedtls/platform_util.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-#include <execinfo.h>
-#endif
-
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-#define MAGIC1       0xFF00AA55
-#define MAGIC2       0xEE119966
-#define MAX_BT 20
-
-typedef struct _memory_header memory_header;
-struct _memory_header
-{
-    size_t          magic1;
-    size_t          size;
-    size_t          alloc;
-    memory_header   *prev;
-    memory_header   *next;
-    memory_header   *prev_free;
-    memory_header   *next_free;
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    char            **trace;
-    size_t          trace_count;
-#endif
-    size_t          magic2;
-};
-
-typedef struct
-{
-    unsigned char   *buf;
-    size_t          len;
-    memory_header   *first;
-    memory_header   *first_free;
-    int             verify;
-#if defined(MBEDTLS_MEMORY_DEBUG)
-    size_t          alloc_count;
-    size_t          free_count;
-    size_t          total_used;
-    size_t          maximum_used;
-    size_t          header_count;
-    size_t          maximum_header_count;
-#endif
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t   mutex;
-#endif
-}
-buffer_alloc_ctx;
-
-static buffer_alloc_ctx heap;
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-static void debug_header( memory_header *hdr )
-{
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    size_t i;
-#endif
-
-    mbedtls_fprintf( stderr, "HDR:  PTR(%10zu), PREV(%10zu), NEXT(%10zu), "
-                              "ALLOC(%zu), SIZE(%10zu)\n",
-                      (size_t) hdr, (size_t) hdr->prev, (size_t) hdr->next,
-                      hdr->alloc, hdr->size );
-    mbedtls_fprintf( stderr, "      FPREV(%10zu), FNEXT(%10zu)\n",
-                      (size_t) hdr->prev_free, (size_t) hdr->next_free );
-
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    mbedtls_fprintf( stderr, "TRACE: \n" );
-    for( i = 0; i < hdr->trace_count; i++ )
-        mbedtls_fprintf( stderr, "%s\n", hdr->trace[i] );
-    mbedtls_fprintf( stderr, "\n" );
-#endif
-}
-
-static void debug_chain( void )
-{
-    memory_header *cur = heap.first;
-
-    mbedtls_fprintf( stderr, "\nBlock list\n" );
-    while( cur != NULL )
-    {
-        debug_header( cur );
-        cur = cur->next;
-    }
-
-    mbedtls_fprintf( stderr, "Free list\n" );
-    cur = heap.first_free;
-
-    while( cur != NULL )
-    {
-        debug_header( cur );
-        cur = cur->next_free;
-    }
-}
-#endif /* MBEDTLS_MEMORY_DEBUG */
-
-static int verify_header( memory_header *hdr )
-{
-    if( hdr->magic1 != MAGIC1 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: MAGIC1 mismatch\n" );
-#endif
-        return( 1 );
-    }
-
-    if( hdr->magic2 != MAGIC2 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: MAGIC2 mismatch\n" );
-#endif
-        return( 1 );
-    }
-
-    if( hdr->alloc > 1 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: alloc has illegal value\n" );
-#endif
-        return( 1 );
-    }
-
-    if( hdr->prev != NULL && hdr->prev == hdr->next )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: prev == next\n" );
-#endif
-        return( 1 );
-    }
-
-    if( hdr->prev_free != NULL && hdr->prev_free == hdr->next_free )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: prev_free == next_free\n" );
-#endif
-        return( 1 );
-    }
-
-    return( 0 );
-}
-
-static int verify_chain( void )
-{
-    memory_header *prv = heap.first, *cur;
-
-    if( prv == NULL || verify_header( prv ) != 0 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: verification of first header "
-                                  "failed\n" );
-#endif
-        return( 1 );
-    }
-
-    if( heap.first->prev != NULL )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: verification failed: "
-                                  "first->prev != NULL\n" );
-#endif
-        return( 1 );
-    }
-
-    cur = heap.first->next;
-
-    while( cur != NULL )
-    {
-        if( verify_header( cur ) != 0 )
-        {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-            mbedtls_fprintf( stderr, "FATAL: verification of header "
-                                      "failed\n" );
-#endif
-            return( 1 );
-        }
-
-        if( cur->prev != prv )
-        {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-            mbedtls_fprintf( stderr, "FATAL: verification failed: "
-                                      "cur->prev != prv\n" );
-#endif
-            return( 1 );
-        }
-
-        prv = cur;
-        cur = cur->next;
-    }
-
-    return( 0 );
-}
-
-static void *buffer_alloc_calloc( size_t n, size_t size )
-{
-    memory_header *new, *cur = heap.first_free;
-    unsigned char *p;
-    void *ret;
-    size_t original_len, len;
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    void *trace_buffer[MAX_BT];
-    size_t trace_cnt;
-#endif
-
-    if( heap.buf == NULL || heap.first == NULL )
-        return( NULL );
-
-    original_len = len = n * size;
-
-    if( n == 0 || size == 0 || len / n != size )
-        return( NULL );
-    else if( len > (size_t)-MBEDTLS_MEMORY_ALIGN_MULTIPLE )
-        return( NULL );
-
-    if( len % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
-    {
-        len -= len % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
-        len += MBEDTLS_MEMORY_ALIGN_MULTIPLE;
-    }
-
-    // Find block that fits
-    //
-    while( cur != NULL )
-    {
-        if( cur->size >= len )
-            break;
-
-        cur = cur->next_free;
-    }
-
-    if( cur == NULL )
-        return( NULL );
-
-    if( cur->alloc != 0 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: block in free_list but allocated "
-                                  "data\n" );
-#endif
-        mbedtls_exit( 1 );
-    }
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-    heap.alloc_count++;
-#endif
-
-    // Found location, split block if > memory_header + 4 room left
-    //
-    if( cur->size - len < sizeof(memory_header) +
-                          MBEDTLS_MEMORY_ALIGN_MULTIPLE )
-    {
-        cur->alloc = 1;
-
-        // Remove from free_list
-        //
-        if( cur->prev_free != NULL )
-            cur->prev_free->next_free = cur->next_free;
-        else
-            heap.first_free = cur->next_free;
-
-        if( cur->next_free != NULL )
-            cur->next_free->prev_free = cur->prev_free;
-
-        cur->prev_free = NULL;
-        cur->next_free = NULL;
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        heap.total_used += cur->size;
-        if( heap.total_used > heap.maximum_used )
-            heap.maximum_used = heap.total_used;
-#endif
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-        trace_cnt = backtrace( trace_buffer, MAX_BT );
-        cur->trace = backtrace_symbols( trace_buffer, trace_cnt );
-        cur->trace_count = trace_cnt;
-#endif
-
-        if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
-            mbedtls_exit( 1 );
-
-        ret = (unsigned char *) cur + sizeof( memory_header );
-        memset( ret, 0, original_len );
-
-        return( ret );
-    }
-
-    p = ( (unsigned char *) cur ) + sizeof(memory_header) + len;
-    new = (memory_header *) p;
-
-    new->size = cur->size - len - sizeof(memory_header);
-    new->alloc = 0;
-    new->prev = cur;
-    new->next = cur->next;
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    new->trace = NULL;
-    new->trace_count = 0;
-#endif
-    new->magic1 = MAGIC1;
-    new->magic2 = MAGIC2;
-
-    if( new->next != NULL )
-        new->next->prev = new;
-
-    // Replace cur with new in free_list
-    //
-    new->prev_free = cur->prev_free;
-    new->next_free = cur->next_free;
-    if( new->prev_free != NULL )
-        new->prev_free->next_free = new;
-    else
-        heap.first_free = new;
-
-    if( new->next_free != NULL )
-        new->next_free->prev_free = new;
-
-    cur->alloc = 1;
-    cur->size = len;
-    cur->next = new;
-    cur->prev_free = NULL;
-    cur->next_free = NULL;
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-    heap.header_count++;
-    if( heap.header_count > heap.maximum_header_count )
-        heap.maximum_header_count = heap.header_count;
-    heap.total_used += cur->size;
-    if( heap.total_used > heap.maximum_used )
-        heap.maximum_used = heap.total_used;
-#endif
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    trace_cnt = backtrace( trace_buffer, MAX_BT );
-    cur->trace = backtrace_symbols( trace_buffer, trace_cnt );
-    cur->trace_count = trace_cnt;
-#endif
-
-    if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_ALLOC ) && verify_chain() != 0 )
-        mbedtls_exit( 1 );
-
-    ret = (unsigned char *) cur + sizeof( memory_header );
-    memset( ret, 0, original_len );
-
-    return( ret );
-}
-
-static void buffer_alloc_free( void *ptr )
-{
-    memory_header *hdr, *old = NULL;
-    unsigned char *p = (unsigned char *) ptr;
-
-    if( ptr == NULL || heap.buf == NULL || heap.first == NULL )
-        return;
-
-    if( p < heap.buf || p >= heap.buf + heap.len )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: mbedtls_free() outside of managed "
-                                  "space\n" );
-#endif
-        mbedtls_exit( 1 );
-    }
-
-    p -= sizeof(memory_header);
-    hdr = (memory_header *) p;
-
-    if( verify_header( hdr ) != 0 )
-        mbedtls_exit( 1 );
-
-    if( hdr->alloc != 1 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        mbedtls_fprintf( stderr, "FATAL: mbedtls_free() on unallocated "
-                                  "data\n" );
-#endif
-        mbedtls_exit( 1 );
-    }
-
-    hdr->alloc = 0;
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-    heap.free_count++;
-    heap.total_used -= hdr->size;
-#endif
-
-#if defined(MBEDTLS_MEMORY_BACKTRACE)
-    free( hdr->trace );
-    hdr->trace = NULL;
-    hdr->trace_count = 0;
-#endif
-
-    // Regroup with block before
-    //
-    if( hdr->prev != NULL && hdr->prev->alloc == 0 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        heap.header_count--;
-#endif
-        hdr->prev->size += sizeof(memory_header) + hdr->size;
-        hdr->prev->next = hdr->next;
-        old = hdr;
-        hdr = hdr->prev;
-
-        if( hdr->next != NULL )
-            hdr->next->prev = hdr;
-
-        memset( old, 0, sizeof(memory_header) );
-    }
-
-    // Regroup with block after
-    //
-    if( hdr->next != NULL && hdr->next->alloc == 0 )
-    {
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        heap.header_count--;
-#endif
-        hdr->size += sizeof(memory_header) + hdr->next->size;
-        old = hdr->next;
-        hdr->next = hdr->next->next;
-
-        if( hdr->prev_free != NULL || hdr->next_free != NULL )
-        {
-            if( hdr->prev_free != NULL )
-                hdr->prev_free->next_free = hdr->next_free;
-            else
-                heap.first_free = hdr->next_free;
-
-            if( hdr->next_free != NULL )
-                hdr->next_free->prev_free = hdr->prev_free;
-        }
-
-        hdr->prev_free = old->prev_free;
-        hdr->next_free = old->next_free;
-
-        if( hdr->prev_free != NULL )
-            hdr->prev_free->next_free = hdr;
-        else
-            heap.first_free = hdr;
-
-        if( hdr->next_free != NULL )
-            hdr->next_free->prev_free = hdr;
-
-        if( hdr->next != NULL )
-            hdr->next->prev = hdr;
-
-        memset( old, 0, sizeof(memory_header) );
-    }
-
-    // Prepend to free_list if we have not merged
-    // (Does not have to stay in same order as prev / next list)
-    //
-    if( old == NULL )
-    {
-        hdr->next_free = heap.first_free;
-        if( heap.first_free != NULL )
-            heap.first_free->prev_free = hdr;
-        heap.first_free = hdr;
-    }
-
-    if( ( heap.verify & MBEDTLS_MEMORY_VERIFY_FREE ) && verify_chain() != 0 )
-        mbedtls_exit( 1 );
-}
-
-void mbedtls_memory_buffer_set_verify( int verify )
-{
-    heap.verify = verify;
-}
-
-int mbedtls_memory_buffer_alloc_verify( void )
-{
-    return verify_chain();
-}
-
-#if defined(MBEDTLS_MEMORY_DEBUG)
-void mbedtls_memory_buffer_alloc_status( void )
-{
-    mbedtls_fprintf( stderr,
-                      "Current use: %zu blocks / %zu bytes, max: %zu blocks / "
-                      "%zu bytes (total %zu bytes), alloc / free: %zu / %zu\n",
-                      heap.header_count, heap.total_used,
-                      heap.maximum_header_count, heap.maximum_used,
-                      heap.maximum_header_count * sizeof( memory_header )
-                      + heap.maximum_used,
-                      heap.alloc_count, heap.free_count );
-
-    if( heap.first->next == NULL )
-    {
-        mbedtls_fprintf( stderr, "All memory de-allocated in stack buffer\n" );
-    }
-    else
-    {
-        mbedtls_fprintf( stderr, "Memory currently allocated:\n" );
-        debug_chain();
-    }
-}
-
-void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks )
-{
-    *max_used   = heap.maximum_used;
-    *max_blocks = heap.maximum_header_count;
-}
-
-void mbedtls_memory_buffer_alloc_max_reset( void )
-{
-    heap.maximum_used = 0;
-    heap.maximum_header_count = 0;
-}
-
-void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks )
-{
-    *cur_used   = heap.total_used;
-    *cur_blocks = heap.header_count;
-}
-#endif /* MBEDTLS_MEMORY_DEBUG */
-
-#if defined(MBEDTLS_THREADING_C)
-static void *buffer_alloc_calloc_mutexed( size_t n, size_t size )
-{
-    void *buf;
-    if( mbedtls_mutex_lock( &heap.mutex ) != 0 )
-        return( NULL );
-    buf = buffer_alloc_calloc( n, size );
-    if( mbedtls_mutex_unlock( &heap.mutex ) )
-        return( NULL );
-    return( buf );
-}
-
-static void buffer_alloc_free_mutexed( void *ptr )
-{
-    /* We have no good option here, but corrupting the heap seems
-     * worse than losing memory. */
-    if( mbedtls_mutex_lock( &heap.mutex ) )
-        return;
-    buffer_alloc_free( ptr );
-    (void) mbedtls_mutex_unlock( &heap.mutex );
-}
-#endif /* MBEDTLS_THREADING_C */
-
-void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len )
-{
-    memset( &heap, 0, sizeof( buffer_alloc_ctx ) );
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &heap.mutex );
-    mbedtls_platform_set_calloc_free( buffer_alloc_calloc_mutexed,
-                              buffer_alloc_free_mutexed );
-#else
-    mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free );
-#endif
-
-    if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE )
-        return;
-    else if( (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE )
-    {
-        /* Adjust len first since buf is used in the computation */
-        len -= MBEDTLS_MEMORY_ALIGN_MULTIPLE
-             - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
-        buf += MBEDTLS_MEMORY_ALIGN_MULTIPLE
-             - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE;
-    }
-
-    memset( buf, 0, len );
-
-    heap.buf = buf;
-    heap.len = len;
-
-    heap.first = (memory_header *)buf;
-    heap.first->size = len - sizeof( memory_header );
-    heap.first->magic1 = MAGIC1;
-    heap.first->magic2 = MAGIC2;
-    heap.first_free = heap.first;
-}
-
-void mbedtls_memory_buffer_alloc_free( void )
-{
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &heap.mutex );
-#endif
-    mbedtls_platform_zeroize( &heap, sizeof(buffer_alloc_ctx) );
-}
-
-#if defined(MBEDTLS_SELF_TEST)
-static int check_pointer( void *p )
-{
-    if( p == NULL )
-        return( -1 );
-
-    if( (size_t) p % MBEDTLS_MEMORY_ALIGN_MULTIPLE != 0 )
-        return( -1 );
-
-    return( 0 );
-}
-
-static int check_all_free( void )
-{
-    if(
-#if defined(MBEDTLS_MEMORY_DEBUG)
-        heap.total_used != 0 ||
-#endif
-        heap.first != heap.first_free ||
-        (void *) heap.first != (void *) heap.buf )
-    {
-        return( -1 );
-    }
-
-    return( 0 );
-}
-
-#define TEST_ASSERT( condition )            \
-    if( ! (condition) )                     \
-    {                                       \
-        if( verbose != 0 )                  \
-            mbedtls_printf( "failed\n" );  \
-                                            \
-        ret = 1;                            \
-        goto cleanup;                       \
-    }
-
-int mbedtls_memory_buffer_alloc_self_test( int verbose )
-{
-    unsigned char buf[1024];
-    unsigned char *p, *q, *r, *end;
-    int ret = 0;
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MBA test #1 (basic alloc-free cycle): " );
-
-    mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
-
-    p = mbedtls_calloc( 1, 1 );
-    q = mbedtls_calloc( 1, 128 );
-    r = mbedtls_calloc( 1, 16 );
-
-    TEST_ASSERT( check_pointer( p ) == 0 &&
-                 check_pointer( q ) == 0 &&
-                 check_pointer( r ) == 0 );
-
-    mbedtls_free( r );
-    mbedtls_free( q );
-    mbedtls_free( p );
-
-    TEST_ASSERT( check_all_free( ) == 0 );
-
-    /* Memorize end to compare with the next test */
-    end = heap.buf + heap.len;
-
-    mbedtls_memory_buffer_alloc_free( );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MBA test #2 (buf not aligned): " );
-
-    mbedtls_memory_buffer_alloc_init( buf + 1, sizeof( buf ) - 1 );
-
-    TEST_ASSERT( heap.buf + heap.len == end );
-
-    p = mbedtls_calloc( 1, 1 );
-    q = mbedtls_calloc( 1, 128 );
-    r = mbedtls_calloc( 1, 16 );
-
-    TEST_ASSERT( check_pointer( p ) == 0 &&
-                 check_pointer( q ) == 0 &&
-                 check_pointer( r ) == 0 );
-
-    mbedtls_free( r );
-    mbedtls_free( q );
-    mbedtls_free( p );
-
-    TEST_ASSERT( check_all_free( ) == 0 );
-
-    mbedtls_memory_buffer_alloc_free( );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  MBA test #3 (full): " );
-
-    mbedtls_memory_buffer_alloc_init( buf, sizeof( buf ) );
-
-    p = mbedtls_calloc( 1, sizeof( buf ) - sizeof( memory_header ) );
-
-    TEST_ASSERT( check_pointer( p ) == 0 );
-    TEST_ASSERT( mbedtls_calloc( 1, 1 ) == NULL );
-
-    mbedtls_free( p );
-
-    p = mbedtls_calloc( 1, sizeof( buf ) - 2 * sizeof( memory_header ) - 16 );
-    q = mbedtls_calloc( 1, 16 );
-
-    TEST_ASSERT( check_pointer( p ) == 0 && check_pointer( q ) == 0 );
-    TEST_ASSERT( mbedtls_calloc( 1, 1 ) == NULL );
-
-    mbedtls_free( q );
-
-    TEST_ASSERT( mbedtls_calloc( 1, 17 ) == NULL );
-
-    mbedtls_free( p );
-
-    TEST_ASSERT( check_all_free( ) == 0 );
-
-    mbedtls_memory_buffer_alloc_free( );
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-cleanup:
-    mbedtls_memory_buffer_alloc_free( );
-
-    return( ret );
-}
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
diff --git a/Sources/mbedtls/library/mps_common.h b/Sources/mbedtls/library/mps_common.h
deleted file mode 100644
index 668876c..0000000
--- a/Sources/mbedtls/library/mps_common.h
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/**
- * \file mps_common.h
- *
- * \brief Common functions and macros used by MPS
- */
-
-#ifndef MBEDTLS_MPS_COMMON_H
-#define MBEDTLS_MPS_COMMON_H
-
-#include "mps_error.h"
-
-#include <stdio.h>
-
-/**
- * \name SECTION:       MPS Configuration
- *
- * \{
- */
-
-/*! This flag controls whether the MPS-internal components
- *  (reader, writer, Layer 1-3) perform validation of the
- *  expected abstract state at the entry of API calls.
- *
- *  Context: All MPS API functions impose assumptions/preconditions on the
- *  context on which they operate. For example, every structure has a notion of
- *  state integrity which is established by `xxx_init()` and preserved by any
- *  calls to the MPS API which satisfy their preconditions and either succeed,
- *  or fail with an error code which is explicitly documented to not corrupt
- *  structure integrity (such as WANT_READ and WANT_WRITE);
- *  apart from `xxx_init()` any function assumes state integrity as a
- *  precondition (but usually more). If any of the preconditions is violated,
- *  the function's behavior is entirely undefined.
- *  In addition to state integrity, all MPS structures have a more refined
- *  notion of abstract state that the API operates on. For example, all layers
- *  have a notion of 'abstract read state' which indicates if incoming data has
- *  been passed to the user, e.g. through mps_l2_read_start() for Layer 2
- *  or mps_l3_read() in Layer 3. After such a call, it doesn't make sense to
- *  call these reading functions again until the incoming data has been
- *  explicitly 'consumed', e.g. through mps_l2_read_consume() for Layer 2 or
- *  mps_l3_read_consume() on Layer 3. However, even if it doesn't make sense,
- *  it's a design choice whether the API should fail gracefully on such
- *  non-sensical calls or not, and that's what this option is about:
- *
- *  This option determines whether the expected abstract state
- *  is part of the API preconditions or not: If the option is set,
- *  then the abstract state is not part of the precondition and is
- *  thus required to be validated by the implementation. If an unexpected
- *  abstract state is encountered, the implementation must fail gracefully
- *  with error #MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED.
- *  Conversely, if this option is not set, then the expected abstract state
- *  is included in the preconditions of the respective API calls, and
- *  an implementation's behaviour is undefined if the abstract state is
- *  not as expected.
- *
- *  For example: Enabling this makes mps_l2_read_done() fail if
- *  no incoming record is currently open; disabling this would
- *  lead to undefined behavior in this case.
- *
- *  Comment this to remove state validation.
- */
-#define MBEDTLS_MPS_STATE_VALIDATION
-
-/*! This flag enables/disables assertions on the internal state of MPS.
- *
- *  Assertions are sanity checks that should never trigger when MPS
- *  is used within the bounds of its API and preconditions.
- *
- *  Enabling this increases security by limiting the scope of
- *  potential bugs, but comes at the cost of increased code size.
- *
- *  Note: So far, there is no guiding principle as to what
- *  expected conditions merit an assertion, and which don't.
- *
- *  Comment this to disable assertions.
- */
-#define MBEDTLS_MPS_ENABLE_ASSERTIONS
-
-/*! This flag controls whether tracing for MPS should be enabled. */
-//#define MBEDTLS_MPS_ENABLE_TRACE
-
-#if defined(MBEDTLS_MPS_STATE_VALIDATION)
-
-#define MBEDTLS_MPS_STATE_VALIDATE_RAW( cond, string )                         \
-    do                                                                         \
-    {                                                                          \
-        if( !(cond) )                                                          \
-        {                                                                      \
-            MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR, string );         \
-            MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED );  \
-        }                                                                      \
-    } while( 0 )
-
-#else /* MBEDTLS_MPS_STATE_VALIDATION */
-
-#define MBEDTLS_MPS_STATE_VALIDATE_RAW( cond, string )           \
-    do                                                           \
-    {                                                            \
-        ( cond );                                                \
-    } while( 0 )
-
-#endif /* MBEDTLS_MPS_STATE_VALIDATION */
-
-#if defined(MBEDTLS_MPS_ENABLE_ASSERTIONS)
-
-#define MBEDTLS_MPS_ASSERT_RAW( cond, string )                          \
-    do                                                                  \
-    {                                                                   \
-        if( !(cond) )                                                   \
-        {                                                               \
-            MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR, string );  \
-            MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_INTERNAL_ERROR ); \
-        }                                                               \
-    } while( 0 )
-
-#else /* MBEDTLS_MPS_ENABLE_ASSERTIONS */
-
-#define MBEDTLS_MPS_ASSERT_RAW( cond, string ) do {} while( 0 )
-
-#endif /* MBEDTLS_MPS_ENABLE_ASSERTIONS */
-
-
-/* \} name SECTION: MPS Configuration */
-
-/**
- * \name SECTION:       Common types
- *
- * Various common types used throughout MPS.
- * \{
- */
-
-/** \brief   The type of buffer sizes and offsets used in MPS structures.
- *
- *           This is an unsigned integer type that should be large enough to
- *           hold the length of any buffer or message processed by MPS.
- *
- *           The reason to pick a value as small as possible here is
- *           to reduce the size of MPS structures.
- *
- * \warning  Care has to be taken when using a narrower type
- *           than ::mbedtls_mps_size_t here because of
- *           potential truncation during conversion.
- *
- * \warning  Handshake messages in TLS may be up to 2^24 ~ 16Mb in size.
- *           If mbedtls_mps_[opt_]stored_size_t is smaller than that, the
- *           maximum handshake message is restricted accordingly.
- *
- * For now, we use the default type of size_t throughout, and the use of
- * smaller types or different types for ::mbedtls_mps_size_t and
- * ::mbedtls_mps_stored_size_t is not yet supported.
- *
- */
-typedef size_t mbedtls_mps_stored_size_t;
-#define MBEDTLS_MPS_STORED_SIZE_MAX  ( (mbedtls_mps_stored_size_t) -1 )
-
-/** \brief The type of buffer sizes and offsets used in the MPS API
- *         and implementation.
- *
- *         This must be at least as wide as ::mbedtls_stored_size_t but
- *         may be chosen to be strictly larger if more suitable for the
- *         target architecture.
- *
- *         For example, in a test build for ARM Thumb, using uint_fast16_t
- *         instead of uint16_t reduced the code size from 1060 Byte to 962 Byte,
- *         so almost 10%.
- */
-typedef size_t mbedtls_mps_size_t;
-#define MBEDTLS_MPS_SIZE_MAX  ( (mbedtls_mps_size_t) -1 )
-
-#if MBEDTLS_MPS_STORED_SIZE_MAX > MBEDTLS_MPS_SIZE_MAX
-#error "Misconfiguration of mbedtls_mps_size_t and mbedtls_mps_stored_size_t."
-#endif
-
-/* \} SECTION: Common types */
-
-
-#endif /* MBEDTLS_MPS_COMMON_H */
diff --git a/Sources/mbedtls/library/mps_error.h b/Sources/mbedtls/library/mps_error.h
deleted file mode 100644
index f78d9a0..0000000
--- a/Sources/mbedtls/library/mps_error.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/**
- * \file mps_error.h
- *
- * \brief Error codes used by MPS
- */
-
-#ifndef MBEDTLS_MPS_ERROR_H
-#define MBEDTLS_MPS_ERROR_H
-
-
-/* TODO: The error code allocation needs to be revisited:
- *
- * - Should we make (some of) the MPS Reader error codes public?
- *   If so, we need to adjust MBEDTLS_MPS_READER_MAKE_ERROR() to hit
- *   a gap in the Mbed TLS public error space.
- *   If not, we have to make sure we don't forward those errors
- *   at the level of the public API -- no risk at the moment as
- *   long as MPS is an experimental component not accessible from
- *   public API.
- */
-
-/**
- * \name SECTION:       MPS general error codes
- *
- * \{
- */
-
-#ifndef MBEDTLS_MPS_ERR_BASE
-#define MBEDTLS_MPS_ERR_BASE ( 0 )
-#endif
-
-#define MBEDTLS_MPS_MAKE_ERROR(code) \
-    ( -( MBEDTLS_MPS_ERR_BASE | (code) ) )
-
-#define MBEDTLS_ERR_MPS_OPERATION_UNEXPECTED  MBEDTLS_MPS_MAKE_ERROR( 0x1 )
-#define MBEDTLS_ERR_MPS_INTERNAL_ERROR        MBEDTLS_MPS_MAKE_ERROR( 0x2 )
-
-/* \} name SECTION: MPS general error codes */
-
-/**
- * \name SECTION:       MPS Reader error codes
- *
- * \{
- */
-
-#ifndef MBEDTLS_MPS_READER_ERR_BASE
-#define MBEDTLS_MPS_READER_ERR_BASE ( 1 << 8 )
-#endif
-
-#define MBEDTLS_MPS_READER_MAKE_ERROR(code) \
-    ( -( MBEDTLS_MPS_READER_ERR_BASE | (code) ) )
-
-/*! An attempt to reclaim the data buffer from a reader failed because
- *  the user hasn't yet read and committed all of it. */
-#define MBEDTLS_ERR_MPS_READER_DATA_LEFT             MBEDTLS_MPS_READER_MAKE_ERROR( 0x1 )
-
-/*! An invalid argument was passed to the reader. */
-#define MBEDTLS_ERR_MPS_READER_INVALID_ARG           MBEDTLS_MPS_READER_MAKE_ERROR( 0x2 )
-
-/*! An attempt to move a reader to consuming mode through mbedtls_mps_reader_feed()
- *  after pausing failed because the provided data is not sufficient to serve the
- *  read requests that led to the pausing. */
-#define MBEDTLS_ERR_MPS_READER_NEED_MORE             MBEDTLS_MPS_READER_MAKE_ERROR( 0x3 )
-
-/*! A get request failed because not enough data is available in the reader. */
-#define MBEDTLS_ERR_MPS_READER_OUT_OF_DATA           MBEDTLS_MPS_READER_MAKE_ERROR( 0x4 )
-
-/*!< A get request after pausing and reactivating the reader failed because
- *   the request is not in line with the request made prior to pausing. The user
- *   must not change it's 'strategy' after pausing and reactivating a reader. */
-#define MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS MBEDTLS_MPS_READER_MAKE_ERROR( 0x5 )
-
-/*! An attempt to reclaim the data buffer from a reader failed because the reader
- *  has no accumulator it can use to backup the data that hasn't been processed. */
-#define MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR      MBEDTLS_MPS_READER_MAKE_ERROR( 0x6 )
-
-/*! An attempt to reclaim the data buffer from a reader failed because the
- *  accumulator passed to the reader is not large enough to hold both the
- *  data that hasn't been processed and the excess of the last read-request. */
-#define MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL MBEDTLS_MPS_READER_MAKE_ERROR( 0x7 )
-
-/* \} name SECTION: MPS Reader error codes */
-
-#endif /* MBEDTLS_MPS_ERROR_H */
diff --git a/Sources/mbedtls/library/mps_reader.c b/Sources/mbedtls/library/mps_reader.c
deleted file mode 100644
index 0c30a75..0000000
--- a/Sources/mbedtls/library/mps_reader.c
+++ /dev/null
@@ -1,559 +0,0 @@
-/*
- *  Message Processing Stack, Reader implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-
-#include "mps_reader.h"
-#include "mps_common.h"
-#include "mps_trace.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_MPS_ENABLE_TRACE)
-static int mbedtls_mps_trace_id = MBEDTLS_MPS_TRACE_BIT_READER;
-#endif /* MBEDTLS_MPS_ENABLE_TRACE */
-
-/*
- * GENERAL NOTE ON CODING STYLE
- *
- * The following code intentionally separates memory loads
- * and stores from other operations (arithmetic or branches).
- * This leads to the introduction of many local variables
- * and significantly increases the C-code line count, but
- * should not increase the size of generated assembly.
- *
- * The reason for this is twofold:
- * (1) It will ease verification efforts using the VST
- *     (Verified Software Toolchain)
- *     whose program logic cannot directly reason
- *     about instructions containing a load or store in
- *     addition to other operations (e.g. *p = *q or
- *     tmp = *p + 42).
- * (2) Operating on local variables and writing the results
- *     back to the target contexts on success only
- *     allows to maintain structure invariants even
- *     on failure - this in turn has two benefits:
- *     (2.a) If for some reason an error code is not caught
- *           and operation continues, functions are nonetheless
- *           called with sane contexts, reducing the risk
- *           of dangerous behavior.
- *     (2.b) Randomized testing is easier if structures
- *           remain intact even in the face of failing
- *           and/or non-sensical calls.
- *     Moreover, it might even reduce code-size because
- *     the compiler need not write back temporary results
- *     to memory in case of failure.
- *
- */
-
-static inline int mps_reader_is_accumulating(
-    mbedtls_mps_reader const *rd )
-{
-    mbedtls_mps_size_t acc_remaining;
-    if( rd->acc == NULL )
-        return( 0 );
-
-    acc_remaining = rd->acc_share.acc_remaining;
-    return( acc_remaining > 0 );
-}
-
-static inline int mps_reader_is_producing(
-    mbedtls_mps_reader const *rd )
-{
-    unsigned char *frag = rd->frag;
-    return( frag == NULL );
-}
-
-static inline int mps_reader_is_consuming(
-    mbedtls_mps_reader const *rd )
-{
-    return( !mps_reader_is_producing( rd ) );
-}
-
-static inline mbedtls_mps_size_t mps_reader_get_fragment_offset(
-    mbedtls_mps_reader const *rd )
-{
-    unsigned char *acc = rd->acc;
-    mbedtls_mps_size_t frag_offset;
-
-    if( acc == NULL )
-        return( 0 );
-
-    frag_offset = rd->acc_share.frag_offset;
-    return( frag_offset );
-}
-
-static inline mbedtls_mps_size_t mps_reader_serving_from_accumulator(
-    mbedtls_mps_reader const *rd )
-{
-    mbedtls_mps_size_t frag_offset, end;
-
-    frag_offset = mps_reader_get_fragment_offset( rd );
-    end = rd->end;
-
-    return( end < frag_offset );
-}
-
-static inline void mps_reader_zero( mbedtls_mps_reader *rd )
-{
-    /* A plain memset() would likely be more efficient,
-     * but the current way of zeroing makes it harder
-     * to overlook fields which should not be zero-initialized.
-     * It's also more suitable for FV efforts since it
-     * doesn't require reasoning about structs being
-     * interpreted as unstructured binary blobs. */
-    static mbedtls_mps_reader const zero =
-        { .frag          = NULL,
-          .frag_len      = 0,
-          .commit        = 0,
-          .end           = 0,
-          .pending       = 0,
-          .acc           = NULL,
-          .acc_len       = 0,
-          .acc_available = 0,
-          .acc_share     = { .acc_remaining = 0 }
-        };
-    *rd = zero;
-}
-
-int mbedtls_mps_reader_init( mbedtls_mps_reader *rd,
-                             unsigned char *acc,
-                             mbedtls_mps_size_t acc_len )
-{
-    MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_init" );
-    MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                       "* Accumulator size: %u bytes", (unsigned) acc_len );
-    mps_reader_zero( rd );
-    rd->acc = acc;
-    rd->acc_len = acc_len;
-    MBEDTLS_MPS_TRACE_RETURN( 0 );
-}
-
-int mbedtls_mps_reader_free( mbedtls_mps_reader *rd )
-{
-    MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_free" );
-    mps_reader_zero( rd );
-    MBEDTLS_MPS_TRACE_RETURN( 0 );
-}
-
-int mbedtls_mps_reader_feed( mbedtls_mps_reader *rd,
-                             unsigned char *new_frag,
-                             mbedtls_mps_size_t new_frag_len )
-{
-    mbedtls_mps_size_t copy_to_acc;
-    MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_feed" );
-    MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                       "* Fragment length: %u bytes", (unsigned) new_frag_len );
-
-    if( new_frag == NULL )
-        MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_INVALID_ARG );
-
-    MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_producing( rd ),
-        "mbedtls_mps_reader_feed() requires reader to be in producing mode" );
-
-    if( mps_reader_is_accumulating( rd ) )
-    {
-        unsigned char *acc    = rd->acc;
-        mbedtls_mps_size_t acc_remaining = rd->acc_share.acc_remaining;
-        mbedtls_mps_size_t acc_available = rd->acc_available;
-
-        /* Skip over parts of the accumulator that have already been filled. */
-        acc += acc_available;
-
-        copy_to_acc = acc_remaining;
-        if( copy_to_acc > new_frag_len )
-            copy_to_acc = new_frag_len;
-
-        /* Copy new contents to accumulator. */
-        memcpy( acc, new_frag, copy_to_acc );
-
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                "Copy new data of size %u of %u into accumulator at offset %u",
-                (unsigned) copy_to_acc, (unsigned) new_frag_len, (unsigned) acc_available );
-
-        /* Check if, with the new fragment, we have enough data. */
-        acc_remaining -= copy_to_acc;
-        if( acc_remaining > 0 )
-        {
-            /* We need to accumulate more data. Stay in producing mode. */
-            acc_available += copy_to_acc;
-            rd->acc_share.acc_remaining = acc_remaining;
-            rd->acc_available = acc_available;
-            MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_NEED_MORE );
-        }
-
-        /* We have filled the accumulator: Move to consuming mode. */
-
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                           "Enough data available to serve user request" );
-
-        /* Remember overlap of accumulator and fragment. */
-        rd->acc_share.frag_offset = acc_available;
-        acc_available += copy_to_acc;
-        rd->acc_available = acc_available;
-    }
-    else /* Not accumulating */
-    {
-        rd->acc_share.frag_offset = 0;
-    }
-
-    rd->frag = new_frag;
-    rd->frag_len = new_frag_len;
-    rd->commit = 0;
-    rd->end = 0;
-    MBEDTLS_MPS_TRACE_RETURN( 0 );
-}
-
-
-int mbedtls_mps_reader_get( mbedtls_mps_reader *rd,
-                            mbedtls_mps_size_t desired,
-                            unsigned char **buffer,
-                            mbedtls_mps_size_t *buflen )
-{
-    unsigned char *frag;
-    mbedtls_mps_size_t frag_len, frag_offset, end, frag_fetched, frag_remaining;
-    MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_get" );
-    MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                       "* Bytes requested: %u", (unsigned) desired );
-
-    MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_consuming( rd ),
-          "mbedtls_mps_reader_get() requires reader to be in consuming mode" );
-
-    end = rd->end;
-    frag_offset = mps_reader_get_fragment_offset( rd );
-
-    /* Check if we're still serving from the accumulator. */
-    if( mps_reader_serving_from_accumulator( rd ) )
-    {
-        /* Illustration of supported and unsupported cases:
-         *
-         * - Allowed #1
-         *
-         *                          +-----------------------------------+
-         *                          |               frag                |
-         *                          +-----------------------------------+
-         *
-         *             end end+desired
-         *              |       |
-         *        +-----v-------v-------------+
-         *        |          acc              |
-         *        +---------------------------+
-         *                          |         |
-         *                     frag_offset  acc_available
-         *
-         * - Allowed #2
-         *
-         *                          +-----------------------------------+
-         *                          |               frag                |
-         *                          +-----------------------------------+
-         *
-         *                  end          end+desired
-         *                   |                |
-         *        +----------v----------------v
-         *        |          acc              |
-         *        +---------------------------+
-         *                          |         |
-         *                   frag_offset acc_available
-         *
-         * - Not allowed #1 (could be served, but we don't actually use it):
-         *
-         *                      +-----------------------------------+
-         *                      |               frag                |
-         *                      +-----------------------------------+
-         *
-         *              end        end+desired
-         *               |             |
-         *        +------v-------------v------+
-         *        |          acc              |
-         *        +---------------------------+
-         *                      |             |
-         *                frag_offset   acc_available
-         *
-         *
-         * - Not allowed #2 (can't be served with a contiguous buffer):
-         *
-         *                      +-----------------------------------+
-         *                      |               frag                |
-         *                      +-----------------------------------+
-         *
-         *              end                 end + desired
-         *               |                        |
-         *        +------v--------------------+   v
-         *        |            acc            |
-         *        +---------------------------+
-         *                      |             |
-         *                frag_offset   acc_available
-         *
-         * In case of Allowed #2 we're switching to serve from
-         * `frag` starting from the next call to mbedtls_mps_reader_get().
-         */
-
-        unsigned char *acc;
-
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                           "Serve the request from the accumulator" );
-        if( frag_offset - end < desired )
-        {
-            mbedtls_mps_size_t acc_available;
-            acc_available = rd->acc_available;
-            if( acc_available - end != desired )
-            {
-                /* It might be possible to serve some of these situations by
-                 * making additional space in the accumulator, removing those
-                 * parts that have already been committed.
-                 * On the other hand, this brings additional complexity and
-                 * enlarges the code size, while there doesn't seem to be a use
-                 * case where we don't attempt exactly the same `get` calls when
-                 * resuming on a reader than what we tried before pausing it.
-                 * If we believe we adhere to this restricted usage throughout
-                 * the library, this check is a good opportunity to
-                 * validate this. */
-                MBEDTLS_MPS_TRACE_RETURN(
-                    MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS );
-            }
-        }
-
-        acc = rd->acc;
-        acc += end;
-
-        *buffer = acc;
-        if( buflen != NULL )
-            *buflen = desired;
-
-        end += desired;
-        rd->end = end;
-        rd->pending = 0;
-
-        MBEDTLS_MPS_TRACE_RETURN( 0 );
-    }
-
-    /* Attempt to serve the request from the current fragment */
-    MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                       "Serve the request from the current fragment." );
-
-    frag_len = rd->frag_len;
-    frag_fetched = end - frag_offset; /* The amount of data from the current
-                                       * fragment that has already been passed
-                                       * to the user. */
-    frag_remaining = frag_len - frag_fetched; /* Remaining data in fragment */
-
-    /* Check if we can serve the read request from the fragment. */
-    if( frag_remaining < desired )
-    {
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                           "There's not enough data in the current fragment "
-                           "to serve the request." );
-        /* There's not enough data in the current fragment,
-         * so either just RETURN what we have or fail. */
-        if( buflen == NULL )
-        {
-            if( frag_remaining > 0 )
-            {
-                rd->pending = desired - frag_remaining;
-                MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                       "Remember to collect %u bytes before re-opening",
-                       (unsigned) rd->pending );
-            }
-            MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_OUT_OF_DATA );
-        }
-
-        desired = frag_remaining;
-    }
-
-    /* There's enough data in the current fragment to serve the
-     * (potentially modified) read request. */
-
-    frag = rd->frag;
-    frag += frag_fetched;
-
-    *buffer = frag;
-    if( buflen != NULL )
-        *buflen = desired;
-
-    end += desired;
-    rd->end = end;
-    rd->pending = 0;
-    MBEDTLS_MPS_TRACE_RETURN( 0 );
-}
-
-int mbedtls_mps_reader_commit( mbedtls_mps_reader *rd )
-{
-    mbedtls_mps_size_t end;
-    MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_commit" );
-    MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_consuming( rd ),
-       "mbedtls_mps_reader_commit() requires reader to be in consuming mode" );
-
-    end = rd->end;
-    rd->commit = end;
-
-    MBEDTLS_MPS_TRACE_RETURN( 0 );
-}
-
-int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *rd,
-                                int *paused )
-{
-    unsigned char *frag, *acc;
-    mbedtls_mps_size_t pending, commit;
-    mbedtls_mps_size_t acc_len, frag_offset, frag_len;
-    MBEDTLS_MPS_TRACE_INIT( "mbedtls_mps_reader_reclaim" );
-
-    if( paused != NULL )
-        *paused = 0;
-
-    MBEDTLS_MPS_STATE_VALIDATE_RAW( mps_reader_is_consuming( rd ),
-       "mbedtls_mps_reader_reclaim() requires reader to be in consuming mode" );
-
-    frag     = rd->frag;
-    acc      = rd->acc;
-    pending  = rd->pending;
-    commit   = rd->commit;
-    frag_len = rd->frag_len;
-
-    frag_offset = mps_reader_get_fragment_offset( rd );
-
-    if( pending == 0 )
-    {
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                           "No unsatisfied read-request has been logged." );
-
-        /* Check if there's data left to be consumed. */
-        if( commit < frag_offset || commit - frag_offset < frag_len )
-        {
-            MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                               "There is data left to be consumed." );
-            rd->end = commit;
-            MBEDTLS_MPS_TRACE_RETURN( MBEDTLS_ERR_MPS_READER_DATA_LEFT );
-        }
-
-        rd->acc_available = 0;
-        rd->acc_share.acc_remaining = 0;
-
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                           "Fragment has been fully processed and committed." );
-    }
-    else
-    {
-        int overflow;
-
-        mbedtls_mps_size_t acc_backup_offset;
-        mbedtls_mps_size_t acc_backup_len;
-        mbedtls_mps_size_t frag_backup_offset;
-        mbedtls_mps_size_t frag_backup_len;
-
-        mbedtls_mps_size_t backup_len;
-        mbedtls_mps_size_t acc_len_needed;
-
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-               "There has been an unsatisfied read with %u bytes overhead.",
-               (unsigned) pending );
-
-        if( acc == NULL )
-        {
-            MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                               "No accumulator present" );
-            MBEDTLS_MPS_TRACE_RETURN(
-                MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR );
-        }
-        acc_len = rd->acc_len;
-
-        /* Check if the upper layer has already fetched
-         * and committed the contents of the accumulator. */
-        if( commit < frag_offset )
-        {
-            /* No, accumulator is still being processed. */
-            frag_backup_offset = 0;
-            frag_backup_len = frag_len;
-            acc_backup_offset = commit;
-            acc_backup_len = frag_offset - commit;
-        }
-        else
-        {
-            /* Yes, the accumulator is already processed. */
-            frag_backup_offset = commit - frag_offset;
-            frag_backup_len = frag_len - frag_backup_offset;
-            acc_backup_offset = 0;
-            acc_backup_len = 0;
-        }
-
-        backup_len = acc_backup_len + frag_backup_len;
-        acc_len_needed = backup_len + pending;
-
-        overflow  = 0;
-        overflow |= ( backup_len     < acc_backup_len );
-        overflow |= ( acc_len_needed < backup_len );
-
-        if( overflow || acc_len < acc_len_needed )
-        {
-            /* Except for the different return code, we behave as if
-             * there hadn't been a call to mbedtls_mps_reader_get()
-             * since the last commit. */
-            rd->end = commit;
-            rd->pending = 0;
-            MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR,
-                               "The accumulator is too small to handle the backup." );
-            MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR,
-                               "* Size: %u", (unsigned) acc_len );
-            MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_ERROR,
-                               "* Needed: %u (%u + %u)",
-                               (unsigned) acc_len_needed,
-                               (unsigned) backup_len, (unsigned) pending );
-            MBEDTLS_MPS_TRACE_RETURN(
-                MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL );
-        }
-
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                         "Fragment backup: %u", (unsigned) frag_backup_len );
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                         "Accumulator backup: %u", (unsigned) acc_backup_len );
-
-        /* Move uncommitted parts from the accumulator to the front
-         * of the accumulator. */
-        memmove( acc, acc + acc_backup_offset, acc_backup_len );
-
-        /* Copy uncommitted parts of the current fragment to the
-         * accumulator. */
-        memcpy( acc + acc_backup_len,
-                frag + frag_backup_offset, frag_backup_len );
-
-        rd->acc_available = backup_len;
-        rd->acc_share.acc_remaining = pending;
-
-        if( paused != NULL )
-            *paused = 1;
-    }
-
-    rd->frag     = NULL;
-    rd->frag_len = 0;
-
-    rd->commit  = 0;
-    rd->end     = 0;
-    rd->pending = 0;
-
-    MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-                       "Final state: aa %u, al %u, ar %u",
-                       (unsigned) rd->acc_available, (unsigned) rd->acc_len,
-                       (unsigned) rd->acc_share.acc_remaining );
-    MBEDTLS_MPS_TRACE_RETURN( 0 );
-}
-
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/Sources/mbedtls/library/mps_reader.h b/Sources/mbedtls/library/mps_reader.h
deleted file mode 100644
index 427c1bd..0000000
--- a/Sources/mbedtls/library/mps_reader.h
+++ /dev/null
@@ -1,382 +0,0 @@
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/**
- * \file mps_reader.h
- *
- * \brief This file defines reader objects, which together with their
- *        sibling writer objects form the basis for the communication
- *        between the various layers of the Mbed TLS messaging stack,
- *        as well as the communication between the messaging stack and
- *        the (D)TLS handshake protocol implementation.
- *
- * Readers provide a means of transferring incoming data from
- * a 'producer' providing it in chunks of arbitrary size, to
- * a 'consumer' which fetches and processes it in chunks of
- * again arbitrary, and potentially different, size.
- *
- * Readers can thus be seen as datagram-to-stream converters,
- * and they abstract away the following two tasks from the user:
- * 1. The pointer arithmetic of stepping through a producer-
- *    provided chunk in smaller chunks.
- * 2. The merging of incoming data chunks in case the
- *    consumer requests data in larger chunks than what the
- *    producer provides.
- *
- * The basic abstract flow of operation is the following:
- * - Initially, the reader is in 'producing mode'.
- * - The producer hands an incoming data buffer to the reader,
- *   moving it from 'producing' to 'consuming' mode.
- * - The consumer subsequently fetches and processes the buffer
- *   content. Once that's done -- or partially done and a consumer's
- *   request can't be fulfilled -- the producer revokes the reader's
- *   access to the incoming data buffer, putting the reader back to
- *   producing mode.
- * - The producer subsequently gathers more incoming data and hands
- *   it to the reader until it switches back to consuming mode
- *   if enough data is available for the last consumer request to
- *   be satisfiable.
- * - Repeat the above.
- *
- * The abstract states of the reader from the producer's and
- * consumer's perspective are as follows:
- *
- * - From the perspective of the consumer, the state of the
- *   reader consists of the following:
- *   - A byte stream representing (concatenation of) the data
- *     received through calls to mbedtls_mps_reader_get(),
- *   - A marker within that byte stream indicating which data
- *     can be considered processed, and hence need not be retained,
- *     when the reader is passed back to the producer via
- *     mbedtls_mps_reader_reclaim().
- *     The marker is set via mbedtls_mps_reader_commit()
- *     which places it at the end of the current byte stream.
- *   The consumer need not be aware of the distinction between consumer
- *   and producer mode, because it only interfaces with the reader
- *   when the latter is in consuming mode.
- *
- * - From the perspective of the producer, the reader's state is one of:
- *   - Attached: The reader is in consuming mode.
- *   - Unset: No incoming data buffer is currently managed by the reader,
- *            and all previously handed incoming data buffers have been
- *            fully processed. More data needs to be fed into the reader
- *            via mbedtls_mps_reader_feed().
- *
- *   - Accumulating: No incoming data buffer is currently managed by the
- *                   reader, but some data from the previous incoming data
- *                   buffer hasn't been processed yet and is internally
- *                   held back.
- *   The Attached state belongs to consuming mode, while the Unset and
- *   Accumulating states belong to producing mode.
- *
- * Transitioning from the Unset or Accumulating state to Attached is
- * done via successful calls to mbedtls_mps_reader_feed(), while
- * transitioning from Attached to either Unset or Accumulating (depending
- * on what has been processed) is done via mbedtls_mps_reader_reclaim().
- *
- * The following diagram depicts the producer-state progression:
- *
- *        +------------------+             reclaim
- *        |      Unset       +<-------------------------------------+       get
- *        +--------|---------+                                      |   +------+
- *                 |                                                |   |      |
- *                 |                                                |   |      |
- *                 |                feed                  +---------+---+--+   |
- *                 +-------------------------------------->                <---+
- *                                                        |    Attached    |
- *                 +-------------------------------------->                <---+
- *                 |     feed, enough data available      +---------+---+--+   |
- *                 |     to serve previous consumer request         |   |      |
- *                 |                                                |   |      |
- *        +--------+---------+                                      |   +------+
- *   +---->   Accumulating   |<-------------------------------------+    commit
- *   |    +---+--------------+      reclaim, previous read request
- *   |        |                        couldn't be fulfilled
- *   |        |
- *   +--------+
- *     feed, need more data to serve
- *     previous consumer request
- *                                         |
- *                                         |
- *               producing mode            |           consuming mode
- *                                         |
- *
- */
-
-#ifndef MBEDTLS_READER_H
-#define MBEDTLS_READER_H
-
-#include <stdio.h>
-
-#include "mps_common.h"
-#include "mps_error.h"
-
-struct mbedtls_mps_reader;
-typedef struct mbedtls_mps_reader mbedtls_mps_reader;
-
-/*
- * Structure definitions
- */
-
-struct mbedtls_mps_reader
-{
-    unsigned char *frag;  /*!< The fragment of incoming data managed by
-                           *   the reader; it is provided to the reader
-                           *   through mbedtls_mps_reader_feed(). The reader
-                           *   does not own the fragment and does not
-                           *   perform any allocation operations on it,
-                           *   but does have read and write access to it.
-                           *
-                           *   The reader is in consuming mode if
-                           *   and only if \c frag is not \c NULL.          */
-    mbedtls_mps_stored_size_t frag_len;
-                          /*!< The length of the current fragment.
-                           *   Must be 0 if \c frag == \c NULL.             */
-    mbedtls_mps_stored_size_t commit;
-                          /*!< The offset of the last commit, relative
-                           *   to the first byte in the fragment, if
-                           *   no accumulator is present. If an accumulator
-                           *   is present, it is viewed as a prefix to the
-                           *   current fragment, and this variable contains
-                           *   an offset from the beginning of the accumulator.
-                           *
-                           *   This is only used when the reader is in
-                           *   consuming mode, i.e. \c frag != \c NULL;
-                           *   otherwise, its value is \c 0.                */
-    mbedtls_mps_stored_size_t end;
-                          /*!< The offset of the end of the last chunk
-                           *   passed to the user through a call to
-                           *   mbedtls_mps_reader_get(), relative to the first
-                           *   byte in the fragment, if no accumulator is
-                           *   present. If an accumulator is present, it is
-                           *   viewed as a prefix to the current fragment, and
-                           *   this variable contains an offset from the
-                           *   beginning of the accumulator.
-                           *
-                           *   This is only used when the reader is in
-                           *   consuming mode, i.e. \c frag != \c NULL;
-                           *   otherwise, its value is \c 0.                */
-    mbedtls_mps_stored_size_t pending;
-                          /*!< The amount of incoming data missing on the
-                           *   last call to mbedtls_mps_reader_get().
-                           *   In particular, it is \c 0 if the last call
-                           *   was successful.
-                           *   If a reader is reclaimed after an
-                           *   unsuccessful call to mbedtls_mps_reader_get(),
-                           *   this variable is used to have the reader
-                           *   remember how much data should be accumulated
-                           *   so that the call to mbedtls_mps_reader_get()
-                           *   succeeds next time.
-                           *   This is only used when the reader is in
-                           *   consuming mode, i.e. \c frag != \c NULL;
-                           *   otherwise, its value is \c 0.                */
-
-    /* The accumulator is only needed if we need to be able to pause
-     * the reader. A few bytes could be saved by moving this to a
-     * separate struct and using a pointer here. */
-
-    unsigned char *acc;   /*!< The accumulator is used to gather incoming
-                           *   data if a read-request via mbedtls_mps_reader_get()
-                           *   cannot be served from the current fragment.   */
-    mbedtls_mps_stored_size_t acc_len;
-                           /*!< The total size of the accumulator.           */
-    mbedtls_mps_stored_size_t acc_available;
-                          /*!< The number of bytes currently gathered in
-                           *   the accumulator. This is both used in
-                           *   producing and in consuming mode:
-                           *   While producing, it is increased until
-                           *   it reaches the value of \c acc_remaining below.
-                           *   While consuming, it is used to judge if a
-                           *   get request can be served from the
-                           *   accumulator or not.
-                           *   Must not be larger than \c acc_len.           */
-    union
-    {
-        mbedtls_mps_stored_size_t acc_remaining;
-                              /*!< This indicates the amount of data still
-                               *   to be gathered in the accumulator. It is
-                               *   only used in producing mode.
-                               *   Must be at most acc_len - acc_available.  */
-        mbedtls_mps_stored_size_t frag_offset;
-                              /*!< If an accumulator is present and in use, this
-                               *   field indicates the offset of the current
-                               *   fragment from the beginning of the
-                               *   accumulator. If no accumulator is present
-                               *   or the accumulator is not in use, this is \c 0.
-                               *   It is only used in consuming mode.
-                               *   Must not be larger than \c acc_available. */
-    } acc_share;
-};
-
-/*
- * API organization:
- * A reader object is usually prepared and maintained
- * by some lower layer and passed for usage to an upper
- * layer, and the API naturally splits according to which
- * layer is supposed to use the respective functions.
- */
-
-/*
- * Maintenance API (Lower layer)
- */
-
-/**
- * \brief           Initialize a reader object
- *
- * \param reader    The reader to be initialized.
- * \param acc       The buffer to be used as a temporary accumulator
- *                  in case get requests through mbedtls_mps_reader_get()
- *                  exceed the buffer provided by mbedtls_mps_reader_feed().
- *                  This buffer is owned by the caller and exclusive use
- *                  for reading and writing is given to the reader for the
- *                  duration of the reader's lifetime. It is thus the caller's
- *                  responsibility to maintain (and not touch) the buffer for
- *                  the lifetime of the reader, and to properly zeroize and
- *                  free the memory after the reader has been destroyed.
- * \param acc_len   The size in Bytes of \p acc.
- *
- * \return          \c 0 on success.
- * \return          A negative \c MBEDTLS_ERR_READER_XXX error code on failure.
- */
-int mbedtls_mps_reader_init( mbedtls_mps_reader *reader,
-                             unsigned char *acc,
-                             mbedtls_mps_size_t acc_len );
-
-/**
- * \brief           Free a reader object
- *
- * \param reader    The reader to be freed.
- *
- * \return          \c 0 on success.
- * \return          A negative \c MBEDTLS_ERR_READER_XXX error code on failure.
- */
-int mbedtls_mps_reader_free( mbedtls_mps_reader *reader );
-
-/**
- * \brief           Pass chunk of data for the reader to manage.
- *
- * \param reader    The reader context to use. The reader must be
- *                  in producing mode.
- * \param buf       The buffer to be managed by the reader.
- * \param buflen    The size in Bytes of \p buffer.
- *
- * \return          \c 0 on success. In this case, the reader will be
- *                  moved to consuming mode and obtains read access
- *                  of \p buf until mbedtls_mps_reader_reclaim()
- *                  is called. It is the responsibility of the caller
- *                  to ensure that the \p buf persists and is not changed
- *                  between successful calls to mbedtls_mps_reader_feed()
- *                  and mbedtls_mps_reader_reclaim().
- * \return          \c MBEDTLS_ERR_MPS_READER_NEED_MORE if more input data is
- *                  required to fulfill a previous request to mbedtls_mps_reader_get().
- *                  In this case, the reader remains in producing mode and
- *                  takes no ownership of the provided buffer (an internal copy
- *                  is made instead).
- * \return          Another negative \c MBEDTLS_ERR_READER_XXX error code on
- *                  different kinds of failures.
- */
-int mbedtls_mps_reader_feed( mbedtls_mps_reader *reader,
-                             unsigned char *buf,
-                             mbedtls_mps_size_t buflen );
-
-/**
- * \brief           Reclaim reader's access to the current input buffer.
- *
- * \param reader    The reader context to use. The reader must be
- *                  in consuming mode.
- * \param paused    If not \c NULL, the integer at address \p paused will be
- *                  modified to indicate whether the reader has been paused
- *                  (value \c 1) or not (value \c 0). Pausing happens if there
- *                  is uncommitted data and a previous request to
- *                  mbedtls_mps_reader_get() has exceeded the bounds of the
- *                  input buffer.
- *
- * \return          \c 0 on success.
- * \return          A negative \c MBEDTLS_ERR_READER_XXX error code on failure.
- */
-int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *reader,
-                                int *paused );
-
-/*
- * Usage API (Upper layer)
- */
-
-/**
- * \brief           Request data from the reader.
- *
- * \param reader    The reader context to use. The reader must
- *                  be in consuming mode.
- * \param desired   The desired amount of data to be read, in Bytes.
- * \param buffer    The address to store the buffer pointer in.
- *                  This must not be \c NULL.
- * \param buflen    The address to store the actual buffer
- *                  length in, or \c NULL.
- *
- * \return          \c 0 on success. In this case, \c *buf holds the
- *                  address of a buffer of size \c *buflen
- *                  (if \c buflen != \c NULL) or \c desired
- *                  (if \c buflen == \c NULL). The user has read access
- *                  to the buffer and guarantee of stability of the data
- *                  until the next call to mbedtls_mps_reader_reclaim().
- * \return          #MBEDTLS_ERR_MPS_READER_OUT_OF_DATA if there is not enough
- *                  data available to serve the get request. In this case, the
- *                  reader remains intact and in consuming mode, and the consumer
- *                  should retry the call after a successful cycle of
- *                  mbedtls_mps_reader_reclaim() and mbedtls_mps_reader_feed().
- *                  If, after such a cycle, the consumer requests a different
- *                  amount of data, the result is implementation-defined;
- *                  progress is guaranteed only if the same amount of data
- *                  is requested after a mbedtls_mps_reader_reclaim() and
- *                  mbedtls_mps_reader_feed() cycle.
- * \return          Another negative \c MBEDTLS_ERR_READER_XXX error
- *                  code for different kinds of failure.
- *
- * \note            Passing \c NULL as \p buflen is a convenient way to
- *                  indicate that fragmentation is not tolerated.
- *                  It's functionally equivalent to passing a valid
- *                  address as buflen and checking \c *buflen == \c desired
- *                  afterwards.
- */
-int mbedtls_mps_reader_get( mbedtls_mps_reader *reader,
-                            mbedtls_mps_size_t desired,
-                            unsigned char **buffer,
-                            mbedtls_mps_size_t *buflen );
-
-/**
- * \brief         Mark data obtained from mbedtls_mps_reader_get() as processed.
- *
- *                This call indicates that all data received from prior calls to
- *                mbedtls_mps_reader_get() has been or will have been
- *                processed when mbedtls_mps_reader_reclaim() is called,
- *                and thus need not be backed up.
- *
- *                This function has no user observable effect until
- *                mbedtls_mps_reader_reclaim() is called. In particular,
- *                buffers received from mbedtls_mps_reader_get() remain
- *                valid until mbedtls_mps_reader_reclaim() is called.
- *
- * \param reader  The reader context to use.
- *
- * \return        \c 0 on success.
- * \return        A negative \c MBEDTLS_ERR_READER_XXX error code on failure.
- *
- */
-int mbedtls_mps_reader_commit( mbedtls_mps_reader *reader );
-
-#endif /* MBEDTLS_READER_H */
diff --git a/Sources/mbedtls/library/mps_trace.c b/Sources/mbedtls/library/mps_trace.c
deleted file mode 100644
index 6026a07..0000000
--- a/Sources/mbedtls/library/mps_trace.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- *  Message Processing Stack, Trace module
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of Mbed TLS (https://tls.mbed.org)
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-
-#include "mps_common.h"
-
-#if defined(MBEDTLS_MPS_ENABLE_TRACE)
-
-#include "mps_trace.h"
-#include <stdarg.h>
-
-static int trace_depth = 0;
-
-#define color_default  "\x1B[0m"
-#define color_red      "\x1B[1;31m"
-#define color_green    "\x1B[1;32m"
-#define color_yellow   "\x1B[1;33m"
-#define color_blue     "\x1B[1;34m"
-#define color_magenta  "\x1B[1;35m"
-#define color_cyan     "\x1B[1;36m"
-#define color_white    "\x1B[1;37m"
-
-static char const * colors[] =
-{
-    color_default,
-    color_green,
-    color_yellow,
-    color_magenta,
-    color_cyan,
-    color_blue,
-    color_white
-};
-
-#define MPS_TRACE_BUF_SIZE 100
-
-void mbedtls_mps_trace_print_msg( int id, int line, const char *format, ... )
-{
-    int ret;
-    char str[MPS_TRACE_BUF_SIZE];
-    va_list argp;
-    va_start( argp, format );
-    ret = mbedtls_vsnprintf( str, MPS_TRACE_BUF_SIZE, format, argp );
-    va_end( argp );
-
-    if( ret >= 0 && ret < MPS_TRACE_BUF_SIZE )
-    {
-        str[ret] = '\0';
-        mbedtls_printf( "[%d|L%d]: %s\n", id, line, str );
-    }
-}
-
-int mbedtls_mps_trace_get_depth()
-{
-    return trace_depth;
-}
-void mbedtls_mps_trace_dec_depth()
-{
-    trace_depth--;
-}
-void mbedtls_mps_trace_inc_depth()
-{
-    trace_depth++;
-}
-
-void mbedtls_mps_trace_color( int id )
-{
-    if( id > (int) ( sizeof( colors ) / sizeof( *colors ) ) )
-        return;
-    printf( "%s", colors[ id ] );
-}
-
-void mbedtls_mps_trace_indent( int level, mbedtls_mps_trace_type ty )
-{
-    if( level > 0 )
-    {
-        while( --level )
-            printf( "|  " );
-
-        printf( "|  " );
-    }
-
-    switch( ty )
-    {
-        case MBEDTLS_MPS_TRACE_TYPE_COMMENT:
-            mbedtls_printf( "@ " );
-            break;
-
-        case MBEDTLS_MPS_TRACE_TYPE_CALL:
-            mbedtls_printf( "+--> " );
-            break;
-
-        case MBEDTLS_MPS_TRACE_TYPE_ERROR:
-            mbedtls_printf( "E " );
-            break;
-
-        case MBEDTLS_MPS_TRACE_TYPE_RETURN:
-            mbedtls_printf( "< " );
-            break;
-
-        default:
-            break;
-    }
-}
-
-#endif /* MBEDTLS_MPS_ENABLE_TRACE */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
diff --git a/Sources/mbedtls/library/mps_trace.h b/Sources/mbedtls/library/mps_trace.h
deleted file mode 100644
index 820a1b6..0000000
--- a/Sources/mbedtls/library/mps_trace.h
+++ /dev/null
@@ -1,169 +0,0 @@
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-
-/**
- * \file mps_trace.h
- *
- * \brief Tracing module for MPS
- */
-
-#ifndef MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H
-#define MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H
-
-#include "common.h"
-#include "mps_common.h"
-#include "mps_trace.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_MPS_ENABLE_TRACE)
-
-/*
- * Adapt this to enable/disable tracing output
- * from the various layers of the MPS.
- */
-
-#define MBEDTLS_MPS_TRACE_ENABLE_LAYER_1
-#define MBEDTLS_MPS_TRACE_ENABLE_LAYER_2
-#define MBEDTLS_MPS_TRACE_ENABLE_LAYER_3
-#define MBEDTLS_MPS_TRACE_ENABLE_LAYER_4
-#define MBEDTLS_MPS_TRACE_ENABLE_READER
-#define MBEDTLS_MPS_TRACE_ENABLE_WRITER
-
-/*
- * To use the existing trace module, only change
- * MBEDTLS_MPS_TRACE_ENABLE_XXX above, but don't modify the
- * rest of this file.
- */
-
-typedef enum
-{
-    MBEDTLS_MPS_TRACE_TYPE_COMMENT,
-    MBEDTLS_MPS_TRACE_TYPE_CALL,
-    MBEDTLS_MPS_TRACE_TYPE_ERROR,
-    MBEDTLS_MPS_TRACE_TYPE_RETURN
-} mbedtls_mps_trace_type;
-
-#define MBEDTLS_MPS_TRACE_BIT_LAYER_1 1
-#define MBEDTLS_MPS_TRACE_BIT_LAYER_2 2
-#define MBEDTLS_MPS_TRACE_BIT_LAYER_3 3
-#define MBEDTLS_MPS_TRACE_BIT_LAYER_4 4
-#define MBEDTLS_MPS_TRACE_BIT_WRITER  5
-#define MBEDTLS_MPS_TRACE_BIT_READER  6
-
-#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_1)
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_1 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_1 )
-#else
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_1 0
-#endif
-
-#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_2)
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_2 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_2 )
-#else
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_2 0
-#endif
-
-#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_3)
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_3 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_3 )
-#else
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_3 0
-#endif
-
-#if defined(MBEDTLS_MPS_TRACE_ENABLE_LAYER_4)
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_4 (1u << MBEDTLS_MPS_TRACE_BIT_LAYER_4 )
-#else
-#define MBEDTLS_MPS_TRACE_MASK_LAYER_4 0
-#endif
-
-#if defined(MBEDTLS_MPS_TRACE_ENABLE_READER)
-#define MBEDTLS_MPS_TRACE_MASK_READER (1u << MBEDTLS_MPS_TRACE_BIT_READER )
-#else
-#define MBEDTLS_MPS_TRACE_MASK_READER 0
-#endif
-
-#if defined(MBEDTLS_MPS_TRACE_ENABLE_WRITER)
-#define MBEDTLS_MPS_TRACE_MASK_WRITER (1u << MBEDTLS_MPS_TRACE_BIT_WRITER )
-#else
-#define MBEDTLS_MPS_TRACE_MASK_WRITER 0
-#endif
-
-#define MBEDTLS_MPS_TRACE_MASK ( MBEDTLS_MPS_TRACE_MASK_LAYER_1 |       \
-                                 MBEDTLS_MPS_TRACE_MASK_LAYER_2 |       \
-                                 MBEDTLS_MPS_TRACE_MASK_LAYER_3 |       \
-                                 MBEDTLS_MPS_TRACE_MASK_LAYER_4 |       \
-                                 MBEDTLS_MPS_TRACE_MASK_READER  |       \
-                                 MBEDTLS_MPS_TRACE_MASK_WRITER )
-
-/* We have to avoid globals because E-ACSL chokes on them...
- * Wrap everything in stub functions. */
-int  mbedtls_mps_trace_get_depth( void );
-void mbedtls_mps_trace_inc_depth( void );
-void mbedtls_mps_trace_dec_depth( void );
-
-void mbedtls_mps_trace_color( int id );
-void mbedtls_mps_trace_indent( int level, mbedtls_mps_trace_type ty );
-
-void mbedtls_mps_trace_print_msg( int id, int line, const char *format, ... );
-
-#define MBEDTLS_MPS_TRACE( type, ... )                                              \
-    do {                                                                            \
-        if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) )         \
-            break;                                                                  \
-        mbedtls_mps_trace_indent( mbedtls_mps_trace_get_depth(), type );            \
-        mbedtls_mps_trace_color( mbedtls_mps_trace_id );                            \
-        mbedtls_mps_trace_print_msg( mbedtls_mps_trace_id, __LINE__, __VA_ARGS__ ); \
-        mbedtls_mps_trace_color( 0 );                                               \
-    } while( 0 )
-
-#define MBEDTLS_MPS_TRACE_INIT( ... )                                         \
-    do {                                                                      \
-        if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) )   \
-            break;                                                            \
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_CALL, __VA_ARGS__ );        \
-        mbedtls_mps_trace_inc_depth();                                        \
-    } while( 0 )
-
-#define MBEDTLS_MPS_TRACE_END( val )                                        \
-    do {                                                                    \
-        if( ! ( MBEDTLS_MPS_TRACE_MASK & ( 1u << mbedtls_mps_trace_id ) ) ) \
-            break;                                                          \
-        MBEDTLS_MPS_TRACE( MBEDTLS_MPS_TRACE_TYPE_RETURN, "%d (-%#04x)",    \
-               (int) (val), -((unsigned)(val)) );                           \
-        mbedtls_mps_trace_dec_depth();                                      \
-    } while( 0 )
-
-#define MBEDTLS_MPS_TRACE_RETURN( val )         \
-    do {                                        \
-        /* Breaks tail recursion. */            \
-        int ret__ = val;                        \
-        MBEDTLS_MPS_TRACE_END( ret__ );         \
-        return( ret__ );                        \
-    } while( 0 )
-
-#else /* MBEDTLS_MPS_TRACE */
-
-#define MBEDTLS_MPS_TRACE( type, ... ) do { } while( 0 )
-#define MBEDTLS_MPS_TRACE_INIT( ... )  do { } while( 0 )
-#define MBEDTLS_MPS_TRACE_END          do { } while( 0 )
-
-#define MBEDTLS_MPS_TRACE_RETURN( val ) return( val );
-
-#endif /* MBEDTLS_MPS_TRACE */
-
-#endif /* MBEDTLS_MPS_MBEDTLS_MPS_TRACE_H */
diff --git a/Sources/mbedtls/library/net_sockets.c b/Sources/mbedtls/library/net_sockets.c
deleted file mode 100644
index b2cab50..0000000
--- a/Sources/mbedtls/library/net_sockets.c
+++ /dev/null
@@ -1,711 +0,0 @@
-/*
- *  TCP/IP or UDP/IP networking functions
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must
- * be set before config.h, which pulls in glibc's features.h indirectly.
- * Harmless on other platforms. */
-#ifndef _POSIX_C_SOURCE
-#define _POSIX_C_SOURCE 200112L
-#endif
-#ifndef _XOPEN_SOURCE
-#define _XOPEN_SOURCE 600 /* sockaddr_storage */
-#endif
-
-#include "common.h"
-
-#if defined(MBEDTLS_NET_C)
-
-#if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
-    !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
-    !defined(__HAIKU__) && !defined(__midipix__)
-#error "This module only works on Unix and Windows, see MBEDTLS_NET_C in config.h"
-#endif
-
-#include "mbedtls/platform.h"
-
-#include "mbedtls/net_sockets.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
-    !defined(EFI32)
-
-#define IS_EINTR( ret ) ( ( ret ) == WSAEINTR )
-
-#if !defined(_WIN32_WINNT)
-/* Enables getaddrinfo() & Co */
-#define _WIN32_WINNT 0x0501
-#endif
-
-#include <ws2tcpip.h>
-
-#include <winsock2.h>
-#include <windows.h>
-#if (_WIN32_WINNT < 0x0501)
-#include <wspiapi.h>
-#endif
-
-#if defined(_MSC_VER)
-#if defined(_WIN32_WCE)
-#pragma comment( lib, "ws2.lib" )
-#else
-#pragma comment( lib, "ws2_32.lib" )
-#endif
-#endif /* _MSC_VER */
-
-#define read(fd,buf,len)        recv( fd, (char*)( buf ), (int)( len ), 0 )
-#define write(fd,buf,len)       send( fd, (char*)( buf ), (int)( len ), 0 )
-#define close(fd)               closesocket(fd)
-
-static int wsa_init_done = 0;
-
-#else /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <sys/time.h>
-#include <unistd.h>
-#include <signal.h>
-#include <fcntl.h>
-#include <netdb.h>
-#include <errno.h>
-
-#define IS_EINTR( ret ) ( ( ret ) == EINTR )
-
-#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
-
-/* Some MS functions want int and MSVC warns if we pass size_t,
- * but the standard functions use socklen_t, so cast only for MSVC */
-#if defined(_MSC_VER)
-#define MSVC_INT_CAST   (int)
-#else
-#define MSVC_INT_CAST
-#endif
-
-#include <stdio.h>
-
-#if defined(MBEDTLS_HAVE_TIME)
-#include <time.h>
-#endif
-
-#include <stdint.h>
-
-/*
- * Prepare for using the sockets interface
- */
-static int net_prepare( void )
-{
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-    WSADATA wsaData;
-
-    if( wsa_init_done == 0 )
-    {
-        if( WSAStartup( MAKEWORD(2,0), &wsaData ) != 0 )
-            return( MBEDTLS_ERR_NET_SOCKET_FAILED );
-
-        wsa_init_done = 1;
-    }
-#else
-#if !defined(EFIX64) && !defined(EFI32)
-    signal( SIGPIPE, SIG_IGN );
-#endif
-#endif
-    return( 0 );
-}
-
-/*
- * Return 0 if the file descriptor is valid, an error otherwise.
- * If for_select != 0, check whether the file descriptor is within the range
- * allowed for fd_set used for the FD_xxx macros and the select() function.
- */
-static int check_fd( int fd, int for_select )
-{
-    if( fd < 0 )
-        return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
-
-#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
-    !defined(EFI32)
-    (void) for_select;
-#else
-    /* A limitation of select() is that it only works with file descriptors
-     * that are strictly less than FD_SETSIZE. This is a limitation of the
-     * fd_set type. Error out early, because attempting to call FD_SET on a
-     * large file descriptor is a buffer overflow on typical platforms. */
-    if( for_select && fd >= FD_SETSIZE )
-        return( MBEDTLS_ERR_NET_POLL_FAILED );
-#endif
-
-    return( 0 );
-}
-
-/*
- * Initialize a context
- */
-void mbedtls_net_init( mbedtls_net_context *ctx )
-{
-    ctx->fd = -1;
-}
-
-/*
- * Initiate a TCP connection with host:port and the given protocol
- */
-int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host,
-                         const char *port, int proto )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    struct addrinfo hints, *addr_list, *cur;
-
-    if( ( ret = net_prepare() ) != 0 )
-        return( ret );
-
-    /* Do name resolution with both IPv6 and IPv4 */
-    memset( &hints, 0, sizeof( hints ) );
-    hints.ai_family = AF_UNSPEC;
-    hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
-    hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
-
-    if( getaddrinfo( host, port, &hints, &addr_list ) != 0 )
-        return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
-
-    /* Try the sockaddrs until a connection succeeds */
-    ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
-    for( cur = addr_list; cur != NULL; cur = cur->ai_next )
-    {
-        ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
-                            cur->ai_protocol );
-        if( ctx->fd < 0 )
-        {
-            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
-            continue;
-        }
-
-        if( connect( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) == 0 )
-        {
-            ret = 0;
-            break;
-        }
-
-        close( ctx->fd );
-        ret = MBEDTLS_ERR_NET_CONNECT_FAILED;
-    }
-
-    freeaddrinfo( addr_list );
-
-    return( ret );
-}
-
-/*
- * Create a listening socket on bind_ip:port
- */
-int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto )
-{
-    int n, ret;
-    struct addrinfo hints, *addr_list, *cur;
-
-    if( ( ret = net_prepare() ) != 0 )
-        return( ret );
-
-    /* Bind to IPv6 and/or IPv4, but only in the desired protocol */
-    memset( &hints, 0, sizeof( hints ) );
-    hints.ai_family = AF_UNSPEC;
-    hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM;
-    hints.ai_protocol = proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP;
-    if( bind_ip == NULL )
-        hints.ai_flags = AI_PASSIVE;
-
-    if( getaddrinfo( bind_ip, port, &hints, &addr_list ) != 0 )
-        return( MBEDTLS_ERR_NET_UNKNOWN_HOST );
-
-    /* Try the sockaddrs until a binding succeeds */
-    ret = MBEDTLS_ERR_NET_UNKNOWN_HOST;
-    for( cur = addr_list; cur != NULL; cur = cur->ai_next )
-    {
-        ctx->fd = (int) socket( cur->ai_family, cur->ai_socktype,
-                            cur->ai_protocol );
-        if( ctx->fd < 0 )
-        {
-            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
-            continue;
-        }
-
-        n = 1;
-        if( setsockopt( ctx->fd, SOL_SOCKET, SO_REUSEADDR,
-                        (const char *) &n, sizeof( n ) ) != 0 )
-        {
-            close( ctx->fd );
-            ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
-            continue;
-        }
-
-        if( bind( ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen ) != 0 )
-        {
-            close( ctx->fd );
-            ret = MBEDTLS_ERR_NET_BIND_FAILED;
-            continue;
-        }
-
-        /* Listen only makes sense for TCP */
-        if( proto == MBEDTLS_NET_PROTO_TCP )
-        {
-            if( listen( ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG ) != 0 )
-            {
-                close( ctx->fd );
-                ret = MBEDTLS_ERR_NET_LISTEN_FAILED;
-                continue;
-            }
-        }
-
-        /* Bind was successful */
-        ret = 0;
-        break;
-    }
-
-    freeaddrinfo( addr_list );
-
-    return( ret );
-
-}
-
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-/*
- * Check if the requested operation would be blocking on a non-blocking socket
- * and thus 'failed' with a negative return value.
- */
-static int net_would_block( const mbedtls_net_context *ctx )
-{
-    ((void) ctx);
-    return( WSAGetLastError() == WSAEWOULDBLOCK );
-}
-#else
-/*
- * Check if the requested operation would be blocking on a non-blocking socket
- * and thus 'failed' with a negative return value.
- *
- * Note: on a blocking socket this function always returns 0!
- */
-static int net_would_block( const mbedtls_net_context *ctx )
-{
-    int err = errno;
-
-    /*
-     * Never return 'WOULD BLOCK' on a blocking socket
-     */
-    if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK )
-    {
-        errno = err;
-        return( 0 );
-    }
-
-    switch( errno = err )
-    {
-#if defined EAGAIN
-        case EAGAIN:
-#endif
-#if defined EWOULDBLOCK && EWOULDBLOCK != EAGAIN
-        case EWOULDBLOCK:
-#endif
-            return( 1 );
-    }
-    return( 0 );
-}
-#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
-
-/*
- * Accept a connection from a remote client
- */
-int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
-                        mbedtls_net_context *client_ctx,
-                        void *client_ip, size_t buf_size, size_t *ip_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    int type;
-
-    struct sockaddr_storage client_addr;
-
-#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) ||  \
-    defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \
-    defined(socklen_t) || (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L)
-    socklen_t n = (socklen_t) sizeof( client_addr );
-    socklen_t type_len = (socklen_t) sizeof( type );
-#else
-    int n = (int) sizeof( client_addr );
-    int type_len = (int) sizeof( type );
-#endif
-
-    /* Is this a TCP or UDP socket? */
-    if( getsockopt( bind_ctx->fd, SOL_SOCKET, SO_TYPE,
-                    (void *) &type, &type_len ) != 0 ||
-        ( type != SOCK_STREAM && type != SOCK_DGRAM ) )
-    {
-        return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
-    }
-
-    if( type == SOCK_STREAM )
-    {
-        /* TCP: actual accept() */
-        ret = client_ctx->fd = (int) accept( bind_ctx->fd,
-                                             (struct sockaddr *) &client_addr, &n );
-    }
-    else
-    {
-        /* UDP: wait for a message, but keep it in the queue */
-        char buf[1] = { 0 };
-
-        ret = (int) recvfrom( bind_ctx->fd, buf, sizeof( buf ), MSG_PEEK,
-                        (struct sockaddr *) &client_addr, &n );
-
-#if defined(_WIN32)
-        if( ret == SOCKET_ERROR &&
-            WSAGetLastError() == WSAEMSGSIZE )
-        {
-            /* We know buf is too small, thanks, just peeking here */
-            ret = 0;
-        }
-#endif
-    }
-
-    if( ret < 0 )
-    {
-        if( net_would_block( bind_ctx ) != 0 )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-
-        return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
-    }
-
-    /* UDP: hijack the listening socket to communicate with the client,
-     * then bind a new socket to accept new connections */
-    if( type != SOCK_STREAM )
-    {
-        struct sockaddr_storage local_addr;
-        int one = 1;
-
-        if( connect( bind_ctx->fd, (struct sockaddr *) &client_addr, n ) != 0 )
-            return( MBEDTLS_ERR_NET_ACCEPT_FAILED );
-
-        client_ctx->fd = bind_ctx->fd;
-        bind_ctx->fd   = -1; /* In case we exit early */
-
-        n = sizeof( struct sockaddr_storage );
-        if( getsockname( client_ctx->fd,
-                         (struct sockaddr *) &local_addr, &n ) != 0 ||
-            ( bind_ctx->fd = (int) socket( local_addr.ss_family,
-                                           SOCK_DGRAM, IPPROTO_UDP ) ) < 0 ||
-            setsockopt( bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR,
-                        (const char *) &one, sizeof( one ) ) != 0 )
-        {
-            return( MBEDTLS_ERR_NET_SOCKET_FAILED );
-        }
-
-        if( bind( bind_ctx->fd, (struct sockaddr *) &local_addr, n ) != 0 )
-        {
-            return( MBEDTLS_ERR_NET_BIND_FAILED );
-        }
-    }
-
-    if( client_ip != NULL )
-    {
-        if( client_addr.ss_family == AF_INET )
-        {
-            struct sockaddr_in *addr4 = (struct sockaddr_in *) &client_addr;
-            *ip_len = sizeof( addr4->sin_addr.s_addr );
-
-            if( buf_size < *ip_len )
-                return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
-
-            memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len );
-        }
-        else
-        {
-            struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) &client_addr;
-            *ip_len = sizeof( addr6->sin6_addr.s6_addr );
-
-            if( buf_size < *ip_len )
-                return( MBEDTLS_ERR_NET_BUFFER_TOO_SMALL );
-
-            memcpy( client_ip, &addr6->sin6_addr.s6_addr, *ip_len);
-        }
-    }
-
-    return( 0 );
-}
-
-/*
- * Set the socket blocking or non-blocking
- */
-int mbedtls_net_set_block( mbedtls_net_context *ctx )
-{
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-    u_long n = 0;
-    return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
-#else
-    return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL ) & ~O_NONBLOCK ) );
-#endif
-}
-
-int mbedtls_net_set_nonblock( mbedtls_net_context *ctx )
-{
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-    u_long n = 1;
-    return( ioctlsocket( ctx->fd, FIONBIO, &n ) );
-#else
-    return( fcntl( ctx->fd, F_SETFL, fcntl( ctx->fd, F_GETFL ) | O_NONBLOCK ) );
-#endif
-}
-
-/*
- * Check if data is available on the socket
- */
-
-int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    struct timeval tv;
-
-    fd_set read_fds;
-    fd_set write_fds;
-
-    int fd = ctx->fd;
-
-    ret = check_fd( fd, 1 );
-    if( ret != 0 )
-        return( ret );
-
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer)
-    /* Ensure that memory sanitizers consider read_fds and write_fds as
-     * initialized even on platforms such as Glibc/x86_64 where FD_ZERO
-     * is implemented in assembly. */
-    memset( &read_fds, 0, sizeof( read_fds ) );
-    memset( &write_fds, 0, sizeof( write_fds ) );
-#endif
-#endif
-
-    FD_ZERO( &read_fds );
-    if( rw & MBEDTLS_NET_POLL_READ )
-    {
-        rw &= ~MBEDTLS_NET_POLL_READ;
-        FD_SET( fd, &read_fds );
-    }
-
-    FD_ZERO( &write_fds );
-    if( rw & MBEDTLS_NET_POLL_WRITE )
-    {
-        rw &= ~MBEDTLS_NET_POLL_WRITE;
-        FD_SET( fd, &write_fds );
-    }
-
-    if( rw != 0 )
-        return( MBEDTLS_ERR_NET_BAD_INPUT_DATA );
-
-    tv.tv_sec  = timeout / 1000;
-    tv.tv_usec = ( timeout % 1000 ) * 1000;
-
-    do
-    {
-        ret = select( fd + 1, &read_fds, &write_fds, NULL,
-                      timeout == (uint32_t) -1 ? NULL : &tv );
-    }
-    while( IS_EINTR( ret ) );
-
-    if( ret < 0 )
-        return( MBEDTLS_ERR_NET_POLL_FAILED );
-
-    ret = 0;
-    if( FD_ISSET( fd, &read_fds ) )
-        ret |= MBEDTLS_NET_POLL_READ;
-    if( FD_ISSET( fd, &write_fds ) )
-        ret |= MBEDTLS_NET_POLL_WRITE;
-
-    return( ret );
-}
-
-/*
- * Portable usleep helper
- */
-void mbedtls_net_usleep( unsigned long usec )
-{
-#if defined(_WIN32)
-    Sleep( ( usec + 999 ) / 1000 );
-#else
-    struct timeval tv;
-    tv.tv_sec  = usec / 1000000;
-#if defined(__unix__) || defined(__unix) || \
-    ( defined(__APPLE__) && defined(__MACH__) )
-    tv.tv_usec = (suseconds_t) usec % 1000000;
-#else
-    tv.tv_usec = usec % 1000000;
-#endif
-    select( 0, NULL, NULL, NULL, &tv );
-#endif
-}
-
-/*
- * Read at most 'len' characters
- */
-int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    int fd = ((mbedtls_net_context *) ctx)->fd;
-
-    ret = check_fd( fd, 0 );
-    if( ret != 0 )
-        return( ret );
-
-    ret = (int) read( fd, buf, len );
-
-    if( ret < 0 )
-    {
-        if( net_would_block( ctx ) != 0 )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-        if( WSAGetLastError() == WSAECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-#else
-        if( errno == EPIPE || errno == ECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-
-        if( errno == EINTR )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-#endif
-
-        return( MBEDTLS_ERR_NET_RECV_FAILED );
-    }
-
-    return( ret );
-}
-
-/*
- * Read at most 'len' characters, blocking for at most 'timeout' ms
- */
-int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf,
-                              size_t len, uint32_t timeout )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    struct timeval tv;
-    fd_set read_fds;
-    int fd = ((mbedtls_net_context *) ctx)->fd;
-
-    ret = check_fd( fd, 1 );
-    if( ret != 0 )
-        return( ret );
-
-    FD_ZERO( &read_fds );
-    FD_SET( fd, &read_fds );
-
-    tv.tv_sec  = timeout / 1000;
-    tv.tv_usec = ( timeout % 1000 ) * 1000;
-
-    ret = select( fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv );
-
-    /* Zero fds ready means we timed out */
-    if( ret == 0 )
-        return( MBEDTLS_ERR_SSL_TIMEOUT );
-
-    if( ret < 0 )
-    {
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-        if( WSAGetLastError() == WSAEINTR )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-#else
-        if( errno == EINTR )
-            return( MBEDTLS_ERR_SSL_WANT_READ );
-#endif
-
-        return( MBEDTLS_ERR_NET_RECV_FAILED );
-    }
-
-    /* This call will not block */
-    return( mbedtls_net_recv( ctx, buf, len ) );
-}
-
-/*
- * Write at most 'len' characters
- */
-int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    int fd = ((mbedtls_net_context *) ctx)->fd;
-
-    ret = check_fd( fd, 0 );
-    if( ret != 0 )
-        return( ret );
-
-    ret = (int) write( fd, buf, len );
-
-    if( ret < 0 )
-    {
-        if( net_would_block( ctx ) != 0 )
-            return( MBEDTLS_ERR_SSL_WANT_WRITE );
-
-#if ( defined(_WIN32) || defined(_WIN32_WCE) ) && !defined(EFIX64) && \
-    !defined(EFI32)
-        if( WSAGetLastError() == WSAECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-#else
-        if( errno == EPIPE || errno == ECONNRESET )
-            return( MBEDTLS_ERR_NET_CONN_RESET );
-
-        if( errno == EINTR )
-            return( MBEDTLS_ERR_SSL_WANT_WRITE );
-#endif
-
-        return( MBEDTLS_ERR_NET_SEND_FAILED );
-    }
-
-    return( ret );
-}
-
-/*
- * Close the connection
- */
-void mbedtls_net_close( mbedtls_net_context *ctx )
-{
-    if( ctx->fd == -1 )
-        return;
-
-    close( ctx->fd );
-
-    ctx->fd = -1;
-}
-
-/*
- * Gracefully close the connection
- */
-void mbedtls_net_free( mbedtls_net_context *ctx )
-{
-    if( ctx->fd == -1 )
-        return;
-
-    shutdown( ctx->fd, 2 );
-    close( ctx->fd );
-
-    ctx->fd = -1;
-}
-
-#endif /* MBEDTLS_NET_C */
diff --git a/Sources/mbedtls/library/nist_kw.c b/Sources/mbedtls/library/nist_kw.c
deleted file mode 100644
index 495c23d..0000000
--- a/Sources/mbedtls/library/nist_kw.c
+++ /dev/null
@@ -1,706 +0,0 @@
-/*
- *  Implementation of NIST SP 800-38F key wrapping, supporting KW and KWP modes
- *  only
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- * Definition of Key Wrapping:
- * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf
- * RFC 3394 "Advanced Encryption Standard (AES) Key Wrap Algorithm"
- * RFC 5649 "Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm"
- *
- * Note: RFC 3394 defines different methodology for intermediate operations for
- * the wrapping and unwrapping operation than the definition in NIST SP 800-38F.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_NIST_KW_C)
-
-#include "mbedtls/nist_kw.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-#include "mbedtls/constant_time.h"
-
-#include <stdint.h>
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_NIST_KW_ALT)
-
-#define KW_SEMIBLOCK_LENGTH    8
-#define MIN_SEMIBLOCKS_COUNT   3
-
-/*! The 64-bit default integrity check value (ICV) for KW mode. */
-static const unsigned char NIST_KW_ICV1[] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6};
-/*! The 32-bit default integrity check value (ICV) for KWP mode. */
-static const  unsigned char NIST_KW_ICV2[] = {0xA6, 0x59, 0x59, 0xA6};
-
-/*
- * Initialize context
- */
-void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_nist_kw_context ) );
-}
-
-int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
-                            mbedtls_cipher_id_t cipher,
-                            const unsigned char *key,
-                            unsigned int keybits,
-                            const int is_wrap )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const mbedtls_cipher_info_t *cipher_info;
-
-    cipher_info = mbedtls_cipher_info_from_values( cipher,
-                                                   keybits,
-                                                   MBEDTLS_MODE_ECB );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    if( cipher_info->block_size != 16 )
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-
-    /*
-     * SP 800-38F currently defines AES cipher as the only block cipher allowed:
-     * "For KW and KWP, the underlying block cipher shall be approved, and the
-     *  block size shall be 128 bits. Currently, the AES block cipher, with key
-     *  lengths of 128, 192, or 256 bits, is the only block cipher that fits
-     *  this profile."
-     *  Currently we don't support other 128 bit block ciphers for key wrapping,
-     *  such as Camellia and Aria.
-     */
-    if( cipher != MBEDTLS_CIPHER_ID_AES )
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
-
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-
-    if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
-                                       is_wrap ? MBEDTLS_ENCRYPT :
-                                                 MBEDTLS_DECRYPT )
-                                                                   ) != 0 )
-    {
-        return( ret );
-    }
-
-    return( 0 );
-}
-
-/*
- * Free context
- */
-void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx )
-{
-    mbedtls_cipher_free( &ctx->cipher_ctx );
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_nist_kw_context ) );
-}
-
-/*
- * Helper function for Xoring the uint64_t "t" with the encrypted A.
- * Defined in NIST SP 800-38F section 6.1
- */
-static void calc_a_xor_t( unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t )
-{
-    size_t i = 0;
-    for( i = 0; i < sizeof( t ); i++ )
-    {
-        A[i] ^= ( t >> ( ( sizeof( t ) - 1 - i ) * 8 ) ) & 0xff;
-    }
-}
-
-/*
- * KW-AE as defined in SP 800-38F section 6.2
- * KWP-AE as defined in SP 800-38F section 6.3
- */
-int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx,
-                          mbedtls_nist_kw_mode_t mode,
-                          const unsigned char *input, size_t in_len,
-                          unsigned char *output, size_t *out_len, size_t out_size )
-{
-    int ret = 0;
-    size_t semiblocks = 0;
-    size_t s;
-    size_t olen, padlen = 0;
-    uint64_t t = 0;
-    unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
-    unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];
-
-    *out_len = 0;
-    /*
-     * Generate the String to work on
-     */
-    if( mode == MBEDTLS_KW_MODE_KW )
-    {
-        if( out_size < in_len + KW_SEMIBLOCK_LENGTH )
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-        }
-
-        /*
-         * According to SP 800-38F Table 1, the plaintext length for KW
-         * must be between 2 to 2^54-1 semiblocks inclusive.
-         */
-        if( in_len < 16 ||
-#if SIZE_MAX > 0x1FFFFFFFFFFFFF8
-            in_len > 0x1FFFFFFFFFFFFF8 ||
-#endif
-            in_len % KW_SEMIBLOCK_LENGTH != 0 )
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-        }
-
-        memcpy( output, NIST_KW_ICV1, KW_SEMIBLOCK_LENGTH );
-        memmove( output + KW_SEMIBLOCK_LENGTH, input, in_len );
-    }
-    else
-    {
-        if( in_len % 8 != 0 )
-        {
-            padlen = ( 8 - ( in_len % 8 ) );
-        }
-
-        if( out_size < in_len + KW_SEMIBLOCK_LENGTH + padlen )
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-        }
-
-        /*
-         * According to SP 800-38F Table 1, the plaintext length for KWP
-         * must be between 1 and 2^32-1 octets inclusive.
-         */
-        if( in_len < 1
-#if SIZE_MAX > 0xFFFFFFFF
-            || in_len > 0xFFFFFFFF
-#endif
-          )
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-        }
-
-        memcpy( output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2 );
-        MBEDTLS_PUT_UINT32_BE( ( in_len & 0xffffffff ), output,
-                       KW_SEMIBLOCK_LENGTH / 2 );
-
-        memcpy( output + KW_SEMIBLOCK_LENGTH, input, in_len );
-        memset( output + KW_SEMIBLOCK_LENGTH + in_len, 0, padlen );
-    }
-    semiblocks = ( ( in_len + padlen ) / KW_SEMIBLOCK_LENGTH ) + 1;
-
-    s = 6 * ( semiblocks - 1 );
-
-    if( mode == MBEDTLS_KW_MODE_KWP
-        && in_len <= KW_SEMIBLOCK_LENGTH )
-    {
-        memcpy( inbuff, output, 16 );
-        ret = mbedtls_cipher_update( &ctx->cipher_ctx,
-                                     inbuff, 16, output, &olen );
-        if( ret != 0 )
-            goto cleanup;
-    }
-    else
-    {
-        unsigned char *R2 = output + KW_SEMIBLOCK_LENGTH;
-        unsigned char *A = output;
-
-        /*
-         * Do the wrapping function W, as defined in RFC 3394 section 2.2.1
-         */
-        if( semiblocks < MIN_SEMIBLOCKS_COUNT )
-        {
-            ret = MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
-            goto cleanup;
-        }
-
-        /* Calculate intermediate values */
-        for( t = 1; t <= s; t++ )
-        {
-            memcpy( inbuff, A, KW_SEMIBLOCK_LENGTH );
-            memcpy( inbuff + KW_SEMIBLOCK_LENGTH, R2, KW_SEMIBLOCK_LENGTH );
-
-            ret = mbedtls_cipher_update( &ctx->cipher_ctx,
-                                         inbuff, 16, outbuff, &olen );
-            if( ret != 0 )
-                goto cleanup;
-
-            memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
-            calc_a_xor_t( A, t );
-
-            memcpy( R2, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
-            R2 += KW_SEMIBLOCK_LENGTH;
-            if( R2 >= output + ( semiblocks * KW_SEMIBLOCK_LENGTH ) )
-                R2 = output + KW_SEMIBLOCK_LENGTH;
-        }
-    }
-
-    *out_len = semiblocks * KW_SEMIBLOCK_LENGTH;
-
-cleanup:
-
-    if( ret != 0)
-    {
-        memset( output, 0, semiblocks * KW_SEMIBLOCK_LENGTH );
-    }
-    mbedtls_platform_zeroize( inbuff, KW_SEMIBLOCK_LENGTH * 2 );
-    mbedtls_platform_zeroize( outbuff, KW_SEMIBLOCK_LENGTH * 2 );
-
-    return( ret );
-}
-
-/*
- * W-1 function as defined in RFC 3394 section 2.2.2
- * This function assumes the following:
- * 1. Output buffer is at least of size ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH.
- * 2. The input buffer is of size semiblocks * KW_SEMIBLOCK_LENGTH.
- * 3. Minimal number of semiblocks is 3.
- * 4. A is a buffer to hold the first semiblock of the input buffer.
- */
-static int unwrap( mbedtls_nist_kw_context *ctx,
-                   const unsigned char *input, size_t semiblocks,
-                   unsigned char A[KW_SEMIBLOCK_LENGTH],
-                   unsigned char *output, size_t* out_len )
-{
-    int ret = 0;
-    const size_t s = 6 * ( semiblocks - 1 );
-    size_t olen;
-    uint64_t t = 0;
-    unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
-    unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];
-    unsigned char *R = NULL;
-    *out_len = 0;
-
-    if( semiblocks < MIN_SEMIBLOCKS_COUNT )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-    memcpy( A, input, KW_SEMIBLOCK_LENGTH );
-    memmove( output, input + KW_SEMIBLOCK_LENGTH, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH );
-    R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH;
-
-    /* Calculate intermediate values */
-    for( t = s; t >= 1; t-- )
-    {
-        calc_a_xor_t( A, t );
-
-        memcpy( inbuff, A, KW_SEMIBLOCK_LENGTH );
-        memcpy( inbuff + KW_SEMIBLOCK_LENGTH, R, KW_SEMIBLOCK_LENGTH );
-
-        ret = mbedtls_cipher_update( &ctx->cipher_ctx,
-                                     inbuff, 16, outbuff, &olen );
-        if( ret != 0 )
-            goto cleanup;
-
-        memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
-
-        /* Set R as LSB64 of outbuff */
-        memcpy( R, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
-
-        if( R == output )
-            R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH;
-        else
-            R -= KW_SEMIBLOCK_LENGTH;
-    }
-
-    *out_len = ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH;
-
-cleanup:
-    if( ret != 0)
-        memset( output, 0, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH );
-    mbedtls_platform_zeroize( inbuff, sizeof( inbuff )  );
-    mbedtls_platform_zeroize( outbuff, sizeof( outbuff ) );
-
-    return( ret );
-}
-
-/*
- * KW-AD as defined in SP 800-38F section 6.2
- * KWP-AD as defined in SP 800-38F section 6.3
- */
-int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx,
-                            mbedtls_nist_kw_mode_t mode,
-                            const unsigned char *input, size_t in_len,
-                            unsigned char *output, size_t *out_len, size_t out_size )
-{
-    int ret = 0;
-    size_t i, olen;
-    unsigned char A[KW_SEMIBLOCK_LENGTH];
-    unsigned char diff, bad_padding = 0;
-
-    *out_len = 0;
-    if( out_size < in_len - KW_SEMIBLOCK_LENGTH )
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-    }
-
-    if( mode == MBEDTLS_KW_MODE_KW )
-    {
-        /*
-         * According to SP 800-38F Table 1, the ciphertext length for KW
-         * must be between 3 to 2^54 semiblocks inclusive.
-         */
-        if( in_len < 24 ||
-#if SIZE_MAX > 0x200000000000000
-            in_len > 0x200000000000000 ||
-#endif
-            in_len % KW_SEMIBLOCK_LENGTH != 0 )
-        {
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-        }
-
-        ret = unwrap( ctx, input, in_len / KW_SEMIBLOCK_LENGTH,
-                      A, output, out_len );
-        if( ret != 0 )
-            goto cleanup;
-
-        /* Check ICV in "constant-time" */
-        diff = mbedtls_ct_memcmp( NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH );
-
-        if( diff != 0 )
-        {
-            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
-            goto cleanup;
-        }
-
-    }
-    else if( mode == MBEDTLS_KW_MODE_KWP )
-    {
-        size_t padlen = 0;
-        uint32_t Plen;
-        /*
-         * According to SP 800-38F Table 1, the ciphertext length for KWP
-         * must be between 2 to 2^29 semiblocks inclusive.
-         */
-        if( in_len < KW_SEMIBLOCK_LENGTH * 2 ||
-#if SIZE_MAX > 0x100000000
-            in_len > 0x100000000 ||
-#endif
-            in_len % KW_SEMIBLOCK_LENGTH != 0 )
-        {
-            return(  MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
-        }
-
-        if( in_len == KW_SEMIBLOCK_LENGTH * 2 )
-        {
-            unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
-            ret = mbedtls_cipher_update( &ctx->cipher_ctx,
-                                         input, 16, outbuff, &olen );
-            if( ret != 0 )
-                goto cleanup;
-
-            memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
-            memcpy( output, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
-            mbedtls_platform_zeroize( outbuff, sizeof( outbuff ) );
-            *out_len = KW_SEMIBLOCK_LENGTH;
-        }
-        else
-        {
-            /* in_len >=  KW_SEMIBLOCK_LENGTH * 3 */
-            ret = unwrap( ctx, input, in_len / KW_SEMIBLOCK_LENGTH,
-                          A, output, out_len );
-            if( ret != 0 )
-                goto cleanup;
-        }
-
-        /* Check ICV in "constant-time" */
-        diff = mbedtls_ct_memcmp( NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2 );
-
-        if( diff != 0 )
-        {
-            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
-        }
-
-        Plen = MBEDTLS_GET_UINT32_BE( A, KW_SEMIBLOCK_LENGTH / 2 );
-
-        /*
-         * Plen is the length of the plaintext, when the input is valid.
-         * If Plen is larger than the plaintext and padding, padlen will be
-         * larger than 8, because of the type wrap around.
-         */
-        padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen;
-        if ( padlen > 7 )
-        {
-            padlen &= 7;
-            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
-        }
-
-        /* Check padding in "constant-time" */
-        for( diff = 0, i = 0; i < KW_SEMIBLOCK_LENGTH; i++ )
-        {
-             if( i >= KW_SEMIBLOCK_LENGTH - padlen )
-                 diff |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
-             else
-                 bad_padding |= output[*out_len - KW_SEMIBLOCK_LENGTH + i];
-        }
-
-        if( diff != 0 )
-        {
-            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
-        }
-
-        if( ret != 0 )
-        {
-            goto cleanup;
-        }
-        memset( output + Plen, 0, padlen );
-        *out_len = Plen;
-    }
-    else
-    {
-        ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
-        goto cleanup;
-    }
-
-cleanup:
-    if( ret != 0 )
-    {
-        memset( output, 0, *out_len );
-        *out_len = 0;
-    }
-
-    mbedtls_platform_zeroize( &bad_padding, sizeof( bad_padding) );
-    mbedtls_platform_zeroize( &diff, sizeof( diff ) );
-    mbedtls_platform_zeroize( A, sizeof( A ) );
-
-    return( ret );
-}
-
-#endif /* !MBEDTLS_NIST_KW_ALT */
-
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
-
-#define KW_TESTS 3
-
-/*
- * Test vectors taken from NIST
- * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES#KW
- */
-static const unsigned int key_len[KW_TESTS] = { 16, 24, 32 };
-
-static const unsigned char kw_key[KW_TESTS][32] = {
-    { 0x75, 0x75, 0xda, 0x3a, 0x93, 0x60, 0x7c, 0xc2,
-      0xbf, 0xd8, 0xce, 0xc7, 0xaa, 0xdf, 0xd9, 0xa6 },
-    { 0x2d, 0x85, 0x26, 0x08, 0x1d, 0x02, 0xfb, 0x5b,
-      0x85, 0xf6, 0x9a, 0xc2, 0x86, 0xec, 0xd5, 0x7d,
-      0x40, 0xdf, 0x5d, 0xf3, 0x49, 0x47, 0x44, 0xd3 },
-    { 0x11, 0x2a, 0xd4, 0x1b, 0x48, 0x56, 0xc7, 0x25,
-      0x4a, 0x98, 0x48, 0xd3, 0x0f, 0xdd, 0x78, 0x33,
-      0x5b, 0x03, 0x9a, 0x48, 0xa8, 0x96, 0x2c, 0x4d,
-      0x1c, 0xb7, 0x8e, 0xab, 0xd5, 0xda, 0xd7, 0x88 }
-};
-
-static const unsigned char kw_msg[KW_TESTS][40] = {
-    { 0x42, 0x13, 0x6d, 0x3c, 0x38, 0x4a, 0x3e, 0xea,
-      0xc9, 0x5a, 0x06, 0x6f, 0xd2, 0x8f, 0xed, 0x3f },
-    { 0x95, 0xc1, 0x1b, 0xf5, 0x35, 0x3a, 0xfe, 0xdb,
-      0x98, 0xfd, 0xd6, 0xc8, 0xca, 0x6f, 0xdb, 0x6d,
-      0xa5, 0x4b, 0x74, 0xb4, 0x99, 0x0f, 0xdc, 0x45,
-      0xc0, 0x9d, 0x15, 0x8f, 0x51, 0xce, 0x62, 0x9d,
-      0xe2, 0xaf, 0x26, 0xe3, 0x25, 0x0e, 0x6b, 0x4c },
-    { 0x1b, 0x20, 0xbf, 0x19, 0x90, 0xb0, 0x65, 0xd7,
-      0x98, 0xe1, 0xb3, 0x22, 0x64, 0xad, 0x50, 0xa8,
-      0x74, 0x74, 0x92, 0xba, 0x09, 0xa0, 0x4d, 0xd1 }
-};
-
-static const size_t kw_msg_len[KW_TESTS] = { 16, 40, 24 };
-static const size_t kw_out_len[KW_TESTS] = { 24, 48, 32 };
-static const unsigned char kw_res[KW_TESTS][48] = {
-    { 0x03, 0x1f, 0x6b, 0xd7, 0xe6, 0x1e, 0x64, 0x3d,
-      0xf6, 0x85, 0x94, 0x81, 0x6f, 0x64, 0xca, 0xa3,
-      0xf5, 0x6f, 0xab, 0xea, 0x25, 0x48, 0xf5, 0xfb },
-    { 0x44, 0x3c, 0x6f, 0x15, 0x09, 0x83, 0x71, 0x91,
-      0x3e, 0x5c, 0x81, 0x4c, 0xa1, 0xa0, 0x42, 0xec,
-      0x68, 0x2f, 0x7b, 0x13, 0x6d, 0x24, 0x3a, 0x4d,
-      0x6c, 0x42, 0x6f, 0xc6, 0x97, 0x15, 0x63, 0xe8,
-      0xa1, 0x4a, 0x55, 0x8e, 0x09, 0x64, 0x16, 0x19,
-      0xbf, 0x03, 0xfc, 0xaf, 0x90, 0xb1, 0xfc, 0x2d },
-    { 0xba, 0x8a, 0x25, 0x9a, 0x47, 0x1b, 0x78, 0x7d,
-      0xd5, 0xd5, 0x40, 0xec, 0x25, 0xd4, 0x3d, 0x87,
-      0x20, 0x0f, 0xda, 0xdc, 0x6d, 0x1f, 0x05, 0xd9,
-      0x16, 0x58, 0x4f, 0xa9, 0xf6, 0xcb, 0xf5, 0x12 }
-};
-
-static const unsigned char kwp_key[KW_TESTS][32] = {
-    { 0x78, 0x65, 0xe2, 0x0f, 0x3c, 0x21, 0x65, 0x9a,
-      0xb4, 0x69, 0x0b, 0x62, 0x9c, 0xdf, 0x3c, 0xc4 },
-    { 0xf5, 0xf8, 0x96, 0xa3, 0xbd, 0x2f, 0x4a, 0x98,
-      0x23, 0xef, 0x16, 0x2b, 0x00, 0xb8, 0x05, 0xd7,
-      0xde, 0x1e, 0xa4, 0x66, 0x26, 0x96, 0xa2, 0x58 },
-    { 0x95, 0xda, 0x27, 0x00, 0xca, 0x6f, 0xd9, 0xa5,
-      0x25, 0x54, 0xee, 0x2a, 0x8d, 0xf1, 0x38, 0x6f,
-      0x5b, 0x94, 0xa1, 0xa6, 0x0e, 0xd8, 0xa4, 0xae,
-      0xf6, 0x0a, 0x8d, 0x61, 0xab, 0x5f, 0x22, 0x5a }
-};
-
-static const unsigned char kwp_msg[KW_TESTS][31] = {
-    { 0xbd, 0x68, 0x43, 0xd4, 0x20, 0x37, 0x8d, 0xc8,
-      0x96 },
-    { 0x6c, 0xcd, 0xd5, 0x85, 0x18, 0x40, 0x97, 0xeb,
-      0xd5, 0xc3, 0xaf, 0x3e, 0x47, 0xd0, 0x2c, 0x19,
-      0x14, 0x7b, 0x4d, 0x99, 0x5f, 0x96, 0x43, 0x66,
-      0x91, 0x56, 0x75, 0x8c, 0x13, 0x16, 0x8f },
-    { 0xd1 }
-};
-static const size_t kwp_msg_len[KW_TESTS] = { 9, 31, 1 };
-
-static const unsigned char kwp_res[KW_TESTS][48] = {
-    { 0x41, 0xec, 0xa9, 0x56, 0xd4, 0xaa, 0x04, 0x7e,
-      0xb5, 0xcf, 0x4e, 0xfe, 0x65, 0x96, 0x61, 0xe7,
-      0x4d, 0xb6, 0xf8, 0xc5, 0x64, 0xe2, 0x35, 0x00 },
-    { 0x4e, 0x9b, 0xc2, 0xbc, 0xbc, 0x6c, 0x1e, 0x13,
-      0xd3, 0x35, 0xbc, 0xc0, 0xf7, 0x73, 0x6a, 0x88,
-      0xfa, 0x87, 0x53, 0x66, 0x15, 0xbb, 0x8e, 0x63,
-      0x8b, 0xcc, 0x81, 0x66, 0x84, 0x68, 0x17, 0x90,
-      0x67, 0xcf, 0xa9, 0x8a, 0x9d, 0x0e, 0x33, 0x26 },
-    { 0x06, 0xba, 0x7a, 0xe6, 0xf3, 0x24, 0x8c, 0xfd,
-      0xcf, 0x26, 0x75, 0x07, 0xfa, 0x00, 0x1b, 0xc4  }
-};
-static const size_t kwp_out_len[KW_TESTS] = { 24, 40, 16 };
-
-int mbedtls_nist_kw_self_test( int verbose )
-{
-    mbedtls_nist_kw_context ctx;
-    unsigned char out[48];
-    size_t olen;
-    int i;
-    int ret = 0;
-    mbedtls_nist_kw_init( &ctx );
-
-    for( i = 0; i < KW_TESTS; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  KW-AES-%u ", (unsigned int) key_len[i] * 8 );
-
-        ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
-                                      kw_key[i], key_len[i] * 8, 1 );
-        if( ret != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "  KW: setup failed " );
-
-            goto end;
-        }
-
-        ret = mbedtls_nist_kw_wrap( &ctx, MBEDTLS_KW_MODE_KW, kw_msg[i],
-                                    kw_msg_len[i], out, &olen, sizeof( out ) );
-        if( ret != 0 || kw_out_len[i] != olen ||
-            memcmp( out, kw_res[i], kw_out_len[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed. ");
-
-            ret = 1;
-            goto end;
-        }
-
-        if( ( ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
-                                            kw_key[i], key_len[i] * 8, 0 ) )
-              != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "  KW: setup failed ");
-
-            goto end;
-        }
-
-        ret = mbedtls_nist_kw_unwrap( &ctx, MBEDTLS_KW_MODE_KW,
-                                      out, olen, out, &olen, sizeof( out ) );
-
-        if( ret != 0 || olen != kw_msg_len[i] ||
-            memcmp( out, kw_msg[i], kw_msg_len[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            ret = 1;
-            goto end;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( " passed\n" );
-    }
-
-    for( i = 0; i < KW_TESTS; i++ )
-    {
-        olen = sizeof( out );
-        if( verbose != 0 )
-            mbedtls_printf( "  KWP-AES-%u ", (unsigned int) key_len[i] * 8 );
-
-        ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, kwp_key[i],
-                                      key_len[i] * 8, 1 );
-        if( ret  != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "  KWP: setup failed " );
-
-            goto end;
-        }
-        ret = mbedtls_nist_kw_wrap( &ctx, MBEDTLS_KW_MODE_KWP, kwp_msg[i],
-                                    kwp_msg_len[i], out, &olen, sizeof( out ) );
-
-        if( ret != 0 || kwp_out_len[i] != olen ||
-            memcmp( out, kwp_res[i], kwp_out_len[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed. ");
-
-            ret = 1;
-            goto end;
-        }
-
-        if( ( ret = mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
-                                            kwp_key[i], key_len[i] * 8, 0 ) )
-              != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "  KWP: setup failed ");
-
-            goto end;
-        }
-
-        ret = mbedtls_nist_kw_unwrap(  &ctx, MBEDTLS_KW_MODE_KWP, out,
-                                       olen, out, &olen, sizeof( out ) );
-
-        if( ret != 0 || olen != kwp_msg_len[i] ||
-            memcmp( out, kwp_msg[i], kwp_msg_len[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed. ");
-
-            ret = 1;
-            goto end;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( " passed\n" );
-    }
-end:
-    mbedtls_nist_kw_free( &ctx );
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
-
-#endif /* MBEDTLS_NIST_KW_C */
diff --git a/Sources/mbedtls/library/oid.c b/Sources/mbedtls/library/oid.c
deleted file mode 100644
index 53e5350..0000000
--- a/Sources/mbedtls/library/oid.c
+++ /dev/null
@@ -1,763 +0,0 @@
-/**
- * \file oid.c
- *
- * \brief Object Identifier (OID) database
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_OID_C)
-
-#include "mbedtls/oid.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/error.h"
-
-#include <stdio.h>
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-/*
- * Macro to automatically add the size of #define'd OIDs
- */
-#define ADD_LEN(s)      s, MBEDTLS_OID_SIZE(s)
-
-/*
- * Macro to generate an internal function for oid_XXX_from_asn1() (used by
- * the other functions)
- */
-#define FN_OID_TYPED_FROM_ASN1( TYPE_T, NAME, LIST )                    \
-    static const TYPE_T * oid_ ## NAME ## _from_asn1(                   \
-                                      const mbedtls_asn1_buf *oid )     \
-    {                                                                   \
-        const TYPE_T *p = (LIST);                                       \
-        const mbedtls_oid_descriptor_t *cur =                           \
-            (const mbedtls_oid_descriptor_t *) p;                       \
-        if( p == NULL || oid == NULL ) return( NULL );                  \
-        while( cur->asn1 != NULL ) {                                    \
-            if( cur->asn1_len == oid->len &&                            \
-                memcmp( cur->asn1, oid->p, oid->len ) == 0 ) {          \
-                return( p );                                            \
-            }                                                           \
-            p++;                                                        \
-            cur = (const mbedtls_oid_descriptor_t *) p;                 \
-        }                                                               \
-        return( NULL );                                                 \
-    }
-
-/*
- * Macro to generate a function for retrieving a single attribute from the
- * descriptor of an mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_DESCRIPTOR_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 )                  \
-{                                                                       \
-    const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid );        \
-    if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND );            \
-    *ATTR1 = data->descriptor.ATTR1;                                    \
-    return( 0 );                                                        \
-}
-
-/*
- * Macro to generate a function for retrieving a single attribute from an
- * mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_ATTR1(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1) \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 )                  \
-{                                                                       \
-    const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid );        \
-    if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND );            \
-    *ATTR1 = data->ATTR1;                                               \
-    return( 0 );                                                        \
-}
-
-/*
- * Macro to generate a function for retrieving two attributes from an
- * mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_ATTR2(FN_NAME, TYPE_T, TYPE_NAME, ATTR1_TYPE, ATTR1,     \
-                         ATTR2_TYPE, ATTR2)                                 \
-int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1,               \
-                                          ATTR2_TYPE * ATTR2 )              \
-{                                                                           \
-    const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1( oid );            \
-    if( data == NULL ) return( MBEDTLS_ERR_OID_NOT_FOUND );                 \
-    *(ATTR1) = data->ATTR1;                                                 \
-    *(ATTR2) = data->ATTR2;                                                 \
-    return( 0 );                                                            \
-}
-
-/*
- * Macro to generate a function for retrieving the OID based on a single
- * attribute from a mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_OID_BY_ATTR1(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1)   \
-int FN_NAME( ATTR1_TYPE ATTR1, const char **oid, size_t *olen )             \
-{                                                                           \
-    const TYPE_T *cur = (LIST);                                             \
-    while( cur->descriptor.asn1 != NULL ) {                                 \
-        if( cur->ATTR1 == (ATTR1) ) {                                       \
-            *oid = cur->descriptor.asn1;                                    \
-            *olen = cur->descriptor.asn1_len;                               \
-            return( 0 );                                                    \
-        }                                                                   \
-        cur++;                                                              \
-    }                                                                       \
-    return( MBEDTLS_ERR_OID_NOT_FOUND );                                    \
-}
-
-/*
- * Macro to generate a function for retrieving the OID based on two
- * attributes from a mbedtls_oid_descriptor_t wrapper.
- */
-#define FN_OID_GET_OID_BY_ATTR2(FN_NAME, TYPE_T, LIST, ATTR1_TYPE, ATTR1,   \
-                                ATTR2_TYPE, ATTR2)                          \
-int FN_NAME( ATTR1_TYPE ATTR1, ATTR2_TYPE ATTR2, const char **oid ,         \
-             size_t *olen )                                                 \
-{                                                                           \
-    const TYPE_T *cur = (LIST);                                             \
-    while( cur->descriptor.asn1 != NULL ) {                                 \
-        if( cur->ATTR1 == (ATTR1) && cur->ATTR2 == (ATTR2) ) {              \
-            *oid = cur->descriptor.asn1;                                    \
-            *olen = cur->descriptor.asn1_len;                               \
-            return( 0 );                                                    \
-        }                                                                   \
-        cur++;                                                              \
-    }                                                                       \
-    return( MBEDTLS_ERR_OID_NOT_FOUND );                                   \
-}
-
-/*
- * For X520 attribute types
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    const char          *short_name;
-} oid_x520_attr_t;
-
-static const oid_x520_attr_t oid_x520_attr_type[] =
-{
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_CN ),          "id-at-commonName",               "Common Name" },
-        "CN",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_COUNTRY ),     "id-at-countryName",              "Country" },
-        "C",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_LOCALITY ),    "id-at-locality",                 "Locality" },
-        "L",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_STATE ),       "id-at-state",                    "State" },
-        "ST",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_ORGANIZATION ),"id-at-organizationName",         "Organization" },
-        "O",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_ORG_UNIT ),    "id-at-organizationalUnitName",   "Org Unit" },
-        "OU",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS9_EMAIL ),    "emailAddress",                   "E-mail address" },
-        "emailAddress",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_SERIAL_NUMBER ),"id-at-serialNumber",            "Serial number" },
-        "serialNumber",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_POSTAL_ADDRESS ),"id-at-postalAddress",          "Postal address" },
-        "postalAddress",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_POSTAL_CODE ), "id-at-postalCode",               "Postal code" },
-        "postalCode",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_SUR_NAME ),    "id-at-surName",                  "Surname" },
-        "SN",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_GIVEN_NAME ),  "id-at-givenName",                "Given name" },
-        "GN",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_INITIALS ),    "id-at-initials",                 "Initials" },
-        "initials",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_GENERATION_QUALIFIER ), "id-at-generationQualifier", "Generation qualifier" },
-        "generationQualifier",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_TITLE ),       "id-at-title",                    "Title" },
-        "title",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_DN_QUALIFIER ),"id-at-dnQualifier",              "Distinguished Name qualifier" },
-        "dnQualifier",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_PSEUDONYM ),   "id-at-pseudonym",                "Pseudonym" },
-        "pseudonym",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_DOMAIN_COMPONENT ), "id-domainComponent",           "Domain component" },
-        "DC",
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_AT_UNIQUE_IDENTIFIER ), "id-at-uniqueIdentifier",    "Unique Identifier" },
-        "uniqueIdentifier",
-    },
-    {
-        { NULL, 0, NULL, NULL },
-        NULL,
-    }
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_x520_attr_t, x520_attr, oid_x520_attr_type)
-FN_OID_GET_ATTR1(mbedtls_oid_get_attr_short_name, oid_x520_attr_t, x520_attr, const char *, short_name)
-
-/*
- * For X509 extensions
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    int                 ext_type;
-} oid_x509_ext_t;
-
-static const oid_x509_ext_t oid_x509_ext[] =
-{
-    {
-        { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ),    "id-ce-basicConstraints",    "Basic Constraints" },
-        MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_KEY_USAGE ),            "id-ce-keyUsage",            "Key Usage" },
-        MBEDTLS_OID_X509_EXT_KEY_USAGE,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ),   "id-ce-extKeyUsage",         "Extended Key Usage" },
-        MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ),     "id-ce-subjectAltName",      "Subject Alt Name" },
-        MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ),         "id-netscape-certtype",      "Netscape Certificate Type" },
-        MBEDTLS_OID_X509_EXT_NS_CERT_TYPE,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_CERTIFICATE_POLICIES ), "id-ce-certificatePolicies", "Certificate Policies" },
-        MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES,
-    },
-    {
-        { NULL, 0, NULL, NULL },
-        0,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext)
-FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type)
-
-static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
-{
-    { ADD_LEN( MBEDTLS_OID_SERVER_AUTH ),      "id-kp-serverAuth",       "TLS Web Server Authentication" },
-    { ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ),      "id-kp-clientAuth",       "TLS Web Client Authentication" },
-    { ADD_LEN( MBEDTLS_OID_CODE_SIGNING ),     "id-kp-codeSigning",      "Code Signing" },
-    { ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection",  "E-mail Protection" },
-    { ADD_LEN( MBEDTLS_OID_TIME_STAMPING ),    "id-kp-timeStamping",     "Time Stamping" },
-    { ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ),     "id-kp-OCSPSigning",      "OCSP Signing" },
-    { ADD_LEN( MBEDTLS_OID_WISUN_FAN ),        "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" },
-    { NULL, 0, NULL, NULL },
-};
-
-FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
-FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
-
-static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
-{
-    { ADD_LEN( MBEDTLS_OID_ANY_POLICY ),      "anyPolicy",       "Any Policy" },
-    { NULL, 0, NULL, NULL },
-};
-
-FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies)
-FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, mbedtls_oid_descriptor_t, certificate_policies, const char *, description)
-
-#if defined(MBEDTLS_MD_C)
-/*
- * For SignatureAlgorithmIdentifier
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    mbedtls_md_type_t           md_alg;
-    mbedtls_pk_type_t           pk_alg;
-} oid_sig_alg_t;
-
-static const oid_sig_alg_t oid_sig_alg[] =
-{
-#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_MD2_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_MD2 ),        "md2WithRSAEncryption",     "RSA with MD2" },
-        MBEDTLS_MD_MD2,      MBEDTLS_PK_RSA,
-    },
-#endif /* MBEDTLS_MD2_C */
-#if defined(MBEDTLS_MD4_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_MD4 ),        "md4WithRSAEncryption",     "RSA with MD4" },
-        MBEDTLS_MD_MD4,      MBEDTLS_PK_RSA,
-    },
-#endif /* MBEDTLS_MD4_C */
-#if defined(MBEDTLS_MD5_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_MD5 ),        "md5WithRSAEncryption",     "RSA with MD5" },
-        MBEDTLS_MD_MD5,      MBEDTLS_PK_RSA,
-    },
-#endif /* MBEDTLS_MD5_C */
-#if defined(MBEDTLS_SHA1_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA1 ),       "sha-1WithRSAEncryption",   "RSA with SHA1" },
-        MBEDTLS_MD_SHA1,     MBEDTLS_PK_RSA,
-    },
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA224 ),     "sha224WithRSAEncryption",  "RSA with SHA-224" },
-        MBEDTLS_MD_SHA224,   MBEDTLS_PK_RSA,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA256 ),     "sha256WithRSAEncryption",  "RSA with SHA-256" },
-        MBEDTLS_MD_SHA256,   MBEDTLS_PK_RSA,
-    },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA384 ),     "sha384WithRSAEncryption",  "RSA with SHA-384" },
-        MBEDTLS_MD_SHA384,   MBEDTLS_PK_RSA,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_SHA512 ),     "sha512WithRSAEncryption",  "RSA with SHA-512" },
-        MBEDTLS_MD_SHA512,   MBEDTLS_PK_RSA,
-    },
-#endif /* MBEDTLS_SHA512_C */
-#if defined(MBEDTLS_SHA1_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_RSA_SHA_OBS ),      "sha-1WithRSAEncryption",   "RSA with SHA1" },
-        MBEDTLS_MD_SHA1,     MBEDTLS_PK_RSA,
-    },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECDSA_C)
-#if defined(MBEDTLS_SHA1_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA1 ),       "ecdsa-with-SHA1",      "ECDSA with SHA1" },
-        MBEDTLS_MD_SHA1,     MBEDTLS_PK_ECDSA,
-    },
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA224 ),     "ecdsa-with-SHA224",    "ECDSA with SHA224" },
-        MBEDTLS_MD_SHA224,   MBEDTLS_PK_ECDSA,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA256 ),     "ecdsa-with-SHA256",    "ECDSA with SHA256" },
-        MBEDTLS_MD_SHA256,   MBEDTLS_PK_ECDSA,
-    },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA384 ),     "ecdsa-with-SHA384",    "ECDSA with SHA384" },
-        MBEDTLS_MD_SHA384,   MBEDTLS_PK_ECDSA,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_ECDSA_SHA512 ),     "ecdsa-with-SHA512",    "ECDSA with SHA512" },
-        MBEDTLS_MD_SHA512,   MBEDTLS_PK_ECDSA,
-    },
-#endif /* MBEDTLS_SHA512_C */
-#endif /* MBEDTLS_ECDSA_C */
-#if defined(MBEDTLS_RSA_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_RSASSA_PSS ),        "RSASSA-PSS",           "RSASSA-PSS" },
-        MBEDTLS_MD_NONE,     MBEDTLS_PK_RSASSA_PSS,
-    },
-#endif /* MBEDTLS_RSA_C */
-    {
-        { NULL, 0, NULL, NULL },
-        MBEDTLS_MD_NONE, MBEDTLS_PK_NONE,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg)
-FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description)
-FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, oid_sig_alg_t, sig_alg, mbedtls_md_type_t, md_alg, mbedtls_pk_type_t, pk_alg)
-FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, mbedtls_pk_type_t, pk_alg, mbedtls_md_type_t, md_alg)
-#endif /* MBEDTLS_MD_C */
-
-/*
- * For PublicKeyInfo (PKCS1, RFC 5480)
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    mbedtls_pk_type_t           pk_alg;
-} oid_pk_alg_t;
-
-static const oid_pk_alg_t oid_pk_alg[] =
-{
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS1_RSA ),      "rsaEncryption",   "RSA" },
-        MBEDTLS_PK_RSA,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_ALG_UNRESTRICTED ),  "id-ecPublicKey",   "Generic EC key" },
-        MBEDTLS_PK_ECKEY,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_ALG_ECDH ),          "id-ecDH",          "EC key for ECDH" },
-        MBEDTLS_PK_ECKEY_DH,
-    },
-    {
-        { NULL, 0, NULL, NULL },
-        MBEDTLS_PK_NONE,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_pk_alg_t, pk_alg, oid_pk_alg)
-FN_OID_GET_ATTR1(mbedtls_oid_get_pk_alg, oid_pk_alg_t, pk_alg, mbedtls_pk_type_t, pk_alg)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg, oid_pk_alg_t, oid_pk_alg, mbedtls_pk_type_t, pk_alg)
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * For namedCurve (RFC 5480)
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    mbedtls_ecp_group_id        grp_id;
-} oid_ecp_grp_t;
-
-static const oid_ecp_grp_t oid_ecp_grp[] =
-{
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192R1 ), "secp192r1",    "secp192r1" },
-        MBEDTLS_ECP_DP_SECP192R1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224R1 ), "secp224r1",    "secp224r1" },
-        MBEDTLS_ECP_DP_SECP224R1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256R1 ), "secp256r1",    "secp256r1" },
-        MBEDTLS_ECP_DP_SECP256R1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP384R1 ), "secp384r1",    "secp384r1" },
-        MBEDTLS_ECP_DP_SECP384R1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP521R1 ), "secp521r1",    "secp521r1" },
-        MBEDTLS_ECP_DP_SECP521R1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192K1 ), "secp192k1",    "secp192k1" },
-        MBEDTLS_ECP_DP_SECP192K1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224K1 ), "secp224k1",    "secp224k1" },
-        MBEDTLS_ECP_DP_SECP224K1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256K1 ), "secp256k1",    "secp256k1" },
-        MBEDTLS_ECP_DP_SECP256K1,
-    },
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_BP256R1 ),   "brainpoolP256r1","brainpool256r1" },
-        MBEDTLS_ECP_DP_BP256R1,
-    },
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_BP384R1 ),   "brainpoolP384r1","brainpool384r1" },
-        MBEDTLS_ECP_DP_BP384R1,
-    },
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-    {
-        { ADD_LEN( MBEDTLS_OID_EC_GRP_BP512R1 ),   "brainpoolP512r1","brainpool512r1" },
-        MBEDTLS_ECP_DP_BP512R1,
-    },
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-    {
-        { NULL, 0, NULL, NULL },
-        MBEDTLS_ECP_DP_NONE,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_t, grp_id, oid_ecp_grp)
-FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp, oid_ecp_grp_t, grp_id, mbedtls_ecp_group_id, grp_id)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp, oid_ecp_grp_t, oid_ecp_grp, mbedtls_ecp_group_id, grp_id)
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_CIPHER_C)
-/*
- * For PKCS#5 PBES2 encryption algorithm
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    mbedtls_cipher_type_t       cipher_alg;
-} oid_cipher_alg_t;
-
-static const oid_cipher_alg_t oid_cipher_alg[] =
-{
-    {
-        { ADD_LEN( MBEDTLS_OID_DES_CBC ),              "desCBC",       "DES-CBC" },
-        MBEDTLS_CIPHER_DES_CBC,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_DES_EDE3_CBC ),         "des-ede3-cbc", "DES-EDE3-CBC" },
-        MBEDTLS_CIPHER_DES_EDE3_CBC,
-    },
-    {
-        { NULL, 0, NULL, NULL },
-        MBEDTLS_CIPHER_NONE,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_cipher_alg_t, cipher_alg, oid_cipher_alg)
-FN_OID_GET_ATTR1(mbedtls_oid_get_cipher_alg, oid_cipher_alg_t, cipher_alg, mbedtls_cipher_type_t, cipher_alg)
-#endif /* MBEDTLS_CIPHER_C */
-
-#if defined(MBEDTLS_MD_C)
-/*
- * For digestAlgorithm
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    mbedtls_md_type_t           md_alg;
-} oid_md_alg_t;
-
-static const oid_md_alg_t oid_md_alg[] =
-{
-#if defined(MBEDTLS_MD2_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD2 ),       "id-md2",       "MD2" },
-        MBEDTLS_MD_MD2,
-    },
-#endif /* MBEDTLS_MD2_C */
-#if defined(MBEDTLS_MD4_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD4 ),       "id-md4",       "MD4" },
-        MBEDTLS_MD_MD4,
-    },
-#endif /* MBEDTLS_MD4_C */
-#if defined(MBEDTLS_MD5_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD5 ),       "id-md5",       "MD5" },
-        MBEDTLS_MD_MD5,
-    },
-#endif /* MBEDTLS_MD5_C */
-#if defined(MBEDTLS_SHA1_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA1 ),      "id-sha1",      "SHA-1" },
-        MBEDTLS_MD_SHA1,
-    },
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA224 ),    "id-sha224",    "SHA-224" },
-        MBEDTLS_MD_SHA224,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA256 ),    "id-sha256",    "SHA-256" },
-        MBEDTLS_MD_SHA256,
-    },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA384 ),    "id-sha384",    "SHA-384" },
-        MBEDTLS_MD_SHA384,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA512 ),    "id-sha512",    "SHA-512" },
-        MBEDTLS_MD_SHA512,
-    },
-#endif /* MBEDTLS_SHA512_C */
-#if defined(MBEDTLS_RIPEMD160_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_RIPEMD160 ),       "id-ripemd160",       "RIPEMD-160" },
-        MBEDTLS_MD_RIPEMD160,
-    },
-#endif /* MBEDTLS_RIPEMD160_C */
-    {
-        { NULL, 0, NULL, NULL },
-        MBEDTLS_MD_NONE,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_md_alg_t, md_alg, oid_md_alg)
-FN_OID_GET_ATTR1(mbedtls_oid_get_md_alg, oid_md_alg_t, md_alg, mbedtls_md_type_t, md_alg)
-FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_md, oid_md_alg_t, oid_md_alg, mbedtls_md_type_t, md_alg)
-
-/*
- * For HMAC digestAlgorithm
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    mbedtls_md_type_t           md_hmac;
-} oid_md_hmac_t;
-
-static const oid_md_hmac_t oid_md_hmac[] =
-{
-#if defined(MBEDTLS_SHA1_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_HMAC_SHA1 ),      "hmacSHA1",      "HMAC-SHA-1" },
-        MBEDTLS_MD_SHA1,
-    },
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_HMAC_SHA224 ),    "hmacSHA224",    "HMAC-SHA-224" },
-        MBEDTLS_MD_SHA224,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_HMAC_SHA256 ),    "hmacSHA256",    "HMAC-SHA-256" },
-        MBEDTLS_MD_SHA256,
-    },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-    {
-        { ADD_LEN( MBEDTLS_OID_HMAC_SHA384 ),    "hmacSHA384",    "HMAC-SHA-384" },
-        MBEDTLS_MD_SHA384,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_HMAC_SHA512 ),    "hmacSHA512",    "HMAC-SHA-512" },
-        MBEDTLS_MD_SHA512,
-    },
-#endif /* MBEDTLS_SHA512_C */
-    {
-        { NULL, 0, NULL, NULL },
-        MBEDTLS_MD_NONE,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_md_hmac_t, md_hmac, oid_md_hmac)
-FN_OID_GET_ATTR1(mbedtls_oid_get_md_hmac, oid_md_hmac_t, md_hmac, mbedtls_md_type_t, md_hmac)
-#endif /* MBEDTLS_MD_C */
-
-#if defined(MBEDTLS_PKCS12_C)
-/*
- * For PKCS#12 PBEs
- */
-typedef struct {
-    mbedtls_oid_descriptor_t    descriptor;
-    mbedtls_md_type_t           md_alg;
-    mbedtls_cipher_type_t       cipher_alg;
-} oid_pkcs12_pbe_alg_t;
-
-static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
-{
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC ), "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" },
-        MBEDTLS_MD_SHA1,      MBEDTLS_CIPHER_DES_EDE3_CBC,
-    },
-    {
-        { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC ), "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" },
-        MBEDTLS_MD_SHA1,      MBEDTLS_CIPHER_DES_EDE_CBC,
-    },
-    {
-        { NULL, 0, NULL, NULL },
-        MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE,
-    },
-};
-
-FN_OID_TYPED_FROM_ASN1(oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, oid_pkcs12_pbe_alg)
-FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pbe_alg, mbedtls_md_type_t, md_alg, mbedtls_cipher_type_t, cipher_alg)
-#endif /* MBEDTLS_PKCS12_C */
-
-#define OID_SAFE_SNPRINTF                               \
-    do {                                                \
-        if( ret < 0 || (size_t) ret >= n )              \
-            return( MBEDTLS_ERR_OID_BUF_TOO_SMALL );    \
-                                                        \
-        n -= (size_t) ret;                              \
-        p += (size_t) ret;                              \
-    } while( 0 )
-
-/* Return the x.y.z.... style numeric string for the given OID */
-int mbedtls_oid_get_numeric_string( char *buf, size_t size,
-                            const mbedtls_asn1_buf *oid )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i, n;
-    unsigned int value;
-    char *p;
-
-    p = buf;
-    n = size;
-
-    /* First byte contains first two dots */
-    if( oid->len > 0 )
-    {
-        ret = mbedtls_snprintf( p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40 );
-        OID_SAFE_SNPRINTF;
-    }
-
-    value = 0;
-    for( i = 1; i < oid->len; i++ )
-    {
-        /* Prevent overflow in value. */
-        if( ( ( value << 7 ) >> 7 ) != value )
-            return( MBEDTLS_ERR_OID_BUF_TOO_SMALL );
-
-        value <<= 7;
-        value += oid->p[i] & 0x7F;
-
-        if( !( oid->p[i] & 0x80 ) )
-        {
-            /* Last byte */
-            ret = mbedtls_snprintf( p, n, ".%u", value );
-            OID_SAFE_SNPRINTF;
-            value = 0;
-        }
-    }
-
-    return( (int) ( size - n ) );
-}
-
-#endif /* MBEDTLS_OID_C */
diff --git a/Sources/mbedtls/library/padlock.c b/Sources/mbedtls/library/padlock.c
deleted file mode 100644
index 8373374..0000000
--- a/Sources/mbedtls/library/padlock.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- *  VIA PadLock support functions
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  This implementation is based on the VIA PadLock Programming Guide:
- *
- *  http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/
- *  programming_guide.pdf
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PADLOCK_C)
-
-#include "mbedtls/padlock.h"
-
-#include <string.h>
-
-#ifndef asm
-#define asm __asm
-#endif
-
-#if defined(MBEDTLS_HAVE_X86)
-
-/*
- * PadLock detection routine
- */
-int mbedtls_padlock_has_support( int feature )
-{
-    static int flags = -1;
-    int ebx = 0, edx = 0;
-
-    if( flags == -1 )
-    {
-        asm( "movl  %%ebx, %0           \n\t"
-             "movl  $0xC0000000, %%eax  \n\t"
-             "cpuid                     \n\t"
-             "cmpl  $0xC0000001, %%eax  \n\t"
-             "movl  $0, %%edx           \n\t"
-             "jb    1f                  \n\t"
-             "movl  $0xC0000001, %%eax  \n\t"
-             "cpuid                     \n\t"
-             "1:                        \n\t"
-             "movl  %%edx, %1           \n\t"
-             "movl  %2, %%ebx           \n\t"
-             : "=m" (ebx), "=m" (edx)
-             :  "m" (ebx)
-             : "eax", "ecx", "edx" );
-
-        flags = edx;
-    }
-
-    return( flags & feature );
-}
-
-/*
- * PadLock AES-ECB block en(de)cryption
- */
-int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
-                       int mode,
-                       const unsigned char input[16],
-                       unsigned char output[16] )
-{
-    int ebx = 0;
-    uint32_t *rk;
-    uint32_t *blk;
-    uint32_t *ctrl;
-    unsigned char buf[256];
-
-    rk  = ctx->rk;
-    blk = MBEDTLS_PADLOCK_ALIGN16( buf );
-    memcpy( blk, input, 16 );
-
-     ctrl = blk + 4;
-    *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode^1 ) - 10 ) << 9 );
-
-    asm( "pushfl                        \n\t"
-         "popfl                         \n\t"
-         "movl    %%ebx, %0             \n\t"
-         "movl    $1, %%ecx             \n\t"
-         "movl    %2, %%edx             \n\t"
-         "movl    %3, %%ebx             \n\t"
-         "movl    %4, %%esi             \n\t"
-         "movl    %4, %%edi             \n\t"
-         ".byte  0xf3,0x0f,0xa7,0xc8    \n\t"
-         "movl    %1, %%ebx             \n\t"
-         : "=m" (ebx)
-         :  "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk)
-         : "memory", "ecx", "edx", "esi", "edi" );
-
-    memcpy( output, blk, 16 );
-
-    return( 0 );
-}
-
-/*
- * PadLock AES-CBC buffer en(de)cryption
- */
-int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    int ebx = 0;
-    size_t count;
-    uint32_t *rk;
-    uint32_t *iw;
-    uint32_t *ctrl;
-    unsigned char buf[256];
-
-    if( ( (long) input  & 15 ) != 0 ||
-        ( (long) output & 15 ) != 0 )
-        return( MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED );
-
-    rk = ctx->rk;
-    iw = MBEDTLS_PADLOCK_ALIGN16( buf );
-    memcpy( iw, iv, 16 );
-
-     ctrl = iw + 4;
-    *ctrl = 0x80 | ctx->nr | ( ( ctx->nr + ( mode ^ 1 ) - 10 ) << 9 );
-
-    count = ( length + 15 ) >> 4;
-
-    asm( "pushfl                        \n\t"
-         "popfl                         \n\t"
-         "movl    %%ebx, %0             \n\t"
-         "movl    %2, %%ecx             \n\t"
-         "movl    %3, %%edx             \n\t"
-         "movl    %4, %%ebx             \n\t"
-         "movl    %5, %%esi             \n\t"
-         "movl    %6, %%edi             \n\t"
-         "movl    %7, %%eax             \n\t"
-         ".byte  0xf3,0x0f,0xa7,0xd0    \n\t"
-         "movl    %1, %%ebx             \n\t"
-         : "=m" (ebx)
-         :  "m" (ebx), "m" (count), "m" (ctrl),
-            "m"  (rk), "m" (input), "m" (output), "m" (iw)
-         : "memory", "eax", "ecx", "edx", "esi", "edi" );
-
-    memcpy( iv, iw, 16 );
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_HAVE_X86 */
-
-#endif /* MBEDTLS_PADLOCK_C */
diff --git a/Sources/mbedtls/library/pem.c b/Sources/mbedtls/library/pem.c
deleted file mode 100644
index cb1c82b..0000000
--- a/Sources/mbedtls/library/pem.c
+++ /dev/null
@@ -1,483 +0,0 @@
-/*
- *  Privacy Enhanced Mail (PEM) decoding
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
-
-#include "mbedtls/pem.h"
-#include "mbedtls/base64.h"
-#include "mbedtls/des.h"
-#include "mbedtls/aes.h"
-#include "mbedtls/md5.h"
-#include "mbedtls/cipher.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-void mbedtls_pem_init( mbedtls_pem_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_pem_context ) );
-}
-
-#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
-    ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
-/*
- * Read a 16-byte hex string and convert it to binary
- */
-static int pem_get_iv( const unsigned char *s, unsigned char *iv,
-                       size_t iv_len )
-{
-    size_t i, j, k;
-
-    memset( iv, 0, iv_len );
-
-    for( i = 0; i < iv_len * 2; i++, s++ )
-    {
-        if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
-        if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
-        if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
-            return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
-
-        k = ( ( i & 1 ) != 0 ) ? j : j << 4;
-
-        iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
-    }
-
-    return( 0 );
-}
-
-static int pem_pbkdf1( unsigned char *key, size_t keylen,
-                       unsigned char *iv,
-                       const unsigned char *pwd, size_t pwdlen )
-{
-    mbedtls_md5_context md5_ctx;
-    unsigned char md5sum[16];
-    size_t use_len;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    mbedtls_md5_init( &md5_ctx );
-
-    /*
-     * key[ 0..15] = MD5(pwd || IV)
-     */
-    if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv,  8 ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
-        goto exit;
-
-    if( keylen <= 16 )
-    {
-        memcpy( key, md5sum, keylen );
-        goto exit;
-    }
-
-    memcpy( key, md5sum, 16 );
-
-    /*
-     * key[16..23] = MD5(key[ 0..15] || pwd || IV])
-     */
-    if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 )
-        goto exit;
-
-    use_len = 16;
-    if( keylen < 32 )
-        use_len = keylen - 16;
-
-    memcpy( key + 16, md5sum, use_len );
-
-exit:
-    mbedtls_md5_free( &md5_ctx );
-    mbedtls_platform_zeroize( md5sum, 16 );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_DES_C)
-/*
- * Decrypt with DES-CBC, using PBKDF1 for key derivation
- */
-static int pem_des_decrypt( unsigned char des_iv[8],
-                            unsigned char *buf, size_t buflen,
-                            const unsigned char *pwd, size_t pwdlen )
-{
-    mbedtls_des_context des_ctx;
-    unsigned char des_key[8];
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    mbedtls_des_init( &des_ctx );
-
-    if( ( ret = pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 )
-        goto exit;
-    ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
-                     des_iv, buf, buf );
-
-exit:
-    mbedtls_des_free( &des_ctx );
-    mbedtls_platform_zeroize( des_key, 8 );
-
-    return( ret );
-}
-
-/*
- * Decrypt with 3DES-CBC, using PBKDF1 for key derivation
- */
-static int pem_des3_decrypt( unsigned char des3_iv[8],
-                             unsigned char *buf, size_t buflen,
-                             const unsigned char *pwd, size_t pwdlen )
-{
-    mbedtls_des3_context des3_ctx;
-    unsigned char des3_key[24];
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    mbedtls_des3_init( &des3_ctx );
-
-    if( ( ret = pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 )
-        goto exit;
-    ret = mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
-                     des3_iv, buf, buf );
-
-exit:
-    mbedtls_des3_free( &des3_ctx );
-    mbedtls_platform_zeroize( des3_key, 24 );
-
-    return( ret );
-}
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_AES_C)
-/*
- * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
- */
-static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
-                            unsigned char *buf, size_t buflen,
-                            const unsigned char *pwd, size_t pwdlen )
-{
-    mbedtls_aes_context aes_ctx;
-    unsigned char aes_key[32];
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    mbedtls_aes_init( &aes_ctx );
-
-    if( ( ret = pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 )
-        goto exit;
-    ret = mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
-                     aes_iv, buf, buf );
-
-exit:
-    mbedtls_aes_free( &aes_ctx );
-    mbedtls_platform_zeroize( aes_key, keylen );
-
-    return( ret );
-}
-#endif /* MBEDTLS_AES_C */
-
-#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
-          ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
-
-int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
-                     const unsigned char *data, const unsigned char *pwd,
-                     size_t pwdlen, size_t *use_len )
-{
-    int ret, enc;
-    size_t len;
-    unsigned char *buf;
-    const unsigned char *s1, *s2, *end;
-#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
-    ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
-    unsigned char pem_iv[16];
-    mbedtls_cipher_type_t enc_alg = MBEDTLS_CIPHER_NONE;
-#else
-    ((void) pwd);
-    ((void) pwdlen);
-#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
-          ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
-
-    if( ctx == NULL )
-        return( MBEDTLS_ERR_PEM_BAD_INPUT_DATA );
-
-    s1 = (unsigned char *) strstr( (const char *) data, header );
-
-    if( s1 == NULL )
-        return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
-
-    s2 = (unsigned char *) strstr( (const char *) data, footer );
-
-    if( s2 == NULL || s2 <= s1 )
-        return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
-
-    s1 += strlen( header );
-    if( *s1 == ' '  ) s1++;
-    if( *s1 == '\r' ) s1++;
-    if( *s1 == '\n' ) s1++;
-    else return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT );
-
-    end = s2;
-    end += strlen( footer );
-    if( *end == ' '  ) end++;
-    if( *end == '\r' ) end++;
-    if( *end == '\n' ) end++;
-    *use_len = end - data;
-
-    enc = 0;
-
-    if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
-    {
-#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
-    ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
-        enc++;
-
-        s1 += 22;
-        if( *s1 == '\r' ) s1++;
-        if( *s1 == '\n' ) s1++;
-        else return( MBEDTLS_ERR_PEM_INVALID_DATA );
-
-
-#if defined(MBEDTLS_DES_C)
-        if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
-        {
-            enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC;
-
-            s1 += 23;
-            if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 )
-                return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
-
-            s1 += 16;
-        }
-        else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
-        {
-            enc_alg = MBEDTLS_CIPHER_DES_CBC;
-
-            s1 += 18;
-            if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 )
-                return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
-
-            s1 += 16;
-        }
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_AES_C)
-        if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
-        {
-            if( s2 - s1 < 22 )
-                return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
-            else if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
-                enc_alg = MBEDTLS_CIPHER_AES_128_CBC;
-            else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
-                enc_alg = MBEDTLS_CIPHER_AES_192_CBC;
-            else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
-                enc_alg = MBEDTLS_CIPHER_AES_256_CBC;
-            else
-                return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
-
-            s1 += 22;
-            if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 )
-                return( MBEDTLS_ERR_PEM_INVALID_ENC_IV );
-
-            s1 += 32;
-        }
-#endif /* MBEDTLS_AES_C */
-
-        if( enc_alg == MBEDTLS_CIPHER_NONE )
-            return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG );
-
-        if( *s1 == '\r' ) s1++;
-        if( *s1 == '\n' ) s1++;
-        else return( MBEDTLS_ERR_PEM_INVALID_DATA );
-#else
-        return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
-#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
-          ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
-    }
-
-    if( s1 >= s2 )
-        return( MBEDTLS_ERR_PEM_INVALID_DATA );
-
-    ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
-
-    if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PEM_INVALID_DATA, ret ) );
-
-    if( ( buf = mbedtls_calloc( 1, len ) ) == NULL )
-        return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
-
-    if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 )
-    {
-        mbedtls_platform_zeroize( buf, len );
-        mbedtls_free( buf );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PEM_INVALID_DATA, ret ) );
-    }
-
-    if( enc != 0 )
-    {
-#if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) &&         \
-    ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) )
-        if( pwd == NULL )
-        {
-            mbedtls_platform_zeroize( buf, len );
-            mbedtls_free( buf );
-            return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
-        }
-
-        ret = 0;
-
-#if defined(MBEDTLS_DES_C)
-        if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC )
-            ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
-        else if( enc_alg == MBEDTLS_CIPHER_DES_CBC )
-            ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_AES_C)
-        if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC )
-            ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
-        else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC )
-            ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
-        else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC )
-            ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
-#endif /* MBEDTLS_AES_C */
-
-        if( ret != 0 )
-        {
-            mbedtls_free( buf );
-            return( ret );
-        }
-
-        /*
-         * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
-         * length bytes (allow 4 to be sure) in all known use cases.
-         *
-         * Use that as a heuristic to try to detect password mismatches.
-         */
-        if( len <= 2 || buf[0] != 0x30 || buf[1] > 0x83 )
-        {
-            mbedtls_platform_zeroize( buf, len );
-            mbedtls_free( buf );
-            return( MBEDTLS_ERR_PEM_PASSWORD_MISMATCH );
-        }
-#else
-        mbedtls_platform_zeroize( buf, len );
-        mbedtls_free( buf );
-        return( MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE );
-#endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC &&
-          ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
-    }
-
-    ctx->buf = buf;
-    ctx->buflen = len;
-
-    return( 0 );
-}
-
-void mbedtls_pem_free( mbedtls_pem_context *ctx )
-{
-    if ( ctx->buf != NULL )
-    {
-        mbedtls_platform_zeroize( ctx->buf, ctx->buflen );
-        mbedtls_free( ctx->buf );
-    }
-    mbedtls_free( ctx->info );
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) );
-}
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-int mbedtls_pem_write_buffer( const char *header, const char *footer,
-                      const unsigned char *der_data, size_t der_len,
-                      unsigned char *buf, size_t buf_len, size_t *olen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *encode_buf = NULL, *c, *p = buf;
-    size_t len = 0, use_len, add_len = 0;
-
-    mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len );
-    add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
-
-    if( use_len + add_len > buf_len )
-    {
-        *olen = use_len + add_len;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
-    }
-
-    if( use_len != 0 &&
-        ( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) )
-        return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
-
-    if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data,
-                               der_len ) ) != 0 )
-    {
-        mbedtls_free( encode_buf );
-        return( ret );
-    }
-
-    memcpy( p, header, strlen( header ) );
-    p += strlen( header );
-    c = encode_buf;
-
-    while( use_len )
-    {
-        len = ( use_len > 64 ) ? 64 : use_len;
-        memcpy( p, c, len );
-        use_len -= len;
-        p += len;
-        c += len;
-        *p++ = '\n';
-    }
-
-    memcpy( p, footer, strlen( footer ) );
-    p += strlen( footer );
-
-    *p++ = '\0';
-    *olen = p - buf;
-
-     /* Clean any remaining data previously written to the buffer */
-    memset( buf + *olen, 0, buf_len - *olen );
-
-    mbedtls_free( encode_buf );
-    return( 0 );
-}
-#endif /* MBEDTLS_PEM_WRITE_C */
-#endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */
-
diff --git a/Sources/mbedtls/library/pk.c b/Sources/mbedtls/library/pk.c
deleted file mode 100644
index 05cc213..0000000
--- a/Sources/mbedtls/library/pk.c
+++ /dev/null
@@ -1,642 +0,0 @@
-/*
- *  Public Key abstraction layer
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PK_C)
-#include "mbedtls/pk.h"
-#include "mbedtls/pk_internal.h"
-
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "mbedtls/psa_util.h"
-#endif
-
-#include <limits.h>
-#include <stdint.h>
-
-/* Parameter validation macros based on platform_util.h */
-#define PK_VALIDATE_RET( cond )    \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
-#define PK_VALIDATE( cond )        \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-/*
- * Initialise a mbedtls_pk_context
- */
-void mbedtls_pk_init( mbedtls_pk_context *ctx )
-{
-    PK_VALIDATE( ctx != NULL );
-
-    ctx->pk_info = NULL;
-    ctx->pk_ctx = NULL;
-}
-
-/*
- * Free (the components of) a mbedtls_pk_context
- */
-void mbedtls_pk_free( mbedtls_pk_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    if ( ctx->pk_info != NULL )
-        ctx->pk_info->ctx_free_func( ctx->pk_ctx );
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) );
-}
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-/*
- * Initialize a restart context
- */
-void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx )
-{
-    PK_VALIDATE( ctx != NULL );
-    ctx->pk_info = NULL;
-    ctx->rs_ctx = NULL;
-}
-
-/*
- * Free the components of a restart context
- */
-void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx )
-{
-    if( ctx == NULL || ctx->pk_info == NULL ||
-        ctx->pk_info->rs_free_func == NULL )
-    {
-        return;
-    }
-
-    ctx->pk_info->rs_free_func( ctx->rs_ctx );
-
-    ctx->pk_info = NULL;
-    ctx->rs_ctx = NULL;
-}
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-/*
- * Get pk_info structure from type
- */
-const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type )
-{
-    switch( pk_type ) {
-#if defined(MBEDTLS_RSA_C)
-        case MBEDTLS_PK_RSA:
-            return( &mbedtls_rsa_info );
-#endif
-#if defined(MBEDTLS_ECP_C)
-        case MBEDTLS_PK_ECKEY:
-            return( &mbedtls_eckey_info );
-        case MBEDTLS_PK_ECKEY_DH:
-            return( &mbedtls_eckeydh_info );
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-        case MBEDTLS_PK_ECDSA:
-            return( &mbedtls_ecdsa_info );
-#endif
-        /* MBEDTLS_PK_RSA_ALT omitted on purpose */
-        default:
-            return( NULL );
-    }
-}
-
-/*
- * Initialise context
- */
-int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info )
-{
-    PK_VALIDATE_RET( ctx != NULL );
-    if( info == NULL || ctx->pk_info != NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
-        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
-
-    ctx->pk_info = info;
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/*
- * Initialise a PSA-wrapping context
- */
-int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
-                             const psa_key_id_t key )
-{
-    const mbedtls_pk_info_t * const info = &mbedtls_pk_opaque_info;
-    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_key_id_t *pk_ctx;
-    psa_key_type_t type;
-
-    if( ctx == NULL || ctx->pk_info != NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( PSA_SUCCESS != psa_get_key_attributes( key, &attributes ) )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-    type = psa_get_key_type( &attributes );
-    psa_reset_key_attributes( &attributes );
-
-    /* Current implementation of can_do() relies on this. */
-    if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) )
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) ;
-
-    if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
-        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
-
-    ctx->pk_info = info;
-
-    pk_ctx = (psa_key_id_t *) ctx->pk_ctx;
-    *pk_ctx = key;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/*
- * Initialize an RSA-alt context
- */
-int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
-                         mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
-                         mbedtls_pk_rsa_alt_sign_func sign_func,
-                         mbedtls_pk_rsa_alt_key_len_func key_len_func )
-{
-    mbedtls_rsa_alt_context *rsa_alt;
-    const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info;
-
-    PK_VALIDATE_RET( ctx != NULL );
-    if( ctx->pk_info != NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL )
-        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
-
-    ctx->pk_info = info;
-
-    rsa_alt = (mbedtls_rsa_alt_context *) ctx->pk_ctx;
-
-    rsa_alt->key = key;
-    rsa_alt->decrypt_func = decrypt_func;
-    rsa_alt->sign_func = sign_func;
-    rsa_alt->key_len_func = key_len_func;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-/*
- * Tell if a PK can do the operations of the given type
- */
-int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type )
-{
-    /* A context with null pk_info is not set up yet and can't do anything.
-     * For backward compatibility, also accept NULL instead of a context
-     * pointer. */
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( 0 );
-
-    return( ctx->pk_info->can_do( type ) );
-}
-
-/*
- * Helper for mbedtls_pk_sign and mbedtls_pk_verify
- */
-static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
-{
-    const mbedtls_md_info_t *md_info;
-
-    if( *hash_len != 0 && md_alg == MBEDTLS_MD_NONE )
-        return( 0 );
-
-    if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
-        return( -1 );
-
-    if ( *hash_len != 0 && *hash_len != mbedtls_md_get_size( md_info ) )
-        return ( -1 );
-
-    *hash_len = mbedtls_md_get_size( md_info );
-    return( 0 );
-}
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-/*
- * Helper to set up a restart context if needed
- */
-static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx,
-                             const mbedtls_pk_info_t *info )
-{
-    /* Don't do anything if already set up or invalid */
-    if( ctx == NULL || ctx->pk_info != NULL )
-        return( 0 );
-
-    /* Should never happen when we're called */
-    if( info->rs_alloc_func == NULL || info->rs_free_func == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ( ctx->rs_ctx = info->rs_alloc_func() ) == NULL )
-        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
-
-    ctx->pk_info = info;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-/*
- * Verify a signature (restartable)
- */
-int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
-               mbedtls_md_type_t md_alg,
-               const unsigned char *hash, size_t hash_len,
-               const unsigned char *sig, size_t sig_len,
-               mbedtls_pk_restart_ctx *rs_ctx )
-{
-    PK_VALIDATE_RET( ctx != NULL );
-    PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
-                     hash != NULL );
-    PK_VALIDATE_RET( sig != NULL );
-
-    if( ctx->pk_info == NULL ||
-        pk_hashlen_helper( md_alg, &hash_len ) != 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    /* optimization: use non-restartable version if restart disabled */
-    if( rs_ctx != NULL &&
-        mbedtls_ecp_restart_is_enabled() &&
-        ctx->pk_info->verify_rs_func != NULL )
-    {
-        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-        if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
-            return( ret );
-
-        ret = ctx->pk_info->verify_rs_func( ctx->pk_ctx,
-                   md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx );
-
-        if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
-            mbedtls_pk_restart_free( rs_ctx );
-
-        return( ret );
-    }
-#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-    (void) rs_ctx;
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-    if( ctx->pk_info->verify_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
-    return( ctx->pk_info->verify_func( ctx->pk_ctx, md_alg, hash, hash_len,
-                                       sig, sig_len ) );
-}
-
-/*
- * Verify a signature
- */
-int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-               const unsigned char *hash, size_t hash_len,
-               const unsigned char *sig, size_t sig_len )
-{
-    return( mbedtls_pk_verify_restartable( ctx, md_alg, hash, hash_len,
-                                           sig, sig_len, NULL ) );
-}
-
-/*
- * Verify a signature with options
- */
-int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
-                   mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   const unsigned char *sig, size_t sig_len )
-{
-    PK_VALIDATE_RET( ctx != NULL );
-    PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
-                     hash != NULL );
-    PK_VALIDATE_RET( sig != NULL );
-
-    if( ctx->pk_info == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ! mbedtls_pk_can_do( ctx, type ) )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
-    if( type == MBEDTLS_PK_RSASSA_PSS )
-    {
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
-        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-        const mbedtls_pk_rsassa_pss_options *pss_opts;
-
-#if SIZE_MAX > UINT_MAX
-        if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-#endif /* SIZE_MAX > UINT_MAX */
-
-        if( options == NULL )
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-        pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
-
-        if( sig_len < mbedtls_pk_get_len( ctx ) )
-            return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-
-        ret = mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_pk_rsa( *ctx ),
-                NULL, NULL, MBEDTLS_RSA_PUBLIC,
-                md_alg, (unsigned int) hash_len, hash,
-                pss_opts->mgf1_hash_id,
-                pss_opts->expected_salt_len,
-                sig );
-        if( ret != 0 )
-            return( ret );
-
-        if( sig_len > mbedtls_pk_get_len( ctx ) )
-            return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
-
-        return( 0 );
-#else
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
-    }
-
-    /* General case: no options */
-    if( options != NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) );
-}
-
-/*
- * Make a signature (restartable)
- */
-int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
-             mbedtls_md_type_t md_alg,
-             const unsigned char *hash, size_t hash_len,
-             unsigned char *sig, size_t *sig_len,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-             mbedtls_pk_restart_ctx *rs_ctx )
-{
-    PK_VALIDATE_RET( ctx != NULL );
-    PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
-                     hash != NULL );
-    PK_VALIDATE_RET( sig != NULL );
-
-    if( ctx->pk_info == NULL ||
-        pk_hashlen_helper( md_alg, &hash_len ) != 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    /* optimization: use non-restartable version if restart disabled */
-    if( rs_ctx != NULL &&
-        mbedtls_ecp_restart_is_enabled() &&
-        ctx->pk_info->sign_rs_func != NULL )
-    {
-        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-        if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 )
-            return( ret );
-
-        ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg,
-                hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx );
-
-        if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
-            mbedtls_pk_restart_free( rs_ctx );
-
-        return( ret );
-    }
-#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-    (void) rs_ctx;
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
-
-    if( ctx->pk_info->sign_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
-    return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len,
-                                     sig, sig_len, f_rng, p_rng ) );
-}
-
-/*
- * Make a signature
- */
-int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-             const unsigned char *hash, size_t hash_len,
-             unsigned char *sig, size_t *sig_len,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len,
-                                         sig, sig_len, f_rng, p_rng, NULL ) );
-}
-
-/*
- * Decrypt message
- */
-int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output, size_t *olen, size_t osize,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    PK_VALIDATE_RET( ctx != NULL );
-    PK_VALIDATE_RET( input != NULL || ilen == 0 );
-    PK_VALIDATE_RET( output != NULL || osize == 0 );
-    PK_VALIDATE_RET( olen != NULL );
-
-    if( ctx->pk_info == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ctx->pk_info->decrypt_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
-    return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen,
-                output, olen, osize, f_rng, p_rng ) );
-}
-
-/*
- * Encrypt message
- */
-int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output, size_t *olen, size_t osize,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    PK_VALIDATE_RET( ctx != NULL );
-    PK_VALIDATE_RET( input != NULL || ilen == 0 );
-    PK_VALIDATE_RET( output != NULL || osize == 0 );
-    PK_VALIDATE_RET( olen != NULL );
-
-    if( ctx->pk_info == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ctx->pk_info->encrypt_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
-    return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen,
-                output, olen, osize, f_rng, p_rng ) );
-}
-
-/*
- * Check public-private key pair
- */
-int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv )
-{
-    PK_VALIDATE_RET( pub != NULL );
-    PK_VALIDATE_RET( prv != NULL );
-
-    if( pub->pk_info == NULL ||
-        prv->pk_info == NULL )
-    {
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-    }
-
-    if( prv->pk_info->check_pair_func == NULL )
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
-    if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT )
-    {
-        if( pub->pk_info->type != MBEDTLS_PK_RSA )
-            return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-    }
-    else
-    {
-        if( pub->pk_info != prv->pk_info )
-            return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-    }
-
-    return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
-}
-
-/*
- * Get key size in bits
- */
-size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx )
-{
-    /* For backward compatibility, accept NULL or a context that
-     * isn't set up yet, and return a fake value that should be safe. */
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( 0 );
-
-    return( ctx->pk_info->get_bitlen( ctx->pk_ctx ) );
-}
-
-/*
- * Export debug information
- */
-int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items )
-{
-    PK_VALIDATE_RET( ctx != NULL );
-    if( ctx->pk_info == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    if( ctx->pk_info->debug_func == NULL )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
-    ctx->pk_info->debug_func( ctx->pk_ctx, items );
-    return( 0 );
-}
-
-/*
- * Access the PK type name
- */
-const char *mbedtls_pk_get_name( const mbedtls_pk_context *ctx )
-{
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( "invalid PK" );
-
-    return( ctx->pk_info->name );
-}
-
-/*
- * Access the PK type
- */
-mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx )
-{
-    if( ctx == NULL || ctx->pk_info == NULL )
-        return( MBEDTLS_PK_NONE );
-
-    return( ctx->pk_info->type );
-}
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/*
- * Load the key to a PSA key slot,
- * then turn the PK context into a wrapper for that key slot.
- *
- * Currently only works for EC private keys.
- */
-int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
-                               psa_key_id_t *key,
-                               psa_algorithm_t hash_alg )
-{
-#if !defined(MBEDTLS_ECP_C)
-    ((void) pk);
-    ((void) key);
-    ((void) hash_alg);
-    return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-#else
-    const mbedtls_ecp_keypair *ec;
-    unsigned char d[MBEDTLS_ECP_MAX_BYTES];
-    size_t d_len;
-    psa_ecc_family_t curve_id;
-    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_key_type_t key_type;
-    size_t bits;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    /* export the private key material in the format PSA wants */
-    if( mbedtls_pk_get_type( pk ) != MBEDTLS_PK_ECKEY )
-        return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
-
-    ec = mbedtls_pk_ec( *pk );
-    d_len = ( ec->grp.nbits + 7 ) / 8;
-    if( ( ret = mbedtls_mpi_write_binary( &ec->d, d, d_len ) ) != 0 )
-        return( ret );
-
-    curve_id = mbedtls_ecc_group_to_psa( ec->grp.id, &bits );
-    key_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve_id );
-
-    /* prepare the key attributes */
-    psa_set_key_type( &attributes, key_type );
-    psa_set_key_bits( &attributes, bits );
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
-    psa_set_key_algorithm( &attributes, PSA_ALG_ECDSA(hash_alg) );
-
-    /* import private key into PSA */
-    if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, key ) )
-        return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
-
-    /* make PK context wrap the key slot */
-    mbedtls_pk_free( pk );
-    mbedtls_pk_init( pk );
-
-    return( mbedtls_pk_setup_opaque( pk, *key ) );
-#endif /* MBEDTLS_ECP_C */
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#endif /* MBEDTLS_PK_C */
diff --git a/Sources/mbedtls/library/pk_wrap.c b/Sources/mbedtls/library/pk_wrap.c
deleted file mode 100644
index f35abf2..0000000
--- a/Sources/mbedtls/library/pk_wrap.c
+++ /dev/null
@@ -1,1063 +0,0 @@
-/*
- *  Public Key abstraction layer: wrapper functions
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PK_C)
-#include "mbedtls/pk_internal.h"
-#include "mbedtls/error.h"
-
-/* Even if RSA not activated, for the sake of RSA-alt */
-#include "mbedtls/rsa.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-
-#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "mbedtls/asn1write.h"
-#endif
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-#include "mbedtls/platform_util.h"
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#include "mbedtls/psa_util.h"
-#include "mbedtls/asn1.h"
-#endif
-
-#include "mbedtls/platform.h"
-
-#include <limits.h>
-#include <stdint.h>
-
-#if defined(MBEDTLS_RSA_C)
-static int rsa_can_do( mbedtls_pk_type_t type )
-{
-    return( type == MBEDTLS_PK_RSA ||
-            type == MBEDTLS_PK_RSASSA_PSS );
-}
-
-static size_t rsa_get_bitlen( const void *ctx )
-{
-    const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx;
-    return( 8 * mbedtls_rsa_get_len( rsa ) );
-}
-
-static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   const unsigned char *sig, size_t sig_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
-    size_t rsa_len = mbedtls_rsa_get_len( rsa );
-
-#if SIZE_MAX > UINT_MAX
-    if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-#endif /* SIZE_MAX > UINT_MAX */
-
-    if( sig_len < rsa_len )
-        return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-
-    if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL,
-                                  MBEDTLS_RSA_PUBLIC, md_alg,
-                                  (unsigned int) hash_len, hash, sig ) ) != 0 )
-        return( ret );
-
-    /* The buffer contains a valid signature followed by extra data.
-     * We have a special error code for that so that so that callers can
-     * use mbedtls_pk_verify() to check "Does the buffer start with a
-     * valid signature?" and not just "Does the buffer contain a valid
-     * signature?". */
-    if( sig_len > rsa_len )
-        return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
-
-    return( 0 );
-}
-
-static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
-
-#if SIZE_MAX > UINT_MAX
-    if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-#endif /* SIZE_MAX > UINT_MAX */
-
-    *sig_len = mbedtls_rsa_get_len( rsa );
-
-    return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
-                md_alg, (unsigned int) hash_len, hash, sig ) );
-}
-
-static int rsa_decrypt_wrap( void *ctx,
-                    const unsigned char *input, size_t ilen,
-                    unsigned char *output, size_t *olen, size_t osize,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
-
-    if( ilen != mbedtls_rsa_get_len( rsa ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng,
-                MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
-}
-
-static int rsa_encrypt_wrap( void *ctx,
-                    const unsigned char *input, size_t ilen,
-                    unsigned char *output, size_t *olen, size_t osize,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
-    *olen = mbedtls_rsa_get_len( rsa );
-
-    if( *olen > osize )
-        return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
-
-    return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
-                                       ilen, input, output ) );
-}
-
-static int rsa_check_pair_wrap( const void *pub, const void *prv )
-{
-    return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
-                                (const mbedtls_rsa_context *) prv ) );
-}
-
-static void *rsa_alloc_wrap( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) );
-
-    if( ctx != NULL )
-        mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 );
-
-    return( ctx );
-}
-
-static void rsa_free_wrap( void *ctx )
-{
-    mbedtls_rsa_free( (mbedtls_rsa_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items )
-{
-    items->type = MBEDTLS_PK_DEBUG_MPI;
-    items->name = "rsa.N";
-    items->value = &( ((mbedtls_rsa_context *) ctx)->N );
-
-    items++;
-
-    items->type = MBEDTLS_PK_DEBUG_MPI;
-    items->name = "rsa.E";
-    items->value = &( ((mbedtls_rsa_context *) ctx)->E );
-}
-
-const mbedtls_pk_info_t mbedtls_rsa_info = {
-    MBEDTLS_PK_RSA,
-    "RSA",
-    rsa_get_bitlen,
-    rsa_can_do,
-    rsa_verify_wrap,
-    rsa_sign_wrap,
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    NULL,
-    NULL,
-#endif
-    rsa_decrypt_wrap,
-    rsa_encrypt_wrap,
-    rsa_check_pair_wrap,
-    rsa_alloc_wrap,
-    rsa_free_wrap,
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    NULL,
-    NULL,
-#endif
-    rsa_debug,
-};
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * Generic EC key
- */
-static int eckey_can_do( mbedtls_pk_type_t type )
-{
-    return( type == MBEDTLS_PK_ECKEY ||
-            type == MBEDTLS_PK_ECKEY_DH ||
-            type == MBEDTLS_PK_ECDSA );
-}
-
-static size_t eckey_get_bitlen( const void *ctx )
-{
-    return( ((mbedtls_ecp_keypair *) ctx)->grp.pbits );
-}
-
-#if defined(MBEDTLS_ECDSA_C)
-/* Forward declarations */
-static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len );
-
-static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
-
-static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecdsa_context ecdsa;
-
-    mbedtls_ecdsa_init( &ecdsa );
-
-    if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
-        ret = ecdsa_verify_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len );
-
-    mbedtls_ecdsa_free( &ecdsa );
-
-    return( ret );
-}
-
-static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecdsa_context ecdsa;
-
-    mbedtls_ecdsa_init( &ecdsa );
-
-    if( ( ret = mbedtls_ecdsa_from_keypair( &ecdsa, ctx ) ) == 0 )
-        ret = ecdsa_sign_wrap( &ecdsa, md_alg, hash, hash_len, sig, sig_len,
-                               f_rng, p_rng );
-
-    mbedtls_ecdsa_free( &ecdsa );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-/* Forward declarations */
-static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len,
-                       void *rs_ctx );
-
-static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                   void *rs_ctx );
-
-/*
- * Restart context for ECDSA operations with ECKEY context
- *
- * We need to store an actual ECDSA context, as we need to pass the same to
- * the underlying ecdsa function, so we can't create it on the fly every time.
- */
-typedef struct
-{
-    mbedtls_ecdsa_restart_ctx ecdsa_rs;
-    mbedtls_ecdsa_context ecdsa_ctx;
-} eckey_restart_ctx;
-
-static void *eckey_rs_alloc( void )
-{
-    eckey_restart_ctx *rs_ctx;
-
-    void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) );
-
-    if( ctx != NULL )
-    {
-        rs_ctx = ctx;
-        mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs );
-        mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx );
-    }
-
-    return( ctx );
-}
-
-static void eckey_rs_free( void *ctx )
-{
-    eckey_restart_ctx *rs_ctx;
-
-    if( ctx == NULL)
-        return;
-
-    rs_ctx = ctx;
-    mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs );
-    mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx );
-
-    mbedtls_free( ctx );
-}
-
-static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len,
-                       void *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    eckey_restart_ctx *rs = rs_ctx;
-
-    /* Should never happen */
-    if( rs == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    /* set up our own sub-context if needed (that is, on first run) */
-    if( rs->ecdsa_ctx.grp.pbits == 0 )
-        MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
-
-    MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx,
-                                           md_alg, hash, hash_len,
-                                           sig, sig_len, &rs->ecdsa_rs ) );
-
-cleanup:
-    return( ret );
-}
-
-static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                       void *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    eckey_restart_ctx *rs = rs_ctx;
-
-    /* Should never happen */
-    if( rs == NULL )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    /* set up our own sub-context if needed (that is, on first run) */
-    if( rs->ecdsa_ctx.grp.pbits == 0 )
-        MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) );
-
-    MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg,
-                                         hash, hash_len, sig, sig_len,
-                                         f_rng, p_rng, &rs->ecdsa_rs ) );
-
-cleanup:
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-#endif /* MBEDTLS_ECDSA_C */
-
-static int eckey_check_pair( const void *pub, const void *prv )
-{
-    return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
-                                (const mbedtls_ecp_keypair *) prv ) );
-}
-
-static void *eckey_alloc_wrap( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
-
-    if( ctx != NULL )
-        mbedtls_ecp_keypair_init( ctx );
-
-    return( ctx );
-}
-
-static void eckey_free_wrap( void *ctx )
-{
-    mbedtls_ecp_keypair_free( (mbedtls_ecp_keypair *) ctx );
-    mbedtls_free( ctx );
-}
-
-static void eckey_debug( const void *ctx, mbedtls_pk_debug_item *items )
-{
-    items->type = MBEDTLS_PK_DEBUG_ECP;
-    items->name = "eckey.Q";
-    items->value = &( ((mbedtls_ecp_keypair *) ctx)->Q );
-}
-
-const mbedtls_pk_info_t mbedtls_eckey_info = {
-    MBEDTLS_PK_ECKEY,
-    "EC",
-    eckey_get_bitlen,
-    eckey_can_do,
-#if defined(MBEDTLS_ECDSA_C)
-    eckey_verify_wrap,
-    eckey_sign_wrap,
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    eckey_verify_rs_wrap,
-    eckey_sign_rs_wrap,
-#endif
-#else /* MBEDTLS_ECDSA_C */
-    NULL,
-    NULL,
-#endif /* MBEDTLS_ECDSA_C */
-    NULL,
-    NULL,
-    eckey_check_pair,
-    eckey_alloc_wrap,
-    eckey_free_wrap,
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    eckey_rs_alloc,
-    eckey_rs_free,
-#endif
-    eckey_debug,
-};
-
-/*
- * EC key restricted to ECDH
- */
-static int eckeydh_can_do( mbedtls_pk_type_t type )
-{
-    return( type == MBEDTLS_PK_ECKEY ||
-            type == MBEDTLS_PK_ECKEY_DH );
-}
-
-const mbedtls_pk_info_t mbedtls_eckeydh_info = {
-    MBEDTLS_PK_ECKEY_DH,
-    "EC_DH",
-    eckey_get_bitlen,         /* Same underlying key structure */
-    eckeydh_can_do,
-    NULL,
-    NULL,
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    NULL,
-    NULL,
-#endif
-    NULL,
-    NULL,
-    eckey_check_pair,
-    eckey_alloc_wrap,       /* Same underlying key structure */
-    eckey_free_wrap,        /* Same underlying key structure */
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    NULL,
-    NULL,
-#endif
-    eckey_debug,            /* Same underlying key structure */
-};
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_ECDSA_C)
-static int ecdsa_can_do( mbedtls_pk_type_t type )
-{
-    return( type == MBEDTLS_PK_ECDSA );
-}
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/*
- * An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of
- * those integers and convert it to the fixed-length encoding expected by PSA.
- */
-static int extract_ecdsa_sig_int( unsigned char **from, const unsigned char *end,
-                                  unsigned char *to, size_t to_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t unpadded_len, padding_len;
-
-    if( ( ret = mbedtls_asn1_get_tag( from, end, &unpadded_len,
-                                      MBEDTLS_ASN1_INTEGER ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    while( unpadded_len > 0 && **from == 0x00 )
-    {
-        ( *from )++;
-        unpadded_len--;
-    }
-
-    if( unpadded_len > to_len || unpadded_len == 0 )
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    padding_len = to_len - unpadded_len;
-    memset( to, 0x00, padding_len );
-    memcpy( to + padding_len, *from, unpadded_len );
-    ( *from ) += unpadded_len;
-
-    return( 0 );
-}
-
-/*
- * Convert a signature from an ASN.1 sequence of two integers
- * to a raw {r,s} buffer. Note: the provided sig buffer must be at least
- * twice as big as int_size.
- */
-static int extract_ecdsa_sig( unsigned char **p, const unsigned char *end,
-                              unsigned char *sig, size_t int_size )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t tmp_size;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &tmp_size,
-                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( ret );
-
-    /* Extract r */
-    if( ( ret = extract_ecdsa_sig_int( p, end, sig, int_size ) ) != 0 )
-        return( ret );
-    /* Extract s */
-    if( ( ret = extract_ecdsa_sig_int( p, end, sig + int_size, int_size ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len )
-{
-    mbedtls_ecdsa_context *ctx = ctx_arg;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_key_id_t key_id = 0;
-    psa_status_t status;
-    mbedtls_pk_context key;
-    int key_len;
-    /* see ECP_PUB_DER_MAX_BYTES in pkwrite.c */
-    unsigned char buf[30 + 2 * MBEDTLS_ECP_MAX_BYTES];
-    unsigned char *p;
-    mbedtls_pk_info_t pk_info = mbedtls_eckey_info;
-    psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY;
-    size_t curve_bits;
-    psa_ecc_family_t curve =
-        mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits );
-    const size_t signature_part_size = ( ctx->grp.nbits + 7 ) / 8;
-    ((void) md_alg);
-
-    if( curve == 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    /* mbedtls_pk_write_pubkey() expects a full PK context;
-     * re-construct one to make it happy */
-    key.pk_info = &pk_info;
-    key.pk_ctx = ctx;
-    p = buf + sizeof( buf );
-    key_len = mbedtls_pk_write_pubkey( &p, buf, &key );
-    if( key_len <= 0 )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) );
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
-    psa_set_key_algorithm( &attributes, psa_sig_md );
-
-    status = psa_import_key( &attributes,
-                             buf + sizeof( buf ) - key_len, key_len,
-                             &key_id );
-    if( status != PSA_SUCCESS )
-    {
-        ret = mbedtls_psa_err_translate_pk( status );
-        goto cleanup;
-    }
-
-    /* We don't need the exported key anymore and can
-     * reuse its buffer for signature extraction. */
-    if( 2 * signature_part_size > sizeof( buf ) )
-    {
-        ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    p = (unsigned char*) sig;
-    if( ( ret = extract_ecdsa_sig( &p, sig + sig_len, buf,
-                                   signature_part_size ) ) != 0 )
-    {
-        goto cleanup;
-    }
-
-    if( psa_verify_hash( key_id, psa_sig_md,
-                         hash, hash_len,
-                         buf, 2 * signature_part_size )
-         != PSA_SUCCESS )
-    {
-         ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
-         goto cleanup;
-    }
-
-    if( p != sig + sig_len )
-    {
-        ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
-        goto cleanup;
-    }
-    ret = 0;
-
-cleanup:
-    psa_destroy_key( key_id );
-    return( ret );
-}
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ((void) md_alg);
-
-    ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx,
-                                hash, hash_len, sig, sig_len );
-
-    if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
-        return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
-
-    return( ret );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-static int ecdsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    return( mbedtls_ecdsa_write_signature( (mbedtls_ecdsa_context *) ctx,
-                md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) );
-}
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                       const unsigned char *hash, size_t hash_len,
-                       const unsigned char *sig, size_t sig_len,
-                       void *rs_ctx )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    ((void) md_alg);
-
-    ret = mbedtls_ecdsa_read_signature_restartable(
-            (mbedtls_ecdsa_context *) ctx,
-            hash, hash_len, sig, sig_len,
-            (mbedtls_ecdsa_restart_ctx *) rs_ctx );
-
-    if( ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH )
-        return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
-
-    return( ret );
-}
-
-static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                   void *rs_ctx )
-{
-    return( mbedtls_ecdsa_write_signature_restartable(
-                (mbedtls_ecdsa_context *) ctx,
-                md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng,
-                (mbedtls_ecdsa_restart_ctx *) rs_ctx ) );
-
-}
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-static void *ecdsa_alloc_wrap( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_context ) );
-
-    if( ctx != NULL )
-        mbedtls_ecdsa_init( (mbedtls_ecdsa_context *) ctx );
-
-    return( ctx );
-}
-
-static void ecdsa_free_wrap( void *ctx )
-{
-    mbedtls_ecdsa_free( (mbedtls_ecdsa_context *) ctx );
-    mbedtls_free( ctx );
-}
-
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-static void *ecdsa_rs_alloc( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ecdsa_restart_ctx ) );
-
-    if( ctx != NULL )
-        mbedtls_ecdsa_restart_init( ctx );
-
-    return( ctx );
-}
-
-static void ecdsa_rs_free( void *ctx )
-{
-    mbedtls_ecdsa_restart_free( ctx );
-    mbedtls_free( ctx );
-}
-#endif /* MBEDTLS_ECP_RESTARTABLE */
-
-const mbedtls_pk_info_t mbedtls_ecdsa_info = {
-    MBEDTLS_PK_ECDSA,
-    "ECDSA",
-    eckey_get_bitlen,     /* Compatible key structures */
-    ecdsa_can_do,
-    ecdsa_verify_wrap,
-    ecdsa_sign_wrap,
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    ecdsa_verify_rs_wrap,
-    ecdsa_sign_rs_wrap,
-#endif
-    NULL,
-    NULL,
-    eckey_check_pair,   /* Compatible key structures */
-    ecdsa_alloc_wrap,
-    ecdsa_free_wrap,
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    ecdsa_rs_alloc,
-    ecdsa_rs_free,
-#endif
-    eckey_debug,        /* Compatible key structures */
-};
-#endif /* MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-/*
- * Support for alternative RSA-private implementations
- */
-
-static int rsa_alt_can_do( mbedtls_pk_type_t type )
-{
-    return( type == MBEDTLS_PK_RSA );
-}
-
-static size_t rsa_alt_get_bitlen( const void *ctx )
-{
-    const mbedtls_rsa_alt_context *rsa_alt = (const mbedtls_rsa_alt_context *) ctx;
-
-    return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
-}
-
-static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
-
-#if SIZE_MAX > UINT_MAX
-    if( UINT_MAX < hash_len )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-#endif /* SIZE_MAX > UINT_MAX */
-
-    *sig_len = rsa_alt->key_len_func( rsa_alt->key );
-    if( *sig_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
-                md_alg, (unsigned int) hash_len, hash, sig ) );
-}
-
-static int rsa_alt_decrypt_wrap( void *ctx,
-                    const unsigned char *input, size_t ilen,
-                    unsigned char *output, size_t *olen, size_t osize,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
-
-    ((void) f_rng);
-    ((void) p_rng);
-
-    if( ilen != rsa_alt->key_len_func( rsa_alt->key ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    return( rsa_alt->decrypt_func( rsa_alt->key,
-                MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) );
-}
-
-#if defined(MBEDTLS_RSA_C)
-static int rsa_alt_check_pair( const void *pub, const void *prv )
-{
-    unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
-    unsigned char hash[32];
-    size_t sig_len = 0;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) )
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-
-    memset( hash, 0x2a, sizeof( hash ) );
-
-    if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
-                                   hash, sizeof( hash ),
-                                   sig, &sig_len, NULL, NULL ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( rsa_verify_wrap( (void *) pub, MBEDTLS_MD_NONE,
-                         hash, sizeof( hash ), sig, sig_len ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_RSA_C */
-
-static void *rsa_alt_alloc_wrap( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) );
-
-    if( ctx != NULL )
-        memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) );
-
-    return( ctx );
-}
-
-static void rsa_alt_free_wrap( void *ctx )
-{
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) );
-    mbedtls_free( ctx );
-}
-
-const mbedtls_pk_info_t mbedtls_rsa_alt_info = {
-    MBEDTLS_PK_RSA_ALT,
-    "RSA-alt",
-    rsa_alt_get_bitlen,
-    rsa_alt_can_do,
-    NULL,
-    rsa_alt_sign_wrap,
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    NULL,
-    NULL,
-#endif
-    rsa_alt_decrypt_wrap,
-    NULL,
-#if defined(MBEDTLS_RSA_C)
-    rsa_alt_check_pair,
-#else
-    NULL,
-#endif
-    rsa_alt_alloc_wrap,
-    rsa_alt_free_wrap,
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    NULL,
-    NULL,
-#endif
-    NULL,
-};
-
-#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-
-static void *pk_opaque_alloc_wrap( void )
-{
-    void *ctx = mbedtls_calloc( 1, sizeof( psa_key_id_t ) );
-
-    /* no _init() function to call, as calloc() already zeroized */
-
-    return( ctx );
-}
-
-static void pk_opaque_free_wrap( void *ctx )
-{
-    mbedtls_platform_zeroize( ctx, sizeof( psa_key_id_t ) );
-    mbedtls_free( ctx );
-}
-
-static size_t pk_opaque_get_bitlen( const void *ctx )
-{
-    const psa_key_id_t *key = (const psa_key_id_t *) ctx;
-    size_t bits;
-    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
-    if( PSA_SUCCESS != psa_get_key_attributes( *key, &attributes ) )
-        return( 0 );
-
-    bits = psa_get_key_bits( &attributes );
-    psa_reset_key_attributes( &attributes );
-    return( bits );
-}
-
-static int pk_opaque_can_do( mbedtls_pk_type_t type )
-{
-    /* For now opaque PSA keys can only wrap ECC keypairs,
-     * as checked by setup_psa().
-     * Also, ECKEY_DH does not really make sense with the current API. */
-    return( type == MBEDTLS_PK_ECKEY ||
-            type == MBEDTLS_PK_ECDSA );
-}
-
-#if defined(MBEDTLS_ECDSA_C)
-
-/*
- * Simultaneously convert and move raw MPI from the beginning of a buffer
- * to an ASN.1 MPI at the end of the buffer.
- * See also mbedtls_asn1_write_mpi().
- *
- * p: pointer to the end of the output buffer
- * start: start of the output buffer, and also of the mpi to write at the end
- * n_len: length of the mpi to read from start
- */
-static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
-                              size_t n_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-
-    if( (size_t)( *p - start ) < n_len )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    len = n_len;
-    *p -= len;
-    memmove( *p, start, len );
-
-    /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
-     * Neither r nor s should be 0, but as a failsafe measure, still detect
-     * that rather than overflowing the buffer in case of a PSA error. */
-    while( len > 0 && **p == 0x00 )
-    {
-        ++(*p);
-        --len;
-    }
-
-    /* this is only reached if the signature was invalid */
-    if( len == 0 )
-        return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
-
-    /* if the msb is 1, ASN.1 requires that we prepend a 0.
-     * Neither r nor s can be 0, so we can assume len > 0 at all times. */
-    if( **p & 0x80 )
-    {
-        if( *p - start < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = 0x00;
-        len += 1;
-    }
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start,
-                                                MBEDTLS_ASN1_INTEGER ) );
-
-    return( (int) len );
-}
-
-/* Transcode signature from PSA format to ASN.1 sequence.
- * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
- * MPIs, and in-place.
- *
- * [in/out] sig: the signature pre- and post-transcoding
- * [in/out] sig_len: signature length pre- and post-transcoding
- * [int] buf_len: the available size the in/out buffer
- */
-static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
-                                       size_t buf_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-    const size_t rs_len = *sig_len / 2;
-    unsigned char *p = sig + buf_len;
-
-    MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig + rs_len, rs_len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, asn1_write_mpibuf( &p, sig, rs_len ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &p, sig, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &p, sig,
-                          MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
-
-    memmove( sig, p, len );
-    *sig_len = len;
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_ECDSA_C */
-
-static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   unsigned char *sig, size_t *sig_len,
-                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-#if !defined(MBEDTLS_ECDSA_C)
-    ((void) ctx);
-    ((void) md_alg);
-    ((void) hash);
-    ((void) hash_len);
-    ((void) sig);
-    ((void) sig_len);
-    ((void) f_rng);
-    ((void) p_rng);
-    return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-#else /* !MBEDTLS_ECDSA_C */
-    const psa_key_id_t *key = (const psa_key_id_t *) ctx;
-    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
-    size_t buf_len;
-    psa_status_t status;
-
-    /* PSA has its own RNG */
-    (void) f_rng;
-    (void) p_rng;
-
-    /* PSA needs an output buffer of known size, but our API doesn't provide
-     * that information. Assume that the buffer is large enough for a
-     * maximal-length signature with that key (otherwise the application is
-     * buggy anyway). */
-    status = psa_get_key_attributes( *key, &attributes );
-    if( status != PSA_SUCCESS )
-        return( mbedtls_psa_err_translate_pk( status ) );
-    buf_len = MBEDTLS_ECDSA_MAX_SIG_LEN( psa_get_key_bits( &attributes ) );
-    psa_reset_key_attributes( &attributes );
-    if( buf_len > MBEDTLS_PK_SIGNATURE_MAX_SIZE )
-        return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-    /* make the signature */
-    status = psa_sign_hash( *key, alg, hash, hash_len,
-                            sig, buf_len, sig_len );
-    if( status != PSA_SUCCESS )
-        return( mbedtls_psa_err_translate_pk( status ) );
-
-    /* transcode it to ASN.1 sequence */
-    return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, buf_len ) );
-#endif /* !MBEDTLS_ECDSA_C */
-}
-
-const mbedtls_pk_info_t mbedtls_pk_opaque_info = {
-    MBEDTLS_PK_OPAQUE,
-    "Opaque",
-    pk_opaque_get_bitlen,
-    pk_opaque_can_do,
-    NULL, /* verify - will be done later */
-    pk_opaque_sign_wrap,
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    NULL, /* restartable verify - not relevant */
-    NULL, /* restartable sign - not relevant */
-#endif
-    NULL, /* decrypt - will be done later */
-    NULL, /* encrypt - will be done later */
-    NULL, /* check_pair - could be done later or left NULL */
-    pk_opaque_alloc_wrap,
-    pk_opaque_free_wrap,
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-    NULL, /* restart alloc - not relevant */
-    NULL, /* restart free - not relevant */
-#endif
-    NULL, /* debug - could be done later, or even left NULL */
-};
-
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#endif /* MBEDTLS_PK_C */
diff --git a/Sources/mbedtls/library/pkcs11.c b/Sources/mbedtls/library/pkcs11.c
deleted file mode 100644
index a7207cf..0000000
--- a/Sources/mbedtls/library/pkcs11.c
+++ /dev/null
@@ -1,232 +0,0 @@
-/**
- * \file pkcs11.c
- *
- * \brief Wrapper for PKCS#11 library libpkcs11-helper
- *
- * \author Adriaan de Jong <dejong@fox-it.com>
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "mbedtls/pkcs11.h"
-
-#if defined(MBEDTLS_PKCS11_C)
-
-#include "mbedtls/md.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/x509_crt.h"
-
-#include "mbedtls/platform.h"
-
-#include <string.h>
-
-void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_pkcs11_context ) );
-}
-
-int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert )
-{
-    int ret = 1;
-    unsigned char *cert_blob = NULL;
-    size_t cert_blob_size = 0;
-
-    if( cert == NULL )
-    {
-        ret = 2;
-        goto cleanup;
-    }
-
-    if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL,
-                                                &cert_blob_size ) != CKR_OK )
-    {
-        ret = 3;
-        goto cleanup;
-    }
-
-    cert_blob = mbedtls_calloc( 1, cert_blob_size );
-    if( NULL == cert_blob )
-    {
-        ret = 4;
-        goto cleanup;
-    }
-
-    if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob,
-                                                &cert_blob_size ) != CKR_OK )
-    {
-        ret = 5;
-        goto cleanup;
-    }
-
-    if( 0 != mbedtls_x509_crt_parse( cert, cert_blob, cert_blob_size ) )
-    {
-        ret = 6;
-        goto cleanup;
-    }
-
-    ret = 0;
-
-cleanup:
-    if( NULL != cert_blob )
-        mbedtls_free( cert_blob );
-
-    return( ret );
-}
-
-
-int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
-        pkcs11h_certificate_t pkcs11_cert )
-{
-    int ret = 1;
-    mbedtls_x509_crt cert;
-
-    mbedtls_x509_crt_init( &cert );
-
-    if( priv_key == NULL )
-        goto cleanup;
-
-    if( 0 != mbedtls_pkcs11_x509_cert_bind( &cert, pkcs11_cert ) )
-        goto cleanup;
-
-    priv_key->len = mbedtls_pk_get_len( &cert.pk );
-    priv_key->pkcs11h_cert = pkcs11_cert;
-
-    ret = 0;
-
-cleanup:
-    mbedtls_x509_crt_free( &cert );
-
-    return( ret );
-}
-
-void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key )
-{
-    if( NULL != priv_key )
-        pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert );
-}
-
-int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
-                       int mode, size_t *olen,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t output_max_len )
-{
-    size_t input_len, output_len;
-
-    if( NULL == ctx )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    if( MBEDTLS_RSA_PRIVATE != mode )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    output_len = input_len = ctx->len;
-
-    if( input_len < 16 || input_len > output_max_len )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    /* Determine size of output buffer */
-    if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
-            input_len, NULL, &output_len ) != CKR_OK )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-    if( output_len > output_max_len )
-        return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
-
-    if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
-            input_len, output, &output_len ) != CKR_OK )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-    *olen = output_len;
-    return( 0 );
-}
-
-int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
-                    int mode,
-                    mbedtls_md_type_t md_alg,
-                    unsigned int hashlen,
-                    const unsigned char *hash,
-                    unsigned char *sig )
-{
-    size_t sig_len = 0, asn_len = 0, oid_size = 0;
-    unsigned char *p = sig;
-    const char *oid;
-
-    if( NULL == ctx )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    if( MBEDTLS_RSA_PRIVATE != mode )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    if( md_alg != MBEDTLS_MD_NONE )
-    {
-        const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
-        if( md_info == NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        hashlen = mbedtls_md_get_size( md_info );
-        asn_len = 10 + oid_size;
-    }
-
-    sig_len = ctx->len;
-    if( hashlen > sig_len || asn_len > sig_len ||
-        hashlen + asn_len > sig_len )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-    if( md_alg != MBEDTLS_MD_NONE )
-    {
-        /*
-         * DigestInfo ::= SEQUENCE {
-         *   digestAlgorithm DigestAlgorithmIdentifier,
-         *   digest Digest }
-         *
-         * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-         *
-         * Digest ::= OCTET STRING
-         */
-        *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
-        *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
-        *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
-        *p++ = (unsigned char) ( 0x04 + oid_size );
-        *p++ = MBEDTLS_ASN1_OID;
-        *p++ = oid_size & 0xFF;
-        memcpy( p, oid, oid_size );
-        p += oid_size;
-        *p++ = MBEDTLS_ASN1_NULL;
-        *p++ = 0x00;
-        *p++ = MBEDTLS_ASN1_OCTET_STRING;
-        *p++ = hashlen;
-    }
-
-    memcpy( p, hash, hashlen );
-
-    if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
-            asn_len + hashlen, sig, &sig_len ) != CKR_OK )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-    return( 0 );
-}
-
-#endif /* defined(MBEDTLS_PKCS11_C) */
diff --git a/Sources/mbedtls/library/pkcs12.c b/Sources/mbedtls/library/pkcs12.c
deleted file mode 100644
index cacf7db..0000000
--- a/Sources/mbedtls/library/pkcs12.c
+++ /dev/null
@@ -1,404 +0,0 @@
-/*
- *  PKCS#12 Personal Information Exchange Syntax
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The PKCS #12 Personal Information Exchange Syntax Standard v1.1
- *
- *  http://www.rsa.com/rsalabs/pkcs/files/h11301-wp-pkcs-12v1-1-personal-information-exchange-syntax.pdf
- *  ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PKCS12_C)
-
-#include "mbedtls/pkcs12.h"
-#include "mbedtls/asn1.h"
-#include "mbedtls/cipher.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_ARC4_C)
-#include "mbedtls/arc4.h"
-#endif
-
-#if defined(MBEDTLS_DES_C)
-#include "mbedtls/des.h"
-#endif
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-
-static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
-                                    mbedtls_asn1_buf *salt, int *iterations )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char **p = &params->p;
-    const unsigned char *end = params->p + params->len;
-
-    /*
-     *  pkcs-12PbeParams ::= SEQUENCE {
-     *    salt          OCTET STRING,
-     *    iterations    INTEGER
-     *  }
-     *
-     */
-    if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret ) );
-
-    salt->p = *p;
-    *p += salt->len;
-
-    if( ( ret = mbedtls_asn1_get_int( p, end, iterations ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret ) );
-
-    if( *p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
-
-    return( 0 );
-}
-
-#define PKCS12_MAX_PWDLEN 128
-
-static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_type_t md_type,
-                                     const unsigned char *pwd,  size_t pwdlen,
-                                     unsigned char *key, size_t keylen,
-                                     unsigned char *iv,  size_t ivlen )
-{
-    int ret, iterations = 0;
-    mbedtls_asn1_buf salt;
-    size_t i;
-    unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
-
-    if( pwdlen > PKCS12_MAX_PWDLEN )
-        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
-
-    memset( &salt, 0, sizeof(mbedtls_asn1_buf) );
-    memset( &unipwd, 0, sizeof(unipwd) );
-
-    if( ( ret = pkcs12_parse_pbe_params( pbe_params, &salt,
-                                         &iterations ) ) != 0 )
-        return( ret );
-
-    for( i = 0; i < pwdlen; i++ )
-        unipwd[i * 2 + 1] = pwd[i];
-
-    if( ( ret = mbedtls_pkcs12_derivation( key, keylen, unipwd, pwdlen * 2 + 2,
-                                   salt.p, salt.len, md_type,
-                                   MBEDTLS_PKCS12_DERIVE_KEY, iterations ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( iv == NULL || ivlen == 0 )
-        return( 0 );
-
-    if( ( ret = mbedtls_pkcs12_derivation( iv, ivlen, unipwd, pwdlen * 2 + 2,
-                                   salt.p, salt.len, md_type,
-                                   MBEDTLS_PKCS12_DERIVE_IV, iterations ) ) != 0 )
-    {
-        return( ret );
-    }
-    return( 0 );
-}
-
-#undef PKCS12_MAX_PWDLEN
-
-int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
-                             const unsigned char *pwd,  size_t pwdlen,
-                             const unsigned char *data, size_t len,
-                             unsigned char *output )
-{
-#if !defined(MBEDTLS_ARC4_C)
-    ((void) pbe_params);
-    ((void) mode);
-    ((void) pwd);
-    ((void) pwdlen);
-    ((void) data);
-    ((void) len);
-    ((void) output);
-    return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
-#else
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char key[16];
-    mbedtls_arc4_context ctx;
-    ((void) mode);
-
-    mbedtls_arc4_init( &ctx );
-
-    if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, MBEDTLS_MD_SHA1,
-                                          pwd, pwdlen,
-                                          key, 16, NULL, 0 ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    mbedtls_arc4_setup( &ctx, key, 16 );
-    if( ( ret = mbedtls_arc4_crypt( &ctx, len, data, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_platform_zeroize( key, sizeof( key ) );
-    mbedtls_arc4_free( &ctx );
-
-    return( ret );
-#endif /* MBEDTLS_ARC4_C */
-}
-
-int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
-                mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
-                const unsigned char *pwd,  size_t pwdlen,
-                const unsigned char *data, size_t len,
-                unsigned char *output )
-{
-    int ret, keylen = 0;
-    unsigned char key[32];
-    unsigned char iv[16];
-    const mbedtls_cipher_info_t *cipher_info;
-    mbedtls_cipher_context_t cipher_ctx;
-    size_t olen = 0;
-
-    if( pwd == NULL && pwdlen != 0 )
-        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
-
-    cipher_info = mbedtls_cipher_info_from_type( cipher_type );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
-
-    keylen = cipher_info->key_bitlen / 8;
-
-    if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, md_type, pwd, pwdlen,
-                                          key, keylen,
-                                          iv, cipher_info->iv_size ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    mbedtls_cipher_init( &cipher_ctx );
-
-    if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen, (mbedtls_operation_t) mode ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_set_iv( &cipher_ctx, iv, cipher_info->iv_size ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_reset( &cipher_ctx ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_update( &cipher_ctx, data, len,
-                                output, &olen ) ) != 0 )
-    {
-        goto exit;
-    }
-
-    if( ( ret = mbedtls_cipher_finish( &cipher_ctx, output + olen, &olen ) ) != 0 )
-        ret = MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH;
-
-exit:
-    mbedtls_platform_zeroize( key, sizeof( key ) );
-    mbedtls_platform_zeroize( iv,  sizeof( iv  ) );
-    mbedtls_cipher_free( &cipher_ctx );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-static void pkcs12_fill_buffer( unsigned char *data, size_t data_len,
-                                const unsigned char *filler, size_t fill_len )
-{
-    unsigned char *p = data;
-    size_t use_len;
-
-    if( filler != NULL && fill_len != 0 )
-    {
-        while( data_len > 0 )
-        {
-            use_len = ( data_len > fill_len ) ? fill_len : data_len;
-            memcpy( p, filler, use_len );
-            p += use_len;
-            data_len -= use_len;
-        }
-    }
-    else
-    {
-        /* If either of the above are not true then clearly there is nothing
-         * that this function can do. The function should *not* be called
-         * under either of those circumstances, as you could end up with an
-         * incorrect output but for safety's sake, leaving the check in as
-         * otherwise we could end up with memory corruption.*/
-    }
-}
-
-int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
-                       const unsigned char *pwd, size_t pwdlen,
-                       const unsigned char *salt, size_t saltlen,
-                       mbedtls_md_type_t md_type, int id, int iterations )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned int j;
-
-    unsigned char diversifier[128];
-    unsigned char salt_block[128], pwd_block[128], hash_block[128];
-    unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
-    unsigned char *p;
-    unsigned char c;
-    int           use_password = 0;
-    int           use_salt = 0;
-
-    size_t hlen, use_len, v, i;
-
-    const mbedtls_md_info_t *md_info;
-    mbedtls_md_context_t md_ctx;
-
-    // This version only allows max of 64 bytes of password or salt
-    if( datalen > 128 || pwdlen > 64 || saltlen > 64 )
-        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
-
-    if( pwd == NULL && pwdlen != 0 )
-        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
-
-    if( salt == NULL && saltlen != 0 )
-        return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
-
-    use_password = ( pwd && pwdlen != 0 );
-    use_salt = ( salt && saltlen != 0 );
-
-    md_info = mbedtls_md_info_from_type( md_type );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
-
-    mbedtls_md_init( &md_ctx );
-
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
-        return( ret );
-    hlen = mbedtls_md_get_size( md_info );
-
-    if( hlen <= 32 )
-        v = 64;
-    else
-        v = 128;
-
-    memset( diversifier, (unsigned char) id, v );
-
-    if( use_salt != 0 )
-    {
-        pkcs12_fill_buffer( salt_block, v, salt, saltlen );
-    }
-
-    if( use_password != 0 )
-    {
-        pkcs12_fill_buffer( pwd_block,  v, pwd,  pwdlen  );
-    }
-
-    p = data;
-    while( datalen > 0 )
-    {
-        // Calculate hash( diversifier || salt_block || pwd_block )
-        if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
-            goto exit;
-
-        if( ( ret = mbedtls_md_update( &md_ctx, diversifier, v ) ) != 0 )
-            goto exit;
-
-        if( use_salt != 0 )
-        {
-            if( ( ret = mbedtls_md_update( &md_ctx, salt_block, v )) != 0 )
-                goto exit;
-        }
-
-        if( use_password != 0)
-        {
-            if( ( ret = mbedtls_md_update( &md_ctx, pwd_block, v )) != 0 )
-                goto exit;
-        }
-
-        if( ( ret = mbedtls_md_finish( &md_ctx, hash_output ) ) != 0 )
-            goto exit;
-
-        // Perform remaining ( iterations - 1 ) recursive hash calculations
-        for( i = 1; i < (size_t) iterations; i++ )
-        {
-            if( ( ret = mbedtls_md( md_info, hash_output, hlen, hash_output ) ) != 0 )
-                goto exit;
-        }
-
-        use_len = ( datalen > hlen ) ? hlen : datalen;
-        memcpy( p, hash_output, use_len );
-        datalen -= use_len;
-        p += use_len;
-
-        if( datalen == 0 )
-            break;
-
-        // Concatenating copies of hash_output into hash_block (B)
-        pkcs12_fill_buffer( hash_block, v, hash_output, hlen );
-
-        // B += 1
-        for( i = v; i > 0; i-- )
-            if( ++hash_block[i - 1] != 0 )
-                break;
-
-        if( use_salt != 0 )
-        {
-            // salt_block += B
-            c = 0;
-            for( i = v; i > 0; i-- )
-            {
-                j = salt_block[i - 1] + hash_block[i - 1] + c;
-                c = MBEDTLS_BYTE_1( j );
-                salt_block[i - 1] = MBEDTLS_BYTE_0( j );
-            }
-        }
-
-        if( use_password != 0 )
-        {
-            // pwd_block  += B
-            c = 0;
-            for( i = v; i > 0; i-- )
-            {
-                j = pwd_block[i - 1] + hash_block[i - 1] + c;
-                c = MBEDTLS_BYTE_1( j );
-                pwd_block[i - 1] = MBEDTLS_BYTE_0( j );
-            }
-        }
-    }
-
-    ret = 0;
-
-exit:
-    mbedtls_platform_zeroize( salt_block, sizeof( salt_block ) );
-    mbedtls_platform_zeroize( pwd_block, sizeof( pwd_block ) );
-    mbedtls_platform_zeroize( hash_block, sizeof( hash_block ) );
-    mbedtls_platform_zeroize( hash_output, sizeof( hash_output ) );
-
-    mbedtls_md_free( &md_ctx );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_PKCS12_C */
diff --git a/Sources/mbedtls/library/pkcs5.c b/Sources/mbedtls/library/pkcs5.c
deleted file mode 100644
index f9d0137..0000000
--- a/Sources/mbedtls/library/pkcs5.c
+++ /dev/null
@@ -1,415 +0,0 @@
-/**
- * \file pkcs5.c
- *
- * \brief PKCS#5 functions
- *
- * \author Mathias Olsson <mathias@kompetensum.com>
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- * PKCS#5 includes PBKDF2 and more
- *
- * http://tools.ietf.org/html/rfc2898 (Specification)
- * http://tools.ietf.org/html/rfc6070 (Test vectors)
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PKCS5_C)
-
-#include "mbedtls/pkcs5.h"
-#include "mbedtls/error.h"
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-#include "mbedtls/asn1.h"
-#include "mbedtls/cipher.h"
-#include "mbedtls/oid.h"
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
-                                      mbedtls_asn1_buf *salt, int *iterations,
-                                      int *keylen, mbedtls_md_type_t *md_type )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_asn1_buf prf_alg_oid;
-    unsigned char *p = params->p;
-    const unsigned char *end = params->p + params->len;
-
-    if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
-    /*
-     *  PBKDF2-params ::= SEQUENCE {
-     *    salt              OCTET STRING,
-     *    iterationCount    INTEGER,
-     *    keyLength         INTEGER OPTIONAL
-     *    prf               AlgorithmIdentifier DEFAULT algid-hmacWithSHA1
-     *  }
-     *
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &salt->len,
-                                      MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
-
-    salt->p = p;
-    p += salt->len;
-
-    if( ( ret = mbedtls_asn1_get_int( &p, end, iterations ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
-
-    if( p == end )
-        return( 0 );
-
-    if( ( ret = mbedtls_asn1_get_int( &p, end, keylen ) ) != 0 )
-    {
-        if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
-    }
-
-    if( p == end )
-        return( 0 );
-
-    if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
-
-    if( mbedtls_oid_get_md_hmac( &prf_alg_oid, md_type ) != 0 )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-
-    if( p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
-
-    return( 0 );
-}
-
-int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
-                 const unsigned char *pwd,  size_t pwdlen,
-                 const unsigned char *data, size_t datalen,
-                 unsigned char *output )
-{
-    int ret, iterations = 0, keylen = 0;
-    unsigned char *p, *end;
-    mbedtls_asn1_buf kdf_alg_oid, enc_scheme_oid, kdf_alg_params, enc_scheme_params;
-    mbedtls_asn1_buf salt;
-    mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;
-    unsigned char key[32], iv[32];
-    size_t olen = 0;
-    const mbedtls_md_info_t *md_info;
-    const mbedtls_cipher_info_t *cipher_info;
-    mbedtls_md_context_t md_ctx;
-    mbedtls_cipher_type_t cipher_alg;
-    mbedtls_cipher_context_t cipher_ctx;
-
-    p = pbe_params->p;
-    end = p + pbe_params->len;
-
-    /*
-     *  PBES2-params ::= SEQUENCE {
-     *    keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
-     *    encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
-     *  }
-     */
-    if( pbe_params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
-
-    if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid,
-                                      &kdf_alg_params ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
-
-    // Only PBKDF2 supported at the moment
-    //
-    if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBKDF2, &kdf_alg_oid ) != 0 )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-
-    if( ( ret = pkcs5_parse_pbkdf2_params( &kdf_alg_params,
-                                           &salt, &iterations, &keylen,
-                                           &md_type ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    md_info = mbedtls_md_info_from_type( md_type );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-
-    if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid,
-                              &enc_scheme_params ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
-    }
-
-    if( mbedtls_oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-
-    cipher_info = mbedtls_cipher_info_from_type( cipher_alg );
-    if( cipher_info == NULL )
-        return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
-
-    /*
-     * The value of keylen from pkcs5_parse_pbkdf2_params() is ignored
-     * since it is optional and we don't know if it was set or not
-     */
-    keylen = cipher_info->key_bitlen / 8;
-
-    if( enc_scheme_params.tag != MBEDTLS_ASN1_OCTET_STRING ||
-        enc_scheme_params.len != cipher_info->iv_size )
-    {
-        return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT );
-    }
-
-    mbedtls_md_init( &md_ctx );
-    mbedtls_cipher_init( &cipher_ctx );
-
-    memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
-
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len,
-                                   iterations, keylen, key ) ) != 0 )
-    {
-        goto exit;
-    }
-
-    if( ( ret = mbedtls_cipher_setup( &cipher_ctx, cipher_info ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_setkey( &cipher_ctx, key, 8 * keylen,
-                                       (mbedtls_operation_t) mode ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_cipher_crypt( &cipher_ctx, iv, enc_scheme_params.len,
-                              data, datalen, output, &olen ) ) != 0 )
-        ret = MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH;
-
-exit:
-    mbedtls_md_free( &md_ctx );
-    mbedtls_cipher_free( &cipher_ctx );
-
-    return( ret );
-}
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
-int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx,
-                       const unsigned char *password,
-                       size_t plen, const unsigned char *salt, size_t slen,
-                       unsigned int iteration_count,
-                       uint32_t key_length, unsigned char *output )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    int j;
-    unsigned int i;
-    unsigned char md1[MBEDTLS_MD_MAX_SIZE];
-    unsigned char work[MBEDTLS_MD_MAX_SIZE];
-    unsigned char md_size = mbedtls_md_get_size( ctx->md_info );
-    size_t use_len;
-    unsigned char *out_p = output;
-    unsigned char counter[4];
-
-    memset( counter, 0, 4 );
-    counter[3] = 1;
-
-#if UINT_MAX > 0xFFFFFFFF
-    if( iteration_count > 0xFFFFFFFF )
-        return( MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA );
-#endif
-
-    if( ( ret = mbedtls_md_hmac_starts( ctx, password, plen ) ) != 0 )
-        return( ret );
-    while( key_length )
-    {
-        // U1 ends up in work
-        //
-        if( ( ret = mbedtls_md_hmac_update( ctx, salt, slen ) ) != 0 )
-            goto cleanup;
-
-        if( ( ret = mbedtls_md_hmac_update( ctx, counter, 4 ) ) != 0 )
-            goto cleanup;
-
-        if( ( ret = mbedtls_md_hmac_finish( ctx, work ) ) != 0 )
-            goto cleanup;
-
-        if( ( ret = mbedtls_md_hmac_reset( ctx ) ) != 0 )
-            goto cleanup;
-
-        memcpy( md1, work, md_size );
-
-        for( i = 1; i < iteration_count; i++ )
-        {
-            // U2 ends up in md1
-            //
-            if( ( ret = mbedtls_md_hmac_update( ctx, md1, md_size ) ) != 0 )
-                goto cleanup;
-
-            if( ( ret = mbedtls_md_hmac_finish( ctx, md1 ) ) != 0 )
-                goto cleanup;
-
-            if( ( ret = mbedtls_md_hmac_reset( ctx ) ) != 0 )
-                goto cleanup;
-
-            // U1 xor U2
-            //
-            for( j = 0; j < md_size; j++ )
-                work[j] ^= md1[j];
-        }
-
-        use_len = ( key_length < md_size ) ? key_length : md_size;
-        memcpy( out_p, work, use_len );
-
-        key_length -= (uint32_t) use_len;
-        out_p += use_len;
-
-        for( i = 4; i > 0; i-- )
-            if( ++counter[i - 1] != 0 )
-                break;
-    }
-
-cleanup:
-    /* Zeroise buffers to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( work, MBEDTLS_MD_MAX_SIZE );
-    mbedtls_platform_zeroize( md1, MBEDTLS_MD_MAX_SIZE );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#if !defined(MBEDTLS_SHA1_C)
-int mbedtls_pkcs5_self_test( int verbose )
-{
-    if( verbose != 0 )
-        mbedtls_printf( "  PBKDF2 (SHA1): skipped\n\n" );
-
-    return( 0 );
-}
-#else
-
-#define MAX_TESTS   6
-
-static const size_t plen_test_data[MAX_TESTS] =
-    { 8, 8, 8, 24, 9 };
-
-static const unsigned char password_test_data[MAX_TESTS][32] =
-{
-    "password",
-    "password",
-    "password",
-    "passwordPASSWORDpassword",
-    "pass\0word",
-};
-
-static const size_t slen_test_data[MAX_TESTS] =
-    { 4, 4, 4, 36, 5 };
-
-static const unsigned char salt_test_data[MAX_TESTS][40] =
-{
-    "salt",
-    "salt",
-    "salt",
-    "saltSALTsaltSALTsaltSALTsaltSALTsalt",
-    "sa\0lt",
-};
-
-static const uint32_t it_cnt_test_data[MAX_TESTS] =
-    { 1, 2, 4096, 4096, 4096 };
-
-static const uint32_t key_len_test_data[MAX_TESTS] =
-    { 20, 20, 20, 25, 16 };
-
-static const unsigned char result_key_test_data[MAX_TESTS][32] =
-{
-    { 0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
-      0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
-      0x2f, 0xe0, 0x37, 0xa6 },
-    { 0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
-      0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
-      0xd8, 0xde, 0x89, 0x57 },
-    { 0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
-      0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
-      0x65, 0xa4, 0x29, 0xc1 },
-    { 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
-      0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
-      0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
-      0x38 },
-    { 0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
-      0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3 },
-};
-
-int mbedtls_pkcs5_self_test( int verbose )
-{
-    mbedtls_md_context_t sha1_ctx;
-    const mbedtls_md_info_t *info_sha1;
-    int ret, i;
-    unsigned char key[64];
-
-    mbedtls_md_init( &sha1_ctx );
-
-    info_sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
-    if( info_sha1 == NULL )
-    {
-        ret = 1;
-        goto exit;
-    }
-
-    if( ( ret = mbedtls_md_setup( &sha1_ctx, info_sha1, 1 ) ) != 0 )
-    {
-        ret = 1;
-        goto exit;
-    }
-
-    for( i = 0; i < MAX_TESTS; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  PBKDF2 (SHA1) #%d: ", i );
-
-        ret = mbedtls_pkcs5_pbkdf2_hmac( &sha1_ctx, password_test_data[i],
-                                         plen_test_data[i], salt_test_data[i],
-                                         slen_test_data[i], it_cnt_test_data[i],
-                                         key_len_test_data[i], key );
-        if( ret != 0 ||
-            memcmp( result_key_test_data[i], key, key_len_test_data[i] ) != 0 )
-        {
-            if( verbose != 0 )
-                mbedtls_printf( "failed\n" );
-
-            ret = 1;
-            goto exit;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-exit:
-    mbedtls_md_free( &sha1_ctx );
-
-    return( ret );
-}
-#endif /* MBEDTLS_SHA1_C */
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_PKCS5_C */
diff --git a/Sources/mbedtls/library/pkparse.c b/Sources/mbedtls/library/pkparse.c
deleted file mode 100644
index 6170d6d..0000000
--- a/Sources/mbedtls/library/pkparse.c
+++ /dev/null
@@ -1,1539 +0,0 @@
-/*
- *  Public Key layer for parsing key files and structures
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PK_PARSE_C)
-
-#include "mbedtls/pk.h"
-#include "mbedtls/asn1.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
-#endif
-#if defined(MBEDTLS_PEM_PARSE_C)
-#include "mbedtls/pem.h"
-#endif
-#if defined(MBEDTLS_PKCS5_C)
-#include "mbedtls/pkcs5.h"
-#endif
-#if defined(MBEDTLS_PKCS12_C)
-#include "mbedtls/pkcs12.h"
-#endif
-
-#include "mbedtls/platform.h"
-
-/* Parameter validation macros based on platform_util.h */
-#define PK_VALIDATE_RET( cond )    \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
-#define PK_VALIDATE( cond )        \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#if defined(MBEDTLS_FS_IO)
-/*
- * Load all data from a file into a given buffer.
- *
- * The file is expected to contain either PEM or DER encoded data.
- * A terminating null byte is always appended. It is included in the announced
- * length only if the data looks like it is PEM encoded.
- */
-int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
-{
-    FILE *f;
-    long size;
-
-    PK_VALIDATE_RET( path != NULL );
-    PK_VALIDATE_RET( buf != NULL );
-    PK_VALIDATE_RET( n != NULL );
-
-    if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
-
-    fseek( f, 0, SEEK_END );
-    if( ( size = ftell( f ) ) == -1 )
-    {
-        fclose( f );
-        return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
-    }
-    fseek( f, 0, SEEK_SET );
-
-    *n = (size_t) size;
-
-    if( *n + 1 == 0 ||
-        ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
-    {
-        fclose( f );
-        return( MBEDTLS_ERR_PK_ALLOC_FAILED );
-    }
-
-    if( fread( *buf, 1, *n, f ) != *n )
-    {
-        fclose( f );
-
-        mbedtls_platform_zeroize( *buf, *n );
-        mbedtls_free( *buf );
-
-        return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
-    }
-
-    fclose( f );
-
-    (*buf)[*n] = '\0';
-
-    if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
-        ++*n;
-
-    return( 0 );
-}
-
-/*
- * Load and parse a private key
- */
-int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
-                      const char *path, const char *pwd )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t n;
-    unsigned char *buf;
-
-    PK_VALIDATE_RET( ctx != NULL );
-    PK_VALIDATE_RET( path != NULL );
-
-    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
-
-    if( pwd == NULL )
-        ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 );
-    else
-        ret = mbedtls_pk_parse_key( ctx, buf, n,
-                (const unsigned char *) pwd, strlen( pwd ) );
-
-    mbedtls_platform_zeroize( buf, n );
-    mbedtls_free( buf );
-
-    return( ret );
-}
-
-/*
- * Load and parse a public key
- */
-int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t n;
-    unsigned char *buf;
-
-    PK_VALIDATE_RET( ctx != NULL );
-    PK_VALIDATE_RET( path != NULL );
-
-    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
-        return( ret );
-
-    ret = mbedtls_pk_parse_public_key( ctx, buf, n );
-
-    mbedtls_platform_zeroize( buf, n );
-    mbedtls_free( buf );
-
-    return( ret );
-}
-#endif /* MBEDTLS_FS_IO */
-
-#if defined(MBEDTLS_ECP_C)
-/* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
- *
- * ECParameters ::= CHOICE {
- *   namedCurve         OBJECT IDENTIFIER
- *   specifiedCurve     SpecifiedECDomain -- = SEQUENCE { ... }
- *   -- implicitCurve   NULL
- * }
- */
-static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
-                            mbedtls_asn1_buf *params )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if ( end - *p < 1 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
-
-    /* Tag may be either OID or SEQUENCE */
-    params->tag = **p;
-    if( params->tag != MBEDTLS_ASN1_OID
-#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
-            && params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE )
-#endif
-            )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
-    }
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-    }
-
-    params->p = *p;
-    *p += params->len;
-
-    if( *p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
-/*
- * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
- * WARNING: the resulting group should only be used with
- * pk_group_id_from_specified(), since its base point may not be set correctly
- * if it was encoded compressed.
- *
- *  SpecifiedECDomain ::= SEQUENCE {
- *      version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
- *      fieldID FieldID {{FieldTypes}},
- *      curve Curve,
- *      base ECPoint,
- *      order INTEGER,
- *      cofactor INTEGER OPTIONAL,
- *      hash HashAlgorithm OPTIONAL,
- *      ...
- *  }
- *
- * We only support prime-field as field type, and ignore hash and cofactor.
- */
-static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *p = params->p;
-    const unsigned char * const end = params->p + params->len;
-    const unsigned char *end_field, *end_curve;
-    size_t len;
-    int ver;
-
-    /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
-    if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-
-    if( ver < 1 || ver > 3 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-
-    /*
-     * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
-     *       fieldType FIELD-ID.&id({IOSet}),
-     *       parameters FIELD-ID.&Type({IOSet}{@fieldType})
-     * }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( ret );
-
-    end_field = p + len;
-
-    /*
-     * FIELD-ID ::= TYPE-IDENTIFIER
-     * FieldTypes FIELD-ID ::= {
-     *       { Prime-p IDENTIFIED BY prime-field } |
-     *       { Characteristic-two IDENTIFIED BY characteristic-two-field }
-     * }
-     * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end_field, &len, MBEDTLS_ASN1_OID ) ) != 0 )
-        return( ret );
-
-    if( len != MBEDTLS_OID_SIZE( MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD ) ||
-        memcmp( p, MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-    }
-
-    p += len;
-
-    /* Prime-p ::= INTEGER -- Field of size p. */
-    if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-
-    grp->pbits = mbedtls_mpi_bitlen( &grp->P );
-
-    if( p != end_field )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
-
-    /*
-     * Curve ::= SEQUENCE {
-     *       a FieldElement,
-     *       b FieldElement,
-     *       seed BIT STRING OPTIONAL
-     *       -- Shall be present if used in SpecifiedECDomain
-     *       -- with version equal to ecdpVer2 or ecdpVer3
-     * }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( ret );
-
-    end_curve = p + len;
-
-    /*
-     * FieldElement ::= OCTET STRING
-     * containing an integer in the case of a prime field
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
-        ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-    }
-
-    p += len;
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
-        ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-    }
-
-    p += len;
-
-    /* Ignore seed BIT STRING OPTIONAL */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_BIT_STRING ) ) == 0 )
-        p += len;
-
-    if( p != end_curve )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
-
-    /*
-     * ECPoint ::= OCTET STRING
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-
-    if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G,
-                                      ( const unsigned char *) p, len ) ) != 0 )
-    {
-        /*
-         * If we can't read the point because it's compressed, cheat by
-         * reading only the X coordinate and the parity bit of Y.
-         */
-        if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ||
-            ( p[0] != 0x02 && p[0] != 0x03 ) ||
-            len != mbedtls_mpi_size( &grp->P ) + 1 ||
-            mbedtls_mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
-            mbedtls_mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
-            mbedtls_mpi_lset( &grp->G.Z, 1 ) != 0 )
-        {
-            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-        }
-    }
-
-    p += len;
-
-    /*
-     * order INTEGER
-     */
-    if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-
-    grp->nbits = mbedtls_mpi_bitlen( &grp->N );
-
-    /*
-     * Allow optional elements by purposefully not enforcing p == end here.
-     */
-
-    return( 0 );
-}
-
-/*
- * Find the group id associated with an (almost filled) group as generated by
- * pk_group_from_specified(), or return an error if unknown.
- */
-static int pk_group_id_from_group( const mbedtls_ecp_group *grp, mbedtls_ecp_group_id *grp_id )
-{
-    int ret = 0;
-    mbedtls_ecp_group ref;
-    const mbedtls_ecp_group_id *id;
-
-    mbedtls_ecp_group_init( &ref );
-
-    for( id = mbedtls_ecp_grp_id_list(); *id != MBEDTLS_ECP_DP_NONE; id++ )
-    {
-        /* Load the group associated to that id */
-        mbedtls_ecp_group_free( &ref );
-        MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ref, *id ) );
-
-        /* Compare to the group we were given, starting with easy tests */
-        if( grp->pbits == ref.pbits && grp->nbits == ref.nbits &&
-            mbedtls_mpi_cmp_mpi( &grp->P, &ref.P ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->A, &ref.A ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->B, &ref.B ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->N, &ref.N ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->G.X, &ref.G.X ) == 0 &&
-            mbedtls_mpi_cmp_mpi( &grp->G.Z, &ref.G.Z ) == 0 &&
-            /* For Y we may only know the parity bit, so compare only that */
-            mbedtls_mpi_get_bit( &grp->G.Y, 0 ) == mbedtls_mpi_get_bit( &ref.G.Y, 0 ) )
-        {
-            break;
-        }
-
-    }
-
-cleanup:
-    mbedtls_ecp_group_free( &ref );
-
-    *grp_id = *id;
-
-    if( ret == 0 && *id == MBEDTLS_ECP_DP_NONE )
-        ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
-
-    return( ret );
-}
-
-/*
- * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID
- */
-static int pk_group_id_from_specified( const mbedtls_asn1_buf *params,
-                                       mbedtls_ecp_group_id *grp_id )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_group grp;
-
-    mbedtls_ecp_group_init( &grp );
-
-    if( ( ret = pk_group_from_specified( params, &grp ) ) != 0 )
-        goto cleanup;
-
-    ret = pk_group_id_from_group( &grp, grp_id );
-
-cleanup:
-    mbedtls_ecp_group_free( &grp );
-
-    return( ret );
-}
-#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
-
-/*
- * Use EC parameters to initialise an EC group
- *
- * ECParameters ::= CHOICE {
- *   namedCurve         OBJECT IDENTIFIER
- *   specifiedCurve     SpecifiedECDomain -- = SEQUENCE { ... }
- *   -- implicitCurve   NULL
- */
-static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_group_id grp_id;
-
-    if( params->tag == MBEDTLS_ASN1_OID )
-    {
-        if( mbedtls_oid_get_ec_grp( params, &grp_id ) != 0 )
-            return( MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE );
-    }
-    else
-    {
-#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
-        if( ( ret = pk_group_id_from_specified( params, &grp_id ) ) != 0 )
-            return( ret );
-#else
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-#endif
-    }
-
-    /*
-     * grp may already be initialized; if so, make sure IDs match
-     */
-    if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-
-    if( ( ret = mbedtls_ecp_group_load( grp, grp_id ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-/*
- * EC public key is an EC point
- *
- * The caller is responsible for clearing the structure upon failure if
- * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE
- * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
- */
-static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end,
-                            mbedtls_ecp_keypair *key )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q,
-                    (const unsigned char *) *p, end - *p ) ) == 0 )
-    {
-        ret = mbedtls_ecp_check_pubkey( &key->grp, &key->Q );
-    }
-
-    /*
-     * We know mbedtls_ecp_point_read_binary consumed all bytes or failed
-     */
-    *p = (unsigned char *) end;
-
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_RSA_C)
-/*
- *  RSAPublicKey ::= SEQUENCE {
- *      modulus           INTEGER,  -- n
- *      publicExponent    INTEGER   -- e
- *  }
- */
-static int pk_get_rsapubkey( unsigned char **p,
-                             const unsigned char *end,
-                             mbedtls_rsa_context *rsa )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len;
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
-
-    if( *p + len != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
-
-    /* Import N */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
-
-    if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0,
-                                        NULL, 0, NULL, 0 ) ) != 0 )
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
-
-    *p += len;
-
-    /* Import E */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
-
-    if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
-                                        NULL, 0, *p, len ) ) != 0 )
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
-
-    *p += len;
-
-    if( mbedtls_rsa_complete( rsa ) != 0 ||
-        mbedtls_rsa_check_pubkey( rsa ) != 0 )
-    {
-        return( MBEDTLS_ERR_PK_INVALID_PUBKEY );
-    }
-
-    if( *p != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_RSA_C */
-
-/* Get a PK algorithm identifier
- *
- *  AlgorithmIdentifier  ::=  SEQUENCE  {
- *       algorithm               OBJECT IDENTIFIER,
- *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
- */
-static int pk_get_pk_alg( unsigned char **p,
-                          const unsigned char *end,
-                          mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_asn1_buf alg_oid;
-
-    memset( params, 0, sizeof(mbedtls_asn1_buf) );
-
-    if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_ALG, ret ) );
-
-    if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-
-    /*
-     * No parameters with RSA (only for EC)
-     */
-    if( *pk_alg == MBEDTLS_PK_RSA &&
-            ( ( params->tag != MBEDTLS_ASN1_NULL && params->tag != 0 ) ||
-                params->len != 0 ) )
-    {
-        return( MBEDTLS_ERR_PK_INVALID_ALG );
-    }
-
-    return( 0 );
-}
-
-/*
- *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
- *       algorithm            AlgorithmIdentifier,
- *       subjectPublicKey     BIT STRING }
- */
-int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
-                        mbedtls_pk_context *pk )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len;
-    mbedtls_asn1_buf alg_params;
-    mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
-    const mbedtls_pk_info_t *pk_info;
-
-    PK_VALIDATE_RET( p != NULL );
-    PK_VALIDATE_RET( *p != NULL );
-    PK_VALIDATE_RET( end != NULL );
-    PK_VALIDATE_RET( pk != NULL );
-
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
-                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-    }
-
-    end = *p + len;
-
-    if( ( ret = pk_get_pk_alg( p, end, &pk_alg, &alg_params ) ) != 0 )
-        return( ret );
-
-    if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
-
-    if( *p + len != end )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
-                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
-
-    if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-
-    if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
-        return( ret );
-
-#if defined(MBEDTLS_RSA_C)
-    if( pk_alg == MBEDTLS_PK_RSA )
-    {
-        ret = pk_get_rsapubkey( p, end, mbedtls_pk_rsa( *pk ) );
-    } else
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
-    if( pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY )
-    {
-        ret = pk_use_ecparams( &alg_params, &mbedtls_pk_ec( *pk )->grp );
-        if( ret == 0 )
-            ret = pk_get_ecpubkey( p, end, mbedtls_pk_ec( *pk ) );
-    } else
-#endif /* MBEDTLS_ECP_C */
-        ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
-
-    if( ret == 0 && *p != end )
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
-              MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-
-    if( ret != 0 )
-        mbedtls_pk_free( pk );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_RSA_C)
-/*
- * Wrapper around mbedtls_asn1_get_mpi() that rejects zero.
- *
- * The value zero is:
- * - never a valid value for an RSA parameter
- * - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete().
- *
- * Since values can't be omitted in PKCS#1, passing a zero value to
- * rsa_complete() would be incorrect, so reject zero values early.
- */
-static int asn1_get_nonzero_mpi( unsigned char **p,
-                                 const unsigned char *end,
-                                 mbedtls_mpi *X )
-{
-    int ret;
-
-    ret = mbedtls_asn1_get_mpi( p, end, X );
-    if( ret != 0 )
-        return( ret );
-
-    if( mbedtls_mpi_cmp_int( X, 0 ) == 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-
-    return( 0 );
-}
-
-/*
- * Parse a PKCS#1 encoded private RSA key
- */
-static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
-                                   const unsigned char *key,
-                                   size_t keylen )
-{
-    int ret, version;
-    size_t len;
-    unsigned char *p, *end;
-
-    mbedtls_mpi T;
-    mbedtls_mpi_init( &T );
-
-    p = (unsigned char *) key;
-    end = p + keylen;
-
-    /*
-     * This function parses the RSAPrivateKey (PKCS#1)
-     *
-     *  RSAPrivateKey ::= SEQUENCE {
-     *      version           Version,
-     *      modulus           INTEGER,  -- n
-     *      publicExponent    INTEGER,  -- e
-     *      privateExponent   INTEGER,  -- d
-     *      prime1            INTEGER,  -- p
-     *      prime2            INTEGER,  -- q
-     *      exponent1         INTEGER,  -- d mod (p-1)
-     *      exponent2         INTEGER,  -- d mod (q-1)
-     *      coefficient       INTEGER,  -- (inverse of q) mod p
-     *      otherPrimeInfos   OtherPrimeInfos OPTIONAL
-     *  }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-    }
-
-    end = p + len;
-
-    if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-    }
-
-    if( version != 0 )
-    {
-        return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
-    }
-
-    /* Import N */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_rsa_import( rsa, &T, NULL, NULL,
-                                        NULL, NULL ) ) != 0 )
-        goto cleanup;
-
-    /* Import E */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL,
-                                        NULL, &T ) ) != 0 )
-        goto cleanup;
-
-    /* Import D */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_rsa_import( rsa, NULL, NULL, NULL,
-                                        &T, NULL ) ) != 0 )
-        goto cleanup;
-
-    /* Import P */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_rsa_import( rsa, NULL, &T, NULL,
-                                        NULL, NULL ) ) != 0 )
-        goto cleanup;
-
-    /* Import Q */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_rsa_import( rsa, NULL, NULL, &T,
-                                        NULL, NULL ) ) != 0 )
-        goto cleanup;
-
-#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT)
-    /*
-    * The RSA CRT parameters DP, DQ and QP are nominally redundant, in
-    * that they can be easily recomputed from D, P and Q. However by
-    * parsing them from the PKCS1 structure it is possible to avoid
-    * recalculating them which both reduces the overhead of loading
-    * RSA private keys into memory and also avoids side channels which
-    * can arise when computing those values, since all of D, P, and Q
-    * are secret. See https://eprint.iacr.org/2020/055 for a
-    * description of one such attack.
-    */
-
-    /* Import DP */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &rsa->DP, &T ) ) != 0 )
-       goto cleanup;
-
-    /* Import DQ */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &rsa->DQ, &T ) ) != 0 )
-       goto cleanup;
-
-    /* Import QP */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = mbedtls_mpi_copy( &rsa->QP, &T ) ) != 0 )
-       goto cleanup;
-
-#else
-    /* Verify existence of the CRT params */
-    if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ||
-        ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 )
-       goto cleanup;
-#endif
-
-    /* rsa_complete() doesn't complete anything with the default
-     * implementation but is still called:
-     * - for the benefit of alternative implementation that may want to
-     *   pre-compute stuff beyond what's provided (eg Montgomery factors)
-     * - as is also sanity-checks the key
-     *
-     * Furthermore, we also check the public part for consistency with
-     * mbedtls_pk_parse_pubkey(), as it includes size minima for example.
-     */
-    if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ||
-        ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 )
-    {
-        goto cleanup;
-    }
-
-    if( p != end )
-    {
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-              MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
-    }
-
-cleanup:
-
-    mbedtls_mpi_free( &T );
-
-    if( ret != 0 )
-    {
-        /* Wrap error code if it's coming from a lower level */
-        if( ( ret & 0xff80 ) == 0 )
-            ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret );
-        else
-            ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
-
-        mbedtls_rsa_free( rsa );
-    }
-
-    return( ret );
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * Parse a SEC1 encoded private EC key
- */
-static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
-                                  const unsigned char *key,
-                                  size_t keylen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    int version, pubkey_done;
-    size_t len;
-    mbedtls_asn1_buf params;
-    unsigned char *p = (unsigned char *) key;
-    unsigned char *end = p + keylen;
-    unsigned char *end2;
-
-    /*
-     * RFC 5915, or SEC1 Appendix C.4
-     *
-     * ECPrivateKey ::= SEQUENCE {
-     *      version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
-     *      privateKey     OCTET STRING,
-     *      parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
-     *      publicKey  [1] BIT STRING OPTIONAL
-     *    }
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-    }
-
-    end = p + len;
-
-    if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-
-    if( version != 1 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-
-    if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
-    {
-        mbedtls_ecp_keypair_free( eck );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-    }
-
-    p += len;
-
-    pubkey_done = 0;
-    if( p != end )
-    {
-        /*
-         * Is 'parameters' present?
-         */
-        if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
-        {
-            if( ( ret = pk_get_ecparams( &p, p + len, &params) ) != 0 ||
-                ( ret = pk_use_ecparams( &params, &eck->grp )  ) != 0 )
-            {
-                mbedtls_ecp_keypair_free( eck );
-                return( ret );
-            }
-        }
-        else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        {
-            mbedtls_ecp_keypair_free( eck );
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-        }
-    }
-
-    if( p != end )
-    {
-        /*
-         * Is 'publickey' present? If not, or if we can't read it (eg because it
-         * is compressed), create it from the private key.
-         */
-        if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-                        MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
-        {
-            end2 = p + len;
-
-            if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
-                return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-
-            if( p + len != end2 )
-                return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                        MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
-
-            if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
-                pubkey_done = 1;
-            else
-            {
-                /*
-                 * The only acceptable failure mode of pk_get_ecpubkey() above
-                 * is if the point format is not recognized.
-                 */
-                if( ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE )
-                    return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-            }
-        }
-        else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
-        {
-            mbedtls_ecp_keypair_free( eck );
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-        }
-    }
-
-    if( ! pubkey_done &&
-        ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
-                                                      NULL, NULL ) ) != 0 )
-    {
-        mbedtls_ecp_keypair_free( eck );
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-    }
-
-    if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
-    {
-        mbedtls_ecp_keypair_free( eck );
-        return( ret );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_ECP_C */
-
-/*
- * Parse an unencrypted PKCS#8 encoded private key
- *
- * Notes:
- *
- * - This function does not own the key buffer. It is the
- *   responsibility of the caller to take care of zeroizing
- *   and freeing it after use.
- *
- * - The function is responsible for freeing the provided
- *   PK context on failure.
- *
- */
-static int pk_parse_key_pkcs8_unencrypted_der(
-                                    mbedtls_pk_context *pk,
-                                    const unsigned char* key,
-                                    size_t keylen )
-{
-    int ret, version;
-    size_t len;
-    mbedtls_asn1_buf params;
-    unsigned char *p = (unsigned char *) key;
-    unsigned char *end = p + keylen;
-    mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
-    const mbedtls_pk_info_t *pk_info;
-
-    /*
-     * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208)
-     *
-     *    PrivateKeyInfo ::= SEQUENCE {
-     *      version                   Version,
-     *      privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
-     *      privateKey                PrivateKey,
-     *      attributes           [0]  IMPLICIT Attributes OPTIONAL }
-     *
-     *    Version ::= INTEGER
-     *    PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
-     *    PrivateKey ::= OCTET STRING
-     *
-     *  The PrivateKey OCTET STRING is a SEC1 ECPrivateKey
-     */
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-    }
-
-    end = p + len;
-
-    if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-
-    if( version != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret ) );
-
-    if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-
-    if( len < 1 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
-
-    if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-
-    if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 )
-        return( ret );
-
-#if defined(MBEDTLS_RSA_C)
-    if( pk_alg == MBEDTLS_PK_RSA )
-    {
-        if( ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), p, len ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
-            return( ret );
-        }
-    } else
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
-    if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
-    {
-        if( ( ret = pk_use_ecparams( &params, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
-            ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len )  ) != 0 )
-        {
-            mbedtls_pk_free( pk );
-            return( ret );
-        }
-    } else
-#endif /* MBEDTLS_ECP_C */
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-
-    return( 0 );
-}
-
-/*
- * Parse an encrypted PKCS#8 encoded private key
- *
- * To save space, the decryption happens in-place on the given key buffer.
- * Also, while this function may modify the keybuffer, it doesn't own it,
- * and instead it is the responsibility of the caller to zeroize and properly
- * free it after use.
- *
- */
-#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
-static int pk_parse_key_pkcs8_encrypted_der(
-                                    mbedtls_pk_context *pk,
-                                    unsigned char *key, size_t keylen,
-                                    const unsigned char *pwd, size_t pwdlen )
-{
-    int ret, decrypted = 0;
-    size_t len;
-    unsigned char *buf;
-    unsigned char *p, *end;
-    mbedtls_asn1_buf pbe_alg_oid, pbe_params;
-#if defined(MBEDTLS_PKCS12_C)
-    mbedtls_cipher_type_t cipher_alg;
-    mbedtls_md_type_t md_alg;
-#endif
-
-    p = key;
-    end = p + keylen;
-
-    if( pwdlen == 0 )
-        return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
-
-    /*
-     * This function parses the EncryptedPrivateKeyInfo object (PKCS#8)
-     *
-     *  EncryptedPrivateKeyInfo ::= SEQUENCE {
-     *    encryptionAlgorithm  EncryptionAlgorithmIdentifier,
-     *    encryptedData        EncryptedData
-     *  }
-     *
-     *  EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-     *
-     *  EncryptedData ::= OCTET STRING
-     *
-     *  The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
-     *
-     */
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-    }
-
-    end = p + len;
-
-    if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-
-    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
-
-    buf = p;
-
-    /*
-     * Decrypt EncryptedData with appropriate PBE
-     */
-#if defined(MBEDTLS_PKCS12_C)
-    if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
-    {
-        if( ( ret = mbedtls_pkcs12_pbe( &pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
-                                cipher_alg, md_alg,
-                                pwd, pwdlen, p, len, buf ) ) != 0 )
-        {
-            if( ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH )
-                return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-
-            return( ret );
-        }
-
-        decrypted = 1;
-    }
-    else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 )
-    {
-        if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params,
-                                             MBEDTLS_PKCS12_PBE_DECRYPT,
-                                             pwd, pwdlen,
-                                             p, len, buf ) ) != 0 )
-        {
-            return( ret );
-        }
-
-        // Best guess for password mismatch when using RC4. If first tag is
-        // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE
-        //
-        if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
-            return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-
-        decrypted = 1;
-    }
-    else
-#endif /* MBEDTLS_PKCS12_C */
-#if defined(MBEDTLS_PKCS5_C)
-    if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS5_PBES2, &pbe_alg_oid ) == 0 )
-    {
-        if( ( ret = mbedtls_pkcs5_pbes2( &pbe_params, MBEDTLS_PKCS5_DECRYPT, pwd, pwdlen,
-                                  p, len, buf ) ) != 0 )
-        {
-            if( ret == MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH )
-                return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-
-            return( ret );
-        }
-
-        decrypted = 1;
-    }
-    else
-#endif /* MBEDTLS_PKCS5_C */
-    {
-        ((void) pwd);
-    }
-
-    if( decrypted == 0 )
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
-    return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
-}
-#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
-
-/*
- * Parse a private key
- */
-int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
-                  const unsigned char *key, size_t keylen,
-                  const unsigned char *pwd, size_t pwdlen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const mbedtls_pk_info_t *pk_info;
-#if defined(MBEDTLS_PEM_PARSE_C)
-    size_t len;
-    mbedtls_pem_context pem;
-#endif
-
-    PK_VALIDATE_RET( pk != NULL );
-    if( keylen == 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-    PK_VALIDATE_RET( key != NULL );
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-   mbedtls_pem_init( &pem );
-
-#if defined(MBEDTLS_RSA_C)
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( key[keylen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN RSA PRIVATE KEY-----",
-                               "-----END RSA PRIVATE KEY-----",
-                               key, pwd, pwdlen, &len );
-
-    if( ret == 0 )
-    {
-        pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
-        if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
-            ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
-                                            pem.buf, pem.buflen ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
-        }
-
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
-        return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
-        return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        return( ret );
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( key[keylen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN EC PRIVATE KEY-----",
-                               "-----END EC PRIVATE KEY-----",
-                               key, pwd, pwdlen, &len );
-    if( ret == 0 )
-    {
-        pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
-
-        if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
-            ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
-                                           pem.buf, pem.buflen ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
-        }
-
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH )
-        return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH );
-    else if( ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED )
-        return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        return( ret );
-#endif /* MBEDTLS_ECP_C */
-
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( key[keylen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN PRIVATE KEY-----",
-                               "-----END PRIVATE KEY-----",
-                               key, NULL, 0, &len );
-    if( ret == 0 )
-    {
-        if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
-                                                pem.buf, pem.buflen ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
-        }
-
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        return( ret );
-
-#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( key[keylen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN ENCRYPTED PRIVATE KEY-----",
-                               "-----END ENCRYPTED PRIVATE KEY-----",
-                               key, NULL, 0, &len );
-    if( ret == 0 )
-    {
-        if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk,
-                                                      pem.buf, pem.buflen,
-                                                      pwd, pwdlen ) ) != 0 )
-        {
-            mbedtls_pk_free( pk );
-        }
-
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-        return( ret );
-#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
-#else
-    ((void) pwd);
-    ((void) pwdlen);
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-    /*
-     * At this point we only know it's not a PEM formatted key. Could be any
-     * of the known DER encoded private key formats
-     *
-     * We try the different DER format parsers to see if one passes without
-     * error
-     */
-#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
-    {
-        unsigned char *key_copy;
-
-        if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
-            return( MBEDTLS_ERR_PK_ALLOC_FAILED );
-
-        memcpy( key_copy, key, keylen );
-
-        ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
-                                                pwd, pwdlen );
-
-        mbedtls_platform_zeroize( key_copy, keylen );
-        mbedtls_free( key_copy );
-    }
-
-    if( ret == 0 )
-        return( 0 );
-
-    mbedtls_pk_free( pk );
-    mbedtls_pk_init( pk );
-
-    if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
-    {
-        return( ret );
-    }
-#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
-
-    ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen );
-    if( ret == 0 )
-    {
-        return( 0 );
-    }
-
-    mbedtls_pk_free( pk );
-    mbedtls_pk_init( pk );
-
-#if defined(MBEDTLS_RSA_C)
-
-    pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
-    if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
-        pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) == 0 )
-    {
-        return( 0 );
-    }
-
-    mbedtls_pk_free( pk );
-    mbedtls_pk_init( pk );
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-    pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
-    if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
-        pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
-                               key, keylen ) == 0 )
-    {
-        return( 0 );
-    }
-    mbedtls_pk_free( pk );
-#endif /* MBEDTLS_ECP_C */
-
-    /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't,
-     * it is ok to leave the PK context initialized but not
-     * freed: It is the caller's responsibility to call pk_init()
-     * before calling this function, and to call pk_free()
-     * when it fails. If MBEDTLS_ECP_C is defined but MBEDTLS_RSA_C
-     * isn't, this leads to mbedtls_pk_free() being called
-     * twice, once here and once by the caller, but this is
-     * also ok and in line with the mbedtls_pk_free() calls
-     * on failed PEM parsing attempts. */
-
-    return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-}
-
-/*
- * Parse a public key
- */
-int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
-                         const unsigned char *key, size_t keylen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *p;
-#if defined(MBEDTLS_RSA_C)
-    const mbedtls_pk_info_t *pk_info;
-#endif
-#if defined(MBEDTLS_PEM_PARSE_C)
-    size_t len;
-    mbedtls_pem_context pem;
-#endif
-
-    PK_VALIDATE_RET( ctx != NULL );
-    if( keylen == 0 )
-        return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
-    PK_VALIDATE_RET( key != NULL || keylen == 0 );
-
-#if defined(MBEDTLS_PEM_PARSE_C)
-    mbedtls_pem_init( &pem );
-#if defined(MBEDTLS_RSA_C)
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( key[keylen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                               "-----BEGIN RSA PUBLIC KEY-----",
-                               "-----END RSA PUBLIC KEY-----",
-                               key, NULL, 0, &len );
-
-    if( ret == 0 )
-    {
-        p = pem.buf;
-        if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
-        {
-            mbedtls_pem_free( &pem );
-            return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-        }
-
-        if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
-        {
-            mbedtls_pem_free( &pem );
-            return( ret );
-        }
-
-        if ( ( ret = pk_get_rsapubkey( &p, p + pem.buflen, mbedtls_pk_rsa( *ctx ) ) ) != 0 )
-            mbedtls_pk_free( ctx );
-
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-    {
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-#endif /* MBEDTLS_RSA_C */
-
-    /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( key[keylen - 1] != '\0' )
-        ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
-        ret = mbedtls_pem_read_buffer( &pem,
-                "-----BEGIN PUBLIC KEY-----",
-                "-----END PUBLIC KEY-----",
-                key, NULL, 0, &len );
-
-    if( ret == 0 )
-    {
-        /*
-         * Was PEM encoded
-         */
-        p = pem.buf;
-
-        ret = mbedtls_pk_parse_subpubkey( &p,  p + pem.buflen, ctx );
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
-    {
-        mbedtls_pem_free( &pem );
-        return( ret );
-    }
-    mbedtls_pem_free( &pem );
-#endif /* MBEDTLS_PEM_PARSE_C */
-
-#if defined(MBEDTLS_RSA_C)
-    if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
-        return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
-
-    if( ( ret = mbedtls_pk_setup( ctx, pk_info ) ) != 0 )
-        return( ret );
-
-    p = (unsigned char *)key;
-    ret = pk_get_rsapubkey( &p, p + keylen, mbedtls_pk_rsa( *ctx ) );
-    if( ret == 0 )
-    {
-        return( ret );
-    }
-    mbedtls_pk_free( ctx );
-    if( ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
-                                    MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) )
-    {
-        return( ret );
-    }
-#endif /* MBEDTLS_RSA_C */
-    p = (unsigned char *) key;
-
-    ret = mbedtls_pk_parse_subpubkey( &p, p + keylen, ctx );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_PK_PARSE_C */
diff --git a/Sources/mbedtls/library/pkwrite.c b/Sources/mbedtls/library/pkwrite.c
deleted file mode 100644
index c1ce0e3..0000000
--- a/Sources/mbedtls/library/pkwrite.c
+++ /dev/null
@@ -1,617 +0,0 @@
-/*
- *  Public Key layer for writing key files and structures
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PK_WRITE_C)
-
-#include "mbedtls/pk.h"
-#include "mbedtls/asn1write.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
-#endif
-#if defined(MBEDTLS_ECP_C)
-#include "mbedtls/bignum.h"
-#include "mbedtls/ecp.h"
-#include "mbedtls/platform_util.h"
-#endif
-#if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
-#endif
-#if defined(MBEDTLS_PEM_WRITE_C)
-#include "mbedtls/pem.h"
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
-#include "mbedtls/psa_util.h"
-#endif
-#include "mbedtls/platform.h"
-
-/* Parameter validation macros based on platform_util.h */
-#define PK_VALIDATE_RET( cond )    \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_PK_BAD_INPUT_DATA )
-#define PK_VALIDATE( cond )        \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#if defined(MBEDTLS_RSA_C)
-/*
- *  RSAPublicKey ::= SEQUENCE {
- *      modulus           INTEGER,  -- n
- *      publicExponent    INTEGER   -- e
- *  }
- */
-static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start,
-                                mbedtls_rsa_context *rsa )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-    mbedtls_mpi T;
-
-    mbedtls_mpi_init( &T );
-
-    /* Export E */
-    if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 ||
-         ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
-        goto end_of_export;
-    len += ret;
-
-    /* Export N */
-    if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 ||
-         ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 )
-        goto end_of_export;
-    len += ret;
-
-end_of_export:
-
-    mbedtls_mpi_free( &T );
-    if( ret < 0 )
-        return( ret );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED |
-                                                 MBEDTLS_ASN1_SEQUENCE ) );
-
-    return( (int) len );
-}
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * EC public key is an EC point
- */
-static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
-                               mbedtls_ecp_keypair *ec )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-    unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
-
-    if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q,
-                                        MBEDTLS_ECP_PF_UNCOMPRESSED,
-                                        &len, buf, sizeof( buf ) ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    if( *p < start || (size_t)( *p - start ) < len )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    *p -= len;
-    memcpy( *p, buf, len );
-
-    return( (int) len );
-}
-
-/*
- * ECParameters ::= CHOICE {
- *   namedCurve         OBJECT IDENTIFIER
- * }
- */
-static int pk_write_ec_param( unsigned char **p, unsigned char *start,
-                              mbedtls_ecp_keypair *ec )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-    const char *oid;
-    size_t oid_len;
-
-    if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 )
-        return( ret );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) );
-
-    return( (int) len );
-}
-
-/*
- * privateKey  OCTET STRING -- always of length ceil(log2(n)/8)
- */
-static int pk_write_ec_private( unsigned char **p, unsigned char *start,
-                                mbedtls_ecp_keypair *ec )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t byte_length = ( ec->grp.pbits + 7 ) / 8;
-    unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
-
-    ret = mbedtls_ecp_write_key( ec, tmp, byte_length );
-    if( ret != 0 )
-        goto exit;
-    ret = mbedtls_asn1_write_octet_string( p, start, tmp, byte_length );
-
-exit:
-    mbedtls_platform_zeroize( tmp, byte_length );
-    return( ret );
-}
-#endif /* MBEDTLS_ECP_C */
-
-int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
-                             const mbedtls_pk_context *key )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-
-    PK_VALIDATE_RET( p != NULL );
-    PK_VALIDATE_RET( *p != NULL );
-    PK_VALIDATE_RET( start != NULL );
-    PK_VALIDATE_RET( key != NULL );
-
-#if defined(MBEDTLS_RSA_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
-        MBEDTLS_ASN1_CHK_ADD( len, pk_write_rsa_pubkey( p, start, mbedtls_pk_rsa( *key ) ) );
-    else
-#endif
-#if defined(MBEDTLS_ECP_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
-        MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_pubkey( p, start, mbedtls_pk_ec( *key ) ) );
-    else
-#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_OPAQUE )
-    {
-        size_t buffer_size;
-        psa_key_id_t* key_id = (psa_key_id_t*) key->pk_ctx;
-
-        if ( *p < start )
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
-        buffer_size = (size_t)( *p - start );
-        if ( psa_export_public_key( *key_id, start, buffer_size, &len )
-             != PSA_SUCCESS )
-        {
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-        }
-        else
-        {
-            *p -= len;
-            memmove( *p, start, len );
-        }
-    }
-    else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
-    return( (int) len );
-}
-
-int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *c;
-    size_t len = 0, par_len = 0, oid_len;
-    mbedtls_pk_type_t pk_type;
-    const char *oid;
-
-    PK_VALIDATE_RET( key != NULL );
-    if( size == 0 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-    PK_VALIDATE_RET( buf != NULL );
-
-    c = buf + size;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, key ) );
-
-    if( c - buf < 1 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-    /*
-     *  SubjectPublicKeyInfo  ::=  SEQUENCE  {
-     *       algorithm            AlgorithmIdentifier,
-     *       subjectPublicKey     BIT STRING }
-     */
-    *--c = 0;
-    len += 1;
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
-
-    pk_type = mbedtls_pk_get_type( key );
-#if defined(MBEDTLS_ECP_C)
-    if( pk_type == MBEDTLS_PK_ECKEY )
-    {
-        MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, mbedtls_pk_ec( *key ) ) );
-    }
-#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( pk_type == MBEDTLS_PK_OPAQUE )
-    {
-        psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-        psa_key_type_t key_type;
-        psa_key_id_t key_id;
-        psa_ecc_family_t curve;
-        size_t bits;
-
-        key_id = *((psa_key_id_t*) key->pk_ctx );
-        if( PSA_SUCCESS != psa_get_key_attributes( key_id, &attributes ) )
-            return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
-        key_type = psa_get_key_type( &attributes );
-        bits = psa_get_key_bits( &attributes );
-        psa_reset_key_attributes( &attributes );
-
-        curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type );
-        if( curve == 0 )
-            return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
-        ret = mbedtls_psa_get_ecc_oid_from_id( curve, bits, &oid, &oid_len );
-        if( ret != 0 )
-            return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
-        /* Write EC algorithm parameters; that's akin
-         * to pk_write_ec_param() above. */
-        MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_oid( &c, buf,
-                                                               oid, oid_len ) );
-
-        /* The rest of the function works as for legacy EC contexts. */
-        pk_type = MBEDTLS_PK_ECKEY;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    if( ( ret = mbedtls_oid_get_oid_by_pk_alg( pk_type, &oid,
-                                               &oid_len ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_algorithm_identifier( &c, buf, oid, oid_len,
-                                                        par_len ) );
-
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-    MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                MBEDTLS_ASN1_SEQUENCE ) );
-
-    return( (int) len );
-}
-
-int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *c;
-    size_t len = 0;
-
-    PK_VALIDATE_RET( key != NULL );
-    if( size == 0 )
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-    PK_VALIDATE_RET( buf != NULL );
-
-    c = buf + size;
-
-#if defined(MBEDTLS_RSA_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
-    {
-        mbedtls_mpi T; /* Temporary holding the exported parameters */
-        mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key );
-
-        /*
-         * Export the parameters one after another to avoid simultaneous copies.
-         */
-
-        mbedtls_mpi_init( &T );
-
-        /* Export QP */
-        if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, NULL, &T ) ) != 0 ||
-            ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-        /* Export DQ */
-        if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, &T, NULL ) ) != 0 ||
-            ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-        /* Export DP */
-        if( ( ret = mbedtls_rsa_export_crt( rsa, &T, NULL, NULL ) ) != 0 ||
-            ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-        /* Export Q */
-        if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
-                                         &T, NULL, NULL ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-        /* Export P */
-        if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T,
-                                         NULL, NULL, NULL ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-        /* Export D */
-        if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
-                                         NULL, &T, NULL ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-        /* Export E */
-        if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL,
-                                         NULL, NULL, &T ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-        /* Export N */
-        if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL,
-                                         NULL, NULL, NULL ) ) != 0 ||
-             ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 )
-            goto end_of_export;
-        len += ret;
-
-    end_of_export:
-
-        mbedtls_mpi_free( &T );
-        if( ret < 0 )
-            return( ret );
-
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c,
-                                               buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                               MBEDTLS_ASN1_SEQUENCE ) );
-    }
-    else
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
-    {
-        mbedtls_ecp_keypair *ec = mbedtls_pk_ec( *key );
-        size_t pub_len = 0, par_len = 0;
-
-        /*
-         * RFC 5915, or SEC1 Appendix C.4
-         *
-         * ECPrivateKey ::= SEQUENCE {
-         *      version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
-         *      privateKey     OCTET STRING,
-         *      parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
-         *      publicKey  [1] BIT STRING OPTIONAL
-         *    }
-         */
-
-        /* publicKey */
-        MBEDTLS_ASN1_CHK_ADD( pub_len, pk_write_ec_pubkey( &c, buf, ec ) );
-
-        if( c - buf < 1 )
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-        *--c = 0;
-        pub_len += 1;
-
-        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
-        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_BIT_STRING ) );
-
-        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_len( &c, buf, pub_len ) );
-        MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_asn1_write_tag( &c, buf,
-                            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) );
-        len += pub_len;
-
-        /* parameters */
-        MBEDTLS_ASN1_CHK_ADD( par_len, pk_write_ec_param( &c, buf, ec ) );
-
-        MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_len( &c, buf, par_len ) );
-        MBEDTLS_ASN1_CHK_ADD( par_len, mbedtls_asn1_write_tag( &c, buf,
-                            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
-        len += par_len;
-
-        /* privateKey */
-        MBEDTLS_ASN1_CHK_ADD( len, pk_write_ec_private( &c, buf, ec ) );
-
-        /* version */
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 1 ) );
-
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
-        MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                    MBEDTLS_ASN1_SEQUENCE ) );
-    }
-    else
-#endif /* MBEDTLS_ECP_C */
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
-    return( (int) len );
-}
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-
-#define PEM_BEGIN_PUBLIC_KEY    "-----BEGIN PUBLIC KEY-----\n"
-#define PEM_END_PUBLIC_KEY      "-----END PUBLIC KEY-----\n"
-
-#define PEM_BEGIN_PRIVATE_KEY_RSA   "-----BEGIN RSA PRIVATE KEY-----\n"
-#define PEM_END_PRIVATE_KEY_RSA     "-----END RSA PRIVATE KEY-----\n"
-#define PEM_BEGIN_PRIVATE_KEY_EC    "-----BEGIN EC PRIVATE KEY-----\n"
-#define PEM_END_PRIVATE_KEY_EC      "-----END EC PRIVATE KEY-----\n"
-
-/*
- * Max sizes of key per types. Shown as tag + len (+ content).
- */
-
-#if defined(MBEDTLS_RSA_C)
-/*
- * RSA public keys:
- *  SubjectPublicKeyInfo  ::=  SEQUENCE  {          1 + 3
- *       algorithm            AlgorithmIdentifier,  1 + 1 (sequence)
- *                                                + 1 + 1 + 9 (rsa oid)
- *                                                + 1 + 1 (params null)
- *       subjectPublicKey     BIT STRING }          1 + 3 + (1 + below)
- *  RSAPublicKey ::= SEQUENCE {                     1 + 3
- *      modulus           INTEGER,  -- n            1 + 3 + MPI_MAX + 1
- *      publicExponent    INTEGER   -- e            1 + 3 + MPI_MAX + 1
- *  }
- */
-#define RSA_PUB_DER_MAX_BYTES   ( 38 + 2 * MBEDTLS_MPI_MAX_SIZE )
-
-/*
- * RSA private keys:
- *  RSAPrivateKey ::= SEQUENCE {                    1 + 3
- *      version           Version,                  1 + 1 + 1
- *      modulus           INTEGER,                  1 + 3 + MPI_MAX + 1
- *      publicExponent    INTEGER,                  1 + 3 + MPI_MAX + 1
- *      privateExponent   INTEGER,                  1 + 3 + MPI_MAX + 1
- *      prime1            INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
- *      prime2            INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
- *      exponent1         INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
- *      exponent2         INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
- *      coefficient       INTEGER,                  1 + 3 + MPI_MAX / 2 + 1
- *      otherPrimeInfos   OtherPrimeInfos OPTIONAL  0 (not supported)
- *  }
- */
-#define MPI_MAX_SIZE_2          ( MBEDTLS_MPI_MAX_SIZE / 2 + \
-                                  MBEDTLS_MPI_MAX_SIZE % 2 )
-#define RSA_PRV_DER_MAX_BYTES   ( 47 + 3 * MBEDTLS_MPI_MAX_SIZE \
-                                   + 5 * MPI_MAX_SIZE_2 )
-
-#else /* MBEDTLS_RSA_C */
-
-#define RSA_PUB_DER_MAX_BYTES   0
-#define RSA_PRV_DER_MAX_BYTES   0
-
-#endif /* MBEDTLS_RSA_C */
-
-#if defined(MBEDTLS_ECP_C)
-/*
- * EC public keys:
- *  SubjectPublicKeyInfo  ::=  SEQUENCE  {      1 + 2
- *    algorithm         AlgorithmIdentifier,    1 + 1 (sequence)
- *                                            + 1 + 1 + 7 (ec oid)
- *                                            + 1 + 1 + 9 (namedCurve oid)
- *    subjectPublicKey  BIT STRING              1 + 2 + 1               [1]
- *                                            + 1 (point format)        [1]
- *                                            + 2 * ECP_MAX (coords)    [1]
- *  }
- */
-#define ECP_PUB_DER_MAX_BYTES   ( 30 + 2 * MBEDTLS_ECP_MAX_BYTES )
-
-/*
- * EC private keys:
- * ECPrivateKey ::= SEQUENCE {                  1 + 2
- *      version        INTEGER ,                1 + 1 + 1
- *      privateKey     OCTET STRING,            1 + 1 + ECP_MAX
- *      parameters [0] ECParameters OPTIONAL,   1 + 1 + (1 + 1 + 9)
- *      publicKey  [1] BIT STRING OPTIONAL      1 + 2 + [1] above
- *    }
- */
-#define ECP_PRV_DER_MAX_BYTES   ( 29 + 3 * MBEDTLS_ECP_MAX_BYTES )
-
-#else /* MBEDTLS_ECP_C */
-
-#define ECP_PUB_DER_MAX_BYTES   0
-#define ECP_PRV_DER_MAX_BYTES   0
-
-#endif /* MBEDTLS_ECP_C */
-
-#define PUB_DER_MAX_BYTES   ( RSA_PUB_DER_MAX_BYTES > ECP_PUB_DER_MAX_BYTES ? \
-                              RSA_PUB_DER_MAX_BYTES : ECP_PUB_DER_MAX_BYTES )
-#define PRV_DER_MAX_BYTES   ( RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
-                              RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES )
-
-int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char output_buf[PUB_DER_MAX_BYTES];
-    size_t olen = 0;
-
-    PK_VALIDATE_RET( key != NULL );
-    PK_VALIDATE_RET( buf != NULL || size == 0 );
-
-    if( ( ret = mbedtls_pk_write_pubkey_der( key, output_buf,
-                                     sizeof(output_buf) ) ) < 0 )
-    {
-        return( ret );
-    }
-
-    if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
-                                  output_buf + sizeof(output_buf) - ret,
-                                  ret, buf, size, &olen ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    return( 0 );
-}
-
-int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char output_buf[PRV_DER_MAX_BYTES];
-    const char *begin, *end;
-    size_t olen = 0;
-
-    PK_VALIDATE_RET( key != NULL );
-    PK_VALIDATE_RET( buf != NULL || size == 0 );
-
-    if( ( ret = mbedtls_pk_write_key_der( key, output_buf, sizeof(output_buf) ) ) < 0 )
-        return( ret );
-
-#if defined(MBEDTLS_RSA_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA )
-    {
-        begin = PEM_BEGIN_PRIVATE_KEY_RSA;
-        end = PEM_END_PRIVATE_KEY_RSA;
-    }
-    else
-#endif
-#if defined(MBEDTLS_ECP_C)
-    if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_ECKEY )
-    {
-        begin = PEM_BEGIN_PRIVATE_KEY_EC;
-        end = PEM_END_PRIVATE_KEY_EC;
-    }
-    else
-#endif
-        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-
-    if( ( ret = mbedtls_pem_write_buffer( begin, end,
-                                  output_buf + sizeof(output_buf) - ret,
-                                  ret, buf, size, &olen ) ) != 0 )
-    {
-        return( ret );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_PEM_WRITE_C */
-
-#endif /* MBEDTLS_PK_WRITE_C */
diff --git a/Sources/mbedtls/library/platform.c b/Sources/mbedtls/library/platform.c
deleted file mode 100644
index e742fde..0000000
--- a/Sources/mbedtls/library/platform.c
+++ /dev/null
@@ -1,386 +0,0 @@
-/*
- *  Platform abstraction layer
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
-
-#include "mbedtls/platform.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-/* The compile time configuration of memory allocation via the macros
- * MBEDTLS_PLATFORM_{FREE/CALLOC}_MACRO takes precedence over the runtime
- * configuration via mbedtls_platform_set_calloc_free(). So, omit everything
- * related to the latter if MBEDTLS_PLATFORM_{FREE/CALLOC}_MACRO are defined. */
-#if defined(MBEDTLS_PLATFORM_MEMORY) &&                 \
-    !( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&        \
-       defined(MBEDTLS_PLATFORM_FREE_MACRO) )
-
-#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
-static void *platform_calloc_uninit( size_t n, size_t size )
-{
-    ((void) n);
-    ((void) size);
-    return( NULL );
-}
-
-#define MBEDTLS_PLATFORM_STD_CALLOC   platform_calloc_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_CALLOC */
-
-#if !defined(MBEDTLS_PLATFORM_STD_FREE)
-static void platform_free_uninit( void *ptr )
-{
-    ((void) ptr);
-}
-
-#define MBEDTLS_PLATFORM_STD_FREE     platform_free_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_FREE */
-
-static void * (*mbedtls_calloc_func)( size_t, size_t ) = MBEDTLS_PLATFORM_STD_CALLOC;
-static void (*mbedtls_free_func)( void * ) = MBEDTLS_PLATFORM_STD_FREE;
-
-void * mbedtls_calloc( size_t nmemb, size_t size )
-{
-    return (*mbedtls_calloc_func)( nmemb, size );
-}
-
-void mbedtls_free( void * ptr )
-{
-    (*mbedtls_free_func)( ptr );
-}
-
-int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
-                              void (*free_func)( void * ) )
-{
-    mbedtls_calloc_func = calloc_func;
-    mbedtls_free_func = free_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_MEMORY &&
-          !( defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&
-             defined(MBEDTLS_PLATFORM_FREE_MACRO) ) */
-
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
-#include <stdarg.h>
-int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    va_list argp;
-
-    va_start( argp, fmt );
-    ret = mbedtls_vsnprintf( s, n, fmt, argp );
-    va_end( argp );
-
-    return( ret );
-}
-#endif
-
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static int platform_snprintf_uninit( char * s, size_t n,
-                                     const char * format, ... )
-{
-    ((void) s);
-    ((void) n);
-    ((void) format);
-    return( 0 );
-}
-
-#define MBEDTLS_PLATFORM_STD_SNPRINTF    platform_snprintf_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_SNPRINTF */
-
-int (*mbedtls_snprintf)( char * s, size_t n,
-                          const char * format,
-                          ... ) = MBEDTLS_PLATFORM_STD_SNPRINTF;
-
-int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
-                                                 const char * format,
-                                                 ... ) )
-{
-    mbedtls_snprintf = snprintf_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
-#include <stdarg.h>
-int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    /* Avoid calling the invalid parameter handler by checking ourselves */
-    if( s == NULL || n == 0 || fmt == NULL )
-        return( -1 );
-
-#if defined(_TRUNCATE)
-    ret = vsnprintf_s( s, n, _TRUNCATE, fmt, arg );
-#else
-    ret = vsnprintf( s, n, fmt, arg );
-    if( ret < 0 || (size_t) ret == n )
-    {
-        s[n-1] = '\0';
-        ret = -1;
-    }
-#endif
-
-    return( ret );
-}
-#endif
-
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
-#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static int platform_vsnprintf_uninit( char * s, size_t n,
-                                     const char * format, va_list arg )
-{
-    ((void) s);
-    ((void) n);
-    ((void) format);
-    ((void) arg);
-    return( -1 );
-}
-
-#define MBEDTLS_PLATFORM_STD_VSNPRINTF    platform_vsnprintf_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_VSNPRINTF */
-
-int (*mbedtls_vsnprintf)( char * s, size_t n,
-                          const char * format,
-                          va_list arg ) = MBEDTLS_PLATFORM_STD_VSNPRINTF;
-
-int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
-                                                 const char * format,
-                                                 va_list arg ) )
-{
-    mbedtls_vsnprintf = vsnprintf_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
-
-#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static int platform_printf_uninit( const char *format, ... )
-{
-    ((void) format);
-    return( 0 );
-}
-
-#define MBEDTLS_PLATFORM_STD_PRINTF    platform_printf_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_PRINTF */
-
-int (*mbedtls_printf)( const char *, ... ) = MBEDTLS_PLATFORM_STD_PRINTF;
-
-int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) )
-{
-    mbedtls_printf = printf_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
-
-#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static int platform_fprintf_uninit( FILE *stream, const char *format, ... )
-{
-    ((void) stream);
-    ((void) format);
-    return( 0 );
-}
-
-#define MBEDTLS_PLATFORM_STD_FPRINTF   platform_fprintf_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_FPRINTF */
-
-int (*mbedtls_fprintf)( FILE *, const char *, ... ) =
-                                        MBEDTLS_PLATFORM_STD_FPRINTF;
-
-int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *, const char *, ... ) )
-{
-    mbedtls_fprintf = fprintf_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
-
-#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static void platform_exit_uninit( int status )
-{
-    ((void) status);
-}
-
-#define MBEDTLS_PLATFORM_STD_EXIT   platform_exit_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_EXIT */
-
-void (*mbedtls_exit)( int status ) = MBEDTLS_PLATFORM_STD_EXIT;
-
-int mbedtls_platform_set_exit( void (*exit_func)( int status ) )
-{
-    mbedtls_exit = exit_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
-
-#if defined(MBEDTLS_HAVE_TIME)
-
-#if defined(MBEDTLS_PLATFORM_TIME_ALT)
-#if !defined(MBEDTLS_PLATFORM_STD_TIME)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static mbedtls_time_t platform_time_uninit( mbedtls_time_t* timer )
-{
-    ((void) timer);
-    return( 0 );
-}
-
-#define MBEDTLS_PLATFORM_STD_TIME   platform_time_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_TIME */
-
-mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* timer ) = MBEDTLS_PLATFORM_STD_TIME;
-
-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* timer ) )
-{
-    mbedtls_time = time_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_TIME_ALT */
-
-#endif /* MBEDTLS_HAVE_TIME */
-
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
-/* Default implementations for the platform independent seed functions use
- * standard libc file functions to read from and write to a pre-defined filename
- */
-int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
-{
-    FILE *file;
-    size_t n;
-
-    if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL )
-        return( -1 );
-
-    if( ( n = fread( buf, 1, buf_len, file ) ) != buf_len )
-    {
-        fclose( file );
-        mbedtls_platform_zeroize( buf, buf_len );
-        return( -1 );
-    }
-
-    fclose( file );
-    return( (int)n );
-}
-
-int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
-{
-    FILE *file;
-    size_t n;
-
-    if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL )
-        return -1;
-
-    if( ( n = fwrite( buf, 1, buf_len, file ) ) != buf_len )
-    {
-        fclose( file );
-        return -1;
-    }
-
-    fclose( file );
-    return( (int)n );
-}
-#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static int platform_nv_seed_read_uninit( unsigned char *buf, size_t buf_len )
-{
-    ((void) buf);
-    ((void) buf_len);
-    return( -1 );
-}
-
-#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   platform_nv_seed_read_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_READ */
-
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
-/*
- * Make dummy function to prevent NULL pointer dereferences
- */
-static int platform_nv_seed_write_uninit( unsigned char *buf, size_t buf_len )
-{
-    ((void) buf);
-    ((void) buf_len);
-    return( -1 );
-}
-
-#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE   platform_nv_seed_write_uninit
-#endif /* !MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */
-
-int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) =
-            MBEDTLS_PLATFORM_STD_NV_SEED_READ;
-int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) =
-            MBEDTLS_PLATFORM_STD_NV_SEED_WRITE;
-
-int mbedtls_platform_set_nv_seed(
-        int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
-        int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len ) )
-{
-    mbedtls_nv_seed_read = nv_seed_read_func;
-    mbedtls_nv_seed_write = nv_seed_write_func;
-    return( 0 );
-}
-#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-
-#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
-/*
- * Placeholder platform setup that does nothing by default
- */
-int mbedtls_platform_setup( mbedtls_platform_context *ctx )
-{
-    (void)ctx;
-
-    return( 0 );
-}
-
-/*
- * Placeholder platform teardown that does nothing by default
- */
-void mbedtls_platform_teardown( mbedtls_platform_context *ctx )
-{
-    (void)ctx;
-}
-#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
-
-#endif /* MBEDTLS_PLATFORM_C */
diff --git a/Sources/mbedtls/library/platform_util.c b/Sources/mbedtls/library/platform_util.c
deleted file mode 100644
index 98fe5de..0000000
--- a/Sources/mbedtls/library/platform_util.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Common and shared functions used by multiple modules in the Mbed TLS
- * library.
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- * Ensure gmtime_r is available even with -std=c99; must be defined before
- * config.h, which pulls in glibc's features.h. Harmless on other platforms.
- */
-#if !defined(_POSIX_C_SOURCE)
-#define _POSIX_C_SOURCE 200112L
-#endif
-
-#include "common.h"
-
-#include "mbedtls/platform_util.h"
-#include "mbedtls/platform.h"
-#include "mbedtls/threading.h"
-
-#include <stddef.h>
-#include <string.h>
-
-#if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
-/*
- * This implementation should never be optimized out by the compiler
- *
- * This implementation for mbedtls_platform_zeroize() was inspired from Colin
- * Percival's blog article at:
- *
- * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html
- *
- * It uses a volatile function pointer to the standard memset(). Because the
- * pointer is volatile the compiler expects it to change at
- * any time and will not optimize out the call that could potentially perform
- * other operations on the input buffer instead of just setting it to 0.
- * Nevertheless, as pointed out by davidtgoldblatt on Hacker News
- * (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for
- * details), optimizations of the following form are still possible:
- *
- * if( memset_func != memset )
- *     memset_func( buf, 0, len );
- *
- * Note that it is extremely difficult to guarantee that
- * mbedtls_platform_zeroize() will not be optimized out by aggressive compilers
- * in a portable way. For this reason, Mbed TLS also provides the configuration
- * option MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure
- * mbedtls_platform_zeroize() to use a suitable implementation for their
- * platform and needs.
- */
-static void * (* const volatile memset_func)( void *, int, size_t ) = memset;
-
-void mbedtls_platform_zeroize( void *buf, size_t len )
-{
-    MBEDTLS_INTERNAL_VALIDATE( len == 0 || buf != NULL );
-
-    if( len > 0 )
-        memset_func( buf, 0, len );
-}
-#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
-
-#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
-#include <time.h>
-#if !defined(_WIN32) && (defined(unix) || \
-    defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
-    defined(__MACH__)))
-#include <unistd.h>
-#endif /* !_WIN32 && (unix || __unix || __unix__ ||
-        * (__APPLE__ && __MACH__)) */
-
-#if !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
-       ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
-         _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) )
-/*
- * This is a convenience shorthand macro to avoid checking the long
- * preprocessor conditions above. Ideally, we could expose this macro in
- * platform_util.h and simply use it in platform_util.c, threading.c and
- * threading.h. However, this macro is not part of the Mbed TLS public API, so
- * we keep it private by only defining it in this file
- */
-#if ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) )
-#define PLATFORM_UTIL_USE_GMTIME
-#endif /* ! ( defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ) */
-
-#endif /* !( ( defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L ) ||     \
-             ( defined(_POSIX_THREAD_SAFE_FUNCTIONS ) &&                     \
-                _POSIX_THREAD_SAFE_FUNCTIONS >= 200112L ) ) */
-
-struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
-                                      struct tm *tm_buf )
-{
-#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
-    return( ( gmtime_s( tm_buf, tt ) == 0 ) ? tm_buf : NULL );
-#elif !defined(PLATFORM_UTIL_USE_GMTIME)
-    return( gmtime_r( tt, tm_buf ) );
-#else
-    struct tm *lt;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_lock( &mbedtls_threading_gmtime_mutex ) != 0 )
-        return( NULL );
-#endif /* MBEDTLS_THREADING_C */
-
-    lt = gmtime( tt );
-
-    if( lt != NULL )
-    {
-        memcpy( tm_buf, lt, sizeof( struct tm ) );
-    }
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &mbedtls_threading_gmtime_mutex ) != 0 )
-        return( NULL );
-#endif /* MBEDTLS_THREADING_C */
-
-    return( ( lt == NULL ) ? NULL : tm_buf );
-#endif /* _WIN32 && !EFIX64 && !EFI32 */
-}
-#endif /* MBEDTLS_HAVE_TIME_DATE && MBEDTLS_PLATFORM_GMTIME_R_ALT */
diff --git a/Sources/mbedtls/library/poly1305.c b/Sources/mbedtls/library/poly1305.c
deleted file mode 100644
index a1c5b19..0000000
--- a/Sources/mbedtls/library/poly1305.c
+++ /dev/null
@@ -1,526 +0,0 @@
-/**
- * \file poly1305.c
- *
- * \brief Poly1305 authentication algorithm.
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-#include "common.h"
-
-#if defined(MBEDTLS_POLY1305_C)
-
-#include "mbedtls/poly1305.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_POLY1305_ALT)
-
-/* Parameter validation macros */
-#define POLY1305_VALIDATE_RET( cond )                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
-#define POLY1305_VALIDATE( cond )                                           \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#define POLY1305_BLOCK_SIZE_BYTES ( 16U )
-
-/*
- * Our implementation is tuned for 32-bit platforms with a 64-bit multiplier.
- * However we provided an alternative for platforms without such a multiplier.
- */
-#if defined(MBEDTLS_NO_64BIT_MULTIPLICATION)
-static uint64_t mul64( uint32_t a, uint32_t b )
-{
-    /* a = al + 2**16 ah, b = bl + 2**16 bh */
-    const uint16_t al = (uint16_t) a;
-    const uint16_t bl = (uint16_t) b;
-    const uint16_t ah = a >> 16;
-    const uint16_t bh = b >> 16;
-
-    /* ab = al*bl + 2**16 (ah*bl + bl*bh) + 2**32 ah*bh */
-    const uint32_t lo = (uint32_t) al * bl;
-    const uint64_t me = (uint64_t)( (uint32_t) ah * bl ) + (uint32_t) al * bh;
-    const uint32_t hi = (uint32_t) ah * bh;
-
-    return( lo + ( me << 16 ) + ( (uint64_t) hi << 32 ) );
-}
-#else
-static inline uint64_t mul64( uint32_t a, uint32_t b )
-{
-    return( (uint64_t) a * b );
-}
-#endif
-
-
-/**
- * \brief                   Process blocks with Poly1305.
- *
- * \param ctx               The Poly1305 context.
- * \param nblocks           Number of blocks to process. Note that this
- *                          function only processes full blocks.
- * \param input             Buffer containing the input block(s).
- * \param needs_padding     Set to 0 if the padding bit has already been
- *                          applied to the input data before calling this
- *                          function.  Otherwise, set this parameter to 1.
- */
-static void poly1305_process( mbedtls_poly1305_context *ctx,
-                              size_t nblocks,
-                              const unsigned char *input,
-                              uint32_t needs_padding )
-{
-    uint64_t d0, d1, d2, d3;
-    uint32_t acc0, acc1, acc2, acc3, acc4;
-    uint32_t r0, r1, r2, r3;
-    uint32_t rs1, rs2, rs3;
-    size_t offset  = 0U;
-    size_t i;
-
-    r0 = ctx->r[0];
-    r1 = ctx->r[1];
-    r2 = ctx->r[2];
-    r3 = ctx->r[3];
-
-    rs1 = r1 + ( r1 >> 2U );
-    rs2 = r2 + ( r2 >> 2U );
-    rs3 = r3 + ( r3 >> 2U );
-
-    acc0 = ctx->acc[0];
-    acc1 = ctx->acc[1];
-    acc2 = ctx->acc[2];
-    acc3 = ctx->acc[3];
-    acc4 = ctx->acc[4];
-
-    /* Process full blocks */
-    for( i = 0U; i < nblocks; i++ )
-    {
-        /* The input block is treated as a 128-bit little-endian integer */
-        d0   = MBEDTLS_GET_UINT32_LE( input, offset + 0  );
-        d1   = MBEDTLS_GET_UINT32_LE( input, offset + 4  );
-        d2   = MBEDTLS_GET_UINT32_LE( input, offset + 8  );
-        d3   = MBEDTLS_GET_UINT32_LE( input, offset + 12 );
-
-        /* Compute: acc += (padded) block as a 130-bit integer */
-        d0  += (uint64_t) acc0;
-        d1  += (uint64_t) acc1 + ( d0 >> 32U );
-        d2  += (uint64_t) acc2 + ( d1 >> 32U );
-        d3  += (uint64_t) acc3 + ( d2 >> 32U );
-        acc0 = (uint32_t) d0;
-        acc1 = (uint32_t) d1;
-        acc2 = (uint32_t) d2;
-        acc3 = (uint32_t) d3;
-        acc4 += (uint32_t) ( d3 >> 32U ) + needs_padding;
-
-        /* Compute: acc *= r */
-        d0 = mul64( acc0, r0  ) +
-             mul64( acc1, rs3 ) +
-             mul64( acc2, rs2 ) +
-             mul64( acc3, rs1 );
-        d1 = mul64( acc0, r1  ) +
-             mul64( acc1, r0  ) +
-             mul64( acc2, rs3 ) +
-             mul64( acc3, rs2 ) +
-             mul64( acc4, rs1 );
-        d2 = mul64( acc0, r2  ) +
-             mul64( acc1, r1  ) +
-             mul64( acc2, r0  ) +
-             mul64( acc3, rs3 ) +
-             mul64( acc4, rs2 );
-        d3 = mul64( acc0, r3  ) +
-             mul64( acc1, r2  ) +
-             mul64( acc2, r1  ) +
-             mul64( acc3, r0  ) +
-             mul64( acc4, rs3 );
-        acc4 *= r0;
-
-        /* Compute: acc %= (2^130 - 5) (partial remainder) */
-        d1 += ( d0 >> 32 );
-        d2 += ( d1 >> 32 );
-        d3 += ( d2 >> 32 );
-        acc0 = (uint32_t) d0;
-        acc1 = (uint32_t) d1;
-        acc2 = (uint32_t) d2;
-        acc3 = (uint32_t) d3;
-        acc4 = (uint32_t) ( d3 >> 32 ) + acc4;
-
-        d0 = (uint64_t) acc0 + ( acc4 >> 2 ) + ( acc4 & 0xFFFFFFFCU );
-        acc4 &= 3U;
-        acc0 = (uint32_t) d0;
-        d0 = (uint64_t) acc1 + ( d0 >> 32U );
-        acc1 = (uint32_t) d0;
-        d0 = (uint64_t) acc2 + ( d0 >> 32U );
-        acc2 = (uint32_t) d0;
-        d0 = (uint64_t) acc3 + ( d0 >> 32U );
-        acc3 = (uint32_t) d0;
-        d0 = (uint64_t) acc4 + ( d0 >> 32U );
-        acc4 = (uint32_t) d0;
-
-        offset    += POLY1305_BLOCK_SIZE_BYTES;
-    }
-
-    ctx->acc[0] = acc0;
-    ctx->acc[1] = acc1;
-    ctx->acc[2] = acc2;
-    ctx->acc[3] = acc3;
-    ctx->acc[4] = acc4;
-}
-
-/**
- * \brief                   Compute the Poly1305 MAC
- *
- * \param ctx               The Poly1305 context.
- * \param mac               The buffer to where the MAC is written. Must be
- *                          big enough to contain the 16-byte MAC.
- */
-static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
-                                  unsigned char mac[16] )
-{
-    uint64_t d;
-    uint32_t g0, g1, g2, g3, g4;
-    uint32_t acc0, acc1, acc2, acc3, acc4;
-    uint32_t mask;
-    uint32_t mask_inv;
-
-    acc0 = ctx->acc[0];
-    acc1 = ctx->acc[1];
-    acc2 = ctx->acc[2];
-    acc3 = ctx->acc[3];
-    acc4 = ctx->acc[4];
-
-    /* Before adding 's' we ensure that the accumulator is mod 2^130 - 5.
-     * We do this by calculating acc - (2^130 - 5), then checking if
-     * the 131st bit is set. If it is, then reduce: acc -= (2^130 - 5)
-     */
-
-    /* Calculate acc + -(2^130 - 5) */
-    d  = ( (uint64_t) acc0 + 5U );
-    g0 = (uint32_t) d;
-    d  = ( (uint64_t) acc1 + ( d >> 32 ) );
-    g1 = (uint32_t) d;
-    d  = ( (uint64_t) acc2 + ( d >> 32 ) );
-    g2 = (uint32_t) d;
-    d  = ( (uint64_t) acc3 + ( d >> 32 ) );
-    g3 = (uint32_t) d;
-    g4 = acc4 + (uint32_t) ( d >> 32U );
-
-    /* mask == 0xFFFFFFFF if 131st bit is set, otherwise mask == 0 */
-    mask = (uint32_t) 0U - ( g4 >> 2U );
-    mask_inv = ~mask;
-
-    /* If 131st bit is set then acc=g, otherwise, acc is unmodified */
-    acc0 = ( acc0 & mask_inv ) | ( g0 & mask );
-    acc1 = ( acc1 & mask_inv ) | ( g1 & mask );
-    acc2 = ( acc2 & mask_inv ) | ( g2 & mask );
-    acc3 = ( acc3 & mask_inv ) | ( g3 & mask );
-
-    /* Add 's' */
-    d = (uint64_t) acc0 + ctx->s[0];
-    acc0 = (uint32_t) d;
-    d = (uint64_t) acc1 + ctx->s[1] + ( d >> 32U );
-    acc1 = (uint32_t) d;
-    d = (uint64_t) acc2 + ctx->s[2] + ( d >> 32U );
-    acc2 = (uint32_t) d;
-    acc3 += ctx->s[3] + (uint32_t) ( d >> 32U );
-
-    /* Compute MAC (128 least significant bits of the accumulator) */
-    MBEDTLS_PUT_UINT32_LE( acc0, mac,  0 );
-    MBEDTLS_PUT_UINT32_LE( acc1, mac,  4 );
-    MBEDTLS_PUT_UINT32_LE( acc2, mac,  8 );
-    MBEDTLS_PUT_UINT32_LE( acc3, mac, 12 );
-}
-
-void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
-{
-    POLY1305_VALIDATE( ctx != NULL );
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
-}
-
-void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
-}
-
-int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
-                             const unsigned char key[32] )
-{
-    POLY1305_VALIDATE_RET( ctx != NULL );
-    POLY1305_VALIDATE_RET( key != NULL );
-
-    /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
-    ctx->r[0] = MBEDTLS_GET_UINT32_LE( key, 0 )  & 0x0FFFFFFFU;
-    ctx->r[1] = MBEDTLS_GET_UINT32_LE( key, 4 )  & 0x0FFFFFFCU;
-    ctx->r[2] = MBEDTLS_GET_UINT32_LE( key, 8 )  & 0x0FFFFFFCU;
-    ctx->r[3] = MBEDTLS_GET_UINT32_LE( key, 12 ) & 0x0FFFFFFCU;
-
-    ctx->s[0] = MBEDTLS_GET_UINT32_LE( key, 16 );
-    ctx->s[1] = MBEDTLS_GET_UINT32_LE( key, 20 );
-    ctx->s[2] = MBEDTLS_GET_UINT32_LE( key, 24 );
-    ctx->s[3] = MBEDTLS_GET_UINT32_LE( key, 28 );
-
-    /* Initial accumulator state */
-    ctx->acc[0] = 0U;
-    ctx->acc[1] = 0U;
-    ctx->acc[2] = 0U;
-    ctx->acc[3] = 0U;
-    ctx->acc[4] = 0U;
-
-    /* Queue initially empty */
-    mbedtls_platform_zeroize( ctx->queue, sizeof( ctx->queue ) );
-    ctx->queue_len = 0U;
-
-    return( 0 );
-}
-
-int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
-                             const unsigned char *input,
-                             size_t ilen )
-{
-    size_t offset    = 0U;
-    size_t remaining = ilen;
-    size_t queue_free_len;
-    size_t nblocks;
-    POLY1305_VALIDATE_RET( ctx != NULL );
-    POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
-
-    if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
-    {
-        queue_free_len = ( POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
-
-        if( ilen < queue_free_len )
-        {
-            /* Not enough data to complete the block.
-             * Store this data with the other leftovers.
-             */
-            memcpy( &ctx->queue[ctx->queue_len],
-                    input,
-                    ilen );
-
-            ctx->queue_len += ilen;
-
-            remaining = 0U;
-        }
-        else
-        {
-            /* Enough data to produce a complete block */
-            memcpy( &ctx->queue[ctx->queue_len],
-                    input,
-                    queue_free_len );
-
-            ctx->queue_len = 0U;
-
-            poly1305_process( ctx, 1U, ctx->queue, 1U ); /* add padding bit */
-
-            offset    += queue_free_len;
-            remaining -= queue_free_len;
-        }
-    }
-
-    if( remaining >= POLY1305_BLOCK_SIZE_BYTES )
-    {
-        nblocks = remaining / POLY1305_BLOCK_SIZE_BYTES;
-
-        poly1305_process( ctx, nblocks, &input[offset], 1U );
-
-        offset += nblocks * POLY1305_BLOCK_SIZE_BYTES;
-        remaining %= POLY1305_BLOCK_SIZE_BYTES;
-    }
-
-    if( remaining > 0U )
-    {
-        /* Store partial block */
-        ctx->queue_len = remaining;
-        memcpy( ctx->queue, &input[offset], remaining );
-    }
-
-    return( 0 );
-}
-
-int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
-                             unsigned char mac[16] )
-{
-    POLY1305_VALIDATE_RET( ctx != NULL );
-    POLY1305_VALIDATE_RET( mac != NULL );
-
-    /* Process any leftover data */
-    if( ctx->queue_len > 0U )
-    {
-        /* Add padding bit */
-        ctx->queue[ctx->queue_len] = 1U;
-        ctx->queue_len++;
-
-        /* Pad with zeroes */
-        memset( &ctx->queue[ctx->queue_len],
-                0,
-                POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
-
-        poly1305_process( ctx, 1U,          /* Process 1 block */
-                          ctx->queue, 0U ); /* Already padded above */
-    }
-
-    poly1305_compute_mac( ctx, mac );
-
-    return( 0 );
-}
-
-int mbedtls_poly1305_mac( const unsigned char key[32],
-                          const unsigned char *input,
-                          size_t ilen,
-                          unsigned char mac[16] )
-{
-    mbedtls_poly1305_context ctx;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    POLY1305_VALIDATE_RET( key != NULL );
-    POLY1305_VALIDATE_RET( mac != NULL );
-    POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
-
-    mbedtls_poly1305_init( &ctx );
-
-    ret = mbedtls_poly1305_starts( &ctx, key );
-    if( ret != 0 )
-        goto cleanup;
-
-    ret = mbedtls_poly1305_update( &ctx, input, ilen );
-    if( ret != 0 )
-        goto cleanup;
-
-    ret = mbedtls_poly1305_finish( &ctx, mac );
-
-cleanup:
-    mbedtls_poly1305_free( &ctx );
-    return( ret );
-}
-
-#endif /* MBEDTLS_POLY1305_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-static const unsigned char test_keys[2][32] =
-{
-    {
-        0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33,
-        0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8,
-        0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd,
-        0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b
-    },
-    {
-        0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a,
-        0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
-        0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09,
-        0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
-    }
-};
-
-static const unsigned char test_data[2][127] =
-{
-    {
-        0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72,
-        0x61, 0x70, 0x68, 0x69, 0x63, 0x20, 0x46, 0x6f,
-        0x72, 0x75, 0x6d, 0x20, 0x52, 0x65, 0x73, 0x65,
-        0x61, 0x72, 0x63, 0x68, 0x20, 0x47, 0x72, 0x6f,
-        0x75, 0x70
-    },
-    {
-        0x27, 0x54, 0x77, 0x61, 0x73, 0x20, 0x62, 0x72,
-        0x69, 0x6c, 0x6c, 0x69, 0x67, 0x2c, 0x20, 0x61,
-        0x6e, 0x64, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
-        0x6c, 0x69, 0x74, 0x68, 0x79, 0x20, 0x74, 0x6f,
-        0x76, 0x65, 0x73, 0x0a, 0x44, 0x69, 0x64, 0x20,
-        0x67, 0x79, 0x72, 0x65, 0x20, 0x61, 0x6e, 0x64,
-        0x20, 0x67, 0x69, 0x6d, 0x62, 0x6c, 0x65, 0x20,
-        0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x77,
-        0x61, 0x62, 0x65, 0x3a, 0x0a, 0x41, 0x6c, 0x6c,
-        0x20, 0x6d, 0x69, 0x6d, 0x73, 0x79, 0x20, 0x77,
-        0x65, 0x72, 0x65, 0x20, 0x74, 0x68, 0x65, 0x20,
-        0x62, 0x6f, 0x72, 0x6f, 0x67, 0x6f, 0x76, 0x65,
-        0x73, 0x2c, 0x0a, 0x41, 0x6e, 0x64, 0x20, 0x74,
-        0x68, 0x65, 0x20, 0x6d, 0x6f, 0x6d, 0x65, 0x20,
-        0x72, 0x61, 0x74, 0x68, 0x73, 0x20, 0x6f, 0x75,
-        0x74, 0x67, 0x72, 0x61, 0x62, 0x65, 0x2e
-    }
-};
-
-static const size_t test_data_len[2] =
-{
-    34U,
-    127U
-};
-
-static const unsigned char test_mac[2][16] =
-{
-    {
-        0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6,
-        0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9
-    },
-    {
-        0x45, 0x41, 0x66, 0x9a, 0x7e, 0xaa, 0xee, 0x61,
-        0xe7, 0x08, 0xdc, 0x7c, 0xbc, 0xc5, 0xeb, 0x62
-    }
-};
-
-/* Make sure no other definition is already present. */
-#undef ASSERT
-
-#define ASSERT( cond, args )            \
-    do                                  \
-    {                                   \
-        if( ! ( cond ) )                \
-        {                               \
-            if( verbose != 0 )          \
-                mbedtls_printf args;    \
-                                        \
-            return( -1 );               \
-        }                               \
-    }                                   \
-    while( 0 )
-
-int mbedtls_poly1305_self_test( int verbose )
-{
-    unsigned char mac[16];
-    unsigned i;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    for( i = 0U; i < 2U; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  Poly1305 test %u ", i );
-
-        ret = mbedtls_poly1305_mac( test_keys[i],
-                                    test_data[i],
-                                    test_data_len[i],
-                                    mac );
-        ASSERT( 0 == ret, ( "error code: %i\n", ret ) );
-
-        ASSERT( 0 == memcmp( mac, test_mac[i], 16U ), ( "failed (mac)\n" ) );
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_POLY1305_C */
diff --git a/Sources/mbedtls/library/psa_crypto.c b/Sources/mbedtls/library/psa_crypto.c
deleted file mode 100644
index f129733..0000000
--- a/Sources/mbedtls/library/psa_crypto.c
+++ /dev/null
@@ -1,5498 +0,0 @@
-/*
- *  PSA crypto layer on top of Mbed TLS crypto
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#include "check_crypto_config.h"
-#endif
-
-#include "psa/crypto.h"
-
-#include "psa_crypto_cipher.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_invasive.h"
-#include "psa_crypto_driver_wrappers.h"
-#include "psa_crypto_ecp.h"
-#include "psa_crypto_hash.h"
-#include "psa_crypto_mac.h"
-#include "psa_crypto_rsa.h"
-#include "psa_crypto_ecp.h"
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#include "psa_crypto_se.h"
-#endif
-#include "psa_crypto_slot_management.h"
-/* Include internal declarations that are useful for implementing persistently
- * stored keys. */
-#include "psa_crypto_storage.h"
-
-#include "psa_crypto_random_impl.h"
-
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-#include "mbedtls/platform.h"
-
-#include "mbedtls/aes.h"
-#include "mbedtls/arc4.h"
-#include "mbedtls/asn1.h"
-#include "mbedtls/asn1write.h"
-#include "mbedtls/bignum.h"
-#include "mbedtls/blowfish.h"
-#include "mbedtls/camellia.h"
-#include "mbedtls/chacha20.h"
-#include "mbedtls/chachapoly.h"
-#include "mbedtls/cipher.h"
-#include "mbedtls/ccm.h"
-#include "mbedtls/cmac.h"
-#include "mbedtls/des.h"
-#include "mbedtls/ecdh.h"
-#include "mbedtls/ecp.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/error.h"
-#include "mbedtls/gcm.h"
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
-#include "mbedtls/md5.h"
-#include "mbedtls/md.h"
-#include "mbedtls/md_internal.h"
-#include "mbedtls/pk.h"
-#include "mbedtls/pk_internal.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-#include "mbedtls/ripemd160.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/sha512.h"
-#include "mbedtls/xtea.h"
-
-#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
-
-/****************************************************************/
-/* Global data, support functions and library management */
-/****************************************************************/
-
-static int key_type_is_raw_bytes( psa_key_type_t type )
-{
-    return( PSA_KEY_TYPE_IS_UNSTRUCTURED( type ) );
-}
-
-/* Values for psa_global_data_t::rng_state */
-#define RNG_NOT_INITIALIZED 0
-#define RNG_INITIALIZED 1
-#define RNG_SEEDED 2
-
-typedef struct
-{
-    unsigned initialized : 1;
-    unsigned rng_state : 2;
-    mbedtls_psa_random_context_t rng;
-} psa_global_data_t;
-
-static psa_global_data_t global_data;
-
-#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state =
-    &global_data.rng.drbg;
-#endif
-
-#define GUARD_MODULE_INITIALIZED        \
-    if( global_data.initialized == 0 )  \
-        return( PSA_ERROR_BAD_STATE );
-
-psa_status_t mbedtls_to_psa_error( int ret )
-{
-    /* Mbed TLS error codes can combine a high-level error code and a
-     * low-level error code. The low-level error usually reflects the
-     * root cause better, so dispatch on that preferably. */
-    int low_level_ret = - ( -ret & 0x007f );
-    switch( low_level_ret != 0 ? low_level_ret : ret )
-    {
-        case 0:
-            return( PSA_SUCCESS );
-
-        case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
-        case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
-        case MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE:
-            return( PSA_ERROR_NOT_SUPPORTED );
-        case MBEDTLS_ERR_AES_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-        case MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-        case MBEDTLS_ERR_ASN1_OUT_OF_DATA:
-        case MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:
-        case MBEDTLS_ERR_ASN1_INVALID_LENGTH:
-        case MBEDTLS_ERR_ASN1_LENGTH_MISMATCH:
-        case MBEDTLS_ERR_ASN1_INVALID_DATA:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_ASN1_ALLOC_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        case MBEDTLS_ERR_ASN1_BUF_TOO_SMALL:
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
-
-#if defined(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA)
-        case MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA:
-#elif defined(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH)
-        case MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH:
-#endif
-        case MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH:
-            return( PSA_ERROR_NOT_SUPPORTED );
-        case MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-#if defined(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA)
-        case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA:
-#elif defined(MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH)
-        case MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH:
-#endif
-        case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH:
-            return( PSA_ERROR_NOT_SUPPORTED );
-        case MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-        case MBEDTLS_ERR_CCM_BAD_INPUT:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_CCM_AUTH_FAILED:
-            return( PSA_ERROR_INVALID_SIGNATURE );
-        case MBEDTLS_ERR_CCM_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-        case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-
-        case MBEDTLS_ERR_CHACHAPOLY_BAD_STATE:
-            return( PSA_ERROR_BAD_STATE );
-        case MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED:
-            return( PSA_ERROR_INVALID_SIGNATURE );
-
-        case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:
-            return( PSA_ERROR_NOT_SUPPORTED );
-        case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_CIPHER_ALLOC_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        case MBEDTLS_ERR_CIPHER_INVALID_PADDING:
-            return( PSA_ERROR_INVALID_PADDING );
-        case MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_CIPHER_AUTH_FAILED:
-            return( PSA_ERROR_INVALID_SIGNATURE );
-        case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
-            return( PSA_ERROR_CORRUPTION_DETECTED );
-        case MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-        case MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-#if !( defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) ||      \
-       defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE) )
-        /* Only check CTR_DRBG error codes if underlying mbedtls_xxx
-         * functions are passed a CTR_DRBG instance. */
-        case MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
-        case MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG:
-        case MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG:
-            return( PSA_ERROR_NOT_SUPPORTED );
-        case MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR:
-            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
-#endif
-
-        case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:
-            return( PSA_ERROR_NOT_SUPPORTED );
-        case MBEDTLS_ERR_DES_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-        case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
-        case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
-        case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
-
-        case MBEDTLS_ERR_GCM_AUTH_FAILED:
-            return( PSA_ERROR_INVALID_SIGNATURE );
-        case MBEDTLS_ERR_GCM_BAD_INPUT:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_GCM_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) &&        \
-    defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
-        /* Only check HMAC_DRBG error codes if underlying mbedtls_xxx
-         * functions are passed a HMAC_DRBG instance. */
-        case MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
-        case MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG:
-        case MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG:
-            return( PSA_ERROR_NOT_SUPPORTED );
-        case MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR:
-            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
-#endif
-
-        case MBEDTLS_ERR_MD2_HW_ACCEL_FAILED:
-        case MBEDTLS_ERR_MD4_HW_ACCEL_FAILED:
-        case MBEDTLS_ERR_MD5_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-        case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
-            return( PSA_ERROR_NOT_SUPPORTED );
-        case MBEDTLS_ERR_MD_BAD_INPUT_DATA:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_MD_ALLOC_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        case MBEDTLS_ERR_MD_FILE_IO_ERROR:
-            return( PSA_ERROR_STORAGE_FAILURE );
-        case MBEDTLS_ERR_MD_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-        case MBEDTLS_ERR_MPI_FILE_IO_ERROR:
-            return( PSA_ERROR_STORAGE_FAILURE );
-        case MBEDTLS_ERR_MPI_BAD_INPUT_DATA:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_MPI_INVALID_CHARACTER:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL:
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
-        case MBEDTLS_ERR_MPI_NEGATIVE_VALUE:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_MPI_DIVISION_BY_ZERO:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_MPI_NOT_ACCEPTABLE:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_MPI_ALLOC_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-        case MBEDTLS_ERR_PK_ALLOC_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        case MBEDTLS_ERR_PK_TYPE_MISMATCH:
-        case MBEDTLS_ERR_PK_BAD_INPUT_DATA:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_PK_FILE_IO_ERROR:
-            return( PSA_ERROR_STORAGE_FAILURE );
-        case MBEDTLS_ERR_PK_KEY_INVALID_VERSION:
-        case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_PK_UNKNOWN_PK_ALG:
-            return( PSA_ERROR_NOT_SUPPORTED );
-        case MBEDTLS_ERR_PK_PASSWORD_REQUIRED:
-        case MBEDTLS_ERR_PK_PASSWORD_MISMATCH:
-            return( PSA_ERROR_NOT_PERMITTED );
-        case MBEDTLS_ERR_PK_INVALID_PUBKEY:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_PK_INVALID_ALG:
-        case MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE:
-        case MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE:
-            return( PSA_ERROR_NOT_SUPPORTED );
-        case MBEDTLS_ERR_PK_SIG_LEN_MISMATCH:
-            return( PSA_ERROR_INVALID_SIGNATURE );
-        case MBEDTLS_ERR_PK_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-        case MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-        case MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        case MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-        case MBEDTLS_ERR_RSA_BAD_INPUT_DATA:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_RSA_INVALID_PADDING:
-            return( PSA_ERROR_INVALID_PADDING );
-        case MBEDTLS_ERR_RSA_KEY_GEN_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-        case MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_RSA_PUBLIC_FAILED:
-        case MBEDTLS_ERR_RSA_PRIVATE_FAILED:
-            return( PSA_ERROR_CORRUPTION_DETECTED );
-        case MBEDTLS_ERR_RSA_VERIFY_FAILED:
-            return( PSA_ERROR_INVALID_SIGNATURE );
-        case MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE:
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
-        case MBEDTLS_ERR_RSA_RNG_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
-        case MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
-            return( PSA_ERROR_NOT_SUPPORTED );
-        case MBEDTLS_ERR_RSA_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-        case MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED:
-        case MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED:
-        case MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-        case MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-        case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
-        case MBEDTLS_ERR_ECP_INVALID_KEY:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        case MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL:
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
-        case MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE:
-            return( PSA_ERROR_NOT_SUPPORTED );
-        case MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH:
-        case MBEDTLS_ERR_ECP_VERIFY_FAILED:
-            return( PSA_ERROR_INVALID_SIGNATURE );
-        case MBEDTLS_ERR_ECP_ALLOC_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        case MBEDTLS_ERR_ECP_RANDOM_FAILED:
-            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
-        case MBEDTLS_ERR_ECP_HW_ACCEL_FAILED:
-            return( PSA_ERROR_HARDWARE_FAILURE );
-
-        case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED:
-            return( PSA_ERROR_CORRUPTION_DETECTED );
-
-        default:
-            return( PSA_ERROR_GENERIC_ERROR );
-    }
-}
-
-
-
-
-/****************************************************************/
-/* Key management */
-/****************************************************************/
-
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
-mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve,
-                                               size_t bits,
-                                               int bits_is_sloppy )
-{
-    switch( curve )
-    {
-        case PSA_ECC_FAMILY_SECP_R1:
-            switch( bits )
-            {
-#if defined(PSA_WANT_ECC_SECP_R1_192)
-                case 192:
-                    return( MBEDTLS_ECP_DP_SECP192R1 );
-#endif
-#if defined(PSA_WANT_ECC_SECP_R1_224)
-                case 224:
-                    return( MBEDTLS_ECP_DP_SECP224R1 );
-#endif
-#if defined(PSA_WANT_ECC_SECP_R1_256)
-                case 256:
-                    return( MBEDTLS_ECP_DP_SECP256R1 );
-#endif
-#if defined(PSA_WANT_ECC_SECP_R1_384)
-                case 384:
-                    return( MBEDTLS_ECP_DP_SECP384R1 );
-#endif
-#if defined(PSA_WANT_ECC_SECP_R1_521)
-                case 521:
-                    return( MBEDTLS_ECP_DP_SECP521R1 );
-                case 528:
-                    if( bits_is_sloppy )
-                        return( MBEDTLS_ECP_DP_SECP521R1 );
-                    break;
-#endif
-            }
-            break;
-
-        case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
-            switch( bits )
-            {
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-                case 256:
-                    return( MBEDTLS_ECP_DP_BP256R1 );
-#endif
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-                case 384:
-                    return( MBEDTLS_ECP_DP_BP384R1 );
-#endif
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-                case 512:
-                    return( MBEDTLS_ECP_DP_BP512R1 );
-#endif
-            }
-            break;
-
-        case PSA_ECC_FAMILY_MONTGOMERY:
-            switch( bits )
-            {
-#if defined(PSA_WANT_ECC_MONTGOMERY_255)
-                case 255:
-                    return( MBEDTLS_ECP_DP_CURVE25519 );
-                case 256:
-                    if( bits_is_sloppy )
-                        return( MBEDTLS_ECP_DP_CURVE25519 );
-                    break;
-#endif
-#if defined(PSA_WANT_ECC_MONTGOMERY_448)
-                case 448:
-                    return( MBEDTLS_ECP_DP_CURVE448 );
-#endif
-            }
-            break;
-
-        case PSA_ECC_FAMILY_SECP_K1:
-            switch( bits )
-            {
-#if defined(PSA_WANT_ECC_SECP_K1_192)
-                case 192:
-                    return( MBEDTLS_ECP_DP_SECP192K1 );
-#endif
-#if defined(PSA_WANT_ECC_SECP_K1_224)
-                case 224:
-                    return( MBEDTLS_ECP_DP_SECP224K1 );
-#endif
-#if defined(PSA_WANT_ECC_SECP_K1_256)
-                case 256:
-                    return( MBEDTLS_ECP_DP_SECP256K1 );
-#endif
-            }
-            break;
-    }
-
-    (void) bits_is_sloppy;
-    return( MBEDTLS_ECP_DP_NONE );
-}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
-          defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
-          defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
-          defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
-          defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
-
-static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type,
-                                                        size_t bits )
-{
-    /* Check that the bit size is acceptable for the key type */
-    switch( type )
-    {
-        case PSA_KEY_TYPE_RAW_DATA:
-        case PSA_KEY_TYPE_HMAC:
-        case PSA_KEY_TYPE_DERIVE:
-            break;
-#if defined(PSA_WANT_KEY_TYPE_AES)
-        case PSA_KEY_TYPE_AES:
-            if( bits != 128 && bits != 192 && bits != 256 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
-            break;
-#endif
-#if defined(PSA_WANT_KEY_TYPE_ARIA)
-        case PSA_KEY_TYPE_ARIA:
-            if( bits != 128 && bits != 192 && bits != 256 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
-            break;
-#endif
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-        case PSA_KEY_TYPE_CAMELLIA:
-            if( bits != 128 && bits != 192 && bits != 256 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
-            break;
-#endif
-#if defined(PSA_WANT_KEY_TYPE_DES)
-        case PSA_KEY_TYPE_DES:
-            if( bits != 64 && bits != 128 && bits != 192 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
-            break;
-#endif
-#if defined(PSA_WANT_KEY_TYPE_ARC4)
-        case PSA_KEY_TYPE_ARC4:
-            if( bits < 8 || bits > 2048 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
-            break;
-#endif
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-        case PSA_KEY_TYPE_CHACHA20:
-            if( bits != 256 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
-            break;
-#endif
-        default:
-            return( PSA_ERROR_NOT_SUPPORTED );
-    }
-    if( bits % 8 != 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    return( PSA_SUCCESS );
-}
-
-/** Check whether a given key type is valid for use with a given MAC algorithm
- *
- * Upon successful return of this function, the behavior of #PSA_MAC_LENGTH
- * when called with the validated \p algorithm and \p key_type is well-defined.
- *
- * \param[in] algorithm     The specific MAC algorithm (can be wildcard).
- * \param[in] key_type      The key type of the key to be used with the
- *                          \p algorithm.
- *
- * \retval #PSA_SUCCESS
- *         The \p key_type is valid for use with the \p algorithm
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The \p key_type is not valid for use with the \p algorithm
- */
-MBEDTLS_STATIC_TESTABLE psa_status_t psa_mac_key_can_do(
-    psa_algorithm_t algorithm,
-    psa_key_type_t key_type )
-{
-    if( PSA_ALG_IS_HMAC( algorithm ) )
-    {
-        if( key_type == PSA_KEY_TYPE_HMAC )
-            return( PSA_SUCCESS );
-    }
-
-    if( PSA_ALG_IS_BLOCK_CIPHER_MAC( algorithm ) )
-    {
-        /* Check that we're calling PSA_BLOCK_CIPHER_BLOCK_LENGTH with a cipher
-         * key. */
-        if( ( key_type & PSA_KEY_TYPE_CATEGORY_MASK ) ==
-            PSA_KEY_TYPE_CATEGORY_SYMMETRIC )
-        {
-            /* PSA_BLOCK_CIPHER_BLOCK_LENGTH returns 1 for stream ciphers and
-             * the block length (larger than 1) for block ciphers. */
-            if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) > 1 )
-                return( PSA_SUCCESS );
-        }
-    }
-
-    return( PSA_ERROR_INVALID_ARGUMENT );
-}
-
-psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
-                                          size_t buffer_length )
-{
-    if( slot->key.data != NULL )
-        return( PSA_ERROR_ALREADY_EXISTS );
-
-    slot->key.data = mbedtls_calloc( 1, buffer_length );
-    if( slot->key.data == NULL )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-    slot->key.bytes = buffer_length;
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
-                                              const uint8_t* data,
-                                              size_t data_length )
-{
-    psa_status_t status = psa_allocate_buffer_to_slot( slot,
-                                                       data_length );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    memcpy( slot->key.data, data, data_length );
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_import_key_into_slot(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *data, size_t data_length,
-    uint8_t *key_buffer, size_t key_buffer_size,
-    size_t *key_buffer_length, size_t *bits )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_type_t type = attributes->core.type;
-
-    /* zero-length keys are never supported. */
-    if( data_length == 0 )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    if( key_type_is_raw_bytes( type ) )
-    {
-        *bits = PSA_BYTES_TO_BITS( data_length );
-
-        /* Ensure that the bytes-to-bits conversion hasn't overflown. */
-        if( data_length > SIZE_MAX / 8 )
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        /* Enforce a size limit, and in particular ensure that the bit
-         * size fits in its representation type. */
-        if( ( *bits ) > PSA_MAX_KEY_BITS )
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        status = validate_unstructured_key_bit_size( type, *bits );
-        if( status != PSA_SUCCESS )
-            return( status );
-
-        /* Copy the key material. */
-        memcpy( key_buffer, data, data_length );
-        *key_buffer_length = data_length;
-        (void)key_buffer_size;
-
-        return( PSA_SUCCESS );
-    }
-    else if( PSA_KEY_TYPE_IS_ASYMMETRIC( type ) )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
-        if( PSA_KEY_TYPE_IS_ECC( type ) )
-        {
-            return( mbedtls_psa_ecp_import_key( attributes,
-                                                data, data_length,
-                                                key_buffer, key_buffer_size,
-                                                key_buffer_length,
-                                                bits ) );
-        }
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
-        * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
-        if( PSA_KEY_TYPE_IS_RSA( type ) )
-        {
-            return( mbedtls_psa_rsa_import_key( attributes,
-                                                data, data_length,
-                                                key_buffer, key_buffer_size,
-                                                key_buffer_length,
-                                                bits ) );
-        }
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
-        * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-    }
-
-    return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-/** Calculate the intersection of two algorithm usage policies.
- *
- * Return 0 (which allows no operation) on incompatibility.
- */
-static psa_algorithm_t psa_key_policy_algorithm_intersection(
-    psa_key_type_t key_type,
-    psa_algorithm_t alg1,
-    psa_algorithm_t alg2 )
-{
-    /* Common case: both sides actually specify the same policy. */
-    if( alg1 == alg2 )
-        return( alg1 );
-    /* If the policies are from the same hash-and-sign family, check
-     * if one is a wildcard. If so the other has the specific algorithm. */
-    if( PSA_ALG_IS_SIGN_HASH( alg1 ) &&
-        PSA_ALG_IS_SIGN_HASH( alg2 ) &&
-        ( alg1 & ~PSA_ALG_HASH_MASK ) == ( alg2 & ~PSA_ALG_HASH_MASK ) )
-    {
-        if( PSA_ALG_SIGN_GET_HASH( alg1 ) == PSA_ALG_ANY_HASH )
-            return( alg2 );
-        if( PSA_ALG_SIGN_GET_HASH( alg2 ) == PSA_ALG_ANY_HASH )
-            return( alg1 );
-    }
-    /* If the policies are from the same AEAD family, check whether
-     * one of them is a minimum-tag-length wildcard. Calculate the most
-     * restrictive tag length. */
-    if( PSA_ALG_IS_AEAD( alg1 ) && PSA_ALG_IS_AEAD( alg2 ) &&
-        ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg1, 0 ) ==
-          PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg2, 0 ) ) )
-    {
-        size_t alg1_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg1 );
-        size_t alg2_len = PSA_ALG_AEAD_GET_TAG_LENGTH( alg2 );
-        size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len;
-
-        /* If both are wildcards, return most restrictive wildcard */
-        if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
-            ( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
-        {
-            return( PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(
-                        alg1, restricted_len ) );
-        }
-        /* If only one is a wildcard, return specific algorithm if compatible. */
-        if( ( ( alg1 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
-            ( alg1_len <= alg2_len ) )
-        {
-            return( alg2 );
-        }
-        if( ( ( alg2 & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
-            ( alg2_len <= alg1_len ) )
-        {
-            return( alg1 );
-        }
-    }
-    /* If the policies are from the same MAC family, check whether one
-     * of them is a minimum-MAC-length policy. Calculate the most
-     * restrictive tag length. */
-    if( PSA_ALG_IS_MAC( alg1 ) && PSA_ALG_IS_MAC( alg2 ) &&
-        ( PSA_ALG_FULL_LENGTH_MAC( alg1 ) ==
-          PSA_ALG_FULL_LENGTH_MAC( alg2 ) ) )
-    {
-        /* Validate the combination of key type and algorithm. Since the base
-         * algorithm of alg1 and alg2 are the same, we only need this once. */
-        if( PSA_SUCCESS != psa_mac_key_can_do( alg1, key_type ) )
-            return( 0 );
-
-        /* Get the (exact or at-least) output lengths for both sides of the
-         * requested intersection. None of the currently supported algorithms
-         * have an output length dependent on the actual key size, so setting it
-         * to a bogus value of 0 is currently OK.
-         *
-         * Note that for at-least-this-length wildcard algorithms, the output
-         * length is set to the shortest allowed length, which allows us to
-         * calculate the most restrictive tag length for the intersection. */
-        size_t alg1_len = PSA_MAC_LENGTH( key_type, 0, alg1 );
-        size_t alg2_len = PSA_MAC_LENGTH( key_type, 0, alg2 );
-        size_t restricted_len = alg1_len > alg2_len ? alg1_len : alg2_len;
-
-        /* If both are wildcards, return most restrictive wildcard */
-        if( ( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) &&
-            ( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
-        {
-            return( PSA_ALG_AT_LEAST_THIS_LENGTH_MAC( alg1, restricted_len ) );
-        }
-
-        /* If only one is an at-least-this-length policy, the intersection would
-         * be the other (fixed-length) policy as long as said fixed length is
-         * equal to or larger than the shortest allowed length. */
-        if( ( alg1 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
-        {
-            return( ( alg1_len <= alg2_len ) ? alg2 : 0 );
-        }
-        if( ( alg2 & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
-        {
-            return( ( alg2_len <= alg1_len ) ? alg1 : 0 );
-        }
-
-        /* If none of them are wildcards, check whether they define the same tag
-         * length. This is still possible here when one is default-length and
-         * the other specific-length. Ensure to always return the
-         * specific-length version for the intersection. */
-        if( alg1_len == alg2_len )
-            return( PSA_ALG_TRUNCATED_MAC( alg1, alg1_len ) );
-    }
-    /* If the policies are incompatible, allow nothing. */
-    return( 0 );
-}
-
-static int psa_key_algorithm_permits( psa_key_type_t key_type,
-                                      psa_algorithm_t policy_alg,
-                                      psa_algorithm_t requested_alg )
-{
-    /* Common case: the policy only allows requested_alg. */
-    if( requested_alg == policy_alg )
-        return( 1 );
-    /* If policy_alg is a hash-and-sign with a wildcard for the hash,
-     * and requested_alg is the same hash-and-sign family with any hash,
-     * then requested_alg is compliant with policy_alg. */
-    if( PSA_ALG_IS_SIGN_HASH( requested_alg ) &&
-        PSA_ALG_SIGN_GET_HASH( policy_alg ) == PSA_ALG_ANY_HASH )
-    {
-        return( ( policy_alg & ~PSA_ALG_HASH_MASK ) ==
-                ( requested_alg & ~PSA_ALG_HASH_MASK ) );
-    }
-    /* If policy_alg is a wildcard AEAD algorithm of the same base as
-     * the requested algorithm, check the requested tag length to be
-     * equal-length or longer than the wildcard-specified length. */
-    if( PSA_ALG_IS_AEAD( policy_alg ) &&
-        PSA_ALG_IS_AEAD( requested_alg ) &&
-        ( PSA_ALG_AEAD_WITH_SHORTENED_TAG( policy_alg, 0 ) ==
-          PSA_ALG_AEAD_WITH_SHORTENED_TAG( requested_alg, 0 ) ) &&
-        ( ( policy_alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG ) != 0 ) )
-    {
-        return( PSA_ALG_AEAD_GET_TAG_LENGTH( policy_alg ) <=
-                PSA_ALG_AEAD_GET_TAG_LENGTH( requested_alg ) );
-    }
-    /* If policy_alg is a MAC algorithm of the same base as the requested
-     * algorithm, check whether their MAC lengths are compatible. */
-    if( PSA_ALG_IS_MAC( policy_alg ) &&
-        PSA_ALG_IS_MAC( requested_alg ) &&
-        ( PSA_ALG_FULL_LENGTH_MAC( policy_alg ) ==
-          PSA_ALG_FULL_LENGTH_MAC( requested_alg ) ) )
-    {
-        /* Validate the combination of key type and algorithm. Since the policy
-         * and requested algorithms are the same, we only need this once. */
-        if( PSA_SUCCESS != psa_mac_key_can_do( policy_alg, key_type ) )
-            return( 0 );
-
-        /* Get both the requested output length for the algorithm which is to be
-         * verified, and the default output length for the base algorithm.
-         * Note that none of the currently supported algorithms have an output
-         * length dependent on actual key size, so setting it to a bogus value
-         * of 0 is currently OK. */
-        size_t requested_output_length = PSA_MAC_LENGTH(
-                                            key_type, 0, requested_alg );
-        size_t default_output_length = PSA_MAC_LENGTH(
-                                        key_type, 0,
-                                        PSA_ALG_FULL_LENGTH_MAC( requested_alg ) );
-
-        /* If the policy is default-length, only allow an algorithm with
-         * a declared exact-length matching the default. */
-        if( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) == 0 )
-            return( requested_output_length == default_output_length );
-
-        /* If the requested algorithm is default-length, allow it if the policy
-         * length exactly matches the default length. */
-        if( PSA_MAC_TRUNCATED_LENGTH( requested_alg ) == 0 &&
-            PSA_MAC_TRUNCATED_LENGTH( policy_alg ) == default_output_length )
-        {
-            return( 1 );
-        }
-
-        /* If policy_alg is an at-least-this-length wildcard MAC algorithm,
-         * check for the requested MAC length to be equal to or longer than the
-         * minimum allowed length. */
-        if( ( policy_alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG ) != 0 )
-        {
-            return( PSA_MAC_TRUNCATED_LENGTH( policy_alg ) <=
-                    requested_output_length );
-        }
-    }
-    /* If policy_alg is a generic key agreement operation, then using it for
-     * a key derivation with that key agreement should also be allowed. This
-     * behaviour is expected to be defined in a future specification version. */
-    if( PSA_ALG_IS_RAW_KEY_AGREEMENT( policy_alg ) &&
-        PSA_ALG_IS_KEY_AGREEMENT( requested_alg ) )
-    {
-        return( PSA_ALG_KEY_AGREEMENT_GET_BASE( requested_alg ) ==
-                policy_alg );
-    }
-    /* If it isn't explicitly permitted, it's forbidden. */
-    return( 0 );
-}
-
-/** Test whether a policy permits an algorithm.
- *
- * The caller must test usage flags separately.
- *
- * \note This function requires providing the key type for which the policy is
- *       being validated, since some algorithm policy definitions (e.g. MAC)
- *       have different properties depending on what kind of cipher it is
- *       combined with.
- *
- * \retval PSA_SUCCESS                  When \p alg is a specific algorithm
- *                                      allowed by the \p policy.
- * \retval PSA_ERROR_INVALID_ARGUMENT   When \p alg is not a specific algorithm
- * \retval PSA_ERROR_NOT_PERMITTED      When \p alg is a specific algorithm, but
- *                                      the \p policy does not allow it.
- */
-static psa_status_t psa_key_policy_permits( const psa_key_policy_t *policy,
-                                            psa_key_type_t key_type,
-                                            psa_algorithm_t alg )
-{
-    /* '0' is not a valid algorithm */
-    if( alg == 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    /* A requested algorithm cannot be a wildcard. */
-    if( PSA_ALG_IS_WILDCARD( alg ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    if( psa_key_algorithm_permits( key_type, policy->alg, alg ) ||
-        psa_key_algorithm_permits( key_type, policy->alg2, alg ) )
-        return( PSA_SUCCESS );
-    else
-        return( PSA_ERROR_NOT_PERMITTED );
-}
-
-/** Restrict a key policy based on a constraint.
- *
- * \note This function requires providing the key type for which the policy is
- *       being restricted, since some algorithm policy definitions (e.g. MAC)
- *       have different properties depending on what kind of cipher it is
- *       combined with.
- *
- * \param[in] key_type      The key type for which to restrict the policy
- * \param[in,out] policy    The policy to restrict.
- * \param[in] constraint    The policy constraint to apply.
- *
- * \retval #PSA_SUCCESS
- *         \c *policy contains the intersection of the original value of
- *         \c *policy and \c *constraint.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         \c key_type, \c *policy and \c *constraint are incompatible.
- *         \c *policy is unchanged.
- */
-static psa_status_t psa_restrict_key_policy(
-    psa_key_type_t key_type,
-    psa_key_policy_t *policy,
-    const psa_key_policy_t *constraint )
-{
-    psa_algorithm_t intersection_alg =
-        psa_key_policy_algorithm_intersection( key_type, policy->alg,
-                                               constraint->alg );
-    psa_algorithm_t intersection_alg2 =
-        psa_key_policy_algorithm_intersection( key_type, policy->alg2,
-                                               constraint->alg2 );
-    if( intersection_alg == 0 && policy->alg != 0 && constraint->alg != 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    if( intersection_alg2 == 0 && policy->alg2 != 0 && constraint->alg2 != 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    policy->usage &= constraint->usage;
-    policy->alg = intersection_alg;
-    policy->alg2 = intersection_alg2;
-    return( PSA_SUCCESS );
-}
-
-/** Get the description of a key given its identifier and policy constraints
- *  and lock it.
- *
- * The key must have allow all the usage flags set in \p usage. If \p alg is
- * nonzero, the key must allow operations with this algorithm. If \p alg is
- * zero, the algorithm is not checked.
- *
- * In case of a persistent key, the function loads the description of the key
- * into a key slot if not already done.
- *
- * On success, the returned key slot is locked. It is the responsibility of
- * the caller to unlock the key slot when it does not access it anymore.
- */
-static psa_status_t psa_get_and_lock_key_slot_with_policy(
-    mbedtls_svc_key_id_t key,
-    psa_key_slot_t **p_slot,
-    psa_key_usage_t usage,
-    psa_algorithm_t alg )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
-
-    status = psa_get_and_lock_key_slot( key, p_slot );
-    if( status != PSA_SUCCESS )
-        return( status );
-    slot = *p_slot;
-
-    /* Enforce that usage policy for the key slot contains all the flags
-     * required by the usage parameter. There is one exception: public
-     * keys can always be exported, so we treat public key objects as
-     * if they had the export flag. */
-    if( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) )
-        usage &= ~PSA_KEY_USAGE_EXPORT;
-
-    if( ( slot->attr.policy.usage & usage ) != usage )
-    {
-        status = PSA_ERROR_NOT_PERMITTED;
-        goto error;
-    }
-
-    /* Enforce that the usage policy permits the requested algorithm. */
-    if( alg != 0 )
-    {
-        status = psa_key_policy_permits( &slot->attr.policy,
-                                         slot->attr.type,
-                                         alg );
-        if( status != PSA_SUCCESS )
-            goto error;
-    }
-
-    return( PSA_SUCCESS );
-
-error:
-    *p_slot = NULL;
-    psa_unlock_key_slot( slot );
-
-    return( status );
-}
-
-/** Get a key slot containing a transparent key and lock it.
- *
- * A transparent key is a key for which the key material is directly
- * available, as opposed to a key in a secure element and/or to be used
- * by a secure element.
- *
- * This is a temporary function that may be used instead of
- * psa_get_and_lock_key_slot_with_policy() when there is no opaque key support
- * for a cryptographic operation.
- *
- * On success, the returned key slot is locked. It is the responsibility of the
- * caller to unlock the key slot when it does not access it anymore.
- */
-static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy(
-    mbedtls_svc_key_id_t key,
-    psa_key_slot_t **p_slot,
-    psa_key_usage_t usage,
-    psa_algorithm_t alg )
-{
-    psa_status_t status = psa_get_and_lock_key_slot_with_policy( key, p_slot,
-                                                                 usage, alg );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    if( psa_key_lifetime_is_external( (*p_slot)->attr.lifetime ) )
-    {
-        psa_unlock_key_slot( *p_slot );
-        *p_slot = NULL;
-        return( PSA_ERROR_NOT_SUPPORTED );
-    }
-
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot )
-{
-    /* Data pointer will always be either a valid pointer or NULL in an
-     * initialized slot, so we can just free it. */
-    if( slot->key.data != NULL )
-        mbedtls_platform_zeroize( slot->key.data, slot->key.bytes);
-
-    mbedtls_free( slot->key.data );
-    slot->key.data = NULL;
-    slot->key.bytes = 0;
-
-    return( PSA_SUCCESS );
-}
-
-/** Completely wipe a slot in memory, including its policy.
- * Persistent storage is not affected. */
-psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot )
-{
-    psa_status_t status = psa_remove_key_data_from_memory( slot );
-
-    /*
-     * As the return error code may not be handled in case of multiple errors,
-     * do our best to report an unexpected lock counter: if available
-     * call MBEDTLS_PARAM_FAILED that may terminate execution (if called as
-     * part of the execution of a test suite this will stop the test suite
-     * execution).
-     */
-    if( slot->lock_count != 1 )
-    {
-#ifdef MBEDTLS_CHECK_PARAMS
-        MBEDTLS_PARAM_FAILED( slot->lock_count == 1 );
-#endif
-        status = PSA_ERROR_CORRUPTION_DETECTED;
-    }
-
-    /* Multipart operations may still be using the key. This is safe
-     * because all multipart operation objects are independent from
-     * the key slot: if they need to access the key after the setup
-     * phase, they have a copy of the key. Note that this means that
-     * key material can linger until all operations are completed. */
-    /* At this point, key material and other type-specific content has
-     * been wiped. Clear remaining metadata. We can call memset and not
-     * zeroize because the metadata is not particularly sensitive. */
-    memset( slot, 0, sizeof( *slot ) );
-    return( status );
-}
-
-psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key )
-{
-    psa_key_slot_t *slot;
-    psa_status_t status; /* status of the last operation */
-    psa_status_t overall_status = PSA_SUCCESS;
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    psa_se_drv_table_entry_t *driver;
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-    if( mbedtls_svc_key_id_is_null( key ) )
-        return( PSA_SUCCESS );
-
-    /*
-     * Get the description of the key in a key slot. In case of a persistent
-     * key, this will load the key description from persistent memory if not
-     * done yet. We cannot avoid this loading as without it we don't know if
-     * the key is operated by an SE or not and this information is needed by
-     * the current implementation.
-     */
-    status = psa_get_and_lock_key_slot( key, &slot );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    /*
-     * If the key slot containing the key description is under access by the
-     * library (apart from the present access), the key cannot be destroyed
-     * yet. For the time being, just return in error. Eventually (to be
-     * implemented), the key should be destroyed when all accesses have
-     * stopped.
-     */
-    if( slot->lock_count > 1 )
-    {
-       psa_unlock_key_slot( slot );
-       return( PSA_ERROR_GENERIC_ERROR );
-    }
-
-    if( PSA_KEY_LIFETIME_IS_READ_ONLY( slot->attr.lifetime ) )
-    {
-        /* Refuse the destruction of a read-only key (which may or may not work
-         * if we attempt it, depending on whether the key is merely read-only
-         * by policy or actually physically read-only).
-         * Just do the best we can, which is to wipe the copy in memory
-         * (done in this function's cleanup code). */
-        overall_status = PSA_ERROR_NOT_PERMITTED;
-        goto exit;
-    }
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    driver = psa_get_se_driver_entry( slot->attr.lifetime );
-    if( driver != NULL )
-    {
-        /* For a key in a secure element, we need to do three things:
-         * remove the key file in internal storage, destroy the
-         * key inside the secure element, and update the driver's
-         * persistent data. Start a transaction that will encompass these
-         * three actions. */
-        psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_DESTROY_KEY );
-        psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
-        psa_crypto_transaction.key.slot = psa_key_slot_get_slot_number( slot );
-        psa_crypto_transaction.key.id = slot->attr.id;
-        status = psa_crypto_save_transaction( );
-        if( status != PSA_SUCCESS )
-        {
-            (void) psa_crypto_stop_transaction( );
-            /* We should still try to destroy the key in the secure
-             * element and the key metadata in storage. This is especially
-             * important if the error is that the storage is full.
-             * But how to do it exactly without risking an inconsistent
-             * state after a reset?
-             * https://github.com/ARMmbed/mbed-crypto/issues/215
-             */
-            overall_status = status;
-            goto exit;
-        }
-
-        status = psa_destroy_se_key( driver,
-                                     psa_key_slot_get_slot_number( slot ) );
-        if( overall_status == PSA_SUCCESS )
-            overall_status = status;
-    }
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-    if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
-    {
-        status = psa_destroy_persistent_key( slot->attr.id );
-        if( overall_status == PSA_SUCCESS )
-            overall_status = status;
-
-        /* TODO: other slots may have a copy of the same key. We should
-         * invalidate them.
-         * https://github.com/ARMmbed/mbed-crypto/issues/214
-         */
-    }
-#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    if( driver != NULL )
-    {
-        status = psa_save_se_persistent_data( driver );
-        if( overall_status == PSA_SUCCESS )
-            overall_status = status;
-        status = psa_crypto_stop_transaction( );
-        if( overall_status == PSA_SUCCESS )
-            overall_status = status;
-    }
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-exit:
-    status = psa_wipe_key_slot( slot );
-    /* Prioritize CORRUPTION_DETECTED from wiping over a storage error */
-    if( status != PSA_SUCCESS )
-        overall_status = status;
-    return( overall_status );
-}
-
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
-static psa_status_t psa_get_rsa_public_exponent(
-    const mbedtls_rsa_context *rsa,
-    psa_key_attributes_t *attributes )
-{
-    mbedtls_mpi mpi;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    uint8_t *buffer = NULL;
-    size_t buflen;
-    mbedtls_mpi_init( &mpi );
-
-    ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &mpi );
-    if( ret != 0 )
-        goto exit;
-    if( mbedtls_mpi_cmp_int( &mpi, 65537 ) == 0 )
-    {
-        /* It's the default value, which is reported as an empty string,
-         * so there's nothing to do. */
-        goto exit;
-    }
-
-    buflen = mbedtls_mpi_size( &mpi );
-    buffer = mbedtls_calloc( 1, buflen );
-    if( buffer == NULL )
-    {
-        ret = MBEDTLS_ERR_MPI_ALLOC_FAILED;
-        goto exit;
-    }
-    ret = mbedtls_mpi_write_binary( &mpi, buffer, buflen );
-    if( ret != 0 )
-        goto exit;
-    attributes->domain_parameters = buffer;
-    attributes->domain_parameters_size = buflen;
-
-exit:
-    mbedtls_mpi_free( &mpi );
-    if( ret != 0 )
-        mbedtls_free( buffer );
-    return( mbedtls_to_psa_error( ret ) );
-}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
-        * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-
-/** Retrieve all the publicly-accessible attributes of a key.
- */
-psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key,
-                                     psa_key_attributes_t *attributes )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
-
-    psa_reset_key_attributes( attributes );
-
-    status = psa_get_and_lock_key_slot_with_policy( key, &slot, 0, 0 );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    attributes->core = slot->attr;
-    attributes->core.flags &= ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
-                                MBEDTLS_PSA_KA_MASK_DUAL_USE );
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    if( psa_get_se_driver_entry( slot->attr.lifetime ) != NULL )
-        psa_set_key_slot_number( attributes,
-                                 psa_key_slot_get_slot_number( slot ) );
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-    switch( slot->attr.type )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
-        case PSA_KEY_TYPE_RSA_KEY_PAIR:
-        case PSA_KEY_TYPE_RSA_PUBLIC_KEY:
-            /* TODO: reporting the public exponent for opaque keys
-             * is not yet implemented.
-             * https://github.com/ARMmbed/mbed-crypto/issues/216
-             */
-            if( ! psa_key_lifetime_is_external( slot->attr.lifetime ) )
-            {
-                mbedtls_rsa_context *rsa = NULL;
-
-                status = mbedtls_psa_rsa_load_representation(
-                             slot->attr.type,
-                             slot->key.data,
-                             slot->key.bytes,
-                             &rsa );
-                if( status != PSA_SUCCESS )
-                    break;
-
-                status = psa_get_rsa_public_exponent( rsa,
-                                                      attributes );
-                mbedtls_rsa_free( rsa );
-                mbedtls_free( rsa );
-            }
-            break;
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
-        * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-        default:
-            /* Nothing else to do. */
-            break;
-    }
-
-    if( status != PSA_SUCCESS )
-        psa_reset_key_attributes( attributes );
-
-    unlock_status = psa_unlock_key_slot( slot );
-
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-psa_status_t psa_get_key_slot_number(
-    const psa_key_attributes_t *attributes,
-    psa_key_slot_number_t *slot_number )
-{
-    if( attributes->core.flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER )
-    {
-        *slot_number = attributes->slot_number;
-        return( PSA_SUCCESS );
-    }
-    else
-        return( PSA_ERROR_INVALID_ARGUMENT );
-}
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-static psa_status_t psa_export_key_buffer_internal( const uint8_t *key_buffer,
-                                                    size_t key_buffer_size,
-                                                    uint8_t *data,
-                                                    size_t data_size,
-                                                    size_t *data_length )
-{
-    if( key_buffer_size > data_size )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
-    memcpy( data, key_buffer, key_buffer_size );
-    memset( data + key_buffer_size, 0,
-            data_size - key_buffer_size );
-    *data_length = key_buffer_size;
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_export_key_internal(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length )
-{
-    psa_key_type_t type = attributes->core.type;
-
-    if( key_type_is_raw_bytes( type ) ||
-        PSA_KEY_TYPE_IS_RSA( type )   ||
-        PSA_KEY_TYPE_IS_ECC( type )      )
-    {
-        return( psa_export_key_buffer_internal(
-                    key_buffer, key_buffer_size,
-                    data, data_size, data_length ) );
-    }
-    else
-    {
-        /* This shouldn't happen in the reference implementation, but
-           it is valid for a special-purpose implementation to omit
-           support for exporting certain key types. */
-        return( PSA_ERROR_NOT_SUPPORTED );
-    }
-}
-
-psa_status_t psa_export_key( mbedtls_svc_key_id_t key,
-                             uint8_t *data,
-                             size_t data_size,
-                             size_t *data_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
-
-    /* Reject a zero-length output buffer now, since this can never be a
-     * valid key representation. This way we know that data must be a valid
-     * pointer and we can do things like memset(data, ..., data_size). */
-    if( data_size == 0 )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
-
-    /* Set the key to empty now, so that even when there are errors, we always
-     * set data_length to a value between 0 and data_size. On error, setting
-     * the key to empty is a good choice because an empty key representation is
-     * unlikely to be accepted anywhere. */
-    *data_length = 0;
-
-    /* Export requires the EXPORT flag. There is an exception for public keys,
-     * which don't require any flag, but
-     * psa_get_and_lock_key_slot_with_policy() takes care of this.
-     */
-    status = psa_get_and_lock_key_slot_with_policy( key, &slot,
-                                                    PSA_KEY_USAGE_EXPORT, 0 );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    psa_key_attributes_t attributes = {
-        .core = slot->attr
-    };
-    status = psa_driver_wrapper_export_key( &attributes,
-                 slot->key.data, slot->key.bytes,
-                 data, data_size, data_length );
-
-    unlock_status = psa_unlock_key_slot( slot );
-
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
-
-psa_status_t psa_export_public_key_internal(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    uint8_t *data,
-    size_t data_size,
-    size_t *data_length )
-{
-    psa_key_type_t type = attributes->core.type;
-
-    if( PSA_KEY_TYPE_IS_RSA( type ) || PSA_KEY_TYPE_IS_ECC( type ) )
-    {
-        if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
-        {
-            /* Exporting public -> public */
-            return( psa_export_key_buffer_internal(
-                        key_buffer, key_buffer_size,
-                        data, data_size, data_length ) );
-        }
-
-        if( PSA_KEY_TYPE_IS_RSA( type ) )
-        {
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
-            return( mbedtls_psa_rsa_export_public_key( attributes,
-                                                       key_buffer,
-                                                       key_buffer_size,
-                                                       data,
-                                                       data_size,
-                                                       data_length ) );
-#else
-            /* We don't know how to convert a private RSA key to public. */
-            return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
-        * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-        }
-        else
-        {
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
-            return( mbedtls_psa_ecp_export_public_key( attributes,
-                                                       key_buffer,
-                                                       key_buffer_size,
-                                                       data,
-                                                       data_size,
-                                                       data_length ) );
-#else
-            /* We don't know how to convert a private ECC key to public */
-            return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
-        * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
-        }
-    }
-    else
-    {
-        /* This shouldn't happen in the reference implementation, but
-           it is valid for a special-purpose implementation to omit
-           support for exporting certain key types. */
-        return( PSA_ERROR_NOT_SUPPORTED );
-    }
-}
-
-psa_status_t psa_export_public_key( mbedtls_svc_key_id_t key,
-                                    uint8_t *data,
-                                    size_t data_size,
-                                    size_t *data_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
-
-    /* Reject a zero-length output buffer now, since this can never be a
-     * valid key representation. This way we know that data must be a valid
-     * pointer and we can do things like memset(data, ..., data_size). */
-    if( data_size == 0 )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
-
-    /* Set the key to empty now, so that even when there are errors, we always
-     * set data_length to a value between 0 and data_size. On error, setting
-     * the key to empty is a good choice because an empty key representation is
-     * unlikely to be accepted anywhere. */
-    *data_length = 0;
-
-    /* Exporting a public key doesn't require a usage flag. */
-    status = psa_get_and_lock_key_slot_with_policy( key, &slot, 0, 0 );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    if( ! PSA_KEY_TYPE_IS_ASYMMETRIC( slot->attr.type ) )
-    {
-         status = PSA_ERROR_INVALID_ARGUMENT;
-         goto exit;
-    }
-
-    psa_key_attributes_t attributes = {
-        .core = slot->attr
-    };
-    status = psa_driver_wrapper_export_public_key(
-        &attributes, slot->key.data, slot->key.bytes,
-        data, data_size, data_length );
-
-exit:
-    unlock_status = psa_unlock_key_slot( slot );
-
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
-
-#if defined(static_assert)
-static_assert( ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE ) == 0,
-               "One or more key attribute flag is listed as both external-only and dual-use" );
-static_assert( ( PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE ) == 0,
-               "One or more key attribute flag is listed as both internal-only and dual-use" );
-static_assert( ( PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ) == 0,
-               "One or more key attribute flag is listed as both internal-only and external-only" );
-#endif
-
-/** Validate that a key policy is internally well-formed.
- *
- * This function only rejects invalid policies. It does not validate the
- * consistency of the policy with respect to other attributes of the key
- * such as the key type.
- */
-static psa_status_t psa_validate_key_policy( const psa_key_policy_t *policy )
-{
-    if( ( policy->usage & ~( PSA_KEY_USAGE_EXPORT |
-                             PSA_KEY_USAGE_COPY |
-                             PSA_KEY_USAGE_ENCRYPT |
-                             PSA_KEY_USAGE_DECRYPT |
-                             PSA_KEY_USAGE_SIGN_MESSAGE |
-                             PSA_KEY_USAGE_VERIFY_MESSAGE |
-                             PSA_KEY_USAGE_SIGN_HASH |
-                             PSA_KEY_USAGE_VERIFY_HASH |
-                             PSA_KEY_USAGE_DERIVE ) ) != 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    return( PSA_SUCCESS );
-}
-
-/** Validate the internal consistency of key attributes.
- *
- * This function only rejects invalid attribute values. If does not
- * validate the consistency of the attributes with any key data that may
- * be involved in the creation of the key.
- *
- * Call this function early in the key creation process.
- *
- * \param[in] attributes    Key attributes for the new key.
- * \param[out] p_drv        On any return, the driver for the key, if any.
- *                          NULL for a transparent key.
- *
- */
-static psa_status_t psa_validate_key_attributes(
-    const psa_key_attributes_t *attributes,
-    psa_se_drv_table_entry_t **p_drv )
-{
-    psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-    psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes );
-    mbedtls_svc_key_id_t key = psa_get_key_id( attributes );
-
-    status = psa_validate_key_location( lifetime, p_drv );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    status = psa_validate_key_persistence( lifetime );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
-    {
-        if( MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) != 0 )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-    else
-    {
-        if( !psa_is_valid_key_id( psa_get_key_id( attributes ), 0 ) )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-
-    status = psa_validate_key_policy( &attributes->core.policy );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    /* Refuse to create overly large keys.
-     * Note that this doesn't trigger on import if the attributes don't
-     * explicitly specify a size (so psa_get_key_bits returns 0), so
-     * psa_import_key() needs its own checks. */
-    if( psa_get_key_bits( attributes ) > PSA_MAX_KEY_BITS )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    /* Reject invalid flags. These should not be reachable through the API. */
-    if( attributes->core.flags & ~ ( MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
-                                     MBEDTLS_PSA_KA_MASK_DUAL_USE ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    return( PSA_SUCCESS );
-}
-
-/** Prepare a key slot to receive key material.
- *
- * This function allocates a key slot and sets its metadata.
- *
- * If this function fails, call psa_fail_key_creation().
- *
- * This function is intended to be used as follows:
- * -# Call psa_start_key_creation() to allocate a key slot, prepare
- *    it with the specified attributes, and in case of a volatile key assign it
- *    a volatile key identifier.
- * -# Populate the slot with the key material.
- * -# Call psa_finish_key_creation() to finalize the creation of the slot.
- * In case of failure at any step, stop the sequence and call
- * psa_fail_key_creation().
- *
- * On success, the key slot is locked. It is the responsibility of the caller
- * to unlock the key slot when it does not access it anymore.
- *
- * \param method            An identification of the calling function.
- * \param[in] attributes    Key attributes for the new key.
- * \param[out] p_slot       On success, a pointer to the prepared slot.
- * \param[out] p_drv        On any return, the driver for the key, if any.
- *                          NULL for a transparent key.
- *
- * \retval #PSA_SUCCESS
- *         The key slot is ready to receive key material.
- * \return If this function fails, the key slot is an invalid state.
- *         You must call psa_fail_key_creation() to wipe and free the slot.
- */
-static psa_status_t psa_start_key_creation(
-    psa_key_creation_method_t method,
-    const psa_key_attributes_t *attributes,
-    psa_key_slot_t **p_slot,
-    psa_se_drv_table_entry_t **p_drv )
-{
-    psa_status_t status;
-    psa_key_id_t volatile_key_id;
-    psa_key_slot_t *slot;
-
-    (void) method;
-    *p_drv = NULL;
-
-    status = psa_validate_key_attributes( attributes, p_drv );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    status = psa_get_empty_key_slot( &volatile_key_id, p_slot );
-    if( status != PSA_SUCCESS )
-        return( status );
-    slot = *p_slot;
-
-    /* We're storing the declared bit-size of the key. It's up to each
-     * creation mechanism to verify that this information is correct.
-     * It's automatically correct for mechanisms that use the bit-size as
-     * an input (generate, device) but not for those where the bit-size
-     * is optional (import, copy). In case of a volatile key, assign it the
-     * volatile key identifier associated to the slot returned to contain its
-     * definition. */
-
-    slot->attr = attributes->core;
-    if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
-    {
-#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
-        slot->attr.id = volatile_key_id;
-#else
-        slot->attr.id.key_id = volatile_key_id;
-#endif
-    }
-
-    /* Erase external-only flags from the internal copy. To access
-     * external-only flags, query `attributes`. Thanks to the check
-     * in psa_validate_key_attributes(), this leaves the dual-use
-     * flags and any internal flag that psa_get_empty_key_slot()
-     * may have set. */
-    slot->attr.flags &= ~MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY;
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    /* For a key in a secure element, we need to do three things
-     * when creating or registering a persistent key:
-     * create the key file in internal storage, create the
-     * key inside the secure element, and update the driver's
-     * persistent data. This is done by starting a transaction that will
-     * encompass these three actions.
-     * For registering a volatile key, we just need to find an appropriate
-     * slot number inside the SE. Since the key is designated volatile, creating
-     * a transaction is not required. */
-    /* The first thing to do is to find a slot number for the new key.
-     * We save the slot number in persistent storage as part of the
-     * transaction data. It will be needed to recover if the power
-     * fails during the key creation process, to clean up on the secure
-     * element side after restarting. Obtaining a slot number from the
-     * secure element driver updates its persistent state, but we do not yet
-     * save the driver's persistent state, so that if the power fails,
-     * we can roll back to a state where the key doesn't exist. */
-    if( *p_drv != NULL )
-    {
-        psa_key_slot_number_t slot_number;
-        status = psa_find_se_slot_for_key( attributes, method, *p_drv,
-                                           &slot_number );
-        if( status != PSA_SUCCESS )
-            return( status );
-
-        if( ! PSA_KEY_LIFETIME_IS_VOLATILE( attributes->core.lifetime ) )
-        {
-            psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_CREATE_KEY );
-            psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
-            psa_crypto_transaction.key.slot = slot_number;
-            psa_crypto_transaction.key.id = slot->attr.id;
-            status = psa_crypto_save_transaction( );
-            if( status != PSA_SUCCESS )
-            {
-                (void) psa_crypto_stop_transaction( );
-                return( status );
-            }
-        }
-
-        status = psa_copy_key_material_into_slot(
-            slot, (uint8_t *)( &slot_number ), sizeof( slot_number ) );
-    }
-
-    if( *p_drv == NULL && method == PSA_KEY_CREATION_REGISTER )
-    {
-        /* Key registration only makes sense with a secure element. */
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-    return( PSA_SUCCESS );
-}
-
-/** Finalize the creation of a key once its key material has been set.
- *
- * This entails writing the key to persistent storage.
- *
- * If this function fails, call psa_fail_key_creation().
- * See the documentation of psa_start_key_creation() for the intended use
- * of this function.
- *
- * If the finalization succeeds, the function unlocks the key slot (it was
- * locked by psa_start_key_creation()) and the key slot cannot be accessed
- * anymore as part of the key creation process.
- *
- * \param[in,out] slot  Pointer to the slot with key material.
- * \param[in] driver    The secure element driver for the key,
- *                      or NULL for a transparent key.
- * \param[out] key      On success, identifier of the key. Note that the
- *                      key identifier is also stored in the key slot.
- *
- * \retval #PSA_SUCCESS
- *         The key was successfully created.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_STORAGE_FAILURE
- *
- * \return If this function fails, the key slot is an invalid state.
- *         You must call psa_fail_key_creation() to wipe and free the slot.
- */
-static psa_status_t psa_finish_key_creation(
-    psa_key_slot_t *slot,
-    psa_se_drv_table_entry_t *driver,
-    mbedtls_svc_key_id_t *key)
-{
-    psa_status_t status = PSA_SUCCESS;
-    (void) slot;
-    (void) driver;
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-    if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
-    {
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-        if( driver != NULL )
-        {
-            psa_se_key_data_storage_t data;
-            psa_key_slot_number_t slot_number =
-                psa_key_slot_get_slot_number( slot ) ;
-
-#if defined(static_assert)
-            static_assert( sizeof( slot_number ) ==
-                           sizeof( data.slot_number ),
-                           "Slot number size does not match psa_se_key_data_storage_t" );
-#endif
-            memcpy( &data.slot_number, &slot_number, sizeof( slot_number ) );
-            status = psa_save_persistent_key( &slot->attr,
-                                              (uint8_t*) &data,
-                                              sizeof( data ) );
-        }
-        else
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-        {
-            /* Key material is saved in export representation in the slot, so
-             * just pass the slot buffer for storage. */
-            status = psa_save_persistent_key( &slot->attr,
-                                              slot->key.data,
-                                              slot->key.bytes );
-        }
-    }
-#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    /* Finish the transaction for a key creation. This does not
-     * happen when registering an existing key. Detect this case
-     * by checking whether a transaction is in progress (actual
-     * creation of a persistent key in a secure element requires a transaction,
-     * but registration or volatile key creation doesn't use one). */
-    if( driver != NULL &&
-        psa_crypto_transaction.unknown.type == PSA_CRYPTO_TRANSACTION_CREATE_KEY )
-    {
-        status = psa_save_se_persistent_data( driver );
-        if( status != PSA_SUCCESS )
-        {
-            psa_destroy_persistent_key( slot->attr.id );
-            return( status );
-        }
-        status = psa_crypto_stop_transaction( );
-    }
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-    if( status == PSA_SUCCESS )
-    {
-        *key = slot->attr.id;
-        status = psa_unlock_key_slot( slot );
-        if( status != PSA_SUCCESS )
-            *key = MBEDTLS_SVC_KEY_ID_INIT;
-    }
-
-    return( status );
-}
-
-/** Abort the creation of a key.
- *
- * You may call this function after calling psa_start_key_creation(),
- * or after psa_finish_key_creation() fails. In other circumstances, this
- * function may not clean up persistent storage.
- * See the documentation of psa_start_key_creation() for the intended use
- * of this function.
- *
- * \param[in,out] slot  Pointer to the slot with key material.
- * \param[in] driver    The secure element driver for the key,
- *                      or NULL for a transparent key.
- */
-static void psa_fail_key_creation( psa_key_slot_t *slot,
-                                   psa_se_drv_table_entry_t *driver )
-{
-    (void) driver;
-
-    if( slot == NULL )
-        return;
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    /* TODO: If the key has already been created in the secure
-     * element, and the failure happened later (when saving metadata
-     * to internal storage), we need to destroy the key in the secure
-     * element.
-     * https://github.com/ARMmbed/mbed-crypto/issues/217
-     */
-
-    /* Abort the ongoing transaction if any (there may not be one if
-     * the creation process failed before starting one, or if the
-     * key creation is a registration of a key in a secure element).
-     * Earlier functions must already have done what it takes to undo any
-     * partial creation. All that's left is to update the transaction data
-     * itself. */
-    (void) psa_crypto_stop_transaction( );
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-    psa_wipe_key_slot( slot );
-}
-
-/** Validate optional attributes during key creation.
- *
- * Some key attributes are optional during key creation. If they are
- * specified in the attributes structure, check that they are consistent
- * with the data in the slot.
- *
- * This function should be called near the end of key creation, after
- * the slot in memory is fully populated but before saving persistent data.
- */
-static psa_status_t psa_validate_optional_attributes(
-    const psa_key_slot_t *slot,
-    const psa_key_attributes_t *attributes )
-{
-    if( attributes->core.type != 0 )
-    {
-        if( attributes->core.type != slot->attr.type )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-
-    if( attributes->domain_parameters_size != 0 )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
-        if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
-        {
-            mbedtls_rsa_context *rsa = NULL;
-            mbedtls_mpi actual, required;
-            int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-            psa_status_t status = mbedtls_psa_rsa_load_representation(
-                                      slot->attr.type,
-                                      slot->key.data,
-                                      slot->key.bytes,
-                                      &rsa );
-            if( status != PSA_SUCCESS )
-                return( status );
-
-            mbedtls_mpi_init( &actual );
-            mbedtls_mpi_init( &required );
-            ret = mbedtls_rsa_export( rsa,
-                                      NULL, NULL, NULL, NULL, &actual );
-            mbedtls_rsa_free( rsa );
-            mbedtls_free( rsa );
-            if( ret != 0 )
-                goto rsa_exit;
-            ret = mbedtls_mpi_read_binary( &required,
-                                           attributes->domain_parameters,
-                                           attributes->domain_parameters_size );
-            if( ret != 0 )
-                goto rsa_exit;
-            if( mbedtls_mpi_cmp_mpi( &actual, &required ) != 0 )
-                ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
-        rsa_exit:
-            mbedtls_mpi_free( &actual );
-            mbedtls_mpi_free( &required );
-            if( ret != 0)
-                return( mbedtls_to_psa_error( ret ) );
-        }
-        else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
-        * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-        {
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        }
-    }
-
-    if( attributes->core.bits != 0 )
-    {
-        if( attributes->core.bits != slot->attr.bits )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_import_key( const psa_key_attributes_t *attributes,
-                             const uint8_t *data,
-                             size_t data_length,
-                             mbedtls_svc_key_id_t *key )
-{
-    psa_status_t status;
-    psa_key_slot_t *slot = NULL;
-    psa_se_drv_table_entry_t *driver = NULL;
-    size_t bits;
-
-    *key = MBEDTLS_SVC_KEY_ID_INIT;
-
-    /* Reject zero-length symmetric keys (including raw data key objects).
-     * This also rejects any key which might be encoded as an empty string,
-     * which is never valid. */
-    if( data_length == 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    status = psa_start_key_creation( PSA_KEY_CREATION_IMPORT, attributes,
-                                     &slot, &driver );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* In the case of a transparent key or an opaque key stored in local
-     * storage (thus not in the case of generating a key in a secure element
-     * or cryptoprocessor with storage), we have to allocate a buffer to
-     * hold the generated key material. */
-    if( slot->key.data == NULL )
-    {
-        status = psa_allocate_buffer_to_slot( slot, data_length );
-        if( status != PSA_SUCCESS )
-            goto exit;
-    }
-
-    bits = slot->attr.bits;
-    status = psa_driver_wrapper_import_key( attributes,
-                                            data, data_length,
-                                            slot->key.data,
-                                            slot->key.bytes,
-                                            &slot->key.bytes, &bits );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    if( slot->attr.bits == 0 )
-        slot->attr.bits = (psa_key_bits_t) bits;
-    else if( bits != slot->attr.bits )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
-    status = psa_validate_optional_attributes( slot, attributes );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_finish_key_creation( slot, driver, key );
-exit:
-    if( status != PSA_SUCCESS )
-        psa_fail_key_creation( slot, driver );
-
-    return( status );
-}
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-psa_status_t mbedtls_psa_register_se_key(
-    const psa_key_attributes_t *attributes )
-{
-    psa_status_t status;
-    psa_key_slot_t *slot = NULL;
-    psa_se_drv_table_entry_t *driver = NULL;
-    mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
-
-    /* Leaving attributes unspecified is not currently supported.
-     * It could make sense to query the key type and size from the
-     * secure element, but not all secure elements support this
-     * and the driver HAL doesn't currently support it. */
-    if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_NONE )
-        return( PSA_ERROR_NOT_SUPPORTED );
-    if( psa_get_key_bits( attributes ) == 0 )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    status = psa_start_key_creation( PSA_KEY_CREATION_REGISTER, attributes,
-                                     &slot, &driver );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_finish_key_creation( slot, driver, &key );
-
-exit:
-    if( status != PSA_SUCCESS )
-        psa_fail_key_creation( slot, driver );
-
-    /* Registration doesn't keep the key in RAM. */
-    psa_close_key( key );
-    return( status );
-}
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-static psa_status_t psa_copy_key_material( const psa_key_slot_t *source,
-                                           psa_key_slot_t *target )
-{
-    psa_status_t status = psa_copy_key_material_into_slot( target,
-                                                           source->key.data,
-                                                           source->key.bytes );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    target->attr.type = source->attr.type;
-    target->attr.bits = source->attr.bits;
-
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_copy_key( mbedtls_svc_key_id_t source_key,
-                           const psa_key_attributes_t *specified_attributes,
-                           mbedtls_svc_key_id_t *target_key )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *source_slot = NULL;
-    psa_key_slot_t *target_slot = NULL;
-    psa_key_attributes_t actual_attributes = *specified_attributes;
-    psa_se_drv_table_entry_t *driver = NULL;
-
-    *target_key = MBEDTLS_SVC_KEY_ID_INIT;
-
-    status = psa_get_and_lock_transparent_key_slot_with_policy(
-                 source_key, &source_slot, PSA_KEY_USAGE_COPY, 0 );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_validate_optional_attributes( source_slot,
-                                               specified_attributes );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_restrict_key_policy( source_slot->attr.type,
-                                      &actual_attributes.core.policy,
-                                      &source_slot->attr.policy );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_start_key_creation( PSA_KEY_CREATION_COPY, &actual_attributes,
-                                     &target_slot, &driver );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    if( driver != NULL )
-    {
-        /* Copying to a secure element is not implemented yet. */
-        status = PSA_ERROR_NOT_SUPPORTED;
-        goto exit;
-    }
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-    if( psa_key_lifetime_is_external( actual_attributes.core.lifetime ) )
-    {
-        /*
-         * Copying through an opaque driver is not implemented yet, consider
-         * a lifetime with an external location as an invalid parameter for
-         * now.
-         */
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
-    status = psa_copy_key_material( source_slot, target_slot );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_finish_key_creation( target_slot, driver, target_key );
-exit:
-    if( status != PSA_SUCCESS )
-        psa_fail_key_creation( target_slot, driver );
-
-    unlock_status = psa_unlock_key_slot( source_slot );
-
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
-
-
-
-/****************************************************************/
-/* Message digests */
-/****************************************************************/
-
-psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
-{
-    /* Aborting a non-active operation is allowed */
-    if( operation->id == 0 )
-        return( PSA_SUCCESS );
-
-    psa_status_t status = psa_driver_wrapper_hash_abort( operation );
-    operation->id = 0;
-
-    return( status );
-}
-
-psa_status_t psa_hash_setup( psa_hash_operation_t *operation,
-                             psa_algorithm_t alg )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    /* A context must be freshly initialized before it can be set up. */
-    if( operation->id != 0 )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    if( !PSA_ALG_IS_HASH( alg ) )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
-    /* Ensure all of the context is zeroized, since PSA_HASH_OPERATION_INIT only
-     * directly zeroes the int-sized dummy member of the context union. */
-    memset( &operation->ctx, 0, sizeof( operation->ctx ) );
-
-    status = psa_driver_wrapper_hash_setup( operation, alg );
-
-exit:
-    if( status != PSA_SUCCESS )
-        psa_hash_abort( operation );
-
-    return status;
-}
-
-psa_status_t psa_hash_update( psa_hash_operation_t *operation,
-                              const uint8_t *input,
-                              size_t input_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    if( operation->id == 0 )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    /* Don't require hash implementations to behave correctly on a
-     * zero-length input, which may have an invalid pointer. */
-    if( input_length == 0 )
-        return( PSA_SUCCESS );
-
-    status = psa_driver_wrapper_hash_update( operation, input, input_length );
-
-exit:
-    if( status != PSA_SUCCESS )
-        psa_hash_abort( operation );
-
-    return( status );
-}
-
-psa_status_t psa_hash_finish( psa_hash_operation_t *operation,
-                              uint8_t *hash,
-                              size_t hash_size,
-                              size_t *hash_length )
-{
-    *hash_length = 0;
-    if( operation->id == 0 )
-        return( PSA_ERROR_BAD_STATE );
-
-    psa_status_t status = psa_driver_wrapper_hash_finish(
-                            operation, hash, hash_size, hash_length );
-    psa_hash_abort( operation );
-    return( status );
-}
-
-psa_status_t psa_hash_verify( psa_hash_operation_t *operation,
-                              const uint8_t *hash,
-                              size_t hash_length )
-{
-    uint8_t actual_hash[PSA_HASH_MAX_SIZE];
-    size_t actual_hash_length;
-    psa_status_t status = psa_hash_finish(
-                            operation,
-                            actual_hash, sizeof( actual_hash ),
-                            &actual_hash_length );
-
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    if( actual_hash_length != hash_length )
-    {
-        status = PSA_ERROR_INVALID_SIGNATURE;
-        goto exit;
-    }
-
-    if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
-        status = PSA_ERROR_INVALID_SIGNATURE;
-
-exit:
-    mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
-    if( status != PSA_SUCCESS )
-        psa_hash_abort(operation);
-
-    return( status );
-}
-
-psa_status_t psa_hash_compute( psa_algorithm_t alg,
-                               const uint8_t *input, size_t input_length,
-                               uint8_t *hash, size_t hash_size,
-                               size_t *hash_length )
-{
-    *hash_length = 0;
-    if( !PSA_ALG_IS_HASH( alg ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    return( psa_driver_wrapper_hash_compute( alg, input, input_length,
-                                             hash, hash_size, hash_length ) );
-}
-
-psa_status_t psa_hash_compare( psa_algorithm_t alg,
-                               const uint8_t *input, size_t input_length,
-                               const uint8_t *hash, size_t hash_length )
-{
-    uint8_t actual_hash[PSA_HASH_MAX_SIZE];
-    size_t actual_hash_length;
-
-    if( !PSA_ALG_IS_HASH( alg ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    psa_status_t status = psa_driver_wrapper_hash_compute(
-                            alg, input, input_length,
-                            actual_hash, sizeof(actual_hash),
-                            &actual_hash_length );
-    if( status != PSA_SUCCESS )
-        goto exit;
-    if( actual_hash_length != hash_length )
-    {
-        status = PSA_ERROR_INVALID_SIGNATURE;
-        goto exit;
-    }
-    if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
-        status = PSA_ERROR_INVALID_SIGNATURE;
-
-exit:
-    mbedtls_platform_zeroize( actual_hash, sizeof( actual_hash ) );
-    return( status );
-}
-
-psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,
-                             psa_hash_operation_t *target_operation )
-{
-    if( source_operation->id == 0 ||
-        target_operation->id != 0 )
-    {
-        return( PSA_ERROR_BAD_STATE );
-    }
-
-    psa_status_t status = psa_driver_wrapper_hash_clone( source_operation,
-                                                         target_operation );
-    if( status != PSA_SUCCESS )
-        psa_hash_abort( target_operation );
-
-    return( status );
-}
-
-
-/****************************************************************/
-/* MAC */
-/****************************************************************/
-
-psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
-{
-    /* Aborting a non-active operation is allowed */
-    if( operation->id == 0 )
-        return( PSA_SUCCESS );
-
-    psa_status_t status = psa_driver_wrapper_mac_abort( operation );
-    operation->mac_size = 0;
-    operation->is_sign = 0;
-    operation->id = 0;
-
-    return( status );
-}
-
-static psa_status_t psa_mac_finalize_alg_and_key_validation(
-    psa_algorithm_t alg,
-    const psa_key_attributes_t *attributes,
-    uint8_t *mac_size )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_type_t key_type = psa_get_key_type( attributes );
-    size_t key_bits = psa_get_key_bits( attributes );
-
-    if( ! PSA_ALG_IS_MAC( alg ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    /* Validate the combination of key type and algorithm */
-    status = psa_mac_key_can_do( alg, key_type );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    /* Get the output length for the algorithm and key combination */
-    *mac_size = PSA_MAC_LENGTH( key_type, key_bits, alg );
-
-    if( *mac_size < 4 )
-    {
-        /* A very short MAC is too short for security since it can be
-         * brute-forced. Ancient protocols with 32-bit MACs do exist,
-         * so we make this our minimum, even though 32 bits is still
-         * too small for security. */
-        return( PSA_ERROR_NOT_SUPPORTED );
-    }
-
-    if( *mac_size > PSA_MAC_LENGTH( key_type, key_bits,
-                                    PSA_ALG_FULL_LENGTH_MAC( alg ) ) )
-    {
-        /* It's impossible to "truncate" to a larger length than the full length
-         * of the algorithm. */
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-
-    if( *mac_size > PSA_MAC_MAX_SIZE )
-    {
-        /* PSA_MAC_LENGTH returns the correct length even for a MAC algorithm
-         * that is disabled in the compile-time configuration. The result can
-         * therefore be larger than PSA_MAC_MAX_SIZE, which does take the
-         * configuration into account. In this case, force a return of
-         * PSA_ERROR_NOT_SUPPORTED here. Otherwise psa_mac_verify(), or
-         * psa_mac_compute(mac_size=PSA_MAC_MAX_SIZE), would return
-         * PSA_ERROR_BUFFER_TOO_SMALL for an unsupported algorithm whose MAC size
-         * is larger than PSA_MAC_MAX_SIZE, which is misleading and which breaks
-         * systematically generated tests. */
-        return( PSA_ERROR_NOT_SUPPORTED );
-    }
-
-    return( PSA_SUCCESS );
-}
-
-static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
-                                   mbedtls_svc_key_id_t key,
-                                   psa_algorithm_t alg,
-                                   int is_sign )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot = NULL;
-
-    /* A context must be freshly initialized before it can be set up. */
-    if( operation->id != 0 )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    status = psa_get_and_lock_key_slot_with_policy(
-                 key,
-                 &slot,
-                 is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
-                 alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    psa_key_attributes_t attributes = {
-        .core = slot->attr
-    };
-
-    status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
-                                                      &operation->mac_size );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    operation->is_sign = is_sign;
-    /* Dispatch the MAC setup call with validated input */
-    if( is_sign )
-    {
-        status = psa_driver_wrapper_mac_sign_setup( operation,
-                                                    &attributes,
-                                                    slot->key.data,
-                                                    slot->key.bytes,
-                                                    alg );
-    }
-    else
-    {
-        status = psa_driver_wrapper_mac_verify_setup( operation,
-                                                      &attributes,
-                                                      slot->key.data,
-                                                      slot->key.bytes,
-                                                      alg );
-    }
-
-exit:
-    if( status != PSA_SUCCESS )
-        psa_mac_abort( operation );
-
-    unlock_status = psa_unlock_key_slot( slot );
-
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
-
-psa_status_t psa_mac_sign_setup( psa_mac_operation_t *operation,
-                                 mbedtls_svc_key_id_t key,
-                                 psa_algorithm_t alg )
-{
-    return( psa_mac_setup( operation, key, alg, 1 ) );
-}
-
-psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation,
-                                   mbedtls_svc_key_id_t key,
-                                   psa_algorithm_t alg )
-{
-    return( psa_mac_setup( operation, key, alg, 0 ) );
-}
-
-psa_status_t psa_mac_update( psa_mac_operation_t *operation,
-                             const uint8_t *input,
-                             size_t input_length )
-{
-    if( operation->id == 0 )
-        return( PSA_ERROR_BAD_STATE );
-
-    /* Don't require hash implementations to behave correctly on a
-     * zero-length input, which may have an invalid pointer. */
-    if( input_length == 0 )
-        return( PSA_SUCCESS );
-
-    psa_status_t status = psa_driver_wrapper_mac_update( operation,
-                                                         input, input_length );
-    if( status != PSA_SUCCESS )
-        psa_mac_abort( operation );
-
-    return( status );
-}
-
-psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
-                                  uint8_t *mac,
-                                  size_t mac_size,
-                                  size_t *mac_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    if( operation->id == 0 )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    if( ! operation->is_sign )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    /* Sanity check. This will guarantee that mac_size != 0 (and so mac != NULL)
-     * once all the error checks are done. */
-    if( operation->mac_size == 0 )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    if( mac_size < operation->mac_size )
-    {
-        status = PSA_ERROR_BUFFER_TOO_SMALL;
-        goto exit;
-    }
-
-    status = psa_driver_wrapper_mac_sign_finish( operation,
-                                                 mac, operation->mac_size,
-                                                 mac_length );
-
-exit:
-    /* In case of success, set the potential excess room in the output buffer
-     * to an invalid value, to avoid potentially leaking a longer MAC.
-     * In case of error, set the output length and content to a safe default,
-     * such that in case the caller misses an error check, the output would be
-     * an unachievable MAC.
-     */
-    if( status != PSA_SUCCESS )
-    {
-        *mac_length = mac_size;
-        operation->mac_size = 0;
-    }
-
-    if( mac_size > operation->mac_size )
-        memset( &mac[operation->mac_size], '!',
-                mac_size - operation->mac_size );
-
-    abort_status = psa_mac_abort( operation );
-
-    return( status == PSA_SUCCESS ? abort_status : status );
-}
-
-psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
-                                    const uint8_t *mac,
-                                    size_t mac_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    if( operation->id == 0 )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    if( operation->is_sign )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    if( operation->mac_size != mac_length )
-    {
-        status = PSA_ERROR_INVALID_SIGNATURE;
-        goto exit;
-    }
-
-    status = psa_driver_wrapper_mac_verify_finish( operation,
-                                                   mac, mac_length );
-
-exit:
-    abort_status = psa_mac_abort( operation );
-
-    return( status == PSA_SUCCESS ? abort_status : status );
-}
-
-static psa_status_t psa_mac_compute_internal( mbedtls_svc_key_id_t key,
-                                              psa_algorithm_t alg,
-                                              const uint8_t *input,
-                                              size_t input_length,
-                                              uint8_t *mac,
-                                              size_t mac_size,
-                                              size_t *mac_length,
-                                              int is_sign )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
-    uint8_t operation_mac_size = 0;
-
-    status = psa_get_and_lock_key_slot_with_policy(
-                 key,
-                 &slot,
-                 is_sign ? PSA_KEY_USAGE_SIGN_MESSAGE : PSA_KEY_USAGE_VERIFY_MESSAGE,
-                 alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    psa_key_attributes_t attributes = {
-        .core = slot->attr
-    };
-
-    status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
-                                                      &operation_mac_size );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    if( mac_size < operation_mac_size )
-    {
-        status = PSA_ERROR_BUFFER_TOO_SMALL;
-        goto exit;
-    }
-
-    status = psa_driver_wrapper_mac_compute(
-                 &attributes,
-                 slot->key.data, slot->key.bytes,
-                 alg,
-                 input, input_length,
-                 mac, operation_mac_size, mac_length );
-
-exit:
-    /* In case of success, set the potential excess room in the output buffer
-     * to an invalid value, to avoid potentially leaking a longer MAC.
-     * In case of error, set the output length and content to a safe default,
-     * such that in case the caller misses an error check, the output would be
-     * an unachievable MAC.
-     */
-    if( status != PSA_SUCCESS )
-    {
-        *mac_length = mac_size;
-        operation_mac_size = 0;
-    }
-    if( mac_size > operation_mac_size )
-        memset( &mac[operation_mac_size], '!', mac_size - operation_mac_size );
-
-    unlock_status = psa_unlock_key_slot( slot );
-
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
-
-psa_status_t psa_mac_compute( mbedtls_svc_key_id_t key,
-                              psa_algorithm_t alg,
-                              const uint8_t *input,
-                              size_t input_length,
-                              uint8_t *mac,
-                              size_t mac_size,
-                              size_t *mac_length)
-{
-    return( psa_mac_compute_internal( key, alg,
-                                      input, input_length,
-                                      mac, mac_size, mac_length, 1 ) );
-}
-
-psa_status_t psa_mac_verify( mbedtls_svc_key_id_t key,
-                             psa_algorithm_t alg,
-                             const uint8_t *input,
-                             size_t input_length,
-                             const uint8_t *mac,
-                             size_t mac_length)
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    uint8_t actual_mac[PSA_MAC_MAX_SIZE];
-    size_t actual_mac_length;
-
-    status = psa_mac_compute_internal( key, alg,
-                                       input, input_length,
-                                       actual_mac, sizeof( actual_mac ),
-                                       &actual_mac_length, 0 );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    if( mac_length != actual_mac_length )
-    {
-        status = PSA_ERROR_INVALID_SIGNATURE;
-        goto exit;
-    }
-    if( mbedtls_psa_safer_memcmp( mac, actual_mac, actual_mac_length ) != 0 )
-    {
-        status = PSA_ERROR_INVALID_SIGNATURE;
-        goto exit;
-    }
-
-exit:
-    mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
-
-    return ( status );
-}
-
-/****************************************************************/
-/* Asymmetric cryptography */
-/****************************************************************/
-
-static psa_status_t psa_sign_verify_check_alg( int input_is_message,
-                                               psa_algorithm_t alg )
-{
-    if( input_is_message )
-    {
-        if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-
-        if ( PSA_ALG_IS_SIGN_HASH( alg ) )
-        {
-            if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
-                return( PSA_ERROR_INVALID_ARGUMENT );
-        }
-    }
-    else
-    {
-        if( ! PSA_ALG_IS_SIGN_HASH( alg ) )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-
-    return( PSA_SUCCESS );
-}
-
-static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key,
-                                       int input_is_message,
-                                       psa_algorithm_t alg,
-                                       const uint8_t * input,
-                                       size_t input_length,
-                                       uint8_t * signature,
-                                       size_t signature_size,
-                                       size_t * signature_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
-
-    *signature_length = 0;
-
-    status = psa_sign_verify_check_alg( input_is_message, alg );
-    if( status != PSA_SUCCESS )
-        return status;
-
-    /* Immediately reject a zero-length signature buffer. This guarantees
-     * that signature must be a valid pointer. (On the other hand, the input
-     * buffer can in principle be empty since it doesn't actually have
-     * to be a hash.) */
-    if( signature_size == 0 )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
-
-    status = psa_get_and_lock_key_slot_with_policy(
-                key, &slot,
-                input_is_message ? PSA_KEY_USAGE_SIGN_MESSAGE :
-                                   PSA_KEY_USAGE_SIGN_HASH,
-                alg );
-
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
-    psa_key_attributes_t attributes = {
-      .core = slot->attr
-    };
-
-    if( input_is_message )
-    {
-        status = psa_driver_wrapper_sign_message(
-            &attributes, slot->key.data, slot->key.bytes,
-            alg, input, input_length,
-            signature, signature_size, signature_length );
-    }
-    else
-    {
-
-        status = psa_driver_wrapper_sign_hash(
-            &attributes, slot->key.data, slot->key.bytes,
-            alg, input, input_length,
-            signature, signature_size, signature_length );
-    }
-
-
-exit:
-    /* Fill the unused part of the output buffer (the whole buffer on error,
-     * the trailing part on success) with something that isn't a valid signature
-     * (barring an attack on the signature and deliberately-crafted input),
-     * in case the caller doesn't check the return status properly. */
-    if( status == PSA_SUCCESS )
-        memset( signature + *signature_length, '!',
-                signature_size - *signature_length );
-    else
-        memset( signature, '!', signature_size );
-    /* If signature_size is 0 then we have nothing to do. We must not call
-     * memset because signature may be NULL in this case. */
-
-    unlock_status = psa_unlock_key_slot( slot );
-
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
-
-static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key,
-                                         int input_is_message,
-                                         psa_algorithm_t alg,
-                                         const uint8_t * input,
-                                         size_t input_length,
-                                         const uint8_t * signature,
-                                         size_t signature_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
-
-    status = psa_sign_verify_check_alg( input_is_message, alg );
-    if( status != PSA_SUCCESS )
-        return status;
-
-    status = psa_get_and_lock_key_slot_with_policy(
-                key, &slot,
-                input_is_message ? PSA_KEY_USAGE_VERIFY_MESSAGE :
-                                   PSA_KEY_USAGE_VERIFY_HASH,
-                alg );
-
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    psa_key_attributes_t attributes = {
-      .core = slot->attr
-    };
-
-    if( input_is_message )
-    {
-        status = psa_driver_wrapper_verify_message(
-            &attributes, slot->key.data, slot->key.bytes,
-            alg, input, input_length,
-            signature, signature_length );
-    }
-    else
-    {
-        status = psa_driver_wrapper_verify_hash(
-            &attributes, slot->key.data, slot->key.bytes,
-            alg, input, input_length,
-            signature, signature_length );
-    }
-
-    unlock_status = psa_unlock_key_slot( slot );
-
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-
-}
-
-psa_status_t psa_sign_message_builtin(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *signature,
-    size_t signature_size,
-    size_t *signature_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    if ( PSA_ALG_IS_SIGN_HASH( alg ) )
-    {
-        size_t hash_length;
-        uint8_t hash[PSA_HASH_MAX_SIZE];
-
-        status = psa_driver_wrapper_hash_compute(
-                    PSA_ALG_SIGN_GET_HASH( alg ),
-                    input, input_length,
-                    hash, sizeof( hash ), &hash_length );
-
-        if( status != PSA_SUCCESS )
-            return status;
-
-        return psa_driver_wrapper_sign_hash(
-                    attributes, key_buffer, key_buffer_size,
-                    alg, hash, hash_length,
-                    signature, signature_size, signature_length );
-    }
-
-    return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
-                               psa_algorithm_t alg,
-                               const uint8_t * input,
-                               size_t input_length,
-                               uint8_t * signature,
-                               size_t signature_size,
-                               size_t * signature_length )
-{
-    return psa_sign_internal(
-        key, 1, alg, input, input_length,
-        signature, signature_size, signature_length );
-}
-
-psa_status_t psa_verify_message_builtin(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    const uint8_t *signature,
-    size_t signature_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    if ( PSA_ALG_IS_SIGN_HASH( alg ) )
-    {
-        size_t hash_length;
-        uint8_t hash[PSA_HASH_MAX_SIZE];
-
-        status = psa_driver_wrapper_hash_compute(
-                    PSA_ALG_SIGN_GET_HASH( alg ),
-                    input, input_length,
-                    hash, sizeof( hash ), &hash_length );
-
-        if( status != PSA_SUCCESS )
-            return status;
-
-        return psa_driver_wrapper_verify_hash(
-                    attributes, key_buffer, key_buffer_size,
-                    alg, hash, hash_length,
-                    signature, signature_length );
-    }
-
-    return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
-                                 psa_algorithm_t alg,
-                                 const uint8_t * input,
-                                 size_t input_length,
-                                 const uint8_t * signature,
-                                 size_t signature_length )
-{
-    return psa_verify_internal(
-        key, 1, alg, input, input_length,
-        signature, signature_length );
-}
-
-psa_status_t psa_sign_hash_builtin(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length )
-{
-    if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
-    {
-        if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
-            PSA_ALG_IS_RSA_PSS( alg) )
-        {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
-            return( mbedtls_psa_rsa_sign_hash(
-                        attributes,
-                        key_buffer, key_buffer_size,
-                        alg, hash, hash_length,
-                        signature, signature_size, signature_length ) );
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
-        }
-        else
-        {
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        }
-    }
-    else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
-    {
-        if( PSA_ALG_IS_ECDSA( alg ) )
-        {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
-            return( mbedtls_psa_ecdsa_sign_hash(
-                        attributes,
-                        key_buffer, key_buffer_size,
-                        alg, hash, hash_length,
-                        signature, signature_size, signature_length ) );
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
-        }
-        else
-        {
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        }
-    }
-
-    (void)key_buffer;
-    (void)key_buffer_size;
-    (void)hash;
-    (void)hash_length;
-    (void)signature;
-    (void)signature_size;
-    (void)signature_length;
-
-    return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key,
-                            psa_algorithm_t alg,
-                            const uint8_t *hash,
-                            size_t hash_length,
-                            uint8_t *signature,
-                            size_t signature_size,
-                            size_t *signature_length )
-{
-    return psa_sign_internal(
-        key, 0, alg, hash, hash_length,
-        signature, signature_size, signature_length );
-}
-
-psa_status_t psa_verify_hash_builtin(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length )
-{
-    if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
-    {
-        if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ||
-            PSA_ALG_IS_RSA_PSS( alg) )
-        {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
-            return( mbedtls_psa_rsa_verify_hash(
-                        attributes,
-                        key_buffer, key_buffer_size,
-                        alg, hash, hash_length,
-                        signature, signature_length ) );
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
-        }
-        else
-        {
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        }
-    }
-    else if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
-    {
-        if( PSA_ALG_IS_ECDSA( alg ) )
-        {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
-            return( mbedtls_psa_ecdsa_verify_hash(
-                        attributes,
-                        key_buffer, key_buffer_size,
-                        alg, hash, hash_length,
-                        signature, signature_length ) );
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
-        }
-        else
-        {
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        }
-    }
-
-    (void)key_buffer;
-    (void)key_buffer_size;
-    (void)hash;
-    (void)hash_length;
-    (void)signature;
-    (void)signature_length;
-
-    return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key,
-                              psa_algorithm_t alg,
-                              const uint8_t *hash,
-                              size_t hash_length,
-                              const uint8_t *signature,
-                              size_t signature_length )
-{
-    return psa_verify_internal(
-        key, 0, alg, hash, hash_length,
-        signature, signature_length );
-}
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg,
-                                           mbedtls_rsa_context *rsa )
-{
-    psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH( alg );
-    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
-    mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
-    mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
-}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
-
-psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key,
-                                     psa_algorithm_t alg,
-                                     const uint8_t *input,
-                                     size_t input_length,
-                                     const uint8_t *salt,
-                                     size_t salt_length,
-                                     uint8_t *output,
-                                     size_t output_size,
-                                     size_t *output_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
-
-    (void) input;
-    (void) input_length;
-    (void) salt;
-    (void) output;
-    (void) output_size;
-
-    *output_length = 0;
-
-    if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    status = psa_get_and_lock_transparent_key_slot_with_policy(
-                 key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
-    if( status != PSA_SUCCESS )
-        return( status );
-    if( ! ( PSA_KEY_TYPE_IS_PUBLIC_KEY( slot->attr.type ) ||
-            PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
-    if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-        mbedtls_rsa_context *rsa = NULL;
-        status = mbedtls_psa_rsa_load_representation( slot->attr.type,
-                                                      slot->key.data,
-                                                      slot->key.bytes,
-                                                      &rsa );
-        if( status != PSA_SUCCESS )
-            goto rsa_exit;
-
-        if( output_size < mbedtls_rsa_get_len( rsa ) )
-        {
-            status = PSA_ERROR_BUFFER_TOO_SMALL;
-            goto rsa_exit;
-        }
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
-        if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
-        {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
-            status = mbedtls_to_psa_error(
-                    mbedtls_rsa_pkcs1_encrypt( rsa,
-                                               mbedtls_psa_get_random,
-                                               MBEDTLS_PSA_RANDOM_STATE,
-                                               MBEDTLS_RSA_PUBLIC,
-                                               input_length,
-                                               input,
-                                               output ) );
-#else
-            status = PSA_ERROR_NOT_SUPPORTED;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
-        }
-        else
-        if( PSA_ALG_IS_RSA_OAEP( alg ) )
-        {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-            psa_rsa_oaep_set_padding_mode( alg, rsa );
-            status = mbedtls_to_psa_error(
-                mbedtls_rsa_rsaes_oaep_encrypt( rsa,
-                                                mbedtls_psa_get_random,
-                                                MBEDTLS_PSA_RANDOM_STATE,
-                                                MBEDTLS_RSA_PUBLIC,
-                                                salt, salt_length,
-                                                input_length,
-                                                input,
-                                                output ) );
-#else
-            status = PSA_ERROR_NOT_SUPPORTED;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
-        }
-        else
-        {
-            status = PSA_ERROR_INVALID_ARGUMENT;
-        }
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-rsa_exit:
-        if( status == PSA_SUCCESS )
-            *output_length = mbedtls_rsa_get_len( rsa );
-
-        mbedtls_rsa_free( rsa );
-        mbedtls_free( rsa );
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
-    }
-    else
-    {
-        status = PSA_ERROR_NOT_SUPPORTED;
-    }
-
-exit:
-    unlock_status = psa_unlock_key_slot( slot );
-
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
-
-psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
-                                     psa_algorithm_t alg,
-                                     const uint8_t *input,
-                                     size_t input_length,
-                                     const uint8_t *salt,
-                                     size_t salt_length,
-                                     uint8_t *output,
-                                     size_t output_size,
-                                     size_t *output_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
-
-    (void) input;
-    (void) input_length;
-    (void) salt;
-    (void) output;
-    (void) output_size;
-
-    *output_length = 0;
-
-    if( ! PSA_ALG_IS_RSA_OAEP( alg ) && salt_length != 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    status = psa_get_and_lock_transparent_key_slot_with_policy(
-                 key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
-    if( status != PSA_SUCCESS )
-        return( status );
-    if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
-    if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-        mbedtls_rsa_context *rsa = NULL;
-        status = mbedtls_psa_rsa_load_representation( slot->attr.type,
-                                                      slot->key.data,
-                                                      slot->key.bytes,
-                                                      &rsa );
-        if( status != PSA_SUCCESS )
-            goto exit;
-
-        if( input_length != mbedtls_rsa_get_len( rsa ) )
-        {
-            status = PSA_ERROR_INVALID_ARGUMENT;
-            goto rsa_exit;
-        }
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
-
-        if( alg == PSA_ALG_RSA_PKCS1V15_CRYPT )
-        {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT)
-            status = mbedtls_to_psa_error(
-                mbedtls_rsa_pkcs1_decrypt( rsa,
-                                           mbedtls_psa_get_random,
-                                           MBEDTLS_PSA_RANDOM_STATE,
-                                           MBEDTLS_RSA_PRIVATE,
-                                           output_length,
-                                           input,
-                                           output,
-                                           output_size ) );
-#else
-            status = PSA_ERROR_NOT_SUPPORTED;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT */
-        }
-        else
-        if( PSA_ALG_IS_RSA_OAEP( alg ) )
-        {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-            psa_rsa_oaep_set_padding_mode( alg, rsa );
-            status = mbedtls_to_psa_error(
-                mbedtls_rsa_rsaes_oaep_decrypt( rsa,
-                                                mbedtls_psa_get_random,
-                                                MBEDTLS_PSA_RANDOM_STATE,
-                                                MBEDTLS_RSA_PRIVATE,
-                                                salt, salt_length,
-                                                output_length,
-                                                input,
-                                                output,
-                                                output_size ) );
-#else
-            status = PSA_ERROR_NOT_SUPPORTED;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP */
-        }
-        else
-        {
-            status = PSA_ERROR_INVALID_ARGUMENT;
-        }
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
-rsa_exit:
-        mbedtls_rsa_free( rsa );
-        mbedtls_free( rsa );
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */
-    }
-    else
-    {
-        status = PSA_ERROR_NOT_SUPPORTED;
-    }
-
-exit:
-    unlock_status = psa_unlock_key_slot( slot );
-
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
-
-
-
-/****************************************************************/
-/* Symmetric cryptography */
-/****************************************************************/
-
-static psa_status_t psa_cipher_setup( psa_cipher_operation_t *operation,
-                                      mbedtls_svc_key_id_t key,
-                                      psa_algorithm_t alg,
-                                      mbedtls_operation_t cipher_operation )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot = NULL;
-    psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ?
-                              PSA_KEY_USAGE_ENCRYPT :
-                              PSA_KEY_USAGE_DECRYPT );
-
-    /* A context must be freshly initialized before it can be set up. */
-    if( operation->id != 0 )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    if( ! PSA_ALG_IS_CIPHER( alg ) )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
-    status = psa_get_and_lock_key_slot_with_policy( key, &slot, usage, alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* Initialize the operation struct members, except for id. The id member
-     * is used to indicate to psa_cipher_abort that there are resources to free,
-     * so we only set it (in the driver wrapper) after resources have been
-     * allocated/initialized. */
-    operation->iv_set = 0;
-    if( alg == PSA_ALG_ECB_NO_PADDING )
-        operation->iv_required = 0;
-    else if( slot->attr.type == PSA_KEY_TYPE_ARC4 )
-        operation->iv_required = 0;
-    else
-        operation->iv_required = 1;
-    operation->default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
-
-    psa_key_attributes_t attributes = {
-      .core = slot->attr
-    };
-
-    /* Try doing the operation through a driver before using software fallback. */
-    if( cipher_operation == MBEDTLS_ENCRYPT )
-        status = psa_driver_wrapper_cipher_encrypt_setup( operation,
-                                                          &attributes,
-                                                          slot->key.data,
-                                                          slot->key.bytes,
-                                                          alg );
-    else
-        status = psa_driver_wrapper_cipher_decrypt_setup( operation,
-                                                          &attributes,
-                                                          slot->key.data,
-                                                          slot->key.bytes,
-                                                          alg );
-
-exit:
-    if( status != PSA_SUCCESS )
-        psa_cipher_abort( operation );
-
-    unlock_status = psa_unlock_key_slot( slot );
-
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
-
-psa_status_t psa_cipher_encrypt_setup( psa_cipher_operation_t *operation,
-                                       mbedtls_svc_key_id_t key,
-                                       psa_algorithm_t alg )
-{
-    return( psa_cipher_setup( operation, key, alg, MBEDTLS_ENCRYPT ) );
-}
-
-psa_status_t psa_cipher_decrypt_setup( psa_cipher_operation_t *operation,
-                                       mbedtls_svc_key_id_t key,
-                                       psa_algorithm_t alg )
-{
-    return( psa_cipher_setup( operation, key, alg, MBEDTLS_DECRYPT ) );
-}
-
-psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
-                                     uint8_t *iv,
-                                     size_t iv_size,
-                                     size_t *iv_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
-    size_t default_iv_length;
-
-    if( operation->id == 0 )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    if( operation->iv_set || ! operation->iv_required )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    default_iv_length = operation->default_iv_length;
-    if( iv_size < default_iv_length )
-    {
-        status = PSA_ERROR_BUFFER_TOO_SMALL;
-        goto exit;
-    }
-
-    if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
-    {
-        status = PSA_ERROR_GENERIC_ERROR;
-        goto exit;
-    }
-
-    status = psa_generate_random( local_iv, default_iv_length );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_driver_wrapper_cipher_set_iv( operation,
-                                               local_iv, default_iv_length );
-
-exit:
-    if( status == PSA_SUCCESS )
-    {
-        memcpy( iv, local_iv, default_iv_length );
-        *iv_length = default_iv_length;
-        operation->iv_set = 1;
-    }
-    else
-    {
-        *iv_length = 0;
-        psa_cipher_abort( operation );
-    }
-
-    return( status );
-}
-
-psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
-                                const uint8_t *iv,
-                                size_t iv_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    if( operation->id == 0 )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    if( operation->iv_set || ! operation->iv_required )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    if( iv_length > PSA_CIPHER_IV_MAX_SIZE )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
-    status = psa_driver_wrapper_cipher_set_iv( operation,
-                                               iv,
-                                               iv_length );
-
-exit:
-    if( status == PSA_SUCCESS )
-        operation->iv_set = 1;
-    else
-        psa_cipher_abort( operation );
-    return( status );
-}
-
-psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
-                                const uint8_t *input,
-                                size_t input_length,
-                                uint8_t *output,
-                                size_t output_size,
-                                size_t *output_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    if( operation->id == 0 )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    if( operation->iv_required && ! operation->iv_set )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    status = psa_driver_wrapper_cipher_update( operation,
-                                               input,
-                                               input_length,
-                                               output,
-                                               output_size,
-                                               output_length );
-
-exit:
-    if( status != PSA_SUCCESS )
-        psa_cipher_abort( operation );
-
-    return( status );
-}
-
-psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
-                                uint8_t *output,
-                                size_t output_size,
-                                size_t *output_length )
-{
-    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
-
-    if( operation->id == 0 )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    if( operation->iv_required && ! operation->iv_set )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto exit;
-    }
-
-    status = psa_driver_wrapper_cipher_finish( operation,
-                                               output,
-                                               output_size,
-                                               output_length );
-
-exit:
-    if( status == PSA_SUCCESS )
-        return( psa_cipher_abort( operation ) );
-    else
-    {
-        *output_length = 0;
-        (void) psa_cipher_abort( operation );
-
-        return( status );
-    }
-}
-
-psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation )
-{
-    if( operation->id == 0 )
-    {
-        /* The object has (apparently) been initialized but it is not (yet)
-         * in use. It's ok to call abort on such an object, and there's
-         * nothing to do. */
-        return( PSA_SUCCESS );
-    }
-
-    psa_driver_wrapper_cipher_abort( operation );
-
-    operation->id = 0;
-    operation->iv_set = 0;
-    operation->iv_required = 0;
-
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key,
-                                 psa_algorithm_t alg,
-                                 const uint8_t *input,
-                                 size_t input_length,
-                                 uint8_t *output,
-                                 size_t output_size,
-                                 size_t *output_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot = NULL;
-    uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
-    size_t default_iv_length = 0;
-
-    if( ! PSA_ALG_IS_CIPHER( alg ) )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
-    status = psa_get_and_lock_key_slot_with_policy( key, &slot,
-                                                    PSA_KEY_USAGE_ENCRYPT,
-                                                    alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    psa_key_attributes_t attributes = {
-      .core = slot->attr
-    };
-
-    default_iv_length = PSA_CIPHER_IV_LENGTH( slot->attr.type, alg );
-    if( default_iv_length > PSA_CIPHER_IV_MAX_SIZE )
-    {
-        status = PSA_ERROR_GENERIC_ERROR;
-        goto exit;
-    }
-
-    if( default_iv_length > 0 )
-    {
-        if( output_size < default_iv_length )
-        {
-            status = PSA_ERROR_BUFFER_TOO_SMALL;
-            goto exit;
-        }
-
-        status = psa_generate_random( local_iv, default_iv_length );
-        if( status != PSA_SUCCESS )
-            goto exit;
-    }
-
-    status = psa_driver_wrapper_cipher_encrypt(
-        &attributes, slot->key.data, slot->key.bytes,
-        alg, local_iv, default_iv_length, input, input_length,
-        mbedtls_buffer_offset( output, default_iv_length ),
-        output_size - default_iv_length, output_length );
-
-exit:
-    unlock_status = psa_unlock_key_slot( slot );
-    if( status == PSA_SUCCESS )
-        status = unlock_status;
-
-    if( status == PSA_SUCCESS )
-    {
-        if( default_iv_length > 0 )
-            memcpy( output, local_iv, default_iv_length );
-        *output_length += default_iv_length;
-    }
-    else
-        *output_length = 0;
-
-    return( status );
-}
-
-psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
-                                 psa_algorithm_t alg,
-                                 const uint8_t *input,
-                                 size_t input_length,
-                                 uint8_t *output,
-                                 size_t output_size,
-                                 size_t *output_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot = NULL;
-
-    if( ! PSA_ALG_IS_CIPHER( alg ) )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
-    status = psa_get_and_lock_key_slot_with_policy( key, &slot,
-                                                    PSA_KEY_USAGE_DECRYPT,
-                                                    alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    psa_key_attributes_t attributes = {
-      .core = slot->attr
-    };
-
-    if( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
-    status = psa_driver_wrapper_cipher_decrypt(
-        &attributes, slot->key.data, slot->key.bytes,
-        alg, input, input_length,
-        output, output_size, output_length );
-
-exit:
-    unlock_status = psa_unlock_key_slot( slot );
-    if( status == PSA_SUCCESS )
-        status = unlock_status;
-
-    if( status != PSA_SUCCESS )
-        *output_length = 0;
-
-    return( status );
-}
-
-
-/****************************************************************/
-/* AEAD */
-/****************************************************************/
-
-psa_status_t psa_aead_encrypt( mbedtls_svc_key_id_t key,
-                               psa_algorithm_t alg,
-                               const uint8_t *nonce,
-                               size_t nonce_length,
-                               const uint8_t *additional_data,
-                               size_t additional_data_length,
-                               const uint8_t *plaintext,
-                               size_t plaintext_length,
-                               uint8_t *ciphertext,
-                               size_t ciphertext_size,
-                               size_t *ciphertext_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
-
-    *ciphertext_length = 0;
-
-    if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    status = psa_get_and_lock_key_slot_with_policy(
-                 key, &slot, PSA_KEY_USAGE_ENCRYPT, alg );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    psa_key_attributes_t attributes = {
-      .core = slot->attr
-    };
-
-    status = psa_driver_wrapper_aead_encrypt(
-        &attributes, slot->key.data, slot->key.bytes,
-        alg,
-        nonce, nonce_length,
-        additional_data, additional_data_length,
-        plaintext, plaintext_length,
-        ciphertext, ciphertext_size, ciphertext_length );
-
-    if( status != PSA_SUCCESS && ciphertext_size != 0 )
-        memset( ciphertext, 0, ciphertext_size );
-
-    psa_unlock_key_slot( slot );
-
-    return( status );
-}
-
-psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key,
-                               psa_algorithm_t alg,
-                               const uint8_t *nonce,
-                               size_t nonce_length,
-                               const uint8_t *additional_data,
-                               size_t additional_data_length,
-                               const uint8_t *ciphertext,
-                               size_t ciphertext_length,
-                               uint8_t *plaintext,
-                               size_t plaintext_size,
-                               size_t *plaintext_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
-
-    *plaintext_length = 0;
-
-    if( !PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_WILDCARD( alg ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    status = psa_get_and_lock_key_slot_with_policy(
-                 key, &slot, PSA_KEY_USAGE_DECRYPT, alg );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    psa_key_attributes_t attributes = {
-      .core = slot->attr
-    };
-
-    status = psa_driver_wrapper_aead_decrypt(
-        &attributes, slot->key.data, slot->key.bytes,
-        alg,
-        nonce, nonce_length,
-        additional_data, additional_data_length,
-        ciphertext, ciphertext_length,
-        plaintext, plaintext_size, plaintext_length );
-
-    if( status != PSA_SUCCESS && plaintext_size != 0 )
-        memset( plaintext, 0, plaintext_size );
-
-    psa_unlock_key_slot( slot );
-
-    return( status );
-}
-
-/****************************************************************/
-/* Generators */
-/****************************************************************/
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-#define AT_LEAST_ONE_BUILTIN_KDF
-#endif /* At least one builtin KDF */
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-static psa_status_t psa_key_derivation_start_hmac(
-    psa_mac_operation_t *operation,
-    psa_algorithm_t hash_alg,
-    const uint8_t *hmac_key,
-    size_t hmac_key_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
-    psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( hmac_key_length ) );
-    psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
-
-    operation->is_sign = 1;
-    operation->mac_size = PSA_HASH_LENGTH( hash_alg );
-
-    status = psa_driver_wrapper_mac_sign_setup( operation,
-                                                &attributes,
-                                                hmac_key, hmac_key_length,
-                                                PSA_ALG_HMAC( hash_alg ) );
-
-    psa_reset_key_attributes( &attributes );
-    return( status );
-}
-#endif /* KDF algorithms reliant on HMAC */
-
-#define HKDF_STATE_INIT 0 /* no input yet */
-#define HKDF_STATE_STARTED 1 /* got salt */
-#define HKDF_STATE_KEYED 2 /* got key */
-#define HKDF_STATE_OUTPUT 3 /* output started */
-
-static psa_algorithm_t psa_key_derivation_get_kdf_alg(
-    const psa_key_derivation_operation_t *operation )
-{
-    if ( PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
-        return( PSA_ALG_KEY_AGREEMENT_GET_KDF( operation->alg ) );
-    else
-        return( operation->alg );
-}
-
-psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation )
-{
-    psa_status_t status = PSA_SUCCESS;
-    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
-    if( kdf_alg == 0 )
-    {
-        /* The object has (apparently) been initialized but it is not
-         * in use. It's ok to call abort on such an object, and there's
-         * nothing to do. */
-    }
-    else
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
-    if( PSA_ALG_IS_HKDF( kdf_alg ) )
-    {
-        mbedtls_free( operation->ctx.hkdf.info );
-        status = psa_mac_abort( &operation->ctx.hkdf.hmac );
-    }
-    else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-    if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
-             /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */
-             PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
-    {
-        if( operation->ctx.tls12_prf.secret != NULL )
-        {
-            mbedtls_platform_zeroize( operation->ctx.tls12_prf.secret,
-                                      operation->ctx.tls12_prf.secret_length );
-            mbedtls_free( operation->ctx.tls12_prf.secret );
-        }
-
-        if( operation->ctx.tls12_prf.seed != NULL )
-        {
-            mbedtls_platform_zeroize( operation->ctx.tls12_prf.seed,
-                                      operation->ctx.tls12_prf.seed_length );
-            mbedtls_free( operation->ctx.tls12_prf.seed );
-        }
-
-        if( operation->ctx.tls12_prf.label != NULL )
-        {
-            mbedtls_platform_zeroize( operation->ctx.tls12_prf.label,
-                                      operation->ctx.tls12_prf.label_length );
-            mbedtls_free( operation->ctx.tls12_prf.label );
-        }
-
-        status = PSA_SUCCESS;
-
-        /* We leave the fields Ai and output_block to be erased safely by the
-         * mbedtls_platform_zeroize() in the end of this function. */
-    }
-    else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) */
-    {
-        status = PSA_ERROR_BAD_STATE;
-    }
-    mbedtls_platform_zeroize( operation, sizeof( *operation ) );
-    return( status );
-}
-
-psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation,
-                                        size_t *capacity)
-{
-    if( operation->alg == 0 )
-    {
-        /* This is a blank key derivation operation. */
-        return( PSA_ERROR_BAD_STATE );
-    }
-
-    *capacity = operation->capacity;
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *operation,
-                                         size_t capacity )
-{
-    if( operation->alg == 0 )
-        return( PSA_ERROR_BAD_STATE );
-    if( capacity > operation->capacity )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    operation->capacity = capacity;
-    return( PSA_SUCCESS );
-}
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
-/* Read some bytes from an HKDF-based operation. This performs a chunk
- * of the expand phase of the HKDF algorithm. */
-static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf,
-                                                  psa_algorithm_t hash_alg,
-                                                  uint8_t *output,
-                                                  size_t output_length )
-{
-    uint8_t hash_length = PSA_HASH_LENGTH( hash_alg );
-    size_t hmac_output_length;
-    psa_status_t status;
-
-    if( hkdf->state < HKDF_STATE_KEYED || ! hkdf->info_set )
-        return( PSA_ERROR_BAD_STATE );
-    hkdf->state = HKDF_STATE_OUTPUT;
-
-    while( output_length != 0 )
-    {
-        /* Copy what remains of the current block */
-        uint8_t n = hash_length - hkdf->offset_in_block;
-        if( n > output_length )
-            n = (uint8_t) output_length;
-        memcpy( output, hkdf->output_block + hkdf->offset_in_block, n );
-        output += n;
-        output_length -= n;
-        hkdf->offset_in_block += n;
-        if( output_length == 0 )
-            break;
-        /* We can't be wanting more output after block 0xff, otherwise
-         * the capacity check in psa_key_derivation_output_bytes() would have
-         * prevented this call. It could happen only if the operation
-         * object was corrupted or if this function is called directly
-         * inside the library. */
-        if( hkdf->block_number == 0xff )
-            return( PSA_ERROR_BAD_STATE );
-
-        /* We need a new block */
-        ++hkdf->block_number;
-        hkdf->offset_in_block = 0;
-
-        status = psa_key_derivation_start_hmac( &hkdf->hmac,
-                                                hash_alg,
-                                                hkdf->prk,
-                                                hash_length );
-        if( status != PSA_SUCCESS )
-            return( status );
-
-        if( hkdf->block_number != 1 )
-        {
-            status = psa_mac_update( &hkdf->hmac,
-                                     hkdf->output_block,
-                                     hash_length );
-            if( status != PSA_SUCCESS )
-                return( status );
-        }
-        status = psa_mac_update( &hkdf->hmac,
-                                 hkdf->info,
-                                 hkdf->info_length );
-        if( status != PSA_SUCCESS )
-            return( status );
-        status = psa_mac_update( &hkdf->hmac,
-                                 &hkdf->block_number, 1 );
-        if( status != PSA_SUCCESS )
-            return( status );
-        status = psa_mac_sign_finish( &hkdf->hmac,
-                                      hkdf->output_block,
-                                      sizeof( hkdf->output_block ),
-                                      &hmac_output_length );
-        if( status != PSA_SUCCESS )
-            return( status );
-    }
-
-    return( PSA_SUCCESS );
-}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-static psa_status_t psa_key_derivation_tls12_prf_generate_next_block(
-    psa_tls12_prf_key_derivation_t *tls12_prf,
-    psa_algorithm_t alg )
-{
-    psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg );
-    uint8_t hash_length = PSA_HASH_LENGTH( hash_alg );
-    psa_mac_operation_t hmac = PSA_MAC_OPERATION_INIT;
-    size_t hmac_output_length;
-    psa_status_t status, cleanup_status;
-
-    /* We can't be wanting more output after block 0xff, otherwise
-     * the capacity check in psa_key_derivation_output_bytes() would have
-     * prevented this call. It could happen only if the operation
-     * object was corrupted or if this function is called directly
-     * inside the library. */
-    if( tls12_prf->block_number == 0xff )
-        return( PSA_ERROR_CORRUPTION_DETECTED );
-
-    /* We need a new block */
-    ++tls12_prf->block_number;
-    tls12_prf->left_in_block = hash_length;
-
-    /* Recall the definition of the TLS-1.2-PRF from RFC 5246:
-     *
-     * PRF(secret, label, seed) = P_<hash>(secret, label + seed)
-     *
-     * P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
-     *                        HMAC_hash(secret, A(2) + seed) +
-     *                        HMAC_hash(secret, A(3) + seed) + ...
-     *
-     * A(0) = seed
-     * A(i) = HMAC_hash(secret, A(i-1))
-     *
-     * The `psa_tls12_prf_key_derivation` structure saves the block
-     * `HMAC_hash(secret, A(i) + seed)` from which the output
-     * is currently extracted as `output_block` and where i is
-     * `block_number`.
-     */
-
-    status = psa_key_derivation_start_hmac( &hmac,
-                                            hash_alg,
-                                            tls12_prf->secret,
-                                            tls12_prf->secret_length );
-    if( status != PSA_SUCCESS )
-        goto cleanup;
-
-    /* Calculate A(i) where i = tls12_prf->block_number. */
-    if( tls12_prf->block_number == 1 )
-    {
-        /* A(1) = HMAC_hash(secret, A(0)), where A(0) = seed. (The RFC overloads
-         * the variable seed and in this instance means it in the context of the
-         * P_hash function, where seed = label + seed.) */
-        status = psa_mac_update( &hmac,
-                                 tls12_prf->label,
-                                 tls12_prf->label_length );
-        if( status != PSA_SUCCESS )
-            goto cleanup;
-        status = psa_mac_update( &hmac,
-                                 tls12_prf->seed,
-                                 tls12_prf->seed_length );
-        if( status != PSA_SUCCESS )
-            goto cleanup;
-    }
-    else
-    {
-        /* A(i) = HMAC_hash(secret, A(i-1)) */
-        status = psa_mac_update( &hmac, tls12_prf->Ai, hash_length );
-        if( status != PSA_SUCCESS )
-            goto cleanup;
-    }
-
-    status = psa_mac_sign_finish( &hmac,
-                                  tls12_prf->Ai, hash_length,
-                                  &hmac_output_length );
-    if( hmac_output_length != hash_length )
-        status = PSA_ERROR_CORRUPTION_DETECTED;
-    if( status != PSA_SUCCESS )
-        goto cleanup;
-
-    /* Calculate HMAC_hash(secret, A(i) + label + seed). */
-    status = psa_key_derivation_start_hmac( &hmac,
-                                            hash_alg,
-                                            tls12_prf->secret,
-                                            tls12_prf->secret_length );
-    if( status != PSA_SUCCESS )
-        goto cleanup;
-    status = psa_mac_update( &hmac, tls12_prf->Ai, hash_length );
-    if( status != PSA_SUCCESS )
-        goto cleanup;
-    status = psa_mac_update( &hmac, tls12_prf->label, tls12_prf->label_length );
-    if( status != PSA_SUCCESS )
-        goto cleanup;
-    status = psa_mac_update( &hmac, tls12_prf->seed, tls12_prf->seed_length );
-    if( status != PSA_SUCCESS )
-        goto cleanup;
-    status = psa_mac_sign_finish( &hmac,
-                                  tls12_prf->output_block, hash_length,
-                                  &hmac_output_length );
-    if( status != PSA_SUCCESS )
-        goto cleanup;
-
-
-cleanup:
-    cleanup_status = psa_mac_abort( &hmac );
-    if( status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS )
-        status = cleanup_status;
-
-    return( status );
-}
-
-static psa_status_t psa_key_derivation_tls12_prf_read(
-    psa_tls12_prf_key_derivation_t *tls12_prf,
-    psa_algorithm_t alg,
-    uint8_t *output,
-    size_t output_length )
-{
-    psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg );
-    uint8_t hash_length = PSA_HASH_LENGTH( hash_alg );
-    psa_status_t status;
-    uint8_t offset, length;
-
-    switch( tls12_prf->state )
-    {
-        case PSA_TLS12_PRF_STATE_LABEL_SET:
-            tls12_prf->state = PSA_TLS12_PRF_STATE_OUTPUT;
-            break;
-        case PSA_TLS12_PRF_STATE_OUTPUT:
-            break;
-        default:
-            return( PSA_ERROR_BAD_STATE );
-    }
-
-    while( output_length != 0 )
-    {
-        /* Check if we have fully processed the current block. */
-        if( tls12_prf->left_in_block == 0 )
-        {
-            status = psa_key_derivation_tls12_prf_generate_next_block( tls12_prf,
-                                                                       alg );
-            if( status != PSA_SUCCESS )
-                return( status );
-
-            continue;
-        }
-
-        if( tls12_prf->left_in_block > output_length )
-            length = (uint8_t) output_length;
-        else
-            length = tls12_prf->left_in_block;
-
-        offset = hash_length - tls12_prf->left_in_block;
-        memcpy( output, tls12_prf->output_block + offset, length );
-        output += length;
-        output_length -= length;
-        tls12_prf->left_in_block -= length;
-    }
-
-    return( PSA_SUCCESS );
-}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF ||
-        * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
-
-psa_status_t psa_key_derivation_output_bytes(
-    psa_key_derivation_operation_t *operation,
-    uint8_t *output,
-    size_t output_length )
-{
-    psa_status_t status;
-    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
-
-    if( operation->alg == 0 )
-    {
-        /* This is a blank operation. */
-        return( PSA_ERROR_BAD_STATE );
-    }
-
-    if( output_length > operation->capacity )
-    {
-        operation->capacity = 0;
-        /* Go through the error path to wipe all confidential data now
-         * that the operation object is useless. */
-        status = PSA_ERROR_INSUFFICIENT_DATA;
-        goto exit;
-    }
-    if( output_length == 0 && operation->capacity == 0 )
-    {
-        /* Edge case: this is a finished operation, and 0 bytes
-         * were requested. The right error in this case could
-         * be either INSUFFICIENT_CAPACITY or BAD_STATE. Return
-         * INSUFFICIENT_CAPACITY, which is right for a finished
-         * operation, for consistency with the case when
-         * output_length > 0. */
-        return( PSA_ERROR_INSUFFICIENT_DATA );
-    }
-    operation->capacity -= output_length;
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
-    if( PSA_ALG_IS_HKDF( kdf_alg ) )
-    {
-        psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
-        status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, hash_alg,
-                                          output, output_length );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-    if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
-        PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
-    {
-        status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf,
-                                                    kdf_alg, output,
-                                                    output_length );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF ||
-        * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
-    {
-        (void) kdf_alg;
-        return( PSA_ERROR_BAD_STATE );
-    }
-
-exit:
-    if( status != PSA_SUCCESS )
-    {
-        /* Preserve the algorithm upon errors, but clear all sensitive state.
-         * This allows us to differentiate between exhausted operations and
-         * blank operations, so we can return PSA_ERROR_BAD_STATE on blank
-         * operations. */
-        psa_algorithm_t alg = operation->alg;
-        psa_key_derivation_abort( operation );
-        operation->alg = alg;
-        memset( output, '!', output_length );
-    }
-    return( status );
-}
-
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
-static void psa_des_set_key_parity( uint8_t *data, size_t data_size )
-{
-    if( data_size >= 8 )
-        mbedtls_des_key_set_parity( data );
-    if( data_size >= 16 )
-        mbedtls_des_key_set_parity( data + 8 );
-    if( data_size >= 24 )
-        mbedtls_des_key_set_parity( data + 16 );
-}
-#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */
-
-static psa_status_t psa_generate_derived_key_internal(
-    psa_key_slot_t *slot,
-    size_t bits,
-    psa_key_derivation_operation_t *operation )
-{
-    uint8_t *data = NULL;
-    size_t bytes = PSA_BITS_TO_BYTES( bits );
-    psa_status_t status;
-
-    if( ! key_type_is_raw_bytes( slot->attr.type ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    if( bits % 8 != 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    data = mbedtls_calloc( 1, bytes );
-    if( data == NULL )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-    status = psa_key_derivation_output_bytes( operation, data, bytes );
-    if( status != PSA_SUCCESS )
-        goto exit;
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
-    if( slot->attr.type == PSA_KEY_TYPE_DES )
-        psa_des_set_key_parity( data, bytes );
-#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */
-
-    status = psa_allocate_buffer_to_slot( slot, bytes );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    slot->attr.bits = (psa_key_bits_t) bits;
-    psa_key_attributes_t attributes = {
-      .core = slot->attr
-    };
-
-    status = psa_driver_wrapper_import_key( &attributes,
-                                            data, bytes,
-                                            slot->key.data,
-                                            slot->key.bytes,
-                                            &slot->key.bytes, &bits );
-    if( bits != slot->attr.bits )
-        status = PSA_ERROR_INVALID_ARGUMENT;
-
-exit:
-    mbedtls_free( data );
-    return( status );
-}
-
-psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes,
-                                       psa_key_derivation_operation_t *operation,
-                                       mbedtls_svc_key_id_t *key )
-{
-    psa_status_t status;
-    psa_key_slot_t *slot = NULL;
-    psa_se_drv_table_entry_t *driver = NULL;
-
-    *key = MBEDTLS_SVC_KEY_ID_INIT;
-
-    /* Reject any attempt to create a zero-length key so that we don't
-     * risk tripping up later, e.g. on a malloc(0) that returns NULL. */
-    if( psa_get_key_bits( attributes ) == 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    if( operation->alg == PSA_ALG_NONE )
-        return( PSA_ERROR_BAD_STATE );
-
-    if( ! operation->can_output_key )
-        return( PSA_ERROR_NOT_PERMITTED );
-
-    status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE, attributes,
-                                     &slot, &driver );
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    if( driver != NULL )
-    {
-        /* Deriving a key in a secure element is not implemented yet. */
-        status = PSA_ERROR_NOT_SUPPORTED;
-    }
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-    if( status == PSA_SUCCESS )
-    {
-        status = psa_generate_derived_key_internal( slot,
-                                                    attributes->core.bits,
-                                                    operation );
-    }
-    if( status == PSA_SUCCESS )
-        status = psa_finish_key_creation( slot, driver, key );
-    if( status != PSA_SUCCESS )
-        psa_fail_key_creation( slot, driver );
-
-    return( status );
-}
-
-
-
-/****************************************************************/
-/* Key derivation */
-/****************************************************************/
-
-#if defined(AT_LEAST_ONE_BUILTIN_KDF)
-static int is_kdf_alg_supported( psa_algorithm_t kdf_alg )
-{
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
-    if( PSA_ALG_IS_HKDF( kdf_alg ) )
-        return( 1 );
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF)
-    if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
-        return( 1 );
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-    if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
-        return( 1 );
-#endif
-    return( 0 );
-}
-
-static psa_status_t psa_hash_try_support( psa_algorithm_t alg )
-{
-    psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
-    psa_status_t status = psa_hash_setup( &operation, alg );
-    psa_hash_abort( &operation );
-    return( status );
-}
-
-static psa_status_t psa_key_derivation_setup_kdf(
-    psa_key_derivation_operation_t *operation,
-    psa_algorithm_t kdf_alg )
-{
-    /* Make sure that operation->ctx is properly zero-initialised. (Macro
-     * initialisers for this union leave some bytes unspecified.) */
-    memset( &operation->ctx, 0, sizeof( operation->ctx ) );
-
-    /* Make sure that kdf_alg is a supported key derivation algorithm. */
-    if( ! is_kdf_alg_supported( kdf_alg ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    /* All currently supported key derivation algorithms are based on a
-     * hash algorithm. */
-    psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
-    size_t hash_size = PSA_HASH_LENGTH( hash_alg );
-    if( hash_size == 0 )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    /* Make sure that hash_alg is a supported hash algorithm. Otherwise
-     * we might fail later, which is somewhat unfriendly and potentially
-     * risk-prone. */
-    psa_status_t status = psa_hash_try_support( hash_alg );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
-          PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) &&
-        ! ( hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384 ) )
-    {
-        return( PSA_ERROR_NOT_SUPPORTED );
-    }
-
-    operation->capacity = 255 * hash_size;
-    return( PSA_SUCCESS );
-}
-
-static psa_status_t psa_key_agreement_try_support( psa_algorithm_t alg )
-{
-#if defined(PSA_WANT_ALG_ECDH)
-    if( alg == PSA_ALG_ECDH )
-        return( PSA_SUCCESS );
-#endif
-    (void) alg;
-    return( PSA_ERROR_NOT_SUPPORTED );
-}
-#endif /* AT_LEAST_ONE_BUILTIN_KDF */
-
-psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation,
-                                       psa_algorithm_t alg )
-{
-    psa_status_t status;
-
-    if( operation->alg != 0 )
-        return( PSA_ERROR_BAD_STATE );
-
-    if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
-    {
-#if defined(AT_LEAST_ONE_BUILTIN_KDF)
-        psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
-        psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg );
-        status = psa_key_agreement_try_support( ka_alg );
-        if( status != PSA_SUCCESS )
-            return( status );
-        status = psa_key_derivation_setup_kdf( operation, kdf_alg );
-#else
-        return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* AT_LEAST_ONE_BUILTIN_KDF */
-    }
-    else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
-    {
-#if defined(AT_LEAST_ONE_BUILTIN_KDF)
-        status = psa_key_derivation_setup_kdf( operation, alg );
-#else
-        return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* AT_LEAST_ONE_BUILTIN_KDF */
-    }
-    else
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    if( status == PSA_SUCCESS )
-        operation->alg = alg;
-    return( status );
-}
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
-static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
-                                    psa_algorithm_t hash_alg,
-                                    psa_key_derivation_step_t step,
-                                    const uint8_t *data,
-                                    size_t data_length )
-{
-    psa_status_t status;
-    switch( step )
-    {
-        case PSA_KEY_DERIVATION_INPUT_SALT:
-            if( hkdf->state != HKDF_STATE_INIT )
-                return( PSA_ERROR_BAD_STATE );
-            else
-            {
-                status = psa_key_derivation_start_hmac( &hkdf->hmac,
-                                                        hash_alg,
-                                                        data, data_length );
-                if( status != PSA_SUCCESS )
-                    return( status );
-                hkdf->state = HKDF_STATE_STARTED;
-                return( PSA_SUCCESS );
-            }
-        case PSA_KEY_DERIVATION_INPUT_SECRET:
-            /* If no salt was provided, use an empty salt. */
-            if( hkdf->state == HKDF_STATE_INIT )
-            {
-                status = psa_key_derivation_start_hmac( &hkdf->hmac,
-                                                        hash_alg,
-                                                        NULL, 0 );
-                if( status != PSA_SUCCESS )
-                    return( status );
-                hkdf->state = HKDF_STATE_STARTED;
-            }
-            if( hkdf->state != HKDF_STATE_STARTED )
-                return( PSA_ERROR_BAD_STATE );
-            status = psa_mac_update( &hkdf->hmac,
-                                     data, data_length );
-            if( status != PSA_SUCCESS )
-                return( status );
-            status = psa_mac_sign_finish( &hkdf->hmac,
-                                          hkdf->prk,
-                                          sizeof( hkdf->prk ),
-                                          &data_length );
-            if( status != PSA_SUCCESS )
-                return( status );
-            hkdf->offset_in_block = PSA_HASH_LENGTH( hash_alg );
-            hkdf->block_number = 0;
-            hkdf->state = HKDF_STATE_KEYED;
-            return( PSA_SUCCESS );
-        case PSA_KEY_DERIVATION_INPUT_INFO:
-            if( hkdf->state == HKDF_STATE_OUTPUT )
-                return( PSA_ERROR_BAD_STATE );
-            if( hkdf->info_set )
-                return( PSA_ERROR_BAD_STATE );
-            hkdf->info_length = data_length;
-            if( data_length != 0 )
-            {
-                hkdf->info = mbedtls_calloc( 1, data_length );
-                if( hkdf->info == NULL )
-                    return( PSA_ERROR_INSUFFICIENT_MEMORY );
-                memcpy( hkdf->info, data, data_length );
-            }
-            hkdf->info_set = 1;
-            return( PSA_SUCCESS );
-        default:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-static psa_status_t psa_tls12_prf_set_seed( psa_tls12_prf_key_derivation_t *prf,
-                                            const uint8_t *data,
-                                            size_t data_length )
-{
-    if( prf->state != PSA_TLS12_PRF_STATE_INIT )
-        return( PSA_ERROR_BAD_STATE );
-
-    if( data_length != 0 )
-    {
-        prf->seed = mbedtls_calloc( 1, data_length );
-        if( prf->seed == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-        memcpy( prf->seed, data, data_length );
-        prf->seed_length = data_length;
-    }
-
-    prf->state = PSA_TLS12_PRF_STATE_SEED_SET;
-
-    return( PSA_SUCCESS );
-}
-
-static psa_status_t psa_tls12_prf_set_key( psa_tls12_prf_key_derivation_t *prf,
-                                           const uint8_t *data,
-                                           size_t data_length )
-{
-    if( prf->state != PSA_TLS12_PRF_STATE_SEED_SET )
-        return( PSA_ERROR_BAD_STATE );
-
-    if( data_length != 0 )
-    {
-        prf->secret = mbedtls_calloc( 1, data_length );
-        if( prf->secret == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-        memcpy( prf->secret, data, data_length );
-        prf->secret_length = data_length;
-    }
-
-    prf->state = PSA_TLS12_PRF_STATE_KEY_SET;
-
-    return( PSA_SUCCESS );
-}
-
-static psa_status_t psa_tls12_prf_set_label( psa_tls12_prf_key_derivation_t *prf,
-                                             const uint8_t *data,
-                                             size_t data_length )
-{
-    if( prf->state != PSA_TLS12_PRF_STATE_KEY_SET )
-        return( PSA_ERROR_BAD_STATE );
-
-    if( data_length != 0 )
-    {
-        prf->label = mbedtls_calloc( 1, data_length );
-        if( prf->label == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-        memcpy( prf->label, data, data_length );
-        prf->label_length = data_length;
-    }
-
-    prf->state = PSA_TLS12_PRF_STATE_LABEL_SET;
-
-    return( PSA_SUCCESS );
-}
-
-static psa_status_t psa_tls12_prf_input( psa_tls12_prf_key_derivation_t *prf,
-                                         psa_key_derivation_step_t step,
-                                         const uint8_t *data,
-                                         size_t data_length )
-{
-    switch( step )
-    {
-        case PSA_KEY_DERIVATION_INPUT_SEED:
-            return( psa_tls12_prf_set_seed( prf, data, data_length ) );
-        case PSA_KEY_DERIVATION_INPUT_SECRET:
-            return( psa_tls12_prf_set_key( prf, data, data_length ) );
-        case PSA_KEY_DERIVATION_INPUT_LABEL:
-            return( psa_tls12_prf_set_label( prf, data, data_length ) );
-        default:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
-        * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-static psa_status_t psa_tls12_prf_psk_to_ms_set_key(
-    psa_tls12_prf_key_derivation_t *prf,
-    const uint8_t *data,
-    size_t data_length )
-{
-    psa_status_t status;
-    uint8_t pms[ 4 + 2 * PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE ];
-    uint8_t *cur = pms;
-
-    if( data_length > PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    /* Quoting RFC 4279, Section 2:
-     *
-     * The premaster secret is formed as follows: if the PSK is N octets
-     * long, concatenate a uint16 with the value N, N zero octets, a second
-     * uint16 with the value N, and the PSK itself.
-     */
-
-    *cur++ = MBEDTLS_BYTE_1( data_length );
-    *cur++ = MBEDTLS_BYTE_0( data_length );
-    memset( cur, 0, data_length );
-    cur += data_length;
-    *cur++ = pms[0];
-    *cur++ = pms[1];
-    memcpy( cur, data, data_length );
-    cur += data_length;
-
-    status = psa_tls12_prf_set_key( prf, pms, cur - pms );
-
-    mbedtls_platform_zeroize( pms, sizeof( pms ) );
-    return( status );
-}
-
-static psa_status_t psa_tls12_prf_psk_to_ms_input(
-    psa_tls12_prf_key_derivation_t *prf,
-    psa_key_derivation_step_t step,
-    const uint8_t *data,
-    size_t data_length )
-{
-    if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
-    {
-        return( psa_tls12_prf_psk_to_ms_set_key( prf,
-                                                 data, data_length ) );
-    }
-
-    return( psa_tls12_prf_input( prf, step, data, data_length ) );
-}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
-
-/** Check whether the given key type is acceptable for the given
- * input step of a key derivation.
- *
- * Secret inputs must have the type #PSA_KEY_TYPE_DERIVE.
- * Non-secret inputs must have the type #PSA_KEY_TYPE_RAW_DATA.
- * Both secret and non-secret inputs can alternatively have the type
- * #PSA_KEY_TYPE_NONE, which is never the type of a key object, meaning
- * that the input was passed as a buffer rather than via a key object.
- */
-static int psa_key_derivation_check_input_type(
-    psa_key_derivation_step_t step,
-    psa_key_type_t key_type )
-{
-    switch( step )
-    {
-        case PSA_KEY_DERIVATION_INPUT_SECRET:
-            if( key_type == PSA_KEY_TYPE_DERIVE )
-                return( PSA_SUCCESS );
-            if( key_type == PSA_KEY_TYPE_NONE )
-                return( PSA_SUCCESS );
-            break;
-        case PSA_KEY_DERIVATION_INPUT_LABEL:
-        case PSA_KEY_DERIVATION_INPUT_SALT:
-        case PSA_KEY_DERIVATION_INPUT_INFO:
-        case PSA_KEY_DERIVATION_INPUT_SEED:
-            if( key_type == PSA_KEY_TYPE_RAW_DATA )
-                return( PSA_SUCCESS );
-            if( key_type == PSA_KEY_TYPE_NONE )
-                return( PSA_SUCCESS );
-            break;
-    }
-    return( PSA_ERROR_INVALID_ARGUMENT );
-}
-
-static psa_status_t psa_key_derivation_input_internal(
-    psa_key_derivation_operation_t *operation,
-    psa_key_derivation_step_t step,
-    psa_key_type_t key_type,
-    const uint8_t *data,
-    size_t data_length )
-{
-    psa_status_t status;
-    psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
-
-    status = psa_key_derivation_check_input_type( step, key_type );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
-    if( PSA_ALG_IS_HKDF( kdf_alg ) )
-    {
-        status = psa_hkdf_input( &operation->ctx.hkdf,
-                                 PSA_ALG_HKDF_GET_HASH( kdf_alg ),
-                                 step, data, data_length );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF)
-    if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
-    {
-        status = psa_tls12_prf_input( &operation->ctx.tls12_prf,
-                                      step, data, data_length );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-    if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
-    {
-        status = psa_tls12_prf_psk_to_ms_input( &operation->ctx.tls12_prf,
-                                                step, data, data_length );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
-    {
-        /* This can't happen unless the operation object was not initialized */
-        (void) data;
-        (void) data_length;
-        (void) kdf_alg;
-        return( PSA_ERROR_BAD_STATE );
-    }
-
-exit:
-    if( status != PSA_SUCCESS )
-        psa_key_derivation_abort( operation );
-    return( status );
-}
-
-psa_status_t psa_key_derivation_input_bytes(
-    psa_key_derivation_operation_t *operation,
-    psa_key_derivation_step_t step,
-    const uint8_t *data,
-    size_t data_length )
-{
-    return( psa_key_derivation_input_internal( operation, step,
-                                               PSA_KEY_TYPE_NONE,
-                                               data, data_length ) );
-}
-
-psa_status_t psa_key_derivation_input_key(
-    psa_key_derivation_operation_t *operation,
-    psa_key_derivation_step_t step,
-    mbedtls_svc_key_id_t key )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
-
-    status = psa_get_and_lock_transparent_key_slot_with_policy(
-                 key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg );
-    if( status != PSA_SUCCESS )
-    {
-        psa_key_derivation_abort( operation );
-        return( status );
-    }
-
-    /* Passing a key object as a SECRET input unlocks the permission
-     * to output to a key object. */
-    if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
-        operation->can_output_key = 1;
-
-    status = psa_key_derivation_input_internal( operation,
-                                                step, slot->attr.type,
-                                                slot->key.data,
-                                                slot->key.bytes );
-
-    unlock_status = psa_unlock_key_slot( slot );
-
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
-
-
-
-/****************************************************************/
-/* Key agreement */
-/****************************************************************/
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
-static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
-                                            size_t peer_key_length,
-                                            const mbedtls_ecp_keypair *our_key,
-                                            uint8_t *shared_secret,
-                                            size_t shared_secret_size,
-                                            size_t *shared_secret_length )
-{
-    mbedtls_ecp_keypair *their_key = NULL;
-    mbedtls_ecdh_context ecdh;
-    psa_status_t status;
-    size_t bits = 0;
-    psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( our_key->grp.id, &bits );
-    mbedtls_ecdh_init( &ecdh );
-
-    status = mbedtls_psa_ecp_load_representation(
-                 PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve),
-                 bits,
-                 peer_key,
-                 peer_key_length,
-                 &their_key );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = mbedtls_to_psa_error(
-        mbedtls_ecdh_get_params( &ecdh, their_key, MBEDTLS_ECDH_THEIRS ) );
-    if( status != PSA_SUCCESS )
-        goto exit;
-    status = mbedtls_to_psa_error(
-        mbedtls_ecdh_get_params( &ecdh, our_key, MBEDTLS_ECDH_OURS ) );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = mbedtls_to_psa_error(
-        mbedtls_ecdh_calc_secret( &ecdh,
-                                  shared_secret_length,
-                                  shared_secret, shared_secret_size,
-                                  mbedtls_psa_get_random,
-                                  MBEDTLS_PSA_RANDOM_STATE ) );
-    if( status != PSA_SUCCESS )
-        goto exit;
-    if( PSA_BITS_TO_BYTES( bits ) != *shared_secret_length )
-        status = PSA_ERROR_CORRUPTION_DETECTED;
-
-exit:
-    if( status != PSA_SUCCESS )
-        mbedtls_platform_zeroize( shared_secret, shared_secret_size );
-    mbedtls_ecdh_free( &ecdh );
-    mbedtls_ecp_keypair_free( their_key );
-    mbedtls_free( their_key );
-
-    return( status );
-}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
-
-#define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES
-
-static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
-                                                    psa_key_slot_t *private_key,
-                                                    const uint8_t *peer_key,
-                                                    size_t peer_key_length,
-                                                    uint8_t *shared_secret,
-                                                    size_t shared_secret_size,
-                                                    size_t *shared_secret_length )
-{
-    switch( alg )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
-        case PSA_ALG_ECDH:
-            if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) )
-                return( PSA_ERROR_INVALID_ARGUMENT );
-            mbedtls_ecp_keypair *ecp = NULL;
-            psa_status_t status = mbedtls_psa_ecp_load_representation(
-                                      private_key->attr.type,
-                                      private_key->attr.bits,
-                                      private_key->key.data,
-                                      private_key->key.bytes,
-                                      &ecp );
-            if( status != PSA_SUCCESS )
-                return( status );
-            status = psa_key_agreement_ecdh( peer_key, peer_key_length,
-                                             ecp,
-                                             shared_secret, shared_secret_size,
-                                             shared_secret_length );
-            mbedtls_ecp_keypair_free( ecp );
-            mbedtls_free( ecp );
-            return( status );
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
-        default:
-            (void) private_key;
-            (void) peer_key;
-            (void) peer_key_length;
-            (void) shared_secret;
-            (void) shared_secret_size;
-            (void) shared_secret_length;
-            return( PSA_ERROR_NOT_SUPPORTED );
-    }
-}
-
-/* Note that if this function fails, you must call psa_key_derivation_abort()
- * to potentially free embedded data structures and wipe confidential data.
- */
-static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *operation,
-                                                psa_key_derivation_step_t step,
-                                                psa_key_slot_t *private_key,
-                                                const uint8_t *peer_key,
-                                                size_t peer_key_length )
-{
-    psa_status_t status;
-    uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE];
-    size_t shared_secret_length = 0;
-    psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( operation->alg );
-
-    /* Step 1: run the secret agreement algorithm to generate the shared
-     * secret. */
-    status = psa_key_agreement_raw_internal( ka_alg,
-                                             private_key,
-                                             peer_key, peer_key_length,
-                                             shared_secret,
-                                             sizeof( shared_secret ),
-                                             &shared_secret_length );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* Step 2: set up the key derivation to generate key material from
-     * the shared secret. A shared secret is permitted wherever a key
-     * of type DERIVE is permitted. */
-    status = psa_key_derivation_input_internal( operation, step,
-                                                PSA_KEY_TYPE_DERIVE,
-                                                shared_secret,
-                                                shared_secret_length );
-exit:
-    mbedtls_platform_zeroize( shared_secret, shared_secret_length );
-    return( status );
-}
-
-psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation,
-                                               psa_key_derivation_step_t step,
-                                               mbedtls_svc_key_id_t private_key,
-                                               const uint8_t *peer_key,
-                                               size_t peer_key_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot;
-
-    if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    status = psa_get_and_lock_transparent_key_slot_with_policy(
-                 private_key, &slot, PSA_KEY_USAGE_DERIVE, operation->alg );
-    if( status != PSA_SUCCESS )
-        return( status );
-    status = psa_key_agreement_internal( operation, step,
-                                         slot,
-                                         peer_key, peer_key_length );
-    if( status != PSA_SUCCESS )
-        psa_key_derivation_abort( operation );
-    else
-    {
-        /* If a private key has been added as SECRET, we allow the derived
-         * key material to be used as a key in PSA Crypto. */
-        if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
-            operation->can_output_key = 1;
-    }
-
-    unlock_status = psa_unlock_key_slot( slot );
-
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
-
-psa_status_t psa_raw_key_agreement( psa_algorithm_t alg,
-                                    mbedtls_svc_key_id_t private_key,
-                                    const uint8_t *peer_key,
-                                    size_t peer_key_length,
-                                    uint8_t *output,
-                                    size_t output_size,
-                                    size_t *output_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_slot_t *slot = NULL;
-
-    if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-    status = psa_get_and_lock_transparent_key_slot_with_policy(
-                 private_key, &slot, PSA_KEY_USAGE_DERIVE, alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is in general an upper bound
-     * for the output size. The PSA specification only guarantees that this
-     * function works if output_size >= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(...),
-     * but it might be nice to allow smaller buffers if the output fits.
-     * At the time of writing this comment, with only ECDH implemented,
-     * PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is exact so the point is moot.
-     * If FFDH is implemented, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() can easily
-     * be exact for it as well. */
-    size_t expected_length =
-        PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( slot->attr.type, slot->attr.bits );
-    if( output_size < expected_length )
-    {
-        status = PSA_ERROR_BUFFER_TOO_SMALL;
-        goto exit;
-    }
-
-    status = psa_key_agreement_raw_internal( alg, slot,
-                                             peer_key, peer_key_length,
-                                             output, output_size,
-                                             output_length );
-
-exit:
-    if( status != PSA_SUCCESS )
-    {
-        /* If an error happens and is not handled properly, the output
-         * may be used as a key to protect sensitive data. Arrange for such
-         * a key to be random, which is likely to result in decryption or
-         * verification errors. This is better than filling the buffer with
-         * some constant data such as zeros, which would result in the data
-         * being protected with a reproducible, easily knowable key.
-         */
-        psa_generate_random( output, output_size );
-        *output_length = output_size;
-    }
-
-    unlock_status = psa_unlock_key_slot( slot );
-
-    return( ( status == PSA_SUCCESS ) ? unlock_status : status );
-}
-
-
-
-/****************************************************************/
-/* Random generation */
-/****************************************************************/
-
-/** Initialize the PSA random generator.
- */
-static void mbedtls_psa_random_init( mbedtls_psa_random_context_t *rng )
-{
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-    memset( rng, 0, sizeof( *rng ) );
-#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-
-    /* Set default configuration if
-     * mbedtls_psa_crypto_configure_entropy_sources() hasn't been called. */
-    if( rng->entropy_init == NULL )
-        rng->entropy_init = mbedtls_entropy_init;
-    if( rng->entropy_free == NULL )
-        rng->entropy_free = mbedtls_entropy_free;
-
-    rng->entropy_init( &rng->entropy );
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
-    defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
-    /* The PSA entropy injection feature depends on using NV seed as an entropy
-     * source. Add NV seed as an entropy source for PSA entropy injection. */
-    mbedtls_entropy_add_source( &rng->entropy,
-                                mbedtls_nv_seed_poll, NULL,
-                                MBEDTLS_ENTROPY_BLOCK_SIZE,
-                                MBEDTLS_ENTROPY_SOURCE_STRONG );
-#endif
-
-    mbedtls_psa_drbg_init( MBEDTLS_PSA_RANDOM_STATE );
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-}
-
-/** Deinitialize the PSA random generator.
- */
-static void mbedtls_psa_random_free( mbedtls_psa_random_context_t *rng )
-{
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-    memset( rng, 0, sizeof( *rng ) );
-#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-    mbedtls_psa_drbg_free( MBEDTLS_PSA_RANDOM_STATE );
-    rng->entropy_free( &rng->entropy );
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-}
-
-/** Seed the PSA random generator.
- */
-static psa_status_t mbedtls_psa_random_seed( mbedtls_psa_random_context_t *rng )
-{
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-    /* Do nothing: the external RNG seeds itself. */
-    (void) rng;
-    return( PSA_SUCCESS );
-#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-    const unsigned char drbg_seed[] = "PSA";
-    int ret = mbedtls_psa_drbg_seed( &rng->entropy,
-                                     drbg_seed, sizeof( drbg_seed ) - 1 );
-    return mbedtls_to_psa_error( ret );
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-}
-
-psa_status_t psa_generate_random( uint8_t *output,
-                                  size_t output_size )
-{
-    GUARD_MODULE_INITIALIZED;
-
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-
-    size_t output_length = 0;
-    psa_status_t status = mbedtls_psa_external_get_random( &global_data.rng,
-                                                           output, output_size,
-                                                           &output_length );
-    if( status != PSA_SUCCESS )
-        return( status );
-    /* Breaking up a request into smaller chunks is currently not supported
-     * for the external RNG interface. */
-    if( output_length != output_size )
-        return( PSA_ERROR_INSUFFICIENT_ENTROPY );
-    return( PSA_SUCCESS );
-
-#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-
-    while( output_size > 0 )
-    {
-        size_t request_size =
-            ( output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ?
-              MBEDTLS_PSA_RANDOM_MAX_REQUEST :
-              output_size );
-        int ret = mbedtls_psa_get_random( MBEDTLS_PSA_RANDOM_STATE,
-                                          output, request_size );
-        if( ret != 0 )
-            return( mbedtls_to_psa_error( ret ) );
-        output_size -= request_size;
-        output += request_size;
-    }
-    return( PSA_SUCCESS );
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-}
-
-/* Wrapper function allowing the classic API to use the PSA RNG.
- *
- * `mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, ...)` calls
- * `psa_generate_random(...)`. The state parameter is ignored since the
- * PSA API doesn't support passing an explicit state.
- *
- * In the non-external case, psa_generate_random() calls an
- * `mbedtls_xxx_drbg_random` function which has exactly the same signature
- * and semantics as mbedtls_psa_get_random(). As an optimization,
- * instead of doing this back-and-forth between the PSA API and the
- * classic API, psa_crypto_random_impl.h defines `mbedtls_psa_get_random`
- * as a constant function pointer to `mbedtls_xxx_drbg_random`.
- */
-#if defined (MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-int mbedtls_psa_get_random( void *p_rng,
-                            unsigned char *output,
-                            size_t output_size )
-{
-    /* This function takes a pointer to the RNG state because that's what
-     * classic mbedtls functions using an RNG expect. The PSA RNG manages
-     * its own state internally and doesn't let the caller access that state.
-     * So we just ignore the state parameter, and in practice we'll pass
-     * NULL. */
-    (void) p_rng;
-    psa_status_t status = psa_generate_random( output, output_size );
-    if( status == PSA_SUCCESS )
-        return( 0 );
-    else
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
-}
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-#include "mbedtls/entropy_poll.h"
-
-psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed,
-                                         size_t seed_size )
-{
-    if( global_data.initialized )
-        return( PSA_ERROR_NOT_PERMITTED );
-
-    if( ( ( seed_size < MBEDTLS_ENTROPY_MIN_PLATFORM ) ||
-          ( seed_size < MBEDTLS_ENTROPY_BLOCK_SIZE ) ) ||
-          ( seed_size > MBEDTLS_ENTROPY_MAX_SEED_SIZE ) )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-
-    return( mbedtls_psa_storage_inject_entropy( seed, seed_size ) );
-}
-#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
-
-/** Validate the key type and size for key generation
- *
- * \param  type  The key type
- * \param  bits  The number of bits of the key
- *
- * \retval #PSA_SUCCESS
- *         The key type and size are valid.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The size in bits of the key is not valid.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         The type and/or the size in bits of the key or the combination of
- *         the two is not supported.
- */
-static psa_status_t psa_validate_key_type_and_size_for_key_generation(
-    psa_key_type_t type, size_t bits )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    if( key_type_is_raw_bytes( type ) )
-    {
-        status = validate_unstructured_key_bit_size( type, bits );
-        if( status != PSA_SUCCESS )
-            return( status );
-    }
-    else
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-    if( PSA_KEY_TYPE_IS_RSA( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
-    {
-        if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        /* Accept only byte-aligned keys, for the same reasons as
-         * in psa_import_rsa_key(). */
-        if( bits % 8 != 0 )
-            return( PSA_ERROR_NOT_SUPPORTED );
-    }
-    else
-#endif /* defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
-    if( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
-    {
-        /* To avoid empty block, return successfully here. */
-        return( PSA_SUCCESS );
-    }
-    else
-#endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) */
-    {
-        return( PSA_ERROR_NOT_SUPPORTED );
-    }
-
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_generate_key_internal(
-    const psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_type_t type = attributes->core.type;
-
-    if( ( attributes->domain_parameters == NULL ) &&
-        ( attributes->domain_parameters_size != 0 ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    if( key_type_is_raw_bytes( type ) )
-    {
-        status = psa_generate_random( key_buffer, key_buffer_size );
-        if( status != PSA_SUCCESS )
-            return( status );
-
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
-        if( type == PSA_KEY_TYPE_DES )
-            psa_des_set_key_parity( key_buffer, key_buffer_size );
-#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES */
-    }
-    else
-
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
-    defined(MBEDTLS_GENPRIME)
-    if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
-    {
-        return( mbedtls_psa_rsa_generate_key( attributes,
-                                              key_buffer,
-                                              key_buffer_size,
-                                              key_buffer_length ) );
-    }
-    else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
-        * defined(MBEDTLS_GENPRIME) */
-
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
-    if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
-    {
-        return( mbedtls_psa_ecp_generate_key( attributes,
-                                              key_buffer,
-                                              key_buffer_size,
-                                              key_buffer_length ) );
-    }
-    else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
-    {
-        (void)key_buffer_length;
-        return( PSA_ERROR_NOT_SUPPORTED );
-    }
-
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_generate_key( const psa_key_attributes_t *attributes,
-                               mbedtls_svc_key_id_t *key )
-{
-    psa_status_t status;
-    psa_key_slot_t *slot = NULL;
-    psa_se_drv_table_entry_t *driver = NULL;
-    size_t key_buffer_size;
-
-    *key = MBEDTLS_SVC_KEY_ID_INIT;
-
-    /* Reject any attempt to create a zero-length key so that we don't
-     * risk tripping up later, e.g. on a malloc(0) that returns NULL. */
-    if( psa_get_key_bits( attributes ) == 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    /* Reject any attempt to create a public key. */
-    if( PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, attributes,
-                                     &slot, &driver );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* In the case of a transparent key or an opaque key stored in local
-     * storage (thus not in the case of generating a key in a secure element
-     * or cryptoprocessor with storage), we have to allocate a buffer to
-     * hold the generated key material. */
-    if( slot->key.data == NULL )
-    {
-        if ( PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ) ==
-             PSA_KEY_LOCATION_LOCAL_STORAGE )
-        {
-            status = psa_validate_key_type_and_size_for_key_generation(
-                attributes->core.type, attributes->core.bits );
-            if( status != PSA_SUCCESS )
-                goto exit;
-
-            key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
-                                  attributes->core.type,
-                                  attributes->core.bits );
-        }
-        else
-        {
-            status = psa_driver_wrapper_get_key_buffer_size(
-                         attributes, &key_buffer_size );
-            if( status != PSA_SUCCESS )
-                goto exit;
-        }
-
-        status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
-        if( status != PSA_SUCCESS )
-            goto exit;
-    }
-
-    status = psa_driver_wrapper_generate_key( attributes,
-        slot->key.data, slot->key.bytes, &slot->key.bytes );
-
-    if( status != PSA_SUCCESS )
-        psa_remove_key_data_from_memory( slot );
-
-exit:
-    if( status == PSA_SUCCESS )
-        status = psa_finish_key_creation( slot, driver, key );
-    if( status != PSA_SUCCESS )
-        psa_fail_key_creation( slot, driver );
-
-    return( status );
-}
-
-/****************************************************************/
-/* Module setup */
-/****************************************************************/
-
-#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
-    void (* entropy_init )( mbedtls_entropy_context *ctx ),
-    void (* entropy_free )( mbedtls_entropy_context *ctx ) )
-{
-    if( global_data.rng_state != RNG_NOT_INITIALIZED )
-        return( PSA_ERROR_BAD_STATE );
-    global_data.rng.entropy_init = entropy_init;
-    global_data.rng.entropy_free = entropy_free;
-    return( PSA_SUCCESS );
-}
-#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
-
-void mbedtls_psa_crypto_free( void )
-{
-    psa_wipe_all_key_slots( );
-    if( global_data.rng_state != RNG_NOT_INITIALIZED )
-    {
-        mbedtls_psa_random_free( &global_data.rng );
-    }
-    /* Wipe all remaining data, including configuration.
-     * In particular, this sets all state indicator to the value
-     * indicating "uninitialized". */
-    mbedtls_platform_zeroize( &global_data, sizeof( global_data ) );
-
-    /* Terminate drivers */
-    psa_driver_wrapper_free( );
-}
-
-#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
-/** Recover a transaction that was interrupted by a power failure.
- *
- * This function is called during initialization, before psa_crypto_init()
- * returns. If this function returns a failure status, the initialization
- * fails.
- */
-static psa_status_t psa_crypto_recover_transaction(
-    const psa_crypto_transaction_t *transaction )
-{
-    switch( transaction->unknown.type )
-    {
-        case PSA_CRYPTO_TRANSACTION_CREATE_KEY:
-        case PSA_CRYPTO_TRANSACTION_DESTROY_KEY:
-            /* TODO - fall through to the failure case until this
-             * is implemented.
-             * https://github.com/ARMmbed/mbed-crypto/issues/218
-             */
-        default:
-            /* We found an unsupported transaction in the storage.
-             * We don't know what state the storage is in. Give up. */
-            return( PSA_ERROR_DATA_INVALID );
-    }
-}
-#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
-
-psa_status_t psa_crypto_init( void )
-{
-    psa_status_t status;
-
-    /* Double initialization is explicitly allowed. */
-    if( global_data.initialized != 0 )
-        return( PSA_SUCCESS );
-
-    /* Initialize and seed the random generator. */
-    mbedtls_psa_random_init( &global_data.rng );
-    global_data.rng_state = RNG_INITIALIZED;
-    status = mbedtls_psa_random_seed( &global_data.rng );
-    if( status != PSA_SUCCESS )
-        goto exit;
-    global_data.rng_state = RNG_SEEDED;
-
-    status = psa_initialize_key_slots( );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* Init drivers */
-    status = psa_driver_wrapper_init( );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
-    status = psa_crypto_load_transaction( );
-    if( status == PSA_SUCCESS )
-    {
-        status = psa_crypto_recover_transaction( &psa_crypto_transaction );
-        if( status != PSA_SUCCESS )
-            goto exit;
-        status = psa_crypto_stop_transaction( );
-    }
-    else if( status == PSA_ERROR_DOES_NOT_EXIST )
-    {
-        /* There's no transaction to complete. It's all good. */
-        status = PSA_SUCCESS;
-    }
-#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
-
-    /* All done. */
-    global_data.initialized = 1;
-
-exit:
-    if( status != PSA_SUCCESS )
-        mbedtls_psa_crypto_free( );
-    return( status );
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/Sources/mbedtls/library/psa_crypto_aead.c b/Sources/mbedtls/library/psa_crypto_aead.c
deleted file mode 100644
index 2b07a68..0000000
--- a/Sources/mbedtls/library/psa_crypto_aead.c
+++ /dev/null
@@ -1,398 +0,0 @@
-/*
- *  PSA AEAD entry points
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-#include "psa_crypto_aead.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_cipher.h"
-
-#include "mbedtls/ccm.h"
-#include "mbedtls/chachapoly.h"
-#include "mbedtls/cipher.h"
-#include "mbedtls/gcm.h"
-
-typedef struct
-{
-    psa_algorithm_t core_alg;
-    uint8_t tag_length;
-    union
-    {
-        unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-        mbedtls_ccm_context ccm;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-        mbedtls_gcm_context gcm;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-        mbedtls_chachapoly_context chachapoly;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-    } ctx;
-} aead_operation_t;
-
-#define AEAD_OPERATION_INIT {0, 0, {0}}
-
-static void psa_aead_abort_internal( aead_operation_t *operation )
-{
-    switch( operation->core_alg )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-        case PSA_ALG_CCM:
-            mbedtls_ccm_free( &operation->ctx.ccm );
-            break;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-        case PSA_ALG_GCM:
-            mbedtls_gcm_free( &operation->ctx.gcm );
-            break;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-        case PSA_ALG_CHACHA20_POLY1305:
-            mbedtls_chachapoly_free( &operation->ctx.chachapoly );
-            break;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-    }
-}
-
-static psa_status_t psa_aead_setup(
-    aead_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    psa_algorithm_t alg )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    size_t key_bits;
-    const mbedtls_cipher_info_t *cipher_info;
-    mbedtls_cipher_id_t cipher_id;
-    size_t full_tag_length = 0;
-
-    key_bits = attributes->core.bits;
-
-    cipher_info = mbedtls_cipher_info_from_psa( alg,
-                                                attributes->core.type, key_bits,
-                                                &cipher_id );
-    if( cipher_info == NULL )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    switch( PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 ) )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
-            operation->core_alg = PSA_ALG_CCM;
-            full_tag_length = 16;
-            /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
-             * The call to mbedtls_ccm_encrypt_and_tag or
-             * mbedtls_ccm_auth_decrypt will validate the tag length. */
-            if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
-
-            mbedtls_ccm_init( &operation->ctx.ccm );
-            status = mbedtls_to_psa_error(
-                mbedtls_ccm_setkey( &operation->ctx.ccm, cipher_id,
-                                    key_buffer, (unsigned int) key_bits ) );
-            if( status != PSA_SUCCESS )
-                return( status );
-            break;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
-            operation->core_alg = PSA_ALG_GCM;
-            full_tag_length = 16;
-            /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
-             * The call to mbedtls_gcm_crypt_and_tag or
-             * mbedtls_gcm_auth_decrypt will validate the tag length. */
-            if( PSA_BLOCK_CIPHER_BLOCK_LENGTH( attributes->core.type ) != 16 )
-                return( PSA_ERROR_INVALID_ARGUMENT );
-
-            mbedtls_gcm_init( &operation->ctx.gcm );
-            status = mbedtls_to_psa_error(
-                mbedtls_gcm_setkey( &operation->ctx.gcm, cipher_id,
-                                    key_buffer, (unsigned int) key_bits ) );
-            if( status != PSA_SUCCESS )
-                return( status );
-            break;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-        case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
-            operation->core_alg = PSA_ALG_CHACHA20_POLY1305;
-            full_tag_length = 16;
-            /* We only support the default tag length. */
-            if( alg != PSA_ALG_CHACHA20_POLY1305 )
-                return( PSA_ERROR_NOT_SUPPORTED );
-
-            mbedtls_chachapoly_init( &operation->ctx.chachapoly );
-            status = mbedtls_to_psa_error(
-                mbedtls_chachapoly_setkey( &operation->ctx.chachapoly,
-                                           key_buffer ) );
-            if( status != PSA_SUCCESS )
-                return( status );
-            break;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-
-        default:
-            (void) status;
-            (void) key_buffer;
-            return( PSA_ERROR_NOT_SUPPORTED );
-    }
-
-    if( PSA_AEAD_TAG_LENGTH( attributes->core.type,
-                             key_bits, alg )
-        > full_tag_length )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    operation->tag_length = PSA_AEAD_TAG_LENGTH( attributes->core.type,
-                                                 key_bits,
-                                                 alg );
-
-    return( PSA_SUCCESS );
-}
-
-psa_status_t mbedtls_psa_aead_encrypt(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *nonce, size_t nonce_length,
-    const uint8_t *additional_data, size_t additional_data_length,
-    const uint8_t *plaintext, size_t plaintext_length,
-    uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    aead_operation_t operation = AEAD_OPERATION_INIT;
-    uint8_t *tag;
-    (void) key_buffer_size;
-
-    status = psa_aead_setup( &operation, attributes, key_buffer, alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* For all currently supported modes, the tag is at the end of the
-     * ciphertext. */
-    if( ciphertext_size < ( plaintext_length + operation.tag_length ) )
-    {
-        status = PSA_ERROR_BUFFER_TOO_SMALL;
-        goto exit;
-    }
-    tag = ciphertext + plaintext_length;
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation.core_alg == PSA_ALG_CCM )
-    {
-        status = mbedtls_to_psa_error(
-            mbedtls_ccm_encrypt_and_tag( &operation.ctx.ccm,
-                                         plaintext_length,
-                                         nonce, nonce_length,
-                                         additional_data,
-                                         additional_data_length,
-                                         plaintext, ciphertext,
-                                         tag, operation.tag_length ) );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation.core_alg == PSA_ALG_GCM )
-    {
-        status = mbedtls_to_psa_error(
-            mbedtls_gcm_crypt_and_tag( &operation.ctx.gcm,
-                                       MBEDTLS_GCM_ENCRYPT,
-                                       plaintext_length,
-                                       nonce, nonce_length,
-                                       additional_data, additional_data_length,
-                                       plaintext, ciphertext,
-                                       operation.tag_length, tag ) );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
-        if( nonce_length != 12 )
-        {
-            if( nonce_length == 8 )
-                status = PSA_ERROR_NOT_SUPPORTED;
-            else
-                status = PSA_ERROR_INVALID_ARGUMENT;
-            goto exit;
-        }
-
-        if( operation.tag_length != 16 )
-        {
-            status = PSA_ERROR_NOT_SUPPORTED;
-            goto exit;
-        }
-        status = mbedtls_to_psa_error(
-            mbedtls_chachapoly_encrypt_and_tag( &operation.ctx.chachapoly,
-                                                plaintext_length,
-                                                nonce,
-                                                additional_data,
-                                                additional_data_length,
-                                                plaintext,
-                                                ciphertext,
-                                                tag ) );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-    {
-        (void) tag;
-        (void) nonce;
-        (void) nonce_length;
-        (void) additional_data;
-        (void) additional_data_length;
-        (void) plaintext;
-        return( PSA_ERROR_NOT_SUPPORTED );
-    }
-
-    if( status == PSA_SUCCESS )
-        *ciphertext_length = plaintext_length + operation.tag_length;
-
-exit:
-    psa_aead_abort_internal( &operation );
-
-    return( status );
-}
-
-/* Locate the tag in a ciphertext buffer containing the encrypted data
- * followed by the tag. Return the length of the part preceding the tag in
- * *plaintext_length. This is the size of the plaintext in modes where
- * the encrypted data has the same size as the plaintext, such as
- * CCM and GCM. */
-static psa_status_t psa_aead_unpadded_locate_tag( size_t tag_length,
-                                                  const uint8_t *ciphertext,
-                                                  size_t ciphertext_length,
-                                                  size_t plaintext_size,
-                                                  const uint8_t **p_tag )
-{
-    size_t payload_length;
-    if( tag_length > ciphertext_length )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    payload_length = ciphertext_length - tag_length;
-    if( payload_length > plaintext_size )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
-    *p_tag = ciphertext + payload_length;
-    return( PSA_SUCCESS );
-}
-
-psa_status_t mbedtls_psa_aead_decrypt(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *nonce, size_t nonce_length,
-    const uint8_t *additional_data, size_t additional_data_length,
-    const uint8_t *ciphertext, size_t ciphertext_length,
-    uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    aead_operation_t operation = AEAD_OPERATION_INIT;
-    const uint8_t *tag = NULL;
-    (void) key_buffer_size;
-
-    status = psa_aead_setup( &operation, attributes, key_buffer, alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_aead_unpadded_locate_tag( operation.tag_length,
-                                           ciphertext, ciphertext_length,
-                                           plaintext_size, &tag );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-    if( operation.core_alg == PSA_ALG_CCM )
-    {
-        status = mbedtls_to_psa_error(
-            mbedtls_ccm_auth_decrypt( &operation.ctx.ccm,
-                                      ciphertext_length - operation.tag_length,
-                                      nonce, nonce_length,
-                                      additional_data,
-                                      additional_data_length,
-                                      ciphertext, plaintext,
-                                      tag, operation.tag_length ) );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-    if( operation.core_alg == PSA_ALG_GCM )
-    {
-        status = mbedtls_to_psa_error(
-            mbedtls_gcm_auth_decrypt( &operation.ctx.gcm,
-                                      ciphertext_length - operation.tag_length,
-                                      nonce, nonce_length,
-                                      additional_data,
-                                      additional_data_length,
-                                      tag, operation.tag_length,
-                                      ciphertext, plaintext ) );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-    if( operation.core_alg == PSA_ALG_CHACHA20_POLY1305 )
-    {
-        if( nonce_length != 12 )
-        {
-            if( nonce_length == 8 )
-                status = PSA_ERROR_NOT_SUPPORTED;
-            else
-                status = PSA_ERROR_INVALID_ARGUMENT;
-            goto exit;
-        }
-
-        if( operation.tag_length != 16 )
-        {
-            status = PSA_ERROR_NOT_SUPPORTED;
-            goto exit;
-        }
-        status = mbedtls_to_psa_error(
-            mbedtls_chachapoly_auth_decrypt( &operation.ctx.chachapoly,
-                                             ciphertext_length - operation.tag_length,
-                                             nonce,
-                                             additional_data,
-                                             additional_data_length,
-                                             tag,
-                                             ciphertext,
-                                             plaintext ) );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 */
-    {
-        (void) nonce;
-        (void) nonce_length;
-        (void) additional_data;
-        (void) additional_data_length;
-        (void) plaintext;
-        return( PSA_ERROR_NOT_SUPPORTED );
-    }
-
-    if( status == PSA_SUCCESS )
-        *plaintext_length = ciphertext_length - operation.tag_length;
-
-exit:
-    psa_aead_abort_internal( &operation );
-
-    if( status == PSA_SUCCESS )
-        *plaintext_length = ciphertext_length - operation.tag_length;
-    return( status );
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
diff --git a/Sources/mbedtls/library/psa_crypto_aead.h b/Sources/mbedtls/library/psa_crypto_aead.h
deleted file mode 100644
index aab0f83..0000000
--- a/Sources/mbedtls/library/psa_crypto_aead.h
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- *  PSA AEAD driver entry points
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_AEAD_H
-#define PSA_CRYPTO_AEAD_H
-
-#include <psa/crypto.h>
-
-/**
- * \brief Process an authenticated encryption operation.
- *
- * \note The signature of this function is that of a PSA driver
- *       aead_encrypt entry point. This function behaves as an aead_encrypt
- *       entry point as defined in the PSA driver interface specification for
- *       transparent drivers.
- *
- * \param[in]  attributes         The attributes of the key to use for the
- *                                operation.
- * \param[in]  key_buffer         The buffer containing the key context.
- * \param      key_buffer_size    Size of the \p key_buffer buffer in bytes.
- * \param      alg                The AEAD algorithm to compute.
- * \param[in]  nonce              Nonce or IV to use.
- * \param      nonce_length       Size of the nonce buffer in bytes. This must
- *                                be appropriate for the selected algorithm.
- *                                The default nonce size is
- *                                PSA_AEAD_NONCE_LENGTH(key_type, alg) where
- *                                key_type is the type of key.
- * \param[in]  additional_data    Additional data that will be authenticated
- *                                but not encrypted.
- * \param      additional_data_length  Size of additional_data in bytes.
- * \param[in]  plaintext          Data that will be authenticated and encrypted.
- * \param      plaintext_length   Size of plaintext in bytes.
- * \param[out] ciphertext         Output buffer for the authenticated and
- *                                encrypted data. The additional data is not
- *                                part of this output. For algorithms where the
- *                                encrypted data and the authentication tag are
- *                                defined as separate outputs, the
- *                                authentication tag is appended to the
- *                                encrypted data.
- * \param      ciphertext_size    Size of the ciphertext buffer in bytes. This
- *                                must be appropriate for the selected algorithm
- *                                and key:
- *                                - A sufficient output size is
- *                                  PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg,
- *                                  plaintext_length) where key_type is the type
- *                                  of key.
- *                                - PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(
- *                                  plaintext_length) evaluates to the maximum
- *                                  ciphertext size of any supported AEAD
- *                                  encryption.
- * \param[out] ciphertext_length  On success, the size of the output in the
- *                                ciphertext buffer.
- *
- * \retval #PSA_SUCCESS Success.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         ciphertext_size is too small.
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_aead_encrypt(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *nonce, size_t nonce_length,
-    const uint8_t *additional_data, size_t additional_data_length,
-    const uint8_t *plaintext, size_t plaintext_length,
-    uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
-
-/**
- * \brief Process an authenticated decryption operation.
- *
- * \note The signature of this function is that of a PSA driver
- *       aead_decrypt entry point. This function behaves as an aead_decrypt
- *       entry point as defined in the PSA driver interface specification for
- *       transparent drivers.
- *
- * \param[in]  attributes         The attributes of the key to use for the
- *                                operation.
- * \param[in]  key_buffer         The buffer containing the key context.
- * \param      key_buffer_size    Size of the \p key_buffer buffer in bytes.
- * \param      alg                The AEAD algorithm to compute.
- * \param[in]  nonce              Nonce or IV to use.
- * \param      nonce_length       Size of the nonce buffer in bytes. This must
- *                                be appropriate for the selected algorithm.
- *                                The default nonce size is
- *                                PSA_AEAD_NONCE_LENGTH(key_type, alg) where
- *                                key_type is the type of key.
- * \param[in]  additional_data    Additional data that has been authenticated
- *                                but not encrypted.
- * \param      additional_data_length  Size of additional_data in bytes.
- * \param[in]  ciphertext         Data that has been authenticated and
- *                                encrypted. For algorithms where the encrypted
- *                                data and the authentication tag are defined
- *                                as separate inputs, the buffer contains
- *                                encrypted data followed by the authentication
- *                                tag.
- * \param      ciphertext_length  Size of ciphertext in bytes.
- * \param[out] plaintext          Output buffer for the decrypted data.
- * \param      plaintext_size     Size of the plaintext buffer in bytes. This
- *                                must be appropriate for the selected algorithm
- *                                and key:
- *                                - A sufficient output size is
- *                                  PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg,
- *                                  ciphertext_length) where key_type is the
- *                                  type of key.
- *                                - PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(
- *                                  ciphertext_length) evaluates to the maximum
- *                                  plaintext size of any supported AEAD
- *                                  decryption.
- * \param[out] plaintext_length   On success, the size of the output in the
- *                                plaintext buffer.
- *
- * \retval #PSA_SUCCESS Success.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The cipher is not authentic.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         plaintext_size is too small.
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_aead_decrypt(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *nonce, size_t nonce_length,
-    const uint8_t *additional_data, size_t additional_data_length,
-    const uint8_t *ciphertext, size_t ciphertext_length,
-    uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
-
-#endif /* PSA_CRYPTO_AEAD */
diff --git a/Sources/mbedtls/library/psa_crypto_cipher.c b/Sources/mbedtls/library/psa_crypto_cipher.c
deleted file mode 100644
index 13006fa..0000000
--- a/Sources/mbedtls/library/psa_crypto_cipher.c
+++ /dev/null
@@ -1,593 +0,0 @@
-/*
- *  PSA cipher driver entry points
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-#include "psa_crypto_cipher.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_random_impl.h"
-
-#include "mbedtls/cipher.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
-    psa_algorithm_t alg,
-    psa_key_type_t key_type,
-    size_t key_bits,
-    mbedtls_cipher_id_t* cipher_id )
-{
-    mbedtls_cipher_mode_t mode;
-    mbedtls_cipher_id_t cipher_id_tmp;
-
-    if( PSA_ALG_IS_AEAD( alg ) )
-        alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, 0 );
-
-    if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) )
-    {
-        switch( alg )
-        {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
-            case PSA_ALG_STREAM_CIPHER:
-                mode = MBEDTLS_MODE_STREAM;
-                break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CTR)
-            case PSA_ALG_CTR:
-                mode = MBEDTLS_MODE_CTR;
-                break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CFB)
-            case PSA_ALG_CFB:
-                mode = MBEDTLS_MODE_CFB;
-                break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_OFB)
-            case PSA_ALG_OFB:
-                mode = MBEDTLS_MODE_OFB;
-                break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
-            case PSA_ALG_ECB_NO_PADDING:
-                mode = MBEDTLS_MODE_ECB;
-                break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING)
-            case PSA_ALG_CBC_NO_PADDING:
-                mode = MBEDTLS_MODE_CBC;
-                break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
-            case PSA_ALG_CBC_PKCS7:
-                mode = MBEDTLS_MODE_CBC;
-                break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
-            case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, 0 ):
-                mode = MBEDTLS_MODE_CCM;
-                break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
-            case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, 0 ):
-                mode = MBEDTLS_MODE_GCM;
-                break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
-            case PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CHACHA20_POLY1305, 0 ):
-                mode = MBEDTLS_MODE_CHACHAPOLY;
-                break;
-#endif
-            default:
-                return( NULL );
-        }
-    }
-    else if( alg == PSA_ALG_CMAC )
-        mode = MBEDTLS_MODE_ECB;
-    else
-        return( NULL );
-
-    switch( key_type )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES)
-        case PSA_KEY_TYPE_AES:
-            cipher_id_tmp = MBEDTLS_CIPHER_ID_AES;
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA)
-        case PSA_KEY_TYPE_ARIA:
-            cipher_id_tmp = MBEDTLS_CIPHER_ID_ARIA;
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
-        case PSA_KEY_TYPE_DES:
-            /* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
-             * and 192 for three-key Triple-DES. */
-            if( key_bits == 64 )
-                cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
-            else
-                cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
-            /* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
-             * but two-key Triple-DES is functionally three-key Triple-DES
-             * with K1=K3, so that's how we present it to mbedtls. */
-            if( key_bits == 128 )
-                key_bits = 192;
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA)
-        case PSA_KEY_TYPE_CAMELLIA:
-            cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA;
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4)
-        case PSA_KEY_TYPE_ARC4:
-            cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4;
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20)
-        case PSA_KEY_TYPE_CHACHA20:
-            cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20;
-            break;
-#endif
-        default:
-            return( NULL );
-    }
-    if( cipher_id != NULL )
-        *cipher_id = cipher_id_tmp;
-
-    return( mbedtls_cipher_info_from_values( cipher_id_tmp,
-                                             (int) key_bits, mode ) );
-}
-
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-
-static psa_status_t psa_cipher_setup(
-    mbedtls_psa_cipher_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg,
-    mbedtls_operation_t cipher_operation )
-{
-    int ret = 0;
-    size_t key_bits;
-    const mbedtls_cipher_info_t *cipher_info = NULL;
-    psa_key_type_t key_type = attributes->core.type;
-
-    (void)key_buffer_size;
-
-    mbedtls_cipher_init( &operation->ctx.cipher );
-
-    operation->alg = alg;
-    key_bits = attributes->core.bits;
-    cipher_info = mbedtls_cipher_info_from_psa( alg, key_type,
-                                                key_bits, NULL );
-    if( cipher_info == NULL )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
-    if( ret != 0 )
-        goto exit;
-
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
-    if( key_type == PSA_KEY_TYPE_DES && key_bits == 128 )
-    {
-        /* Two-key Triple-DES is 3-key Triple-DES with K1=K3 */
-        uint8_t keys[24];
-        memcpy( keys, key_buffer, 16 );
-        memcpy( keys + 16, key_buffer, 8 );
-        ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
-                                     keys,
-                                     192, cipher_operation );
-    }
-    else
-#endif
-    {
-        ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer,
-                                     (int) key_bits, cipher_operation );
-    }
-    if( ret != 0 )
-        goto exit;
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
-    switch( alg )
-    {
-        case PSA_ALG_CBC_NO_PADDING:
-            ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
-                                                   MBEDTLS_PADDING_NONE );
-            break;
-        case PSA_ALG_CBC_PKCS7:
-            ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
-                                                   MBEDTLS_PADDING_PKCS7 );
-            break;
-        default:
-            /* The algorithm doesn't involve padding. */
-            ret = 0;
-            break;
-    }
-    if( ret != 0 )
-        goto exit;
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING ||
-          MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 */
-
-    operation->block_length = ( PSA_ALG_IS_STREAM_CIPHER( alg ) ? 1 :
-                                PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
-    operation->iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
-
-exit:
-    return( mbedtls_to_psa_error( ret ) );
-}
-
-psa_status_t mbedtls_psa_cipher_encrypt_setup(
-    mbedtls_psa_cipher_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg )
-{
-    return( psa_cipher_setup( operation, attributes,
-                              key_buffer, key_buffer_size,
-                              alg, MBEDTLS_ENCRYPT ) );
-}
-
-psa_status_t mbedtls_psa_cipher_decrypt_setup(
-    mbedtls_psa_cipher_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg )
-{
-    return( psa_cipher_setup( operation, attributes,
-                              key_buffer, key_buffer_size,
-                              alg, MBEDTLS_DECRYPT ) );
-}
-
-psa_status_t mbedtls_psa_cipher_set_iv(
-    mbedtls_psa_cipher_operation_t *operation,
-    const uint8_t *iv, size_t iv_length )
-{
-    if( iv_length != operation->iv_length )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    return( mbedtls_to_psa_error(
-                mbedtls_cipher_set_iv( &operation->ctx.cipher,
-                                       iv, iv_length ) ) );
-}
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
-/** Process input for which the algorithm is set to ECB mode.
- *
- * This requires manual processing, since the PSA API is defined as being
- * able to process arbitrary-length calls to psa_cipher_update() with ECB mode,
- * but the underlying mbedtls_cipher_update only takes full blocks.
- *
- * \param ctx           The mbedtls cipher context to use. It must have been
- *                      set up for ECB.
- * \param[in] input     The input plaintext or ciphertext to process.
- * \param input_length  The number of bytes to process from \p input.
- *                      This does not need to be aligned to a block boundary.
- *                      If there is a partial block at the end of the input,
- *                      it is stored in \p ctx for future processing.
- * \param output        The buffer where the output is written. It must be
- *                      at least `BS * floor((p + input_length) / BS)` bytes
- *                      long, where `p` is the number of bytes in the
- *                      unprocessed partial block in \p ctx (with
- *                      `0 <= p <= BS - 1`) and `BS` is the block size.
- * \param output_length On success, the number of bytes written to \p output.
- *                      \c 0 on error.
- *
- * \return #PSA_SUCCESS or an error from a hardware accelerator
- */
-static psa_status_t psa_cipher_update_ecb(
-    mbedtls_cipher_context_t *ctx,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *output,
-    size_t *output_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    size_t block_size = ctx->cipher_info->block_size;
-    size_t internal_output_length = 0;
-    *output_length = 0;
-
-    if( input_length == 0 )
-    {
-        status = PSA_SUCCESS;
-        goto exit;
-    }
-
-    if( ctx->unprocessed_len > 0 )
-    {
-        /* Fill up to block size, and run the block if there's a full one. */
-        size_t bytes_to_copy = block_size - ctx->unprocessed_len;
-
-        if( input_length < bytes_to_copy )
-            bytes_to_copy = input_length;
-
-        memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
-                input, bytes_to_copy );
-        input_length -= bytes_to_copy;
-        input += bytes_to_copy;
-        ctx->unprocessed_len += bytes_to_copy;
-
-        if( ctx->unprocessed_len == block_size )
-        {
-            status = mbedtls_to_psa_error(
-                mbedtls_cipher_update( ctx,
-                                       ctx->unprocessed_data,
-                                       block_size,
-                                       output, &internal_output_length ) );
-
-            if( status != PSA_SUCCESS )
-                goto exit;
-
-            output += internal_output_length;
-            *output_length += internal_output_length;
-            ctx->unprocessed_len = 0;
-        }
-    }
-
-    while( input_length >= block_size )
-    {
-        /* Run all full blocks we have, one by one */
-        status = mbedtls_to_psa_error(
-            mbedtls_cipher_update( ctx, input,
-                                   block_size,
-                                   output, &internal_output_length ) );
-
-        if( status != PSA_SUCCESS )
-            goto exit;
-
-        input_length -= block_size;
-        input += block_size;
-
-        output += internal_output_length;
-        *output_length += internal_output_length;
-    }
-
-    if( input_length > 0 )
-    {
-        /* Save unprocessed bytes for later processing */
-        memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ),
-                input, input_length );
-        ctx->unprocessed_len += input_length;
-    }
-
-    status = PSA_SUCCESS;
-
-exit:
-    return( status );
-}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */
-
-psa_status_t mbedtls_psa_cipher_update(
-    mbedtls_psa_cipher_operation_t *operation,
-    const uint8_t *input, size_t input_length,
-    uint8_t *output, size_t output_size, size_t *output_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    size_t expected_output_size;
-
-    if( ! PSA_ALG_IS_STREAM_CIPHER( operation->alg ) )
-    {
-        /* Take the unprocessed partial block left over from previous
-         * update calls, if any, plus the input to this call. Remove
-         * the last partial block, if any. You get the data that will be
-         * output in this call. */
-        expected_output_size =
-            ( operation->ctx.cipher.unprocessed_len + input_length )
-            / operation->block_length * operation->block_length;
-    }
-    else
-    {
-        expected_output_size = input_length;
-    }
-
-    if( output_size < expected_output_size )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
-    if( operation->alg == PSA_ALG_ECB_NO_PADDING )
-    {
-        /* mbedtls_cipher_update has an API inconsistency: it will only
-        * process a single block at a time in ECB mode. Abstract away that
-        * inconsistency here to match the PSA API behaviour. */
-        status = psa_cipher_update_ecb( &operation->ctx.cipher,
-                                        input,
-                                        input_length,
-                                        output,
-                                        output_length );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING */
-    {
-        status = mbedtls_to_psa_error(
-            mbedtls_cipher_update( &operation->ctx.cipher, input,
-                                   input_length, output, output_length ) );
-
-        if( *output_length > output_size )
-            return( PSA_ERROR_CORRUPTION_DETECTED );
-    }
-
-    return( status );
-}
-
-psa_status_t mbedtls_psa_cipher_finish(
-    mbedtls_psa_cipher_operation_t *operation,
-    uint8_t *output, size_t output_size, size_t *output_length )
-{
-    psa_status_t status = PSA_ERROR_GENERIC_ERROR;
-    uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
-
-    if( operation->ctx.cipher.unprocessed_len != 0 )
-    {
-        if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
-            operation->alg == PSA_ALG_CBC_NO_PADDING )
-        {
-            status = PSA_ERROR_INVALID_ARGUMENT;
-            goto exit;
-        }
-    }
-
-    status = mbedtls_to_psa_error(
-        mbedtls_cipher_finish( &operation->ctx.cipher,
-                               temp_output_buffer,
-                               output_length ) );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    if( *output_length == 0 )
-        ; /* Nothing to copy. Note that output may be NULL in this case. */
-    else if( output_size >= *output_length )
-        memcpy( output, temp_output_buffer, *output_length );
-    else
-        status = PSA_ERROR_BUFFER_TOO_SMALL;
-
-exit:
-    mbedtls_platform_zeroize( temp_output_buffer,
-                              sizeof( temp_output_buffer ) );
-
-    return( status );
-}
-
-psa_status_t mbedtls_psa_cipher_abort(
-    mbedtls_psa_cipher_operation_t *operation )
-{
-    /* Sanity check (shouldn't happen: operation->alg should
-     * always have been initialized to a valid value). */
-    if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
-        return( PSA_ERROR_BAD_STATE );
-
-    mbedtls_cipher_free( &operation->ctx.cipher );
-
-    return( PSA_SUCCESS );
-}
-
-psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
-                                    const uint8_t *key_buffer,
-                                    size_t key_buffer_size,
-                                    psa_algorithm_t alg,
-                                    const uint8_t *iv,
-                                    size_t iv_length,
-                                    const uint8_t *input,
-                                    size_t input_length,
-                                    uint8_t *output,
-                                    size_t output_size,
-                                    size_t *output_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
-    size_t update_output_length, finish_output_length;
-
-    status = mbedtls_psa_cipher_encrypt_setup( &operation, attributes,
-                                               key_buffer, key_buffer_size,
-                                               alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    if( iv_length > 0 )
-    {
-        status = mbedtls_psa_cipher_set_iv( &operation, iv, iv_length );
-        if( status != PSA_SUCCESS )
-            goto exit;
-    }
-
-    status = mbedtls_psa_cipher_update( &operation, input, input_length,
-                            output, output_size, &update_output_length );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = mbedtls_psa_cipher_finish(
-        &operation,
-        mbedtls_buffer_offset( output, update_output_length ),
-        output_size - update_output_length, &finish_output_length );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    *output_length = update_output_length + finish_output_length;
-
-exit:
-    if( status == PSA_SUCCESS )
-        status = mbedtls_psa_cipher_abort( &operation );
-    else
-        mbedtls_psa_cipher_abort( &operation );
-
-    return( status );
-}
-
-psa_status_t mbedtls_psa_cipher_decrypt(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *output,
-    size_t output_size,
-    size_t *output_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
-    size_t olength, accumulated_length;
-
-    status = mbedtls_psa_cipher_decrypt_setup( &operation, attributes,
-                                               key_buffer, key_buffer_size,
-                                               alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    if( operation.iv_length > 0 )
-    {
-        status = mbedtls_psa_cipher_set_iv( &operation,
-                                            input, operation.iv_length );
-        if( status != PSA_SUCCESS )
-            goto exit;
-    }
-
-    status = mbedtls_psa_cipher_update(
-        &operation,
-        mbedtls_buffer_offset_const( input, operation.iv_length ),
-        input_length - operation.iv_length,
-        output, output_size, &olength );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    accumulated_length = olength;
-
-    status = mbedtls_psa_cipher_finish(
-        &operation,
-        mbedtls_buffer_offset( output, accumulated_length ),
-        output_size - accumulated_length, &olength );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    *output_length = accumulated_length + olength;
-
-exit:
-    if ( status == PSA_SUCCESS )
-        status = mbedtls_psa_cipher_abort( &operation );
-    else
-        mbedtls_psa_cipher_abort( &operation );
-
-    return( status );
-}
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/Sources/mbedtls/library/psa_crypto_cipher.h b/Sources/mbedtls/library/psa_crypto_cipher.h
deleted file mode 100644
index 3bd5360..0000000
--- a/Sources/mbedtls/library/psa_crypto_cipher.h
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- *  PSA cipher driver entry points and associated auxiliary functions
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_CIPHER_H
-#define PSA_CRYPTO_CIPHER_H
-
-#include <mbedtls/cipher.h>
-#include <psa/crypto.h>
-
-/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
- *  as well as the PSA type and size of the key to be used with the cipher
- *  algorithm.
- *
- * \param       alg        PSA cipher algorithm identifier
- * \param       key_type   PSA key type
- * \param       key_bits   Size of the key in bits
- * \param[out]  cipher_id  Mbed TLS cipher algorithm identifier
- *
- * \return  The Mbed TLS cipher information of the cipher algorithm.
- *          \c NULL if the PSA cipher algorithm is not supported.
- */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
-    psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits,
-    mbedtls_cipher_id_t *cipher_id );
-
-/**
- * \brief Set the key for a multipart symmetric encryption operation.
- *
- * \note The signature of this function is that of a PSA driver
- *       cipher_encrypt_setup entry point. This function behaves as a
- *       cipher_encrypt_setup entry point as defined in the PSA driver
- *       interface specification for transparent drivers.
- *
- * \param[in,out] operation     The operation object to set up. It has been
- *                              initialized as per the documentation for
- *                              #psa_cipher_operation_t and not yet in use.
- * \param[in] attributes        The attributes of the key to use for the
- *                              operation.
- * \param[in] key_buffer        The buffer containing the key context.
- * \param[in] key_buffer_size   Size of the \p key_buffer buffer in bytes.
- * \param[in] alg               The cipher algorithm to compute
- *                              (\c PSA_ALG_XXX value such that
- *                              #PSA_ALG_IS_CIPHER(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_cipher_encrypt_setup(
-    mbedtls_psa_cipher_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg );
-
-/**
- * \brief Set the key for a multipart symmetric decryption operation.
- *
- * \note The signature of this function is that of a PSA driver
- *       cipher_decrypt_setup entry point. This function behaves as a
- *       cipher_decrypt_setup entry point as defined in the PSA driver
- *       interface specification for transparent drivers.
- *
- * \param[in,out] operation     The operation object to set up. It has been
- *                              initialized as per the documentation for
- *                              #psa_cipher_operation_t and not yet in use.
- * \param[in] attributes        The attributes of the key to use for the
- *                              operation.
- * \param[in] key_buffer        The buffer containing the key context.
- * \param[in] key_buffer_size   Size of the \p key_buffer buffer in bytes.
- * \param[in] alg               The cipher algorithm to compute
- *                              (\c PSA_ALG_XXX value such that
- *                              #PSA_ALG_IS_CIPHER(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_cipher_decrypt_setup(
-    mbedtls_psa_cipher_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg );
-
-/** Set the IV for a symmetric encryption or decryption operation.
- *
- * This function sets the IV (initialization vector), nonce
- * or initial counter value for the encryption or decryption operation.
- *
- * \note The signature of this function is that of a PSA driver
- *       cipher_set_iv entry point. This function behaves as a
- *       cipher_set_iv entry point as defined in the PSA driver
- *       interface specification for transparent drivers.
- *
- * \param[in,out] operation     Active cipher operation.
- * \param[in] iv                Buffer containing the IV to use.
- * \param[in] iv_length         Size of the IV in bytes. It is guaranteed by
- *                              the core to be less or equal to
- *                              PSA_CIPHER_IV_MAX_SIZE.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The size of \p iv is not acceptable for the chosen algorithm,
- *         or the chosen algorithm does not use an IV.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t mbedtls_psa_cipher_set_iv(
-    mbedtls_psa_cipher_operation_t *operation,
-    const uint8_t *iv, size_t iv_length );
-
-/** Encrypt or decrypt a message fragment in an active cipher operation.
- *
- * \note The signature of this function is that of a PSA driver
- *       cipher_update entry point. This function behaves as a
- *       cipher_update entry point as defined in the PSA driver
- *       interface specification for transparent drivers.
- *
- * \param[in,out] operation     Active cipher operation.
- * \param[in] input             Buffer containing the message fragment to
- *                              encrypt or decrypt.
- * \param[in] input_length      Size of the \p input buffer in bytes.
- * \param[out] output           Buffer where the output is to be written.
- * \param[in]  output_size      Size of the \p output buffer in bytes.
- * \param[out] output_length    On success, the number of bytes
- *                              that make up the returned output.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t mbedtls_psa_cipher_update(
-    mbedtls_psa_cipher_operation_t *operation,
-    const uint8_t *input, size_t input_length,
-    uint8_t *output, size_t output_size, size_t *output_length );
-
-/** Finish encrypting or decrypting a message in a cipher operation.
- *
- * \note The signature of this function is that of a PSA driver
- *       cipher_finish entry point. This function behaves as a
- *       cipher_finish entry point as defined in the PSA driver
- *       interface specification for transparent drivers.
- *
- * \param[in,out] operation     Active cipher operation.
- * \param[out] output           Buffer where the output is to be written.
- * \param[in]  output_size      Size of the \p output buffer in bytes.
- * \param[out] output_length    On success, the number of bytes
- *                              that make up the returned output.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The total input size passed to this operation is not valid for
- *         this particular algorithm. For example, the algorithm is a based
- *         on block cipher and requires a whole number of blocks, but the
- *         total input size is not a multiple of the block size.
- * \retval #PSA_ERROR_INVALID_PADDING
- *         This is a decryption operation for an algorithm that includes
- *         padding, and the ciphertext does not contain valid padding.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t mbedtls_psa_cipher_finish(
-    mbedtls_psa_cipher_operation_t *operation,
-    uint8_t *output, size_t output_size, size_t *output_length );
-
-/** Abort a cipher operation.
- *
- * Aborting an operation frees all associated resources except for the
- * \p operation structure itself. Once aborted, the operation object
- * can be reused for another operation.
- *
- * \note The signature of this function is that of a PSA driver
- *       cipher_abort entry point. This function behaves as a
- *       cipher_abort entry point as defined in the PSA driver
- *       interface specification for transparent drivers.
- *
- * \param[in,out] operation     Initialized cipher operation.
- *
- * \retval #PSA_SUCCESS
- */
-psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation );
-
-/** Encrypt a message using a symmetric cipher.
- *
- * \note The signature of this function is that of a PSA driver
- *       cipher_encrypt entry point. This function behaves as a
- *       cipher_encrypt entry point as defined in the PSA driver
- *       interface specification for transparent drivers.
- *
- * \param[in] attributes        The attributes of the key to use for the
- *                              operation.
- * \param[in] key_buffer        The buffer containing the key context.
- * \param[in] key_buffer_size   Size of the \p key_buffer buffer in bytes.
- * \param[in] alg               The cipher algorithm to compute
- *                              (\c PSA_ALG_XXX value such that
- *                              #PSA_ALG_IS_CIPHER(\p alg) is true).
- * \param[in] iv                Buffer containing the IV for encryption. The
- *                              IV has been generated by the core.
- * \param[in] iv_length         Size of the \p iv in bytes.
- * \param[in] input             Buffer containing the message to encrypt.
- * \param[in] input_length      Size of the \p input buffer in bytes.
- * \param[in,out] output        Buffer where the output is to be written.
- * \param[in]  output_size      Size of the \p output buffer in bytes.
- * \param[out] output_length    On success, the number of bytes that make up
- *                              the returned output. Initialized to zero
- *                              by the core.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The size \p iv_length is not acceptable for the chosen algorithm,
- *         or the chosen algorithm does not use an IV.
- *         The total input size passed to this operation is not valid for
- *         this particular algorithm. For example, the algorithm is a based
- *         on block cipher and requires a whole number of blocks, but the
- *         total input size is not a multiple of the block size.
- * \retval #PSA_ERROR_INVALID_PADDING
- *         This is a decryption operation for an algorithm that includes
- *         padding, and the ciphertext does not contain valid padding.
- */
-psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
-                                         const uint8_t *key_buffer,
-                                         size_t key_buffer_size,
-                                         psa_algorithm_t alg,
-                                         const uint8_t *iv,
-                                         size_t iv_length,
-                                         const uint8_t *input,
-                                         size_t input_length,
-                                         uint8_t *output,
-                                         size_t output_size,
-                                         size_t *output_length );
-
-/** Decrypt a message using a symmetric cipher.
- *
- * \note The signature of this function is that of a PSA driver
- *       cipher_decrypt entry point. This function behaves as a
- *       cipher_decrypt entry point as defined in the PSA driver
- *       interface specification for transparent drivers.
- *
- * \param[in]  attributes       The attributes of the key to use for the
- *                              operation.
- * \param[in]  key_buffer       The buffer containing the key context.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes.
- * \param[in]  alg              The cipher algorithm to compute
- *                              (\c PSA_ALG_XXX value such that
- *                              #PSA_ALG_IS_CIPHER(\p alg) is true).
- * \param[in]  input            Buffer containing the iv and the ciphertext.
- * \param[in]  input_length     Size of the \p input buffer in bytes.
- * \param[out] output           Buffer where the output is to be written.
- * \param[in]  output_size      Size of the \p output buffer in bytes.
- * \param[out] output_length    On success, the number of bytes that make up
- *                              the returned output. Initialized to zero
- *                              by the core.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The size of \p iv is not acceptable for the chosen algorithm,
- *         or the chosen algorithm does not use an IV.
- *         The total input size passed to this operation is not valid for
- *         this particular algorithm. For example, the algorithm is a based
- *         on block cipher and requires a whole number of blocks, but the
- *         total input size is not a multiple of the block size.
- * \retval #PSA_ERROR_INVALID_PADDING
- *         This is a decryption operation for an algorithm that includes
- *         padding, and the ciphertext does not contain valid padding.
- */
-psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
-                                         const uint8_t *key_buffer,
-                                         size_t key_buffer_size,
-                                         psa_algorithm_t alg,
-                                         const uint8_t *input,
-                                         size_t input_length,
-                                         uint8_t *output,
-                                         size_t output_size,
-                                         size_t *output_length );
-
-#endif /* PSA_CRYPTO_CIPHER_H */
diff --git a/Sources/mbedtls/library/psa_crypto_client.c b/Sources/mbedtls/library/psa_crypto_client.c
deleted file mode 100644
index ab79086..0000000
--- a/Sources/mbedtls/library/psa_crypto_client.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- *  PSA crypto client code
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-#include "psa/crypto.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
-
-#include <string.h>
-#include "mbedtls/platform.h"
-
-void psa_reset_key_attributes( psa_key_attributes_t *attributes )
-{
-    mbedtls_free( attributes->domain_parameters );
-    memset( attributes, 0, sizeof( *attributes ) );
-}
-
-psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
-                                            psa_key_type_t type,
-                                            const uint8_t *data,
-                                            size_t data_length )
-{
-    uint8_t *copy = NULL;
-
-    if( data_length != 0 )
-    {
-        copy = mbedtls_calloc( 1, data_length );
-        if( copy == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        memcpy( copy, data, data_length );
-    }
-    /* After this point, this function is guaranteed to succeed, so it
-     * can start modifying `*attributes`. */
-
-    if( attributes->domain_parameters != NULL )
-    {
-        mbedtls_free( attributes->domain_parameters );
-        attributes->domain_parameters = NULL;
-        attributes->domain_parameters_size = 0;
-    }
-
-    attributes->domain_parameters = copy;
-    attributes->domain_parameters_size = data_length;
-    attributes->core.type = type;
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_get_key_domain_parameters(
-    const psa_key_attributes_t *attributes,
-    uint8_t *data, size_t data_size, size_t *data_length )
-{
-    if( attributes->domain_parameters_size > data_size )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
-    *data_length = attributes->domain_parameters_size;
-    if( attributes->domain_parameters_size != 0 )
-        memcpy( data, attributes->domain_parameters,
-                attributes->domain_parameters_size );
-    return( PSA_SUCCESS );
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
diff --git a/Sources/mbedtls/library/psa_crypto_core.h b/Sources/mbedtls/library/psa_crypto_core.h
deleted file mode 100644
index 0d8f71f..0000000
--- a/Sources/mbedtls/library/psa_crypto_core.h
+++ /dev/null
@@ -1,519 +0,0 @@
-/*
- *  PSA crypto core internal interfaces
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_CORE_H
-#define PSA_CRYPTO_CORE_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "psa/crypto.h"
-#include "psa/crypto_se_driver.h"
-
-/** Constant-time buffer comparison
- *
- * \param[in]  a    Left-hand buffer for comparison.
- * \param[in]  b    Right-hand buffer for comparison.
- * \param n         Amount of bytes to compare.
- *
- * \return 0 if the buffer contents are equal, non-zero otherwise
- */
-static inline int mbedtls_psa_safer_memcmp(
-    const uint8_t *a, const uint8_t *b, size_t n )
-{
-    size_t i;
-    unsigned char diff = 0;
-
-    for( i = 0; i < n; i++ )
-        diff |= a[i] ^ b[i];
-
-    return( diff );
-}
-
-/** The data structure representing a key slot, containing key material
- * and metadata for one key.
- */
-typedef struct
-{
-    psa_core_key_attributes_t attr;
-
-    /*
-     * Number of locks on the key slot held by the library.
-     *
-     * This counter is incremented by one each time a library function
-     * retrieves through one of the dedicated internal API a pointer to the
-     * key slot.
-     *
-     * This counter is decremented by one each time a library function stops
-     * accessing the key slot and states it by calling the
-     * psa_unlock_key_slot() API.
-     *
-     * This counter is used to prevent resetting the key slot while the library
-     * may access it. For example, such control is needed in the following
-     * scenarios:
-     * . In case of key slot starvation, all key slots contain the description
-     *   of a key, and the library asks for the description of a persistent
-     *   key not present in the key slots, the key slots currently accessed by
-     *   the library cannot be reclaimed to free a key slot to load the
-     *   persistent key.
-     * . In case of a multi-threaded application where one thread asks to close
-     *   or purge or destroy a key while it is in used by the library through
-     *   another thread.
-     */
-    size_t lock_count;
-
-    /* Dynamically allocated key data buffer.
-     * Format as specified in psa_export_key(). */
-    struct key_data
-    {
-        uint8_t *data;
-        size_t bytes;
-    } key;
-} psa_key_slot_t;
-
-/* A mask of key attribute flags used only internally.
- * Currently there aren't any. */
-#define PSA_KA_MASK_INTERNAL_ONLY (     \
-        0 )
-
-/** Test whether a key slot is occupied.
- *
- * A key slot is occupied iff the key type is nonzero. This works because
- * no valid key can have 0 as its key type.
- *
- * \param[in] slot      The key slot to test.
- *
- * \return 1 if the slot is occupied, 0 otherwise.
- */
-static inline int psa_is_key_slot_occupied( const psa_key_slot_t *slot )
-{
-    return( slot->attr.type != 0 );
-}
-
-/** Test whether a key slot is locked.
- *
- * A key slot is locked iff its lock counter is strictly greater than 0.
- *
- * \param[in] slot  The key slot to test.
- *
- * \return 1 if the slot is locked, 0 otherwise.
- */
-static inline int psa_is_key_slot_locked( const psa_key_slot_t *slot )
-{
-    return( slot->lock_count > 0 );
-}
-
-/** Retrieve flags from psa_key_slot_t::attr::core::flags.
- *
- * \param[in] slot      The key slot to query.
- * \param mask          The mask of bits to extract.
- *
- * \return The key attribute flags in the given slot,
- *         bitwise-anded with \p mask.
- */
-static inline uint16_t psa_key_slot_get_flags( const psa_key_slot_t *slot,
-                                               uint16_t mask )
-{
-    return( slot->attr.flags & mask );
-}
-
-/** Set flags in psa_key_slot_t::attr::core::flags.
- *
- * \param[in,out] slot  The key slot to modify.
- * \param mask          The mask of bits to modify.
- * \param value         The new value of the selected bits.
- */
-static inline void psa_key_slot_set_flags( psa_key_slot_t *slot,
-                                           uint16_t mask,
-                                           uint16_t value )
-{
-    slot->attr.flags = ( ( ~mask & slot->attr.flags ) |
-                              ( mask & value ) );
-}
-
-/** Turn on flags in psa_key_slot_t::attr::core::flags.
- *
- * \param[in,out] slot  The key slot to modify.
- * \param mask          The mask of bits to set.
- */
-static inline void psa_key_slot_set_bits_in_flags( psa_key_slot_t *slot,
-                                                   uint16_t mask )
-{
-    slot->attr.flags |= mask;
-}
-
-/** Turn off flags in psa_key_slot_t::attr::core::flags.
- *
- * \param[in,out] slot  The key slot to modify.
- * \param mask          The mask of bits to clear.
- */
-static inline void psa_key_slot_clear_bits( psa_key_slot_t *slot,
-                                            uint16_t mask )
-{
-    slot->attr.flags &= ~mask;
-}
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-/** Get the SE slot number of a key from the key slot storing its description.
- *
- * \param[in]  slot  The key slot to query. This must be a key slot storing
- *                   the description of a key of a dynamically registered
- *                   secure element, otherwise the behaviour is undefined.
- */
-static inline psa_key_slot_number_t psa_key_slot_get_slot_number(
-    const psa_key_slot_t *slot )
-{
-    return( *( (psa_key_slot_number_t *)( slot->key.data ) ) );
-}
-#endif
-
-/** Completely wipe a slot in memory, including its policy.
- *
- * Persistent storage is not affected.
- *
- * \param[in,out] slot  The key slot to wipe.
- *
- * \retval #PSA_SUCCESS
- *         Success. This includes the case of a key slot that was
- *         already fully wiped.
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot );
-
-/** Try to allocate a buffer to an empty key slot.
- *
- * \param[in,out] slot          Key slot to attach buffer to.
- * \param[in] buffer_length     Requested size of the buffer.
- *
- * \retval #PSA_SUCCESS
- *         The buffer has been successfully allocated.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- *         Not enough memory was available for allocation.
- * \retval #PSA_ERROR_ALREADY_EXISTS
- *         Trying to allocate a buffer to a non-empty key slot.
- */
-psa_status_t psa_allocate_buffer_to_slot( psa_key_slot_t *slot,
-                                          size_t buffer_length );
-
-/** Wipe key data from a slot. Preserves metadata such as the policy. */
-psa_status_t psa_remove_key_data_from_memory( psa_key_slot_t *slot );
-
-/** Copy key data (in export format) into an empty key slot.
- *
- * This function assumes that the slot does not contain
- * any key material yet. On failure, the slot content is unchanged.
- *
- * \param[in,out] slot          Key slot to copy the key into.
- * \param[in] data              Buffer containing the key material.
- * \param data_length           Size of the key buffer.
- *
- * \retval #PSA_SUCCESS
- *         The key has been copied successfully.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- *         Not enough memory was available for allocation of the
- *         copy buffer.
- * \retval #PSA_ERROR_ALREADY_EXISTS
- *         There was other key material already present in the slot.
- */
-psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
-                                              const uint8_t *data,
-                                              size_t data_length );
-
-/** Convert an mbed TLS error code to a PSA error code
- *
- * \note This function is provided solely for the convenience of
- *       Mbed TLS and may be removed at any time without notice.
- *
- * \param ret           An mbed TLS-thrown error code
- *
- * \return              The corresponding PSA error code
- */
-psa_status_t mbedtls_to_psa_error( int ret );
-
-/** Import a key in binary format.
- *
- * \note The signature of this function is that of a PSA driver
- *       import_key entry point. This function behaves as an import_key
- *       entry point as defined in the PSA driver interface specification for
- *       transparent drivers.
- *
- * \param[in]  attributes       The attributes for the key to import.
- * \param[in]  data             The buffer containing the key data in import
- *                              format.
- * \param[in]  data_length      Size of the \p data buffer in bytes.
- * \param[out] key_buffer       The buffer to contain the key data in output
- *                              format upon successful return.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes. This
- *                              size is greater or equal to \p data_length.
- * \param[out] key_buffer_length  The length of the data written in \p
- *                                key_buffer in bytes.
- * \param[out] bits             The key size in number of bits.
- *
- * \retval #PSA_SUCCESS  The key was imported successfully.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key data is not correctly formatted.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t psa_import_key_into_slot(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *data, size_t data_length,
-    uint8_t *key_buffer, size_t key_buffer_size,
-    size_t *key_buffer_length, size_t *bits );
-
-/** Export a key in binary format
- *
- * \note The signature of this function is that of a PSA driver export_key
- *       entry point. This function behaves as an export_key entry point as
- *       defined in the PSA driver interface specification.
- *
- * \param[in]  attributes       The attributes for the key to export.
- * \param[in]  key_buffer       Material or context of the key to export.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes.
- * \param[out] data             Buffer where the key data is to be written.
- * \param[in]  data_size        Size of the \p data buffer in bytes.
- * \param[out] data_length      On success, the number of bytes written in
- *                              \p data
- *
- * \retval #PSA_SUCCESS  The key was exported successfully.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t psa_export_key_internal(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length );
-
-/** Export a public key or the public part of a key pair in binary format.
- *
- * \note The signature of this function is that of a PSA driver
- *       export_public_key entry point. This function behaves as an
- *       export_public_key entry point as defined in the PSA driver interface
- *       specification.
- *
- * \param[in]  attributes       The attributes for the key to export.
- * \param[in]  key_buffer       Material or context of the key to export.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes.
- * \param[out] data             Buffer where the key data is to be written.
- * \param[in]  data_size        Size of the \p data buffer in bytes.
- * \param[out] data_length      On success, the number of bytes written in
- *                              \p data
- *
- * \retval #PSA_SUCCESS  The public key was exported successfully.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t psa_export_public_key_internal(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length );
-
-/**
- * \brief Generate a key.
- *
- * \note The signature of the function is that of a PSA driver generate_key
- *       entry point.
- *
- * \param[in]  attributes         The attributes for the key to generate.
- * \param[out] key_buffer         Buffer where the key data is to be written.
- * \param[in]  key_buffer_size    Size of \p key_buffer in bytes.
- * \param[out] key_buffer_length  On success, the number of bytes written in
- *                                \p key_buffer.
- *
- * \retval #PSA_SUCCESS
- *         The key was generated successfully.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         Key size in bits or type not supported.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of \p key_buffer is too small.
- */
-psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes,
-                                        uint8_t *key_buffer,
-                                        size_t key_buffer_size,
-                                        size_t *key_buffer_length );
-
-/** Sign a message with a private key. For hash-and-sign algorithms,
- *  this includes the hashing step.
- *
- * \note The signature of this function is that of a PSA driver
- *       sign_message entry point. This function behaves as a sign_message
- *       entry point as defined in the PSA driver interface specification for
- *       transparent drivers.
- *
- * \note This function will call the driver for psa_sign_hash
- *       and go through driver dispatch again.
- *
- * \param[in]  attributes       The attributes of the key to use for the
- *                              operation.
- * \param[in]  key_buffer       The buffer containing the key context.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes.
- * \param[in]  alg              A signature algorithm that is compatible with
- *                              the type of the key.
- * \param[in]  input            The input message to sign.
- * \param[in]  input_length     Size of the \p input buffer in bytes.
- * \param[out] signature        Buffer where the signature is to be written.
- * \param[in]  signature_size   Size of the \p signature buffer in bytes.
- * \param[out] signature_length On success, the number of bytes
- *                              that make up the returned signature value.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p signature buffer is too small. You can
- *         determine a sufficient buffer size by calling
- *         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
- *         where \c key_type and \c key_bits are the type and bit-size
- *         respectively of the key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- */
-psa_status_t psa_sign_message_builtin(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *input, size_t input_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length );
-
-/** Verify the signature of a message with a public key, using
- *  a hash-and-sign verification algorithm.
- *
- * \note The signature of this function is that of a PSA driver
- *       verify_message entry point. This function behaves as a verify_message
- *       entry point as defined in the PSA driver interface specification for
- *       transparent drivers.
- *
- * \note This function will call the driver for psa_verify_hash
- *       and go through driver dispatch again.
- *
- * \param[in]  attributes       The attributes of the key to use for the
- *                              operation.
- * \param[in]  key_buffer       The buffer containing the key context.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes.
- * \param[in]  alg              A signature algorithm that is compatible with
- *                              the type of the key.
- * \param[in]  input            The message whose signature is to be verified.
- * \param[in]  input_length     Size of the \p input buffer in bytes.
- * \param[in]  signature        Buffer containing the signature to verify.
- * \param[in]  signature_length Size of the \p signature buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         The signature is valid.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The calculation was performed successfully, but the passed
- *         signature is not a valid signature.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t psa_verify_message_builtin(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *input, size_t input_length,
-    const uint8_t *signature, size_t signature_length );
-
-/** Sign an already-calculated hash with a private key.
- *
- * \note The signature of this function is that of a PSA driver
- *       sign_hash entry point. This function behaves as a sign_hash
- *       entry point as defined in the PSA driver interface specification for
- *       transparent drivers.
- *
- * \param[in]  attributes       The attributes of the key to use for the
- *                              operation.
- * \param[in]  key_buffer       The buffer containing the key context.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes.
- * \param[in]  alg              A signature algorithm that is compatible with
- *                              the type of the key.
- * \param[in]  hash             The hash or message to sign.
- * \param[in]  hash_length      Size of the \p hash buffer in bytes.
- * \param[out] signature        Buffer where the signature is to be written.
- * \param[in]  signature_size   Size of the \p signature buffer in bytes.
- * \param[out] signature_length On success, the number of bytes
- *                              that make up the returned signature value.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p signature buffer is too small. You can
- *         determine a sufficient buffer size by calling
- *         #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
- *         where \c key_type and \c key_bits are the type and bit-size
- *         respectively of the key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- */
-psa_status_t psa_sign_hash_builtin(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length );
-
-/**
- * \brief Verify the signature a hash or short message using a public key.
- *
- * \note The signature of this function is that of a PSA driver
- *       verify_hash entry point. This function behaves as a verify_hash
- *       entry point as defined in the PSA driver interface specification for
- *       transparent drivers.
- *
- * \param[in]  attributes       The attributes of the key to use for the
- *                              operation.
- * \param[in]  key_buffer       The buffer containing the key context.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes.
- * \param[in]  alg              A signature algorithm that is compatible with
- *                              the type of the key.
- * \param[in]  hash             The hash or message whose signature is to be
- *                              verified.
- * \param[in]  hash_length      Size of the \p hash buffer in bytes.
- * \param[in]  signature        Buffer containing the signature to verify.
- * \param[in]  signature_length Size of the \p signature buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         The signature is valid.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The calculation was performed successfully, but the passed
- *         signature is not a valid signature.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t psa_verify_hash_builtin(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length );
-
-#endif /* PSA_CRYPTO_CORE_H */
diff --git a/Sources/mbedtls/library/psa_crypto_driver_wrappers.c b/Sources/mbedtls/library/psa_crypto_driver_wrappers.c
deleted file mode 100644
index c455ecb..0000000
--- a/Sources/mbedtls/library/psa_crypto_driver_wrappers.c
+++ /dev/null
@@ -1,1865 +0,0 @@
-/*
- *  Functions to delegate cryptographic operations to an available
- *  and appropriate accelerator.
- *  Warning: This file will be auto-generated in the future.
- */
-/*  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "psa_crypto_aead.h"
-#include "psa_crypto_cipher.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_driver_wrappers.h"
-#include "psa_crypto_hash.h"
-#include "psa_crypto_mac.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
-
-/* Include test driver definition when running tests */
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#ifndef PSA_CRYPTO_DRIVER_PRESENT
-#define PSA_CRYPTO_DRIVER_PRESENT
-#endif
-#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
-#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
-#endif
-#include "test/drivers/test_driver.h"
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-
-/* Repeat above block for each JSON-declared driver during autogeneration */
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
-
-/* Auto-generated values depending on which drivers are registered.
- * ID 0 is reserved for unallocated operations.
- * ID 1 is reserved for the Mbed TLS software driver. */
-#define PSA_CRYPTO_MBED_TLS_DRIVER_ID (1)
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#define PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID (2)
-#define PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID (3)
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-
-/* Support the 'old' SE interface when asked to */
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-/* PSA_CRYPTO_DRIVER_PRESENT is defined when either a new-style or old-style
- * SE driver is present, to avoid unused argument errors at compile time. */
-#ifndef PSA_CRYPTO_DRIVER_PRESENT
-#define PSA_CRYPTO_DRIVER_PRESENT
-#endif
-#include "psa_crypto_se.h"
-#endif
-
-psa_status_t psa_driver_wrapper_init( void )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    status = psa_init_all_se_drivers( );
-    if( status != PSA_SUCCESS )
-        return( status );
-#endif
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-    status = mbedtls_test_transparent_init( );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    status = mbedtls_test_opaque_init( );
-    if( status != PSA_SUCCESS )
-        return( status );
-#endif
-
-    (void) status;
-    return( PSA_SUCCESS );
-}
-
-void psa_driver_wrapper_free( void )
-{
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    /* Unregister all secure element drivers, so that we restart from
-     * a pristine state. */
-    psa_unregister_all_se_drivers( );
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-    mbedtls_test_transparent_free( );
-    mbedtls_test_opaque_free( );
-#endif
-}
-
-/* Start delegation functions */
-psa_status_t psa_driver_wrapper_sign_message(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *signature,
-    size_t signature_size,
-    size_t *signature_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location =
-        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_signature_sign_message(
-                        attributes,
-                        key_buffer,
-                        key_buffer_size,
-                        alg,
-                        input,
-                        input_length,
-                        signature,
-                        signature_size,
-                        signature_length );
-            /* Declared with fallback == true */
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-            break;
-
-        /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            status = mbedtls_test_opaque_signature_sign_message(
-                        attributes,
-                        key_buffer,
-                        key_buffer_size,
-                        alg,
-                        input,
-                        input_length,
-                        signature,
-                        signature_size,
-                        signature_length );
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-            break;
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            /* Key is declared with a lifetime not known to us */
-            (void)status;
-            break;
-    }
-
-    return( psa_sign_message_builtin( attributes,
-                                      key_buffer,
-                                      key_buffer_size,
-                                      alg,
-                                      input,
-                                      input_length,
-                                      signature,
-                                      signature_size,
-                                      signature_length ) );
-}
-
-psa_status_t psa_driver_wrapper_verify_message(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    const uint8_t *signature,
-    size_t signature_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location =
-        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_signature_verify_message(
-                        attributes,
-                        key_buffer,
-                        key_buffer_size,
-                        alg,
-                        input,
-                        input_length,
-                        signature,
-                        signature_length );
-            /* Declared with fallback == true */
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-            break;
-
-        /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            return( mbedtls_test_opaque_signature_verify_message(
-                        attributes,
-                        key_buffer,
-                        key_buffer_size,
-                        alg,
-                        input,
-                        input_length,
-                        signature,
-                        signature_length ) );
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-            break;
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            /* Key is declared with a lifetime not known to us */
-            (void)status;
-            break;
-    }
-
-    return( psa_verify_message_builtin( attributes,
-                                        key_buffer,
-                                        key_buffer_size,
-                                        alg,
-                                        input,
-                                        input_length,
-                                        signature,
-                                        signature_length ) );
-}
-
-psa_status_t psa_driver_wrapper_sign_hash(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length )
-{
-    /* Try dynamically-registered SE interface first */
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    const psa_drv_se_t *drv;
-    psa_drv_se_context_t *drv_context;
-
-    if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
-    {
-        if( drv->asymmetric == NULL ||
-            drv->asymmetric->p_sign == NULL )
-        {
-            /* Key is defined in SE, but we have no way to exercise it */
-            return( PSA_ERROR_NOT_SUPPORTED );
-        }
-        return( drv->asymmetric->p_sign(
-                    drv_context, *( (psa_key_slot_number_t *)key_buffer ),
-                    alg, hash, hash_length,
-                    signature, signature_size, signature_length ) );
-    }
-#endif /* PSA_CRYPTO_SE_C */
-
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location =
-        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_signature_sign_hash( attributes,
-                                                           key_buffer,
-                                                           key_buffer_size,
-                                                           alg,
-                                                           hash,
-                                                           hash_length,
-                                                           signature,
-                                                           signature_size,
-                                                           signature_length );
-            /* Declared with fallback == true */
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-            /* Fell through, meaning no accelerator supports this operation */
-            return( psa_sign_hash_builtin( attributes,
-                                           key_buffer,
-                                           key_buffer_size,
-                                           alg,
-                                           hash,
-                                           hash_length,
-                                           signature,
-                                           signature_size,
-                                           signature_length ) );
-
-        /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            return( mbedtls_test_opaque_signature_sign_hash( attributes,
-                                                             key_buffer,
-                                                             key_buffer_size,
-                                                             alg,
-                                                             hash,
-                                                             hash_length,
-                                                             signature,
-                                                             signature_size,
-                                                             signature_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            /* Key is declared with a lifetime not known to us */
-            (void)status;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-psa_status_t psa_driver_wrapper_verify_hash(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length )
-{
-    /* Try dynamically-registered SE interface first */
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    const psa_drv_se_t *drv;
-    psa_drv_se_context_t *drv_context;
-
-    if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
-    {
-        if( drv->asymmetric == NULL ||
-            drv->asymmetric->p_verify == NULL )
-        {
-            /* Key is defined in SE, but we have no way to exercise it */
-            return( PSA_ERROR_NOT_SUPPORTED );
-        }
-        return( drv->asymmetric->p_verify(
-                    drv_context, *( (psa_key_slot_number_t *)key_buffer ),
-                    alg, hash, hash_length,
-                    signature, signature_length ) );
-    }
-#endif /* PSA_CRYPTO_SE_C */
-
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location =
-        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_signature_verify_hash(
-                         attributes,
-                         key_buffer,
-                         key_buffer_size,
-                         alg,
-                         hash,
-                         hash_length,
-                         signature,
-                         signature_length );
-            /* Declared with fallback == true */
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-
-            return( psa_verify_hash_builtin( attributes,
-                                             key_buffer,
-                                             key_buffer_size,
-                                             alg,
-                                             hash,
-                                             hash_length,
-                                             signature,
-                                             signature_length ) );
-
-        /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            return( mbedtls_test_opaque_signature_verify_hash( attributes,
-                                                               key_buffer,
-                                                               key_buffer_size,
-                                                               alg,
-                                                               hash,
-                                                               hash_length,
-                                                               signature,
-                                                               signature_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            /* Key is declared with a lifetime not known to us */
-            (void)status;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-/** Get the key buffer size required to store the key material of a key
- *  associated with an opaque driver without storage.
- *
- * \param[in] attributes  The key attributes.
- * \param[out] key_buffer_size  Minimum buffer size to contain the key material
- *
- * \retval #PSA_SUCCESS
- *         The minimum size for a buffer to contain the key material has been
- *         returned successfully.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The size in bits of the key is not valid.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         The type and/or the size in bits of the key or the combination of
- *         the two is not supported.
- */
-psa_status_t psa_driver_wrapper_get_key_buffer_size(
-    const psa_key_attributes_t *attributes,
-    size_t *key_buffer_size )
-{
-    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-    psa_key_type_t key_type = attributes->core.type;
-    size_t key_bits = attributes->core.bits;
-
-    *key_buffer_size = 0;
-    switch( location )
-    {
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
-            /* Emulate property 'builtin_key_size' */
-            if( psa_key_id_is_builtin(
-                    MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
-                        psa_get_key_id( attributes ) ) ) )
-            {
-                *key_buffer_size = sizeof( psa_drv_slot_number_t );
-                return( PSA_SUCCESS );
-            }
-#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-            *key_buffer_size = mbedtls_test_size_function( key_type, key_bits );
-            return( ( *key_buffer_size != 0 ) ?
-                    PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-
-        default:
-            (void)key_type;
-            (void)key_bits;
-            return( PSA_ERROR_NOT_SUPPORTED );
-    }
-}
-
-psa_status_t psa_driver_wrapper_generate_key(
-    const psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location =
-        PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
-
-    /* Try dynamically-registered SE interface first */
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    const psa_drv_se_t *drv;
-    psa_drv_se_context_t *drv_context;
-
-    if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
-    {
-        size_t pubkey_length = 0; /* We don't support this feature yet */
-        if( drv->key_management == NULL ||
-            drv->key_management->p_generate == NULL )
-        {
-            /* Key is defined as being in SE, but we have no way to generate it */
-            return( PSA_ERROR_NOT_SUPPORTED );
-        }
-        return( drv->key_management->p_generate(
-            drv_context,
-            *( (psa_key_slot_number_t *)key_buffer ),
-            attributes, NULL, 0, &pubkey_length ) );
-    }
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-            /* Transparent drivers are limited to generating asymmetric keys */
-            if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) )
-            {
-            /* Cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-                status = mbedtls_test_transparent_generate_key(
-                    attributes, key_buffer, key_buffer_size,
-                    key_buffer_length );
-                /* Declared with fallback == true */
-                if( status != PSA_ERROR_NOT_SUPPORTED )
-                    break;
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-            }
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-
-            /* Software fallback */
-            status = psa_generate_key_internal(
-                attributes, key_buffer, key_buffer_size, key_buffer_length );
-            break;
-
-        /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            status = mbedtls_test_opaque_generate_key(
-                attributes, key_buffer, key_buffer_size, key_buffer_length );
-            break;
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-
-        default:
-            /* Key is declared with a lifetime not known to us */
-            status = PSA_ERROR_INVALID_ARGUMENT;
-            break;
-    }
-
-    return( status );
-}
-
-psa_status_t psa_driver_wrapper_import_key(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *data,
-    size_t data_length,
-    uint8_t *key_buffer,
-    size_t key_buffer_size,
-    size_t *key_buffer_length,
-    size_t *bits )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
-                                      psa_get_key_lifetime( attributes ) );
-
-    /* Try dynamically-registered SE interface first */
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    const psa_drv_se_t *drv;
-    psa_drv_se_context_t *drv_context;
-
-    if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
-    {
-        if( drv->key_management == NULL ||
-            drv->key_management->p_import == NULL )
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        /* The driver should set the number of key bits, however in
-         * case it doesn't, we initialize bits to an invalid value. */
-        *bits = PSA_MAX_KEY_BITS + 1;
-        status = drv->key_management->p_import(
-            drv_context,
-            *( (psa_key_slot_number_t *)key_buffer ),
-            attributes, data, data_length, bits );
-
-        if( status != PSA_SUCCESS )
-            return( status );
-
-        if( (*bits) > PSA_MAX_KEY_BITS )
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        return( PSA_SUCCESS );
-    }
-#endif /* PSA_CRYPTO_SE_C */
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_import_key(
-                         attributes,
-                         data, data_length,
-                         key_buffer, key_buffer_size,
-                         key_buffer_length, bits );
-            /* Declared with fallback == true */
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-            /* Fell through, meaning no accelerator supports this operation */
-            return( psa_import_key_into_slot( attributes,
-                                              data, data_length,
-                                              key_buffer, key_buffer_size,
-                                              key_buffer_length, bits ) );
-
-        default:
-            /* Importing a key with external storage in not yet supported.
-             * Return in error indicating that the lifetime is not valid. */
-            (void)status;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-
-}
-
-psa_status_t psa_driver_wrapper_export_key(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length )
-
-{
-    psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
-                                      psa_get_key_lifetime( attributes ) );
-
-    /* Try dynamically-registered SE interface first */
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    const psa_drv_se_t *drv;
-    psa_drv_se_context_t *drv_context;
-
-    if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
-    {
-        if( ( drv->key_management == NULL   ) ||
-            ( drv->key_management->p_export == NULL ) )
-        {
-            return( PSA_ERROR_NOT_SUPPORTED );
-        }
-
-        return( drv->key_management->p_export(
-                     drv_context,
-                     *( (psa_key_slot_number_t *)key_buffer ),
-                     data, data_size, data_length ) );
-    }
-#endif /* PSA_CRYPTO_SE_C */
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            return( psa_export_key_internal( attributes,
-                                             key_buffer,
-                                             key_buffer_size,
-                                             data,
-                                             data_size,
-                                             data_length ) );
-
-        /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            return( mbedtls_test_opaque_export_key( attributes,
-                                                    key_buffer,
-                                                    key_buffer_size,
-                                                    data,
-                                                    data_size,
-                                                    data_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            /* Key is declared with a lifetime not known to us */
-            return( status );
-    }
-}
-
-psa_status_t psa_driver_wrapper_export_public_key(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length )
-
-{
-    psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
-                                      psa_get_key_lifetime( attributes ) );
-
-    /* Try dynamically-registered SE interface first */
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    const psa_drv_se_t *drv;
-    psa_drv_se_context_t *drv_context;
-
-    if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
-    {
-        if( ( drv->key_management == NULL ) ||
-            ( drv->key_management->p_export_public == NULL ) )
-        {
-            return( PSA_ERROR_NOT_SUPPORTED );
-        }
-
-        return( drv->key_management->p_export_public(
-                    drv_context,
-                    *( (psa_key_slot_number_t *)key_buffer ),
-                    data, data_size, data_length ) );
-    }
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_export_public_key(
-                         attributes,
-                         key_buffer,
-                         key_buffer_size,
-                         data,
-                         data_size,
-                         data_length );
-            /* Declared with fallback == true */
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-            /* Fell through, meaning no accelerator supports this operation */
-            return( psa_export_public_key_internal( attributes,
-                                                    key_buffer,
-                                                    key_buffer_size,
-                                                    data,
-                                                    data_size,
-                                                    data_length ) );
-
-        /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            return( mbedtls_test_opaque_export_public_key( attributes,
-                                                           key_buffer,
-                                                           key_buffer_size,
-                                                           data,
-                                                           data_size,
-                                                           data_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            /* Key is declared with a lifetime not known to us */
-            return( status );
-    }
-}
-
-psa_status_t psa_driver_wrapper_get_builtin_key(
-    psa_drv_slot_number_t slot_number,
-    psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
-{
-    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-    switch( location )
-    {
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            return( mbedtls_test_opaque_get_builtin_key(
-                        slot_number,
-                        attributes,
-                        key_buffer, key_buffer_size, key_buffer_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-        default:
-            (void) slot_number;
-            (void) key_buffer;
-            (void) key_buffer_size;
-            (void) key_buffer_length;
-            return( PSA_ERROR_DOES_NOT_EXIST );
-    }
-}
-
-/*
- * Cipher functions
- */
-psa_status_t psa_driver_wrapper_cipher_encrypt(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *iv,
-    size_t iv_length,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *output,
-    size_t output_size,
-    size_t *output_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location =
-        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_cipher_encrypt( attributes,
-                                                              key_buffer,
-                                                              key_buffer_size,
-                                                              alg,
-                                                              iv,
-                                                              iv_length,
-                                                              input,
-                                                              input_length,
-                                                              output,
-                                                              output_size,
-                                                              output_length );
-            /* Declared with fallback == true */
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-            return( mbedtls_psa_cipher_encrypt( attributes,
-                                                key_buffer,
-                                                key_buffer_size,
-                                                alg,
-                                                iv,
-                                                iv_length,
-                                                input,
-                                                input_length,
-                                                output,
-                                                output_size,
-                                                output_length ) );
-#else
-            return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-
-        /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            return( mbedtls_test_opaque_cipher_encrypt( attributes,
-                                                        key_buffer,
-                                                        key_buffer_size,
-                                                        alg,
-                                                        iv,
-                                                        iv_length,
-                                                        input,
-                                                        input_length,
-                                                        output,
-                                                        output_size,
-                                                        output_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-
-        default:
-            /* Key is declared with a lifetime not known to us */
-            (void)status;
-            (void)key_buffer;
-            (void)key_buffer_size;
-            (void)alg;
-            (void)iv;
-            (void)iv_length;
-            (void)input;
-            (void)input_length;
-            (void)output;
-            (void)output_size;
-            (void)output_length;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-psa_status_t psa_driver_wrapper_cipher_decrypt(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *output,
-    size_t output_size,
-    size_t *output_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location =
-        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_cipher_decrypt( attributes,
-                                                              key_buffer,
-                                                              key_buffer_size,
-                                                              alg,
-                                                              input,
-                                                              input_length,
-                                                              output,
-                                                              output_size,
-                                                              output_length );
-            /* Declared with fallback == true */
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-            return( mbedtls_psa_cipher_decrypt( attributes,
-                                                key_buffer,
-                                                key_buffer_size,
-                                                alg,
-                                                input,
-                                                input_length,
-                                                output,
-                                                output_size,
-                                                output_length ) );
-#else
-            return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-
-        /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            return( mbedtls_test_opaque_cipher_decrypt( attributes,
-                                                        key_buffer,
-                                                        key_buffer_size,
-                                                        alg,
-                                                        input,
-                                                        input_length,
-                                                        output,
-                                                        output_size,
-                                                        output_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-
-        default:
-            /* Key is declared with a lifetime not known to us */
-            (void)status;
-            (void)key_buffer;
-            (void)key_buffer_size;
-            (void)alg;
-            (void)input;
-            (void)input_length;
-            (void)output;
-            (void)output_size;
-            (void)output_length;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
-    psa_cipher_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location =
-        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_cipher_encrypt_setup(
-                &operation->ctx.transparent_test_driver_ctx,
-                attributes,
-                key_buffer,
-                key_buffer_size,
-                alg );
-            /* Declared with fallback == true */
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
-
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-            /* Fell through, meaning no accelerator supports this operation */
-            status = mbedtls_psa_cipher_encrypt_setup( &operation->ctx.mbedtls_ctx,
-                                                       attributes,
-                                                       key_buffer,
-                                                       key_buffer_size,
-                                                       alg );
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            status = mbedtls_test_opaque_cipher_encrypt_setup(
-                &operation->ctx.opaque_test_driver_ctx,
-                attributes,
-                key_buffer, key_buffer_size,
-                alg );
-
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
-
-            return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            /* Key is declared with a lifetime not known to us */
-            (void)status;
-            (void)operation;
-            (void)key_buffer;
-            (void)key_buffer_size;
-            (void)alg;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
-    psa_cipher_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg )
-{
-    psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-    psa_key_location_t location =
-        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_cipher_decrypt_setup(
-                &operation->ctx.transparent_test_driver_ctx,
-                attributes,
-                key_buffer,
-                key_buffer_size,
-                alg );
-            /* Declared with fallback == true */
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
-
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-            /* Fell through, meaning no accelerator supports this operation */
-            status = mbedtls_psa_cipher_decrypt_setup( &operation->ctx.mbedtls_ctx,
-                                                       attributes,
-                                                       key_buffer,
-                                                       key_buffer_size,
-                                                       alg );
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-
-            return( status );
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            status = mbedtls_test_opaque_cipher_decrypt_setup(
-                         &operation->ctx.opaque_test_driver_ctx,
-                         attributes,
-                         key_buffer, key_buffer_size,
-                         alg );
-
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
-
-            return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            /* Key is declared with a lifetime not known to us */
-            (void)status;
-            (void)operation;
-            (void)key_buffer;
-            (void)key_buffer_size;
-            (void)alg;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-psa_status_t psa_driver_wrapper_cipher_set_iv(
-    psa_cipher_operation_t *operation,
-    const uint8_t *iv,
-    size_t iv_length )
-{
-    switch( operation->id )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_cipher_set_iv( &operation->ctx.mbedtls_ctx,
-                                               iv,
-                                               iv_length ) );
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( mbedtls_test_transparent_cipher_set_iv(
-                        &operation->ctx.transparent_test_driver_ctx,
-                        iv, iv_length ) );
-
-        case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
-            return( mbedtls_test_opaque_cipher_set_iv(
-                        &operation->ctx.opaque_test_driver_ctx,
-                        iv, iv_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-    }
-
-    (void)iv;
-    (void)iv_length;
-
-    return( PSA_ERROR_INVALID_ARGUMENT );
-}
-
-psa_status_t psa_driver_wrapper_cipher_update(
-    psa_cipher_operation_t *operation,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *output,
-    size_t output_size,
-    size_t *output_length )
-{
-    switch( operation->id )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_cipher_update( &operation->ctx.mbedtls_ctx,
-                                               input,
-                                               input_length,
-                                               output,
-                                               output_size,
-                                               output_length ) );
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( mbedtls_test_transparent_cipher_update(
-                        &operation->ctx.transparent_test_driver_ctx,
-                        input, input_length,
-                        output, output_size, output_length ) );
-
-        case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
-            return( mbedtls_test_opaque_cipher_update(
-                        &operation->ctx.opaque_test_driver_ctx,
-                        input, input_length,
-                        output, output_size, output_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-    }
-
-    (void)input;
-    (void)input_length;
-    (void)output;
-    (void)output_size;
-    (void)output_length;
-
-    return( PSA_ERROR_INVALID_ARGUMENT );
-}
-
-psa_status_t psa_driver_wrapper_cipher_finish(
-    psa_cipher_operation_t *operation,
-    uint8_t *output,
-    size_t output_size,
-    size_t *output_length )
-{
-    switch( operation->id )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_cipher_finish( &operation->ctx.mbedtls_ctx,
-                                               output,
-                                               output_size,
-                                               output_length ) );
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( mbedtls_test_transparent_cipher_finish(
-                        &operation->ctx.transparent_test_driver_ctx,
-                        output, output_size, output_length ) );
-
-        case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
-            return( mbedtls_test_opaque_cipher_finish(
-                        &operation->ctx.opaque_test_driver_ctx,
-                        output, output_size, output_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-    }
-
-    (void)output;
-    (void)output_size;
-    (void)output_length;
-
-    return( PSA_ERROR_INVALID_ARGUMENT );
-}
-
-psa_status_t psa_driver_wrapper_cipher_abort(
-    psa_cipher_operation_t *operation )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    switch( operation->id )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
-        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_cipher_abort( &operation->ctx.mbedtls_ctx ) );
-#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
-
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            status = mbedtls_test_transparent_cipher_abort(
-                         &operation->ctx.transparent_test_driver_ctx );
-            mbedtls_platform_zeroize(
-                &operation->ctx.transparent_test_driver_ctx,
-                sizeof( operation->ctx.transparent_test_driver_ctx ) );
-            return( status );
-
-        case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
-            status = mbedtls_test_opaque_cipher_abort(
-                         &operation->ctx.opaque_test_driver_ctx );
-            mbedtls_platform_zeroize(
-                &operation->ctx.opaque_test_driver_ctx,
-                sizeof( operation->ctx.opaque_test_driver_ctx ) );
-            return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-    }
-
-    (void)status;
-    return( PSA_ERROR_INVALID_ARGUMENT );
-}
-
-/*
- * Hashing functions
- */
-psa_status_t psa_driver_wrapper_hash_compute(
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *hash,
-    size_t hash_size,
-    size_t *hash_length)
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    /* Try accelerators first */
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-    status = mbedtls_test_transparent_hash_compute(
-                alg, input, input_length, hash, hash_size, hash_length );
-    if( status != PSA_ERROR_NOT_SUPPORTED )
-        return( status );
-#endif
-
-    /* If software fallback is compiled in, try fallback */
-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-    status = mbedtls_psa_hash_compute( alg, input, input_length,
-                                       hash, hash_size, hash_length );
-    if( status != PSA_ERROR_NOT_SUPPORTED )
-        return( status );
-#endif
-    (void) status;
-    (void) alg;
-    (void) input;
-    (void) input_length;
-    (void) hash;
-    (void) hash_size;
-    (void) hash_length;
-
-    return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-psa_status_t psa_driver_wrapper_hash_setup(
-    psa_hash_operation_t *operation,
-    psa_algorithm_t alg )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    /* Try setup on accelerators first */
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-    status = mbedtls_test_transparent_hash_setup(
-                &operation->ctx.test_driver_ctx, alg );
-    if( status == PSA_SUCCESS )
-        operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
-
-    if( status != PSA_ERROR_NOT_SUPPORTED )
-        return( status );
-#endif
-
-    /* If software fallback is compiled in, try fallback */
-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-    status = mbedtls_psa_hash_setup( &operation->ctx.mbedtls_ctx, alg );
-    if( status == PSA_SUCCESS )
-        operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-
-    if( status != PSA_ERROR_NOT_SUPPORTED )
-        return( status );
-#endif
-    /* Nothing left to try if we fall through here */
-    (void) status;
-    (void) operation;
-    (void) alg;
-    return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-psa_status_t psa_driver_wrapper_hash_clone(
-    const psa_hash_operation_t *source_operation,
-    psa_hash_operation_t *target_operation )
-{
-    switch( source_operation->id )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            target_operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-            return( mbedtls_psa_hash_clone( &source_operation->ctx.mbedtls_ctx,
-                                            &target_operation->ctx.mbedtls_ctx ) );
-#endif
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
-            return( mbedtls_test_transparent_hash_clone(
-                        &source_operation->ctx.test_driver_ctx,
-                        &target_operation->ctx.test_driver_ctx ) );
-#endif
-        default:
-            (void) target_operation;
-            return( PSA_ERROR_BAD_STATE );
-    }
-}
-
-psa_status_t psa_driver_wrapper_hash_update(
-    psa_hash_operation_t *operation,
-    const uint8_t *input,
-    size_t input_length )
-{
-    switch( operation->id )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_hash_update( &operation->ctx.mbedtls_ctx,
-                                             input, input_length ) );
-#endif
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( mbedtls_test_transparent_hash_update(
-                        &operation->ctx.test_driver_ctx,
-                        input, input_length ) );
-#endif
-        default:
-            (void) input;
-            (void) input_length;
-            return( PSA_ERROR_BAD_STATE );
-    }
-}
-
-psa_status_t psa_driver_wrapper_hash_finish(
-    psa_hash_operation_t *operation,
-    uint8_t *hash,
-    size_t hash_size,
-    size_t *hash_length )
-{
-    switch( operation->id )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_hash_finish( &operation->ctx.mbedtls_ctx,
-                                             hash, hash_size, hash_length ) );
-#endif
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( mbedtls_test_transparent_hash_finish(
-                        &operation->ctx.test_driver_ctx,
-                        hash, hash_size, hash_length ) );
-#endif
-        default:
-            (void) hash;
-            (void) hash_size;
-            (void) hash_length;
-            return( PSA_ERROR_BAD_STATE );
-    }
-}
-
-psa_status_t psa_driver_wrapper_hash_abort(
-    psa_hash_operation_t *operation )
-{
-    switch( operation->id )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_hash_abort( &operation->ctx.mbedtls_ctx ) );
-#endif
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( mbedtls_test_transparent_hash_abort(
-                        &operation->ctx.test_driver_ctx ) );
-#endif
-        default:
-            return( PSA_ERROR_BAD_STATE );
-    }
-}
-
-psa_status_t psa_driver_wrapper_aead_encrypt(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *nonce, size_t nonce_length,
-    const uint8_t *additional_data, size_t additional_data_length,
-    const uint8_t *plaintext, size_t plaintext_length,
-    uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location =
-        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_aead_encrypt(
-                         attributes, key_buffer, key_buffer_size,
-                         alg,
-                         nonce, nonce_length,
-                         additional_data, additional_data_length,
-                         plaintext, plaintext_length,
-                         ciphertext, ciphertext_size, ciphertext_length );
-            /* Declared with fallback == true */
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-
-            /* Fell through, meaning no accelerator supports this operation */
-            return( mbedtls_psa_aead_encrypt(
-                        attributes, key_buffer, key_buffer_size,
-                        alg,
-                        nonce, nonce_length,
-                        additional_data, additional_data_length,
-                        plaintext, plaintext_length,
-                        ciphertext, ciphertext_size, ciphertext_length ) );
-
-        /* Add cases for opaque driver here */
-
-        default:
-            /* Key is declared with a lifetime not known to us */
-            (void)status;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-psa_status_t psa_driver_wrapper_aead_decrypt(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *nonce, size_t nonce_length,
-    const uint8_t *additional_data, size_t additional_data_length,
-    const uint8_t *ciphertext, size_t ciphertext_length,
-    uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location =
-        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_aead_decrypt(
-                        attributes, key_buffer, key_buffer_size,
-                        alg,
-                        nonce, nonce_length,
-                        additional_data, additional_data_length,
-                        ciphertext, ciphertext_length,
-                        plaintext, plaintext_size, plaintext_length );
-            /* Declared with fallback == true */
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-
-            /* Fell through, meaning no accelerator supports this operation */
-            return( mbedtls_psa_aead_decrypt(
-                        attributes, key_buffer, key_buffer_size,
-                        alg,
-                        nonce, nonce_length,
-                        additional_data, additional_data_length,
-                        ciphertext, ciphertext_length,
-                        plaintext, plaintext_size, plaintext_length ) );
-
-        /* Add cases for opaque driver here */
-
-        default:
-            /* Key is declared with a lifetime not known to us */
-            (void)status;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-
-/*
- * MAC functions
- */
-psa_status_t psa_driver_wrapper_mac_compute(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *mac,
-    size_t mac_size,
-    size_t *mac_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location =
-        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_mac_compute(
-                attributes, key_buffer, key_buffer_size, alg,
-                input, input_length,
-                mac, mac_size, mac_length );
-            /* Declared with fallback == true */
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
-            /* Fell through, meaning no accelerator supports this operation */
-            status = mbedtls_psa_mac_compute(
-                attributes, key_buffer, key_buffer_size, alg,
-                input, input_length,
-                mac, mac_size, mac_length );
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            status = mbedtls_test_opaque_mac_compute(
-                attributes, key_buffer, key_buffer_size, alg,
-                input, input_length,
-                mac, mac_size, mac_length );
-            return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            /* Key is declared with a lifetime not known to us */
-            (void) key_buffer;
-            (void) key_buffer_size;
-            (void) alg;
-            (void) input;
-            (void) input_length;
-            (void) mac;
-            (void) mac_size;
-            (void) mac_length;
-            (void) status;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-psa_status_t psa_driver_wrapper_mac_sign_setup(
-    psa_mac_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location =
-        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_mac_sign_setup(
-                &operation->ctx.transparent_test_driver_ctx,
-                attributes,
-                key_buffer, key_buffer_size,
-                alg );
-            /* Declared with fallback == true */
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
-
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
-            /* Fell through, meaning no accelerator supports this operation */
-            status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
-                                                 attributes,
-                                                 key_buffer, key_buffer_size,
-                                                 alg );
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            status = mbedtls_test_opaque_mac_sign_setup(
-                &operation->ctx.opaque_test_driver_ctx,
-                attributes,
-                key_buffer, key_buffer_size,
-                alg );
-
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
-
-            return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            /* Key is declared with a lifetime not known to us */
-            (void) status;
-            (void) operation;
-            (void) key_buffer;
-            (void) key_buffer_size;
-            (void) alg;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-psa_status_t psa_driver_wrapper_mac_verify_setup(
-    psa_mac_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_location_t location =
-        PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
-
-    switch( location )
-    {
-        case PSA_KEY_LOCATION_LOCAL_STORAGE:
-            /* Key is stored in the slot in export representation, so
-             * cycle through all known transparent accelerators */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-            status = mbedtls_test_transparent_mac_verify_setup(
-                &operation->ctx.transparent_test_driver_ctx,
-                attributes,
-                key_buffer, key_buffer_size,
-                alg );
-            /* Declared with fallback == true */
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
-
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
-            /* Fell through, meaning no accelerator supports this operation */
-            status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
-                                                   attributes,
-                                                   key_buffer, key_buffer_size,
-                                                   alg );
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
-
-            if( status != PSA_ERROR_NOT_SUPPORTED )
-                return( status );
-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-            return( PSA_ERROR_NOT_SUPPORTED );
-
-        /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TEST_DRIVER_LOCATION:
-            status = mbedtls_test_opaque_mac_verify_setup(
-                &operation->ctx.opaque_test_driver_ctx,
-                attributes,
-                key_buffer, key_buffer_size,
-                alg );
-
-            if( status == PSA_SUCCESS )
-                operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
-
-            return( status );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            /* Key is declared with a lifetime not known to us */
-            (void) status;
-            (void) operation;
-            (void) key_buffer;
-            (void) key_buffer_size;
-            (void) alg;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-psa_status_t psa_driver_wrapper_mac_update(
-    psa_mac_operation_t *operation,
-    const uint8_t *input,
-    size_t input_length )
-{
-    switch( operation->id )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
-        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
-                                            input, input_length ) );
-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( mbedtls_test_transparent_mac_update(
-                        &operation->ctx.transparent_test_driver_ctx,
-                        input, input_length ) );
-
-        case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
-            return( mbedtls_test_opaque_mac_update(
-                        &operation->ctx.opaque_test_driver_ctx,
-                        input, input_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            (void) input;
-            (void) input_length;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-psa_status_t psa_driver_wrapper_mac_sign_finish(
-    psa_mac_operation_t *operation,
-    uint8_t *mac,
-    size_t mac_size,
-    size_t *mac_length )
-{
-    switch( operation->id )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
-        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
-                                                 mac, mac_size, mac_length ) );
-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( mbedtls_test_transparent_mac_sign_finish(
-                        &operation->ctx.transparent_test_driver_ctx,
-                        mac, mac_size, mac_length ) );
-
-        case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
-            return( mbedtls_test_opaque_mac_sign_finish(
-                        &operation->ctx.opaque_test_driver_ctx,
-                        mac, mac_size, mac_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            (void) mac;
-            (void) mac_size;
-            (void) mac_length;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-psa_status_t psa_driver_wrapper_mac_verify_finish(
-    psa_mac_operation_t *operation,
-    const uint8_t *mac,
-    size_t mac_length )
-{
-    switch( operation->id )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
-        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
-                                                   mac, mac_length ) );
-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( mbedtls_test_transparent_mac_verify_finish(
-                        &operation->ctx.transparent_test_driver_ctx,
-                        mac, mac_length ) );
-
-        case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
-            return( mbedtls_test_opaque_mac_verify_finish(
-                        &operation->ctx.opaque_test_driver_ctx,
-                        mac, mac_length ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            (void) mac;
-            (void) mac_length;
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-psa_status_t psa_driver_wrapper_mac_abort(
-    psa_mac_operation_t *operation )
-{
-    switch( operation->id )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_MAC)
-        case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
-            return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
-#endif /* MBEDTLS_PSA_BUILTIN_MAC */
-
-#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-        case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
-            return( mbedtls_test_transparent_mac_abort(
-                        &operation->ctx.transparent_test_driver_ctx ) );
-        case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
-            return( mbedtls_test_opaque_mac_abort(
-                        &operation->ctx.opaque_test_driver_ctx ) );
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
-        default:
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/Sources/mbedtls/library/psa_crypto_driver_wrappers.h b/Sources/mbedtls/library/psa_crypto_driver_wrappers.h
deleted file mode 100644
index 7cb88a0..0000000
--- a/Sources/mbedtls/library/psa_crypto_driver_wrappers.h
+++ /dev/null
@@ -1,268 +0,0 @@
-/*
- *  Function signatures for functionality that can be provided by
- *  cryptographic accelerators.
- *  Warning: This file will be auto-generated in the future.
- */
-/*  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_DRIVER_WRAPPERS_H
-#define PSA_CRYPTO_DRIVER_WRAPPERS_H
-
-#include "psa/crypto.h"
-#include "psa/crypto_driver_common.h"
-
-/*
- * Initialization and termination functions
- */
-psa_status_t psa_driver_wrapper_init( void );
-void psa_driver_wrapper_free( void );
-
-/*
- * Signature functions
- */
-psa_status_t psa_driver_wrapper_sign_message(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *signature,
-    size_t signature_size,
-    size_t *signature_length );
-
-psa_status_t psa_driver_wrapper_verify_message(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    const uint8_t *signature,
-    size_t signature_length );
-
-psa_status_t psa_driver_wrapper_sign_hash(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length );
-
-psa_status_t psa_driver_wrapper_verify_hash(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length );
-
-/*
- * Key handling functions
- */
-
-psa_status_t psa_driver_wrapper_import_key(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *data, size_t data_length,
-    uint8_t *key_buffer, size_t key_buffer_size,
-    size_t *key_buffer_length, size_t *bits );
-
-psa_status_t psa_driver_wrapper_export_key(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length );
-
-psa_status_t psa_driver_wrapper_export_public_key(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length );
-
-psa_status_t psa_driver_wrapper_get_key_buffer_size(
-    const psa_key_attributes_t *attributes,
-    size_t *key_buffer_size );
-
-psa_status_t psa_driver_wrapper_generate_key(
-    const psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
-
-psa_status_t psa_driver_wrapper_get_builtin_key(
-    psa_drv_slot_number_t slot_number,
-    psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
-
-/*
- * Cipher functions
- */
-psa_status_t psa_driver_wrapper_cipher_encrypt(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *iv,
-    size_t iv_length,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *output,
-    size_t output_size,
-    size_t *output_length );
-
-psa_status_t psa_driver_wrapper_cipher_decrypt(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *output,
-    size_t output_size,
-    size_t *output_length );
-
-psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
-    psa_cipher_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg );
-
-psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
-    psa_cipher_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg );
-
-psa_status_t psa_driver_wrapper_cipher_set_iv(
-    psa_cipher_operation_t *operation,
-    const uint8_t *iv,
-    size_t iv_length );
-
-psa_status_t psa_driver_wrapper_cipher_update(
-    psa_cipher_operation_t *operation,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *output,
-    size_t output_size,
-    size_t *output_length );
-
-psa_status_t psa_driver_wrapper_cipher_finish(
-    psa_cipher_operation_t *operation,
-    uint8_t *output,
-    size_t output_size,
-    size_t *output_length );
-
-psa_status_t psa_driver_wrapper_cipher_abort(
-    psa_cipher_operation_t *operation );
-
-/*
- * Hashing functions
- */
-psa_status_t psa_driver_wrapper_hash_compute(
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *hash,
-    size_t hash_size,
-    size_t *hash_length);
-
-psa_status_t psa_driver_wrapper_hash_setup(
-    psa_hash_operation_t *operation,
-    psa_algorithm_t alg );
-
-psa_status_t psa_driver_wrapper_hash_clone(
-    const psa_hash_operation_t *source_operation,
-    psa_hash_operation_t *target_operation );
-
-psa_status_t psa_driver_wrapper_hash_update(
-    psa_hash_operation_t *operation,
-    const uint8_t *input,
-    size_t input_length );
-
-psa_status_t psa_driver_wrapper_hash_finish(
-    psa_hash_operation_t *operation,
-    uint8_t *hash,
-    size_t hash_size,
-    size_t *hash_length );
-
-psa_status_t psa_driver_wrapper_hash_abort(
-    psa_hash_operation_t *operation );
-
-/*
- * AEAD functions
- */
-
-psa_status_t psa_driver_wrapper_aead_encrypt(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *nonce, size_t nonce_length,
-    const uint8_t *additional_data, size_t additional_data_length,
-    const uint8_t *plaintext, size_t plaintext_length,
-    uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
-
-psa_status_t psa_driver_wrapper_aead_decrypt(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *nonce, size_t nonce_length,
-    const uint8_t *additional_data, size_t additional_data_length,
-    const uint8_t *ciphertext, size_t ciphertext_length,
-    uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
-
-/*
- * MAC functions
- */
-psa_status_t psa_driver_wrapper_mac_compute(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *mac,
-    size_t mac_size,
-    size_t *mac_length );
-
-psa_status_t psa_driver_wrapper_mac_sign_setup(
-    psa_mac_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg );
-
-psa_status_t psa_driver_wrapper_mac_verify_setup(
-    psa_mac_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg );
-
-psa_status_t psa_driver_wrapper_mac_update(
-    psa_mac_operation_t *operation,
-    const uint8_t *input,
-    size_t input_length );
-
-psa_status_t psa_driver_wrapper_mac_sign_finish(
-    psa_mac_operation_t *operation,
-    uint8_t *mac,
-    size_t mac_size,
-    size_t *mac_length );
-
-psa_status_t psa_driver_wrapper_mac_verify_finish(
-    psa_mac_operation_t *operation,
-    const uint8_t *mac,
-    size_t mac_length );
-
-psa_status_t psa_driver_wrapper_mac_abort(
-    psa_mac_operation_t *operation );
-
-#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
-
-/* End of automatically generated file. */
diff --git a/Sources/mbedtls/library/psa_crypto_ecp.c b/Sources/mbedtls/library/psa_crypto_ecp.c
deleted file mode 100644
index 144d7fd..0000000
--- a/Sources/mbedtls/library/psa_crypto_ecp.c
+++ /dev/null
@@ -1,468 +0,0 @@
-/*
- *  PSA ECP layer on top of Mbed TLS crypto
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-#include <psa/crypto.h>
-#include "psa_crypto_core.h"
-#include "psa_crypto_ecp.h"
-#include "psa_crypto_random_impl.h"
-#include "psa_crypto_hash.h"
-
-#include <stdlib.h>
-#include <string.h>
-#include "mbedtls/platform.h"
-
-#include <mbedtls/ecdsa.h>
-#include <mbedtls/ecp.h>
-#include <mbedtls/error.h>
-
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
-psa_status_t mbedtls_psa_ecp_load_representation(
-    psa_key_type_t type, size_t curve_bits,
-    const uint8_t *data, size_t data_length,
-    mbedtls_ecp_keypair **p_ecp )
-{
-    mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE;
-    psa_status_t status;
-    mbedtls_ecp_keypair *ecp = NULL;
-    size_t curve_bytes = data_length;
-    int explicit_bits = ( curve_bits != 0 );
-
-    if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) &&
-        PSA_KEY_TYPE_ECC_GET_FAMILY( type ) != PSA_ECC_FAMILY_MONTGOMERY )
-    {
-        /* A Weierstrass public key is represented as:
-         * - The byte 0x04;
-         * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
-         * - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
-         * So its data length is 2m+1 where m is the curve size in bits.
-         */
-        if( ( data_length & 1 ) == 0 )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        curve_bytes = data_length / 2;
-
-        /* Montgomery public keys are represented in compressed format, meaning
-         * their curve_bytes is equal to the amount of input. */
-
-        /* Private keys are represented in uncompressed private random integer
-         * format, meaning their curve_bytes is equal to the amount of input. */
-    }
-
-    if( explicit_bits )
-    {
-        /* With an explicit bit-size, the data must have the matching length. */
-        if( curve_bytes != PSA_BITS_TO_BYTES( curve_bits ) )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-    else
-    {
-        /* We need to infer the bit-size from the data. Since the only
-         * information we have is the length in bytes, the value of curve_bits
-         * at this stage is rounded up to the nearest multiple of 8. */
-        curve_bits = PSA_BYTES_TO_BITS( curve_bytes );
-    }
-
-    /* Allocate and initialize a key representation. */
-    ecp = mbedtls_calloc( 1, sizeof( mbedtls_ecp_keypair ) );
-    if( ecp == NULL )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
-    mbedtls_ecp_keypair_init( ecp );
-
-    /* Load the group. */
-    grp_id = mbedtls_ecc_group_of_psa( PSA_KEY_TYPE_ECC_GET_FAMILY( type ),
-                                       curve_bits, !explicit_bits );
-    if( grp_id == MBEDTLS_ECP_DP_NONE )
-    {
-        /* We can't distinguish between a nonsensical family/size combination
-         * (which would warrant PSA_ERROR_INVALID_ARGUMENT) and a
-         * well-regarded curve that Mbed TLS just doesn't know about (which
-         * would warrant PSA_ERROR_NOT_SUPPORTED). For uniformity with how
-         * curves that Mbed TLS knows about but for which support is disabled
-         * at build time, return NOT_SUPPORTED. */
-        status = PSA_ERROR_NOT_SUPPORTED;
-        goto exit;
-    }
-
-    status = mbedtls_to_psa_error(
-                mbedtls_ecp_group_load( &ecp->grp, grp_id ) );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* Load the key material. */
-    if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
-    {
-        /* Load the public value. */
-        status = mbedtls_to_psa_error(
-            mbedtls_ecp_point_read_binary( &ecp->grp, &ecp->Q,
-                                           data,
-                                           data_length ) );
-        if( status != PSA_SUCCESS )
-            goto exit;
-
-        /* Check that the point is on the curve. */
-        status = mbedtls_to_psa_error(
-            mbedtls_ecp_check_pubkey( &ecp->grp, &ecp->Q ) );
-        if( status != PSA_SUCCESS )
-            goto exit;
-    }
-    else
-    {
-        /* Load and validate the secret value. */
-        status = mbedtls_to_psa_error(
-            mbedtls_ecp_read_key( ecp->grp.id,
-                                  ecp,
-                                  data,
-                                  data_length ) );
-        if( status != PSA_SUCCESS )
-            goto exit;
-    }
-
-    *p_ecp = ecp;
-exit:
-    if( status != PSA_SUCCESS )
-    {
-        mbedtls_ecp_keypair_free( ecp );
-        mbedtls_free( ecp );
-    }
-
-    return( status );
-}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
-        * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
-
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
-
-psa_status_t mbedtls_psa_ecp_import_key(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *data, size_t data_length,
-    uint8_t *key_buffer, size_t key_buffer_size,
-    size_t *key_buffer_length, size_t *bits )
-{
-    psa_status_t status;
-    mbedtls_ecp_keypair *ecp = NULL;
-
-    /* Parse input */
-    status = mbedtls_psa_ecp_load_representation( attributes->core.type,
-                                                  attributes->core.bits,
-                                                  data,
-                                                  data_length,
-                                                  &ecp );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    if( PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ) ==
-        PSA_ECC_FAMILY_MONTGOMERY )
-        *bits = ecp->grp.nbits + 1;
-    else
-        *bits = ecp->grp.nbits;
-
-    /* Re-export the data to PSA export format. There is currently no support
-     * for other input formats then the export format, so this is a 1-1
-     * copy operation. */
-    status = mbedtls_psa_ecp_export_key( attributes->core.type,
-                                         ecp,
-                                         key_buffer,
-                                         key_buffer_size,
-                                         key_buffer_length );
-exit:
-    /* Always free the PK object (will also free contained ECP context) */
-    mbedtls_ecp_keypair_free( ecp );
-    mbedtls_free( ecp );
-
-    return( status );
-}
-
-psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type,
-                                         mbedtls_ecp_keypair *ecp,
-                                         uint8_t *data,
-                                         size_t data_size,
-                                         size_t *data_length )
-{
-    psa_status_t status;
-
-    if( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) )
-    {
-        /* Check whether the public part is loaded */
-        if( mbedtls_ecp_is_zero( &ecp->Q ) )
-        {
-            /* Calculate the public key */
-            status = mbedtls_to_psa_error(
-                mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
-                                 mbedtls_psa_get_random,
-                                 MBEDTLS_PSA_RANDOM_STATE ) );
-            if( status != PSA_SUCCESS )
-                return( status );
-        }
-
-        status = mbedtls_to_psa_error(
-                    mbedtls_ecp_point_write_binary( &ecp->grp, &ecp->Q,
-                                                    MBEDTLS_ECP_PF_UNCOMPRESSED,
-                                                    data_length,
-                                                    data,
-                                                    data_size ) );
-        if( status != PSA_SUCCESS )
-            memset( data, 0, data_size );
-
-        return( status );
-    }
-    else
-    {
-        if( data_size < PSA_BITS_TO_BYTES( ecp->grp.nbits ) )
-            return( PSA_ERROR_BUFFER_TOO_SMALL );
-
-        status = mbedtls_to_psa_error(
-                    mbedtls_ecp_write_key( ecp,
-                                           data,
-                                           PSA_BITS_TO_BYTES( ecp->grp.nbits ) ) );
-        if( status == PSA_SUCCESS )
-            *data_length = PSA_BITS_TO_BYTES( ecp->grp.nbits );
-        else
-            memset( data, 0, data_size );
-
-        return( status );
-    }
-}
-
-psa_status_t mbedtls_psa_ecp_export_public_key(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_keypair *ecp = NULL;
-
-    status = mbedtls_psa_ecp_load_representation(
-        attributes->core.type, attributes->core.bits,
-        key_buffer, key_buffer_size, &ecp );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    status = mbedtls_psa_ecp_export_key(
-                 PSA_KEY_TYPE_ECC_PUBLIC_KEY(
-                     PSA_KEY_TYPE_ECC_GET_FAMILY( attributes->core.type ) ),
-                 ecp, data, data_size, data_length );
-
-    mbedtls_ecp_keypair_free( ecp );
-    mbedtls_free( ecp );
-
-    return( status );
-}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
-        * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
-
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
-psa_status_t mbedtls_psa_ecp_generate_key(
-    const psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
-                                 attributes->core.type );
-    mbedtls_ecp_group_id grp_id =
-         mbedtls_ecc_group_of_psa( curve, attributes->core.bits, 0 );
-
-    const mbedtls_ecp_curve_info *curve_info =
-        mbedtls_ecp_curve_info_from_grp_id( grp_id );
-    mbedtls_ecp_keypair ecp;
-
-    if( attributes->domain_parameters_size != 0 )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    mbedtls_ecp_keypair_init( &ecp );
-    ret = mbedtls_ecp_gen_key( grp_id, &ecp,
-                               mbedtls_psa_get_random,
-                               MBEDTLS_PSA_RANDOM_STATE );
-    if( ret != 0 )
-    {
-        mbedtls_ecp_keypair_free( &ecp );
-        return( mbedtls_to_psa_error( ret ) );
-    }
-
-    status = mbedtls_to_psa_error(
-        mbedtls_ecp_write_key( &ecp, key_buffer, key_buffer_size ) );
-
-    mbedtls_ecp_keypair_free( &ecp );
-
-    if( status == PSA_SUCCESS )
-        *key_buffer_length = key_buffer_size;
-
-    return( status );
-}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
-
-/****************************************************************/
-/* ECDSA sign/verify */
-/****************************************************************/
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
-psa_status_t mbedtls_psa_ecdsa_sign_hash(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_keypair *ecp = NULL;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t curve_bytes;
-    mbedtls_mpi r, s;
-
-    status = mbedtls_psa_ecp_load_representation( attributes->core.type,
-                                                  attributes->core.bits,
-                                                  key_buffer,
-                                                  key_buffer_size,
-                                                  &ecp );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
-    mbedtls_mpi_init( &r );
-    mbedtls_mpi_init( &s );
-
-    if( signature_size < 2 * curve_bytes )
-    {
-        ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
-        goto cleanup;
-    }
-
-    if( PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
-        psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
-        const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
-        mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
-        MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext(
-                             &ecp->grp, &r, &s,
-                             &ecp->d, hash,
-                             hash_length, md_alg,
-                             mbedtls_psa_get_random,
-                             MBEDTLS_PSA_RANDOM_STATE ) );
-#else
-       ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
-       goto cleanup;
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
-    }
-    else
-    {
-        (void) alg;
-        MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
-                                             hash, hash_length,
-                                             mbedtls_psa_get_random,
-                                             MBEDTLS_PSA_RANDOM_STATE ) );
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
-                                               signature,
-                                               curve_bytes ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
-                                               signature + curve_bytes,
-                                               curve_bytes ) );
-cleanup:
-    mbedtls_mpi_free( &r );
-    mbedtls_mpi_free( &s );
-    if( ret == 0 )
-        *signature_length = 2 * curve_bytes;
-
-    mbedtls_ecp_keypair_free( ecp );
-    mbedtls_free( ecp );
-
-    return( mbedtls_to_psa_error( ret ) );
-}
-
-psa_status_t mbedtls_psa_ecdsa_verify_hash(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ecp_keypair *ecp = NULL;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t curve_bytes;
-    mbedtls_mpi r, s;
-
-    (void)alg;
-
-    status = mbedtls_psa_ecp_load_representation( attributes->core.type,
-                                                  attributes->core.bits,
-                                                  key_buffer,
-                                                  key_buffer_size,
-                                                  &ecp );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
-    mbedtls_mpi_init( &r );
-    mbedtls_mpi_init( &s );
-
-    if( signature_length != 2 * curve_bytes )
-    {
-        ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
-        goto cleanup;
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
-                                              signature,
-                                              curve_bytes ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s,
-                                              signature + curve_bytes,
-                                              curve_bytes ) );
-
-    /* Check whether the public part is loaded. If not, load it. */
-    if( mbedtls_ecp_is_zero( &ecp->Q ) )
-    {
-        MBEDTLS_MPI_CHK(
-            mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
-                             mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) );
-    }
-
-    ret = mbedtls_ecdsa_verify( &ecp->grp, hash, hash_length,
-                                &ecp->Q, &r, &s );
-
-cleanup:
-    mbedtls_mpi_free( &r );
-    mbedtls_mpi_free( &s );
-    mbedtls_ecp_keypair_free( ecp );
-    mbedtls_free( ecp );
-
-    return( mbedtls_to_psa_error( ret ) );
-}
-
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/Sources/mbedtls/library/psa_crypto_ecp.h b/Sources/mbedtls/library/psa_crypto_ecp.h
deleted file mode 100644
index feddd8a..0000000
--- a/Sources/mbedtls/library/psa_crypto_ecp.h
+++ /dev/null
@@ -1,222 +0,0 @@
-/*
- *  PSA ECP layer on top of Mbed TLS crypto
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_ECP_H
-#define PSA_CRYPTO_ECP_H
-
-#include <psa/crypto.h>
-#include <mbedtls/ecp.h>
-
-/** Load the contents of a key buffer into an internal ECP representation
- *
- * \param[in] type          The type of key contained in \p data.
- * \param[in] curve_bits    The nominal bit-size of the curve.
- *                          It must be consistent with the representation
- *                          passed in \p data.
- *                          This can be 0, in which case the bit-size
- *                          is inferred from \p data_length (which is possible
- *                          for all key types and representation formats
- *                          formats that are currently supported or will
- *                          be in the foreseeable future).
- * \param[in] data          The buffer from which to load the representation.
- * \param[in] data_length   The size in bytes of \p data.
- * \param[out] p_ecp        Returns a pointer to an ECP context on success.
- *                          The caller is responsible for freeing both the
- *                          contents of the context and the context itself
- *                          when done.
- */
-psa_status_t mbedtls_psa_ecp_load_representation( psa_key_type_t type,
-                                                  size_t curve_bits,
-                                                  const uint8_t *data,
-                                                  size_t data_length,
-                                                  mbedtls_ecp_keypair **p_ecp );
-
-/** Import an ECP key in binary format.
- *
- * \note The signature of this function is that of a PSA driver
- *       import_key entry point. This function behaves as an import_key
- *       entry point as defined in the PSA driver interface specification for
- *       transparent drivers.
- *
- * \param[in]  attributes       The attributes for the key to import.
- * \param[in]  data             The buffer containing the key data in import
- *                              format.
- * \param[in]  data_length      Size of the \p data buffer in bytes.
- * \param[out] key_buffer       The buffer containing the key data in output
- *                              format.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes. This
- *                              size is greater or equal to \p data_length.
- * \param[out] key_buffer_length  The length of the data written in \p
- *                                key_buffer in bytes.
- * \param[out] bits             The key size in number of bits.
- *
- * \retval #PSA_SUCCESS  The ECP key was imported successfully.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key data is not correctly formatted.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_ecp_import_key(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *data, size_t data_length,
-    uint8_t *key_buffer, size_t key_buffer_size,
-    size_t *key_buffer_length, size_t *bits );
-
-/** Export an ECP key to export representation
- *
- * \param[in] type          The type of key (public/private) to export
- * \param[in] ecp           The internal ECP representation from which to export
- * \param[out] data         The buffer to export to
- * \param[in] data_size     The length of the buffer to export to
- * \param[out] data_length  The amount of bytes written to \p data
- */
-psa_status_t mbedtls_psa_ecp_export_key( psa_key_type_t type,
-                                         mbedtls_ecp_keypair *ecp,
-                                         uint8_t *data,
-                                         size_t data_size,
-                                         size_t *data_length );
-
-/** Export an ECP public key or the public part of an ECP key pair in binary
- *  format.
- *
- * \note The signature of this function is that of a PSA driver
- *       export_public_key entry point. This function behaves as an
- *       export_public_key entry point as defined in the PSA driver interface
- *       specification.
- *
- * \param[in]  attributes       The attributes for the key to export.
- * \param[in]  key_buffer       Material or context of the key to export.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes.
- * \param[out] data             Buffer where the key data is to be written.
- * \param[in]  data_size        Size of the \p data buffer in bytes.
- * \param[out] data_length      On success, the number of bytes written in
- *                              \p data
- *
- * \retval #PSA_SUCCESS  The ECP public key was exported successfully.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t mbedtls_psa_ecp_export_public_key(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length );
-
-/**
- * \brief Generate an ECP key.
- *
- * \note The signature of the function is that of a PSA driver generate_key
- *       entry point.
- *
- * \param[in]  attributes         The attributes for the ECP key to generate.
- * \param[out] key_buffer         Buffer where the key data is to be written.
- * \param[in]  key_buffer_size    Size of \p key_buffer in bytes.
- * \param[out] key_buffer_length  On success, the number of bytes written in
- *                                \p key_buffer.
- *
- * \retval #PSA_SUCCESS
- *         The key was successfully generated.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         Key length or type not supported.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of \p key_buffer is too small.
- */
-psa_status_t mbedtls_psa_ecp_generate_key(
-    const psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
-
-/** Sign an already-calculated hash with ECDSA.
- *
- * \note The signature of this function is that of a PSA driver
- *       sign_hash entry point. This function behaves as a sign_hash
- *       entry point as defined in the PSA driver interface specification for
- *       transparent drivers.
- *
- * \param[in]  attributes       The attributes of the ECC key to use for the
- *                              operation.
- * \param[in]  key_buffer       The buffer containing the ECC key context.
- *                              format.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes.
- * \param[in]  alg              Randomized or deterministic ECDSA algorithm.
- * \param[in]  hash             The hash or message to sign.
- * \param[in]  hash_length      Size of the \p hash buffer in bytes.
- * \param[out] signature        Buffer where the signature is to be written.
- * \param[in]  signature_size   Size of the \p signature buffer in bytes.
- * \param[out] signature_length On success, the number of bytes
- *                              that make up the returned signature value.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p signature buffer is too small. You can
- *         determine a sufficient buffer size by calling
- *         #PSA_SIGN_OUTPUT_SIZE(\c PSA_KEY_TYPE_ECC_KEY_PAIR, \c key_bits,
- *         \p alg) where \c key_bits is the bit-size of the ECC key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- */
-psa_status_t mbedtls_psa_ecdsa_sign_hash(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length );
-
-/**
- * \brief Verify an ECDSA hash or short message signature.
- *
- * \note The signature of this function is that of a PSA driver
- *       verify_hash entry point. This function behaves as a verify_hash
- *       entry point as defined in the PSA driver interface specification for
- *       transparent drivers.
- *
- * \param[in]  attributes       The attributes of the ECC key to use for the
- *                              operation.
- * \param[in]  key_buffer       The buffer containing the ECC key context.
- *                              format.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes.
- * \param[in]  alg              Randomized or deterministic ECDSA algorithm.
- * \param[in]  hash             The hash or message whose signature is to be
- *                              verified.
- * \param[in]  hash_length      Size of the \p hash buffer in bytes.
- * \param[in]  signature        Buffer containing the signature to verify.
- * \param[in]  signature_length Size of the \p signature buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         The signature is valid.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The calculation was performed successfully, but the passed
- *         signature is not a valid signature.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t mbedtls_psa_ecdsa_verify_hash(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length );
-
-#endif /* PSA_CRYPTO_ECP_H */
diff --git a/Sources/mbedtls/library/psa_crypto_hash.c b/Sources/mbedtls/library/psa_crypto_hash.c
deleted file mode 100644
index 337e557..0000000
--- a/Sources/mbedtls/library/psa_crypto_hash.c
+++ /dev/null
@@ -1,489 +0,0 @@
-/*
- *  PSA hashing layer on top of Mbed TLS software crypto
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-#include <psa/crypto.h>
-#include "psa_crypto_core.h"
-#include "psa_crypto_hash.h"
-
-#include <mbedtls/error.h>
-#include <string.h>
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
-const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
-{
-    switch( alg )
-    {
-#if defined(MBEDTLS_MD2_C)
-        case PSA_ALG_MD2:
-            return( &mbedtls_md2_info );
-#endif
-#if defined(MBEDTLS_MD4_C)
-        case PSA_ALG_MD4:
-            return( &mbedtls_md4_info );
-#endif
-#if defined(MBEDTLS_MD5_C)
-        case PSA_ALG_MD5:
-            return( &mbedtls_md5_info );
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-        case PSA_ALG_RIPEMD160:
-            return( &mbedtls_ripemd160_info );
-#endif
-#if defined(MBEDTLS_SHA1_C)
-        case PSA_ALG_SHA_1:
-            return( &mbedtls_sha1_info );
-#endif
-#if defined(MBEDTLS_SHA256_C)
-        case PSA_ALG_SHA_224:
-            return( &mbedtls_sha224_info );
-#endif
-#if defined(MBEDTLS_SHA256_C)
-        case PSA_ALG_SHA_256:
-            return( &mbedtls_sha256_info );
-#endif
-#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
-        case PSA_ALG_SHA_384:
-            return( &mbedtls_sha384_info );
-#endif
-#if defined(MBEDTLS_SHA512_C)
-        case PSA_ALG_SHA_512:
-            return( &mbedtls_sha512_info );
-#endif
-        default:
-            return( NULL );
-    }
-}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
-
-#if defined(MBEDTLS_PSA_BUILTIN_HASH)
-psa_status_t mbedtls_psa_hash_abort(
-    mbedtls_psa_hash_operation_t *operation )
-{
-    switch( operation->alg )
-    {
-        case 0:
-            /* The object has (apparently) been initialized but it is not
-             * in use. It's ok to call abort on such an object, and there's
-             * nothing to do. */
-            break;
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
-        case PSA_ALG_MD2:
-            mbedtls_md2_free( &operation->ctx.md2 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
-        case PSA_ALG_MD4:
-            mbedtls_md4_free( &operation->ctx.md4 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
-        case PSA_ALG_MD5:
-            mbedtls_md5_free( &operation->ctx.md5 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
-        case PSA_ALG_RIPEMD160:
-            mbedtls_ripemd160_free( &operation->ctx.ripemd160 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
-        case PSA_ALG_SHA_1:
-            mbedtls_sha1_free( &operation->ctx.sha1 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
-        case PSA_ALG_SHA_224:
-            mbedtls_sha256_free( &operation->ctx.sha256 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
-        case PSA_ALG_SHA_256:
-            mbedtls_sha256_free( &operation->ctx.sha256 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
-        case PSA_ALG_SHA_384:
-            mbedtls_sha512_free( &operation->ctx.sha512 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
-        case PSA_ALG_SHA_512:
-            mbedtls_sha512_free( &operation->ctx.sha512 );
-            break;
-#endif
-        default:
-            return( PSA_ERROR_BAD_STATE );
-    }
-    operation->alg = 0;
-    return( PSA_SUCCESS );
-}
-
-psa_status_t mbedtls_psa_hash_setup(
-    mbedtls_psa_hash_operation_t *operation,
-    psa_algorithm_t alg )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    /* A context must be freshly initialized before it can be set up. */
-    if( operation->alg != 0 )
-    {
-        return( PSA_ERROR_BAD_STATE );
-    }
-
-    switch( alg )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
-        case PSA_ALG_MD2:
-            mbedtls_md2_init( &operation->ctx.md2 );
-            ret = mbedtls_md2_starts_ret( &operation->ctx.md2 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
-        case PSA_ALG_MD4:
-            mbedtls_md4_init( &operation->ctx.md4 );
-            ret = mbedtls_md4_starts_ret( &operation->ctx.md4 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
-        case PSA_ALG_MD5:
-            mbedtls_md5_init( &operation->ctx.md5 );
-            ret = mbedtls_md5_starts_ret( &operation->ctx.md5 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
-        case PSA_ALG_RIPEMD160:
-            mbedtls_ripemd160_init( &operation->ctx.ripemd160 );
-            ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
-        case PSA_ALG_SHA_1:
-            mbedtls_sha1_init( &operation->ctx.sha1 );
-            ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
-        case PSA_ALG_SHA_224:
-            mbedtls_sha256_init( &operation->ctx.sha256 );
-            ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
-        case PSA_ALG_SHA_256:
-            mbedtls_sha256_init( &operation->ctx.sha256 );
-            ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
-        case PSA_ALG_SHA_384:
-            mbedtls_sha512_init( &operation->ctx.sha512 );
-            ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
-        case PSA_ALG_SHA_512:
-            mbedtls_sha512_init( &operation->ctx.sha512 );
-            ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 );
-            break;
-#endif
-        default:
-            return( PSA_ALG_IS_HASH( alg ) ?
-                    PSA_ERROR_NOT_SUPPORTED :
-                    PSA_ERROR_INVALID_ARGUMENT );
-    }
-    if( ret == 0 )
-        operation->alg = alg;
-    else
-        mbedtls_psa_hash_abort( operation );
-    return( mbedtls_to_psa_error( ret ) );
-}
-
-psa_status_t mbedtls_psa_hash_clone(
-    const mbedtls_psa_hash_operation_t *source_operation,
-    mbedtls_psa_hash_operation_t *target_operation )
-{
-    switch( source_operation->alg )
-    {
-        case 0:
-            return( PSA_ERROR_BAD_STATE );
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
-        case PSA_ALG_MD2:
-            mbedtls_md2_clone( &target_operation->ctx.md2,
-                               &source_operation->ctx.md2 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
-        case PSA_ALG_MD4:
-            mbedtls_md4_clone( &target_operation->ctx.md4,
-                               &source_operation->ctx.md4 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
-        case PSA_ALG_MD5:
-            mbedtls_md5_clone( &target_operation->ctx.md5,
-                               &source_operation->ctx.md5 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
-        case PSA_ALG_RIPEMD160:
-            mbedtls_ripemd160_clone( &target_operation->ctx.ripemd160,
-                                     &source_operation->ctx.ripemd160 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
-        case PSA_ALG_SHA_1:
-            mbedtls_sha1_clone( &target_operation->ctx.sha1,
-                                &source_operation->ctx.sha1 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
-        case PSA_ALG_SHA_224:
-            mbedtls_sha256_clone( &target_operation->ctx.sha256,
-                                  &source_operation->ctx.sha256 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
-        case PSA_ALG_SHA_256:
-            mbedtls_sha256_clone( &target_operation->ctx.sha256,
-                                  &source_operation->ctx.sha256 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
-        case PSA_ALG_SHA_384:
-            mbedtls_sha512_clone( &target_operation->ctx.sha512,
-                                  &source_operation->ctx.sha512 );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
-        case PSA_ALG_SHA_512:
-            mbedtls_sha512_clone( &target_operation->ctx.sha512,
-                                  &source_operation->ctx.sha512 );
-            break;
-#endif
-        default:
-            (void) source_operation;
-            (void) target_operation;
-            return( PSA_ERROR_NOT_SUPPORTED );
-    }
-
-    target_operation->alg = source_operation->alg;
-    return( PSA_SUCCESS );
-}
-
-psa_status_t mbedtls_psa_hash_update(
-    mbedtls_psa_hash_operation_t *operation,
-    const uint8_t *input,
-    size_t input_length )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    switch( operation->alg )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
-        case PSA_ALG_MD2:
-            ret = mbedtls_md2_update_ret( &operation->ctx.md2,
-                                          input, input_length );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
-        case PSA_ALG_MD4:
-            ret = mbedtls_md4_update_ret( &operation->ctx.md4,
-                                          input, input_length );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
-        case PSA_ALG_MD5:
-            ret = mbedtls_md5_update_ret( &operation->ctx.md5,
-                                          input, input_length );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
-        case PSA_ALG_RIPEMD160:
-            ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160,
-                                                input, input_length );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
-        case PSA_ALG_SHA_1:
-            ret = mbedtls_sha1_update_ret( &operation->ctx.sha1,
-                                           input, input_length );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
-        case PSA_ALG_SHA_224:
-            ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
-                                             input, input_length );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
-        case PSA_ALG_SHA_256:
-            ret = mbedtls_sha256_update_ret( &operation->ctx.sha256,
-                                             input, input_length );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
-        case PSA_ALG_SHA_384:
-            ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
-                                             input, input_length );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
-        case PSA_ALG_SHA_512:
-            ret = mbedtls_sha512_update_ret( &operation->ctx.sha512,
-                                             input, input_length );
-            break;
-#endif
-        default:
-            (void) input;
-            (void) input_length;
-            return( PSA_ERROR_BAD_STATE );
-    }
-
-    return( mbedtls_to_psa_error( ret ) );
-}
-
-psa_status_t mbedtls_psa_hash_finish(
-    mbedtls_psa_hash_operation_t *operation,
-    uint8_t *hash,
-    size_t hash_size,
-    size_t *hash_length )
-{
-    psa_status_t status;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t actual_hash_length = PSA_HASH_LENGTH( operation->alg );
-
-    /* Fill the output buffer with something that isn't a valid hash
-     * (barring an attack on the hash and deliberately-crafted input),
-     * in case the caller doesn't check the return status properly. */
-    *hash_length = hash_size;
-    /* If hash_size is 0 then hash may be NULL and then the
-     * call to memset would have undefined behavior. */
-    if( hash_size != 0 )
-        memset( hash, '!', hash_size );
-
-    if( hash_size < actual_hash_length )
-    {
-        status = PSA_ERROR_BUFFER_TOO_SMALL;
-        goto exit;
-    }
-
-    switch( operation->alg )
-    {
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2)
-        case PSA_ALG_MD2:
-            ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD4)
-        case PSA_ALG_MD4:
-            ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
-        case PSA_ALG_MD5:
-            ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160)
-        case PSA_ALG_RIPEMD160:
-            ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1)
-        case PSA_ALG_SHA_1:
-            ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224)
-        case PSA_ALG_SHA_224:
-            ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
-        case PSA_ALG_SHA_256:
-            ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384)
-        case PSA_ALG_SHA_384:
-            ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
-            break;
-#endif
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512)
-        case PSA_ALG_SHA_512:
-            ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash );
-            break;
-#endif
-        default:
-            (void) hash;
-            return( PSA_ERROR_BAD_STATE );
-    }
-    status = mbedtls_to_psa_error( ret );
-
-exit:
-    if( status == PSA_SUCCESS )
-        *hash_length = actual_hash_length;
-    return( status );
-}
-
-psa_status_t mbedtls_psa_hash_compute(
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *hash,
-    size_t hash_size,
-    size_t *hash_length)
-{
-    mbedtls_psa_hash_operation_t operation = MBEDTLS_PSA_HASH_OPERATION_INIT;
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    *hash_length = hash_size;
-    status = mbedtls_psa_hash_setup( &operation, alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-    status = mbedtls_psa_hash_update( &operation, input, input_length );
-    if( status != PSA_SUCCESS )
-        goto exit;
-    status = mbedtls_psa_hash_finish( &operation, hash, hash_size, hash_length );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-exit:
-    abort_status = mbedtls_psa_hash_abort( &operation );
-    if( status == PSA_SUCCESS )
-        return( abort_status );
-    else
-        return( status );
-
-}
-#endif /* MBEDTLS_PSA_BUILTIN_HASH */
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/Sources/mbedtls/library/psa_crypto_hash.h b/Sources/mbedtls/library/psa_crypto_hash.h
deleted file mode 100644
index b99b942..0000000
--- a/Sources/mbedtls/library/psa_crypto_hash.h
+++ /dev/null
@@ -1,234 +0,0 @@
-/*
- *  PSA hashing layer on top of Mbed TLS software crypto
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_HASH_H
-#define PSA_CRYPTO_HASH_H
-
-#include <psa/crypto.h>
-
-#include <mbedtls/md_internal.h>
-
-/** Get Mbed TLS MD information of a hash algorithm given its PSA identifier
- *
- * \param[in] alg  PSA hash algorithm identifier
- *
- * \return  The Mbed TLS MD information of the hash algorithm. \c NULL if the
- *          PSA hash algorithm is not supported.
- */
-const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg );
-
-/** Calculate the hash (digest) of a message using Mbed TLS routines.
- *
- * \note The signature of this function is that of a PSA driver hash_compute
- *       entry point. This function behaves as a hash_compute entry point as
- *       defined in the PSA driver interface specification for transparent
- *       drivers.
- *
- * \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
- *                          such that #PSA_ALG_IS_HASH(\p alg) is true).
- * \param[in] input         Buffer containing the message to hash.
- * \param input_length      Size of the \p input buffer in bytes.
- * \param[out] hash         Buffer where the hash is to be written.
- * \param hash_size         Size of the \p hash buffer in bytes.
- * \param[out] hash_length  On success, the number of bytes
- *                          that make up the hash value. This is always
- *                          #PSA_HASH_LENGTH(\p alg).
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         \p hash_size is too small
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_hash_compute(
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *hash,
-    size_t hash_size,
-    size_t *hash_length);
-
-/** Set up a multipart hash operation using Mbed TLS routines.
- *
- * \note The signature of this function is that of a PSA driver hash_setup
- *       entry point. This function behaves as a hash_setup entry point as
- *       defined in the PSA driver interface specification for transparent
- *       drivers.
- *
- * If an error occurs at any step after a call to mbedtls_psa_hash_setup(), the
- * operation will need to be reset by a call to mbedtls_psa_hash_abort(). The
- * core may call mbedtls_psa_hash_abort() at any time after the operation
- * has been initialized.
- *
- * After a successful call to mbedtls_psa_hash_setup(), the core must
- * eventually terminate the operation. The following events terminate an
- * operation:
- * - A successful call to mbedtls_psa_hash_finish() or mbedtls_psa_hash_verify().
- * - A call to mbedtls_psa_hash_abort().
- *
- * \param[in,out] operation The operation object to set up. It must have
- *                          been initialized to all-zero and not yet be in use.
- * \param alg               The hash algorithm to compute (\c PSA_ALG_XXX value
- *                          such that #PSA_ALG_IS_HASH(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_hash_setup(
-    mbedtls_psa_hash_operation_t *operation,
-    psa_algorithm_t alg );
-
-/** Clone an Mbed TLS hash operation.
- *
- * \note The signature of this function is that of a PSA driver hash_clone
- *       entry point. This function behaves as a hash_clone entry point as
- *       defined in the PSA driver interface specification for transparent
- *       drivers.
- *
- * This function copies the state of an ongoing hash operation to
- * a new operation object. In other words, this function is equivalent
- * to calling mbedtls_psa_hash_setup() on \p target_operation with the same
- * algorithm that \p source_operation was set up for, then
- * mbedtls_psa_hash_update() on \p target_operation with the same input that
- * that was passed to \p source_operation. After this function returns, the
- * two objects are independent, i.e. subsequent calls involving one of
- * the objects do not affect the other object.
- *
- * \param[in] source_operation      The active hash operation to clone.
- * \param[in,out] target_operation  The operation object to set up.
- *                                  It must be initialized but not active.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BAD_STATE
- *         The \p source_operation state is not valid (it must be active).
- * \retval #PSA_ERROR_BAD_STATE
- *         The \p target_operation state is not valid (it must be inactive).
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t mbedtls_psa_hash_clone(
-    const mbedtls_psa_hash_operation_t *source_operation,
-    mbedtls_psa_hash_operation_t *target_operation );
-
-/** Add a message fragment to a multipart Mbed TLS hash operation.
- *
- * \note The signature of this function is that of a PSA driver hash_update
- *       entry point. This function behaves as a hash_update entry point as
- *       defined in the PSA driver interface specification for transparent
- *       drivers.
- *
- * The application must call mbedtls_psa_hash_setup() before calling this function.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling mbedtls_psa_hash_abort().
- *
- * \param[in,out] operation Active hash operation.
- * \param[in] input         Buffer containing the message fragment to hash.
- * \param input_length      Size of the \p input buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_hash_update(
-    mbedtls_psa_hash_operation_t *operation,
-    const uint8_t *input,
-    size_t input_length );
-
-/** Finish the calculation of the Mbed TLS-calculated hash of a message.
- *
- * \note The signature of this function is that of a PSA driver hash_finish
- *       entry point. This function behaves as a hash_finish entry point as
- *       defined in the PSA driver interface specification for transparent
- *       drivers.
- *
- * The application must call mbedtls_psa_hash_setup() before calling this function.
- * This function calculates the hash of the message formed by concatenating
- * the inputs passed to preceding calls to mbedtls_psa_hash_update().
- *
- * When this function returns successfully, the operation becomes inactive.
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling mbedtls_psa_hash_abort().
- *
- * \param[in,out] operation     Active hash operation.
- * \param[out] hash             Buffer where the hash is to be written.
- * \param hash_size             Size of the \p hash buffer in bytes.
- * \param[out] hash_length      On success, the number of bytes
- *                              that make up the hash value. This is always
- *                              #PSA_HASH_LENGTH(\c alg) where \c alg is the
- *                              hash algorithm that is calculated.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p hash buffer is too small. You can determine a
- *         sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg)
- *         where \c alg is the hash algorithm that is calculated.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_hash_finish(
-    mbedtls_psa_hash_operation_t *operation,
-    uint8_t *hash,
-    size_t hash_size,
-    size_t *hash_length );
-
-/** Abort an Mbed TLS hash operation.
- *
- * \note The signature of this function is that of a PSA driver hash_abort
- *       entry point. This function behaves as a hash_abort entry point as
- *       defined in the PSA driver interface specification for transparent
- *       drivers.
- *
- * Aborting an operation frees all associated resources except for the
- * \p operation structure itself. Once aborted, the operation object
- * can be reused for another operation by calling
- * mbedtls_psa_hash_setup() again.
- *
- * You may call this function any time after the operation object has
- * been initialized by one of the methods described in #psa_hash_operation_t.
- *
- * In particular, calling mbedtls_psa_hash_abort() after the operation has been
- * terminated by a call to mbedtls_psa_hash_abort(), mbedtls_psa_hash_finish() or
- * mbedtls_psa_hash_verify() is safe and has no effect.
- *
- * \param[in,out] operation     Initialized hash operation.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_hash_abort(
-    mbedtls_psa_hash_operation_t *operation );
-
-#endif /* PSA_CRYPTO_HASH_H */
diff --git a/Sources/mbedtls/library/psa_crypto_invasive.h b/Sources/mbedtls/library/psa_crypto_invasive.h
deleted file mode 100644
index 1e5a407..0000000
--- a/Sources/mbedtls/library/psa_crypto_invasive.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/**
- * \file psa_crypto_invasive.h
- *
- * \brief PSA cryptography module: invasive interfaces for test only.
- *
- * The interfaces in this file are intended for testing purposes only.
- * They MUST NOT be made available to clients over IPC in integrations
- * with isolation, and they SHOULD NOT be made available in library
- * integrations except when building the library for testing.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_INVASIVE_H
-#define PSA_CRYPTO_INVASIVE_H
-
-#if defined(MBEDTLS_CONFIG_FILE)
-#include MBEDTLS_CONFIG_FILE
-#else
-#include "mbedtls/config.h"
-#endif
-
-#include "psa/crypto.h"
-#include "common.h"
-
-#include "mbedtls/entropy.h"
-
-#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-/** \brief Configure entropy sources.
- *
- * This function may only be called before a call to psa_crypto_init(),
- * or after a call to mbedtls_psa_crypto_free() and before any
- * subsequent call to psa_crypto_init().
- *
- * This function is only intended for test purposes. The functionality
- * it provides is also useful for system integrators, but
- * system integrators should configure entropy drivers instead of
- * breaking through to the Mbed TLS API.
- *
- * \param entropy_init  Function to initialize the entropy context
- *                      and set up the desired entropy sources.
- *                      It is called by psa_crypto_init().
- *                      By default this is mbedtls_entropy_init().
- *                      This function cannot report failures directly.
- *                      To indicate a failure, set the entropy context
- *                      to a state where mbedtls_entropy_func() will
- *                      return an error.
- * \param entropy_free  Function to free the entropy context
- *                      and associated resources.
- *                      It is called by mbedtls_psa_crypto_free().
- *                      By default this is mbedtls_entropy_free().
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The caller does not have the permission to configure
- *         entropy sources.
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has already been initialized.
- */
-psa_status_t mbedtls_psa_crypto_configure_entropy_sources(
-    void (* entropy_init )( mbedtls_entropy_context *ctx ),
-    void (* entropy_free )( mbedtls_entropy_context *ctx ) );
-#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
-
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
-psa_status_t psa_mac_key_can_do(
-    psa_algorithm_t algorithm,
-    psa_key_type_t key_type );
-#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_PSA_CRYPTO_C */
-
-#endif /* PSA_CRYPTO_INVASIVE_H */
diff --git a/Sources/mbedtls/library/psa_crypto_its.h b/Sources/mbedtls/library/psa_crypto_its.h
deleted file mode 100644
index 3a3f49a..0000000
--- a/Sources/mbedtls/library/psa_crypto_its.h
+++ /dev/null
@@ -1,149 +0,0 @@
-/** \file psa_crypto_its.h
- * \brief Interface of trusted storage that crypto is built on.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_ITS_H
-#define PSA_CRYPTO_ITS_H
-
-#include <stddef.h>
-#include <stdint.h>
-
-#include <psa/crypto_types.h>
-#include <psa/crypto_values.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/** \brief Flags used when creating a data entry
- */
-typedef uint32_t psa_storage_create_flags_t;
-
-/** \brief A type for UIDs used for identifying data
- */
-typedef uint64_t psa_storage_uid_t;
-
-#define PSA_STORAGE_FLAG_NONE        0         /**< No flags to pass */
-#define PSA_STORAGE_FLAG_WRITE_ONCE (1 << 0) /**< The data associated with the uid will not be able to be modified or deleted. Intended to be used to set bits in `psa_storage_create_flags_t`*/
-
-/**
- * \brief A container for metadata associated with a specific uid
- */
-struct psa_storage_info_t
-{
-    uint32_t size;                  /**< The size of the data associated with a uid **/
-    psa_storage_create_flags_t flags;    /**< The flags set when the uid was created **/
-};
-
-/** Flag indicating that \ref psa_storage_create and \ref psa_storage_set_extended are supported */
-#define PSA_STORAGE_SUPPORT_SET_EXTENDED (1 << 0)
-
-/** \brief PSA storage specific error codes
- */
-#define PSA_ERROR_INVALID_SIGNATURE     ((psa_status_t)-149)
-#define PSA_ERROR_DATA_CORRUPT          ((psa_status_t)-152)
-
-#define PSA_ITS_API_VERSION_MAJOR  1  /**< The major version number of the PSA ITS API. It will be incremented on significant updates that may include breaking changes */
-#define PSA_ITS_API_VERSION_MINOR  1  /**< The minor version number of the PSA ITS API. It will be incremented in small updates that are unlikely to include breaking changes */
-
-/**
- * \brief create a new or modify an existing uid/value pair
- *
- * \param[in] uid           the identifier for the data
- * \param[in] data_length   The size in bytes of the data in `p_data`
- * \param[in] p_data        A buffer containing the data
- * \param[in] create_flags  The flags that the data will be stored with
- *
- * \return      A status indicating the success/failure of the operation
- *
- * \retval      #PSA_SUCCESS                     The operation completed successfully
- * \retval      #PSA_ERROR_NOT_PERMITTED         The operation failed because the provided `uid` value was already created with PSA_STORAGE_WRITE_ONCE_FLAG
- * \retval      #PSA_ERROR_NOT_SUPPORTED         The operation failed because one or more of the flags provided in `create_flags` is not supported or is not valid
- * \retval      #PSA_ERROR_INSUFFICIENT_STORAGE  The operation failed because there was insufficient space on the storage medium
- * \retval      #PSA_ERROR_STORAGE_FAILURE       The operation failed because the physical storage has failed (Fatal error)
- * \retval      #PSA_ERROR_INVALID_ARGUMENT      The operation failed because one of the provided pointers(`p_data`)
- *                                               is invalid, for example is `NULL` or references memory the caller cannot access
- */
-psa_status_t psa_its_set(psa_storage_uid_t uid,
-                         uint32_t data_length,
-                         const void *p_data,
-                         psa_storage_create_flags_t create_flags);
-
-/**
- * \brief Retrieve the value associated with a provided uid
- *
- * \param[in] uid               The uid value
- * \param[in] data_offset       The starting offset of the data requested
- * \param[in] data_length       the amount of data requested (and the minimum allocated size of the `p_data` buffer)
- * \param[out] p_data           The buffer where the data will be placed upon successful completion
- * \param[out] p_data_length    The amount of data returned in the p_data buffer
- *
- *
- * \return      A status indicating the success/failure of the operation
- *
- * \retval      #PSA_SUCCESS                 The operation completed successfully
- * \retval      #PSA_ERROR_DOES_NOT_EXIST    The operation failed because the provided `uid` value was not found in the storage
- * \retval      #PSA_ERROR_STORAGE_FAILURE   The operation failed because the physical storage has failed (Fatal error)
- * \retval      #PSA_ERROR_DATA_CORRUPT      The operation failed because stored data has been corrupted
- * \retval      #PSA_ERROR_INVALID_ARGUMENT  The operation failed because one of the provided pointers(`p_data`, `p_data_length`)
- *                                           is invalid. For example is `NULL` or references memory the caller cannot access.
- *                                           In addition, this can also happen if an invalid offset was provided.
- */
-psa_status_t psa_its_get(psa_storage_uid_t uid,
-                         uint32_t data_offset,
-                         uint32_t data_length,
-                         void *p_data,
-                         size_t *p_data_length );
-
-/**
- * \brief Retrieve the metadata about the provided uid
- *
- * \param[in] uid           The uid value
- * \param[out] p_info       A pointer to the `psa_storage_info_t` struct that will be populated with the metadata
- *
- * \return      A status indicating the success/failure of the operation
- *
- * \retval      #PSA_SUCCESS                 The operation completed successfully
- * \retval      #PSA_ERROR_DOES_NOT_EXIST    The operation failed because the provided uid value was not found in the storage
- * \retval      #PSA_ERROR_DATA_CORRUPT      The operation failed because stored data has been corrupted
- * \retval      #PSA_ERROR_INVALID_ARGUMENT  The operation failed because one of the provided pointers(`p_info`)
- *                                           is invalid, for example is `NULL` or references memory the caller cannot access
- */
-psa_status_t psa_its_get_info(psa_storage_uid_t uid,
-                              struct psa_storage_info_t *p_info);
-
-/**
- * \brief Remove the provided key and its associated data from the storage
- *
- * \param[in] uid   The uid value
- *
- * \return  A status indicating the success/failure of the operation
- *
- * \retval      #PSA_SUCCESS                  The operation completed successfully
- * \retval      #PSA_ERROR_DOES_NOT_EXIST     The operation failed because the provided key value was not found in the storage
- * \retval      #PSA_ERROR_NOT_PERMITTED      The operation failed because the provided key value was created with PSA_STORAGE_WRITE_ONCE_FLAG
- * \retval      #PSA_ERROR_STORAGE_FAILURE    The operation failed because the physical storage has failed (Fatal error)
- */
-psa_status_t psa_its_remove(psa_storage_uid_t uid);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* PSA_CRYPTO_ITS_H */
diff --git a/Sources/mbedtls/library/psa_crypto_mac.c b/Sources/mbedtls/library/psa_crypto_mac.c
deleted file mode 100644
index d771e23..0000000
--- a/Sources/mbedtls/library/psa_crypto_mac.c
+++ /dev/null
@@ -1,500 +0,0 @@
-/*
- *  PSA MAC layer on top of Mbed TLS software crypto
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-#include <psa/crypto.h>
-#include "psa_crypto_core.h"
-#include "psa_crypto_cipher.h"
-#include "psa_crypto_mac.h"
-#include <mbedtls/md.h>
-
-#include <mbedtls/error.h>
-#include <string.h>
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-static psa_status_t psa_hmac_abort_internal(
-    mbedtls_psa_hmac_operation_t *hmac )
-{
-    mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
-    return( psa_hash_abort( &hmac->hash_ctx ) );
-}
-
-static psa_status_t psa_hmac_setup_internal(
-    mbedtls_psa_hmac_operation_t *hmac,
-    const uint8_t *key,
-    size_t key_length,
-    psa_algorithm_t hash_alg )
-{
-    uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
-    size_t i;
-    size_t hash_size = PSA_HASH_LENGTH( hash_alg );
-    size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
-    psa_status_t status;
-
-    hmac->alg = hash_alg;
-
-    /* Sanity checks on block_size, to guarantee that there won't be a buffer
-     * overflow below. This should never trigger if the hash algorithm
-     * is implemented correctly. */
-    /* The size checks against the ipad and opad buffers cannot be written
-     * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
-     * because that triggers -Wlogical-op on GCC 7.3. */
-    if( block_size > sizeof( ipad ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
-    if( block_size > sizeof( hmac->opad ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
-    if( block_size < hash_size )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    if( key_length > block_size )
-    {
-        status = psa_hash_compute( hash_alg, key, key_length,
-                                   ipad, sizeof( ipad ), &key_length );
-        if( status != PSA_SUCCESS )
-            goto cleanup;
-    }
-    /* A 0-length key is not commonly used in HMAC when used as a MAC,
-     * but it is permitted. It is common when HMAC is used in HKDF, for
-     * example. Don't call `memcpy` in the 0-length because `key` could be
-     * an invalid pointer which would make the behavior undefined. */
-    else if( key_length != 0 )
-        memcpy( ipad, key, key_length );
-
-    /* ipad contains the key followed by garbage. Xor and fill with 0x36
-     * to create the ipad value. */
-    for( i = 0; i < key_length; i++ )
-        ipad[i] ^= 0x36;
-    memset( ipad + key_length, 0x36, block_size - key_length );
-
-    /* Copy the key material from ipad to opad, flipping the requisite bits,
-     * and filling the rest of opad with the requisite constant. */
-    for( i = 0; i < key_length; i++ )
-        hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
-    memset( hmac->opad + key_length, 0x5C, block_size - key_length );
-
-    status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
-    if( status != PSA_SUCCESS )
-        goto cleanup;
-
-    status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
-
-cleanup:
-    mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
-
-    return( status );
-}
-
-static psa_status_t psa_hmac_update_internal(
-    mbedtls_psa_hmac_operation_t *hmac,
-    const uint8_t *data,
-    size_t data_length )
-{
-    return( psa_hash_update( &hmac->hash_ctx, data, data_length ) );
-}
-
-static psa_status_t psa_hmac_finish_internal(
-    mbedtls_psa_hmac_operation_t *hmac,
-    uint8_t *mac,
-    size_t mac_size )
-{
-    uint8_t tmp[PSA_HASH_MAX_SIZE];
-    psa_algorithm_t hash_alg = hmac->alg;
-    size_t hash_size = 0;
-    size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
-    psa_status_t status;
-
-    status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
-    if( status != PSA_SUCCESS )
-        return( status );
-    /* From here on, tmp needs to be wiped. */
-
-    status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    memcpy( mac, tmp, mac_size );
-
-exit:
-    mbedtls_platform_zeroize( tmp, hash_size );
-    return( status );
-}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
-                                const psa_key_attributes_t *attributes,
-                                const uint8_t *key_buffer )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-#if defined(PSA_WANT_KEY_TYPE_DES)
-    /* Mbed TLS CMAC does not accept 3DES with only two keys, nor does it accept
-     * to do CMAC with pure DES, so return NOT_SUPPORTED here. */
-    if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_DES &&
-        ( psa_get_key_bits( attributes ) == 64 ||
-          psa_get_key_bits( attributes ) == 128 ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
-#endif
-
-    const mbedtls_cipher_info_t * cipher_info =
-        mbedtls_cipher_info_from_psa(
-            PSA_ALG_CMAC,
-            psa_get_key_type( attributes ),
-            psa_get_key_bits( attributes ),
-            NULL );
-
-    if( cipher_info == NULL )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
-    if( ret != 0 )
-        goto exit;
-
-    ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
-                                      key_buffer,
-                                      psa_get_key_bits( attributes ) );
-exit:
-    return( mbedtls_to_psa_error( ret ) );
-}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-
-/* Initialize this driver's MAC operation structure. Once this function has been
- * called, mbedtls_psa_mac_abort can run and will do the right thing. */
-static psa_status_t mac_init(
-    mbedtls_psa_mac_operation_t *operation,
-    psa_algorithm_t alg )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    operation->alg = alg;
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-    if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
-    {
-        mbedtls_cipher_init( &operation->ctx.cmac );
-        status = PSA_SUCCESS;
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-    if( PSA_ALG_IS_HMAC( operation->alg ) )
-    {
-        /* We'll set up the hash operation later in psa_hmac_setup_internal. */
-        operation->ctx.hmac.alg = 0;
-        status = PSA_SUCCESS;
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-    {
-        (void) operation;
-        status = PSA_ERROR_NOT_SUPPORTED;
-    }
-
-    if( status != PSA_SUCCESS )
-        memset( operation, 0, sizeof( *operation ) );
-    return( status );
-}
-
-psa_status_t mbedtls_psa_mac_abort( mbedtls_psa_mac_operation_t *operation )
-{
-    if( operation->alg == 0 )
-    {
-        /* The object has (apparently) been initialized but it is not
-         * in use. It's ok to call abort on such an object, and there's
-         * nothing to do. */
-        return( PSA_SUCCESS );
-    }
-    else
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-    if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
-    {
-        mbedtls_cipher_free( &operation->ctx.cmac );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-    if( PSA_ALG_IS_HMAC( operation->alg ) )
-    {
-        psa_hmac_abort_internal( &operation->ctx.hmac );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-    {
-        /* Sanity check (shouldn't happen: operation->alg should
-         * always have been initialized to a valid value). */
-        goto bad_state;
-    }
-
-    operation->alg = 0;
-
-    return( PSA_SUCCESS );
-
-bad_state:
-    /* If abort is called on an uninitialized object, we can't trust
-     * anything. Wipe the object in case it contains confidential data.
-     * This may result in a memory leak if a pointer gets overwritten,
-     * but it's too late to do anything about this. */
-    memset( operation, 0, sizeof( *operation ) );
-    return( PSA_ERROR_BAD_STATE );
-}
-
-static psa_status_t psa_mac_setup( mbedtls_psa_mac_operation_t *operation,
-                                   const psa_key_attributes_t *attributes,
-                                   const uint8_t *key_buffer,
-                                   size_t key_buffer_size,
-                                   psa_algorithm_t alg )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    /* A context must be freshly initialized before it can be set up. */
-    if( operation->alg != 0 )
-        return( PSA_ERROR_BAD_STATE );
-
-    status = mac_init( operation, alg );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-    if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
-    {
-        /* Key buffer size for CMAC is dictated by the key bits set on the
-         * attributes, and previously validated by the core on key import. */
-        (void) key_buffer_size;
-        status = cmac_setup( operation, attributes, key_buffer );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-    if( PSA_ALG_IS_HMAC( alg ) )
-    {
-        status = psa_hmac_setup_internal( &operation->ctx.hmac,
-                                          key_buffer,
-                                          key_buffer_size,
-                                          PSA_ALG_HMAC_GET_HASH( alg ) );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-    {
-        (void) attributes;
-        (void) key_buffer;
-        (void) key_buffer_size;
-        status = PSA_ERROR_NOT_SUPPORTED;
-    }
-
-    if( status != PSA_SUCCESS )
-        mbedtls_psa_mac_abort( operation );
-
-    return( status );
-}
-
-psa_status_t mbedtls_psa_mac_sign_setup(
-    mbedtls_psa_mac_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg )
-{
-    return( psa_mac_setup( operation, attributes,
-                           key_buffer, key_buffer_size, alg ) );
-}
-
-psa_status_t mbedtls_psa_mac_verify_setup(
-    mbedtls_psa_mac_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg )
-{
-    return( psa_mac_setup( operation, attributes,
-                           key_buffer, key_buffer_size, alg ) );
-}
-
-psa_status_t mbedtls_psa_mac_update(
-    mbedtls_psa_mac_operation_t *operation,
-    const uint8_t *input,
-    size_t input_length )
-{
-    if( operation->alg == 0 )
-        return( PSA_ERROR_BAD_STATE );
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-    if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
-    {
-        return( mbedtls_to_psa_error(
-                    mbedtls_cipher_cmac_update( &operation->ctx.cmac,
-                                                input, input_length ) ) );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-    if( PSA_ALG_IS_HMAC( operation->alg ) )
-    {
-        return( psa_hmac_update_internal( &operation->ctx.hmac,
-                                          input, input_length ) );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-    {
-        /* This shouldn't happen if `operation` was initialized by
-         * a setup function. */
-        (void) input;
-        (void) input_length;
-        return( PSA_ERROR_BAD_STATE );
-    }
-}
-
-static psa_status_t psa_mac_finish_internal(
-    mbedtls_psa_mac_operation_t *operation,
-    uint8_t *mac, size_t mac_size )
-{
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-    if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
-    {
-        uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
-        int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
-        if( ret == 0 )
-            memcpy( mac, tmp, mac_size );
-        mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
-        return( mbedtls_to_psa_error( ret ) );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-    if( PSA_ALG_IS_HMAC( operation->alg ) )
-    {
-        return( psa_hmac_finish_internal( &operation->ctx.hmac,
-                                          mac, mac_size ) );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-    {
-        /* This shouldn't happen if `operation` was initialized by
-         * a setup function. */
-        (void) operation;
-        (void) mac;
-        (void) mac_size;
-        return( PSA_ERROR_BAD_STATE );
-    }
-}
-
-psa_status_t mbedtls_psa_mac_sign_finish(
-    mbedtls_psa_mac_operation_t *operation,
-    uint8_t *mac,
-    size_t mac_size,
-    size_t *mac_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    if( operation->alg == 0 )
-        return( PSA_ERROR_BAD_STATE );
-
-    status = psa_mac_finish_internal( operation, mac, mac_size );
-    if( status == PSA_SUCCESS )
-        *mac_length = mac_size;
-
-    return( status );
-}
-
-psa_status_t mbedtls_psa_mac_verify_finish(
-    mbedtls_psa_mac_operation_t *operation,
-    const uint8_t *mac,
-    size_t mac_length )
-{
-    uint8_t actual_mac[PSA_MAC_MAX_SIZE];
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    if( operation->alg == 0 )
-        return( PSA_ERROR_BAD_STATE );
-
-    /* Consistency check: requested MAC length fits our local buffer */
-    if( mac_length > sizeof( actual_mac ) )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    status = psa_mac_finish_internal( operation, actual_mac, mac_length );
-    if( status != PSA_SUCCESS )
-        goto cleanup;
-
-    if( mbedtls_psa_safer_memcmp( mac, actual_mac, mac_length ) != 0 )
-        status = PSA_ERROR_INVALID_SIGNATURE;
-
-cleanup:
-    mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
-
-    return( status );
-}
-
-psa_status_t mbedtls_psa_mac_compute(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *mac,
-    size_t mac_size,
-    size_t *mac_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    mbedtls_psa_mac_operation_t operation = MBEDTLS_PSA_MAC_OPERATION_INIT;
-
-    status = psa_mac_setup( &operation,
-                            attributes, key_buffer, key_buffer_size,
-                            alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    if( input_length > 0 )
-    {
-        status = mbedtls_psa_mac_update( &operation, input, input_length );
-        if( status != PSA_SUCCESS )
-            goto exit;
-    }
-
-    status = psa_mac_finish_internal( &operation, mac, mac_size );
-    if( status == PSA_SUCCESS )
-        *mac_length = mac_size;
-
-exit:
-    mbedtls_psa_mac_abort( &operation );
-
-    return( status );
-}
-
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/Sources/mbedtls/library/psa_crypto_mac.h b/Sources/mbedtls/library/psa_crypto_mac.h
deleted file mode 100644
index a821e74..0000000
--- a/Sources/mbedtls/library/psa_crypto_mac.h
+++ /dev/null
@@ -1,276 +0,0 @@
-/*
- *  PSA MAC layer on top of Mbed TLS software crypto
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_MAC_H
-#define PSA_CRYPTO_MAC_H
-
-#include <psa/crypto.h>
-
-/** Calculate the MAC (message authentication code) of a message using Mbed TLS.
- *
- * \note The signature of this function is that of a PSA driver mac_compute
- *       entry point. This function behaves as a mac_compute entry point as
- *       defined in the PSA driver interface specification for transparent
- *       drivers.
- *
- * \param[in] attributes        The attributes of the key to use for the
- *                              operation.
- * \param[in] key_buffer        The buffer containing the key to use for
- *                              computing the MAC. This buffer contains the key
- *                              in export representation as defined by
- *                              psa_export_key() (i.e. the raw key bytes).
- * \param key_buffer_size       Size of the \p key_buffer buffer in bytes.
- * \param alg                   The MAC algorithm to use (\c PSA_ALG_XXX value
- *                              such that #PSA_ALG_IS_MAC(\p alg) is true).
- * \param[in] input             Buffer containing the input message.
- * \param input_length          Size of the \p input buffer in bytes.
- * \param[out] mac              Buffer where the MAC value is to be written.
- * \param mac_size              Size of the \p mac buffer in bytes.
- * \param[out] mac_length       On success, the number of bytes
- *                              that make up the MAC value.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         \p mac_size is too small
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_mac_compute(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg,
-    const uint8_t *input,
-    size_t input_length,
-    uint8_t *mac,
-    size_t mac_size,
-    size_t *mac_length);
-
-/** Set up a multipart MAC calculation operation using Mbed TLS.
- *
- * \note The signature of this function is that of a PSA driver mac_sign_setup
- *       entry point. This function behaves as a mac_sign_setup entry point as
- *       defined in the PSA driver interface specification for transparent
- *       drivers.
- *
- * \param[in,out] operation     The operation object to set up. It must have
- *                              been initialized and not yet in use.
- * \param[in] attributes        The attributes of the key to use for the
- *                              operation.
- * \param[in] key_buffer        The buffer containing the key to use for
- *                              computing the MAC. This buffer contains the key
- *                              in export representation as defined by
- *                              psa_export_key() (i.e. the raw key bytes).
- * \param key_buffer_size       Size of the \p key_buffer buffer in bytes.
- * \param alg                   The MAC algorithm to use (\c PSA_ALG_XXX value
- *                              such that #PSA_ALG_IS_MAC(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- */
-psa_status_t mbedtls_psa_mac_sign_setup(
-    mbedtls_psa_mac_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg);
-
-/** Set up a multipart MAC verification operation using Mbed TLS.
- *
- * \note The signature of this function is that of a PSA driver mac_verify_setup
- *       entry point. This function behaves as a mac_verify_setup entry point as
- *       defined in the PSA driver interface specification for transparent
- *       drivers.
- *
- * \param[in,out] operation     The operation object to set up. It must have
- *                              been initialized and not yet in use.
- * \param[in] attributes        The attributes of the key to use for the
- *                              operation.
- * \param[in] key_buffer        The buffer containing the key to use for
- *                              computing the MAC. This buffer contains the key
- *                              in export representation as defined by
- *                              psa_export_key() (i.e. the raw key bytes).
- * \param key_buffer_size       Size of the \p key_buffer buffer in bytes.
- * \param alg                   The MAC algorithm to use (\c PSA_ALG_XXX value
- *                              such that #PSA_ALG_IS_MAC(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         \p alg is not supported.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be inactive).
- */
-psa_status_t mbedtls_psa_mac_verify_setup(
-    mbedtls_psa_mac_operation_t *operation,
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer,
-    size_t key_buffer_size,
-    psa_algorithm_t alg);
-
-/** Add a message fragment to a multipart MAC operation using Mbed TLS.
- *
- * \note The signature of this function is that of a PSA driver mac_update
- *       entry point. This function behaves as a mac_update entry point as
- *       defined in the PSA driver interface specification for transparent
- *       drivers.
- *
- * The PSA core calls mbedtls_psa_mac_sign_setup() or
- * mbedtls_psa_mac_verify_setup() before calling this function.
- *
- * If this function returns an error status, the PSA core aborts the
- * operation by calling mbedtls_psa_mac_abort().
- *
- * \param[in,out] operation Active MAC operation.
- * \param[in] input         Buffer containing the message fragment to add to
- *                          the MAC calculation.
- * \param input_length      Size of the \p input buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be active).
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_mac_update(
-    mbedtls_psa_mac_operation_t *operation,
-    const uint8_t *input,
-    size_t input_length );
-
-/** Finish the calculation of the MAC of a message using Mbed TLS.
- *
- * \note The signature of this function is that of a PSA driver mac_sign_finish
- *       entry point. This function behaves as a mac_sign_finish entry point as
- *       defined in the PSA driver interface specification for transparent
- *       drivers.
- *
- * The PSA core calls mbedtls_psa_mac_sign_setup() before calling this function.
- * This function calculates the MAC of the message formed by concatenating
- * the inputs passed to preceding calls to mbedtls_psa_mac_update().
- *
- * Whether this function returns successfully or not, the PSA core subsequently
- * aborts the operation by calling mbedtls_psa_mac_abort().
- *
- * \param[in,out] operation Active MAC operation.
- * \param[out] mac          Buffer where the MAC value is to be written.
- * \param mac_size          Output size requested for the MAC algorithm. The PSA
- *                          core guarantees this is a valid MAC length for the
- *                          algorithm and key combination passed to
- *                          mbedtls_psa_mac_sign_setup(). It also guarantees the
- *                          \p mac buffer is large enough to contain the
- *                          requested output size.
- * \param[out] mac_length   On success, the number of bytes output to buffer
- *                          \p mac, which will be equal to the requested length
- *                          \p mac_size.
- *
- * \retval #PSA_SUCCESS
- *         Success.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active mac sign
- *         operation).
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p mac buffer is too small. A sufficient buffer size
- *         can be determined by calling PSA_MAC_LENGTH().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_mac_sign_finish(
-    mbedtls_psa_mac_operation_t *operation,
-    uint8_t *mac,
-    size_t mac_size,
-    size_t *mac_length );
-
-/** Finish the calculation of the MAC of a message and compare it with
- * an expected value using Mbed TLS.
- *
- * \note The signature of this function is that of a PSA driver
- *       mac_verify_finish entry point. This function behaves as a
- *       mac_verify_finish entry point as defined in the PSA driver interface
- *       specification for transparent drivers.
- *
- * The PSA core calls mbedtls_psa_mac_verify_setup() before calling this
- * function. This function calculates the MAC of the message formed by
- * concatenating the inputs passed to preceding calls to
- * mbedtls_psa_mac_update(). It then compares the calculated MAC with the
- * expected MAC passed as a parameter to this function.
- *
- * Whether this function returns successfully or not, the PSA core subsequently
- * aborts the operation by calling mbedtls_psa_mac_abort().
- *
- * \param[in,out] operation Active MAC operation.
- * \param[in] mac           Buffer containing the expected MAC value.
- * \param mac_length        Length in bytes of the expected MAC value. The PSA
- *                          core guarantees that this length is a valid MAC
- *                          length for the algorithm and key combination passed
- *                          to mbedtls_psa_mac_verify_setup().
- *
- * \retval #PSA_SUCCESS
- *         The expected MAC is identical to the actual MAC of the message.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The MAC of the message was calculated successfully, but it
- *         differs from the expected MAC.
- * \retval #PSA_ERROR_BAD_STATE
- *         The operation state is not valid (it must be an active mac verify
- *         operation).
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_mac_verify_finish(
-    mbedtls_psa_mac_operation_t *operation,
-    const uint8_t *mac,
-    size_t mac_length );
-
-/** Abort a MAC operation using Mbed TLS.
- *
- * Aborting an operation frees all associated resources except for the
- * \p operation structure itself. Once aborted, the operation object
- * can be reused for another operation by calling
- * mbedtls_psa_mac_sign_setup() or mbedtls_psa_mac_verify_setup() again.
- *
- * The PSA core may call this function any time after the operation object has
- * been initialized by one of the methods described in
- * #mbedtls_psa_mac_operation_t.
- *
- * In particular, calling mbedtls_psa_mac_abort() after the operation has been
- * terminated by a call to mbedtls_psa_mac_abort(),
- * mbedtls_psa_mac_sign_finish() or mbedtls_psa_mac_verify_finish() is safe and
- * has no effect.
- *
- * \param[in,out] operation Initialized MAC operation.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_mac_abort(
-    mbedtls_psa_mac_operation_t *operation );
-
-#endif /* PSA_CRYPTO_MAC_H */
diff --git a/Sources/mbedtls/library/psa_crypto_random_impl.h b/Sources/mbedtls/library/psa_crypto_random_impl.h
deleted file mode 100644
index 3c4c09a..0000000
--- a/Sources/mbedtls/library/psa_crypto_random_impl.h
+++ /dev/null
@@ -1,205 +0,0 @@
-/** \file psa_crypto_random_impl.h
- *
- * \brief PSA crypto random generator implementation abstraction.
- *
- * The definitions here need to be consistent with the declarations
- * in include/mbedtls/psa_util.h. This file contains some redundant
- * declarations to increase the chance that a compiler will detect
- * inconsistencies if one file is changed without updating the other,
- * but not all potential inconsistencies can be enforced, so make sure
- * to check the public declarations and contracts in
- * include/mbedtls/psa_util.h if you modify this file.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_RANDOM_IMPL_H
-#define PSA_CRYPTO_RANDOM_IMPL_H
-
-#include <mbedtls/psa_util.h>
-
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-
-#include <string.h>
-#include <mbedtls/entropy.h> // only for error codes
-#include <psa/crypto.h>
-
-typedef mbedtls_psa_external_random_context_t mbedtls_psa_random_context_t;
-
-/* Trivial wrapper around psa_generate_random(). */
-int mbedtls_psa_get_random( void *p_rng,
-                            unsigned char *output,
-                            size_t output_size );
-
-/* The PSA RNG API doesn't need any externally maintained state. */
-#define MBEDTLS_PSA_RANDOM_STATE NULL
-
-#else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-
-/* Choose a DRBG based on configuration and availability */
-#if defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
-
-#include "mbedtls/hmac_drbg.h"
-
-#elif defined(MBEDTLS_CTR_DRBG_C)
-
-#include "mbedtls/ctr_drbg.h"
-
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-
-#include "mbedtls/hmac_drbg.h"
-#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA256_C)
-#include <limits.h>
-#if SIZE_MAX > 0xffffffff
-/* Looks like a 64-bit system, so prefer SHA-512. */
-#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA512
-#else
-/* Looks like a 32-bit system, so prefer SHA-256. */
-#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
-#endif
-#elif defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA512
-#elif defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE MBEDTLS_MD_SHA256
-#else
-#error "No hash algorithm available for HMAC_DBRG."
-#endif
-
-#else
-#error "No DRBG module available for the psa_crypto module."
-#endif
-
-#include "mbedtls/entropy.h"
-
-/** Initialize the PSA DRBG.
- *
- * \param p_rng        Pointer to the Mbed TLS DRBG state.
- */
-static inline void mbedtls_psa_drbg_init( mbedtls_psa_drbg_context_t *p_rng )
-{
-#if defined(MBEDTLS_CTR_DRBG_C)
-    mbedtls_ctr_drbg_init( p_rng );
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-    mbedtls_hmac_drbg_init( p_rng );
-#endif
-}
-
-/** Deinitialize the PSA DRBG.
- *
- * \param p_rng        Pointer to the Mbed TLS DRBG state.
- */
-static inline void mbedtls_psa_drbg_free( mbedtls_psa_drbg_context_t *p_rng )
-{
-#if defined(MBEDTLS_CTR_DRBG_C)
-    mbedtls_ctr_drbg_free( p_rng );
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-    mbedtls_hmac_drbg_free( p_rng );
-#endif
-}
-
-/** The type of the PSA random generator context.
- *
- * The random generator context is composed of an entropy context and
- * a DRBG context.
- */
-typedef struct
-{
-    void (* entropy_init )( mbedtls_entropy_context *ctx );
-    void (* entropy_free )( mbedtls_entropy_context *ctx );
-    mbedtls_entropy_context entropy;
-    mbedtls_psa_drbg_context_t drbg;
-} mbedtls_psa_random_context_t;
-
-/* Defined in include/mbedtls/psa_util.h so that it's visible to
- * application code. The declaration here is redundant, but included
- * as a safety net to make it more likely that a future change that
- * accidentally causes the implementation to diverge from the interface
- * will be noticed. */
-/* Do not include the declaration under MSVC because it doesn't accept it
- * ("error C2370: 'mbedtls_psa_get_random' : redefinition; different storage class").
- * Observed with Visual Studio 2013. A known bug apparently:
- * https://stackoverflow.com/questions/8146541/duplicate-external-static-declarations-not-allowed-in-visual-studio
- */
-#if !defined(_MSC_VER)
-static mbedtls_f_rng_t *const mbedtls_psa_get_random;
-#endif
-
-/** The maximum number of bytes that mbedtls_psa_get_random() is expected to
- * return.
- */
-#if defined(MBEDTLS_CTR_DRBG_C)
-#define MBEDTLS_PSA_RANDOM_MAX_REQUEST MBEDTLS_CTR_DRBG_MAX_REQUEST
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-#define MBEDTLS_PSA_RANDOM_MAX_REQUEST MBEDTLS_HMAC_DRBG_MAX_REQUEST
-#endif
-
-/** A pointer to the PSA DRBG state.
- *
- * This variable is only intended to be used through the macro
- * #MBEDTLS_PSA_RANDOM_STATE.
- */
-/* psa_crypto.c sets this variable to a pointer to the DRBG state in the
- * global PSA crypto state. */
-/* The type `mbedtls_psa_drbg_context_t` is defined in
- * include/mbedtls/psa_util.h so that `mbedtls_psa_random_state` can be
- * declared there and be visible to application code. */
-extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
-
-/** A pointer to the PSA DRBG state.
- *
- * This macro expands to an expression that is suitable as the \c p_rng
- * parameter to pass to mbedtls_psa_get_random().
- *
- * This macro exists in all configurations where the psa_crypto module is
- * enabled. Its expansion depends on the configuration.
- */
-#define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
-
-/** Seed the PSA DRBG.
- *
- * \param entropy       An entropy context to read the seed from.
- * \param custom        The personalization string.
- *                      This can be \c NULL, in which case the personalization
- *                      string is empty regardless of the value of \p len.
- * \param len           The length of the personalization string.
- *
- * \return              \c 0 on success.
- * \return              An Mbed TLS error code (\c MBEDTLS_ERR_xxx) on failure.
- */
-static inline int mbedtls_psa_drbg_seed(
-    mbedtls_entropy_context *entropy,
-    const unsigned char *custom, size_t len )
-{
-#if defined(MBEDTLS_CTR_DRBG_C)
-    return( mbedtls_ctr_drbg_seed( MBEDTLS_PSA_RANDOM_STATE,
-                                   mbedtls_entropy_func,
-                                   entropy,
-                                   custom, len ) );
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-    const mbedtls_md_info_t *md_info =
-        mbedtls_md_info_from_type( MBEDTLS_PSA_HMAC_DRBG_MD_TYPE );
-    return( mbedtls_hmac_drbg_seed( MBEDTLS_PSA_RANDOM_STATE,
-                                    md_info,
-                                    mbedtls_entropy_func,
-                                    entropy,
-                                    custom, len ) );
-#endif
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-
-#endif /* PSA_CRYPTO_RANDOM_IMPL_H */
diff --git a/Sources/mbedtls/library/psa_crypto_rsa.c b/Sources/mbedtls/library/psa_crypto_rsa.c
deleted file mode 100644
index d07cdce..0000000
--- a/Sources/mbedtls/library/psa_crypto_rsa.c
+++ /dev/null
@@ -1,526 +0,0 @@
-/*
- *  PSA RSA layer on top of Mbed TLS crypto
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-#include <psa/crypto.h>
-#include "psa_crypto_core.h"
-#include "psa_crypto_random_impl.h"
-#include "psa_crypto_rsa.h"
-#include "psa_crypto_hash.h"
-
-#include <stdlib.h>
-#include <string.h>
-#include "mbedtls/platform.h"
-
-#include <mbedtls/rsa.h>
-#include <mbedtls/error.h>
-#include <mbedtls/pk.h>
-#include <mbedtls/pk_internal.h>
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
-
-/* Mbed TLS doesn't support non-byte-aligned key sizes (i.e. key sizes
- * that are not a multiple of 8) well. For example, there is only
- * mbedtls_rsa_get_len(), which returns a number of bytes, and no
- * way to return the exact bit size of a key.
- * To keep things simple, reject non-byte-aligned key sizes. */
-static psa_status_t psa_check_rsa_key_byte_aligned(
-    const mbedtls_rsa_context *rsa )
-{
-    mbedtls_mpi n;
-    psa_status_t status;
-    mbedtls_mpi_init( &n );
-    status = mbedtls_to_psa_error(
-        mbedtls_rsa_export( rsa, &n, NULL, NULL, NULL, NULL ) );
-    if( status == PSA_SUCCESS )
-    {
-        if( mbedtls_mpi_bitlen( &n ) % 8 != 0 )
-            status = PSA_ERROR_NOT_SUPPORTED;
-    }
-    mbedtls_mpi_free( &n );
-    return( status );
-}
-
-psa_status_t mbedtls_psa_rsa_load_representation(
-    psa_key_type_t type, const uint8_t *data, size_t data_length,
-    mbedtls_rsa_context **p_rsa )
-{
-    psa_status_t status;
-    mbedtls_pk_context ctx;
-    size_t bits;
-    mbedtls_pk_init( &ctx );
-
-    /* Parse the data. */
-    if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
-        status = mbedtls_to_psa_error(
-            mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0 ) );
-    else
-        status = mbedtls_to_psa_error(
-            mbedtls_pk_parse_public_key( &ctx, data, data_length ) );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* We have something that the pkparse module recognizes. If it is a
-     * valid RSA key, store it. */
-    if( mbedtls_pk_get_type( &ctx ) != MBEDTLS_PK_RSA )
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
-    /* The size of an RSA key doesn't have to be a multiple of 8. Mbed TLS
-     * supports non-byte-aligned key sizes, but not well. For example,
-     * mbedtls_rsa_get_len() returns the key size in bytes, not in bits. */
-    bits = PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( mbedtls_pk_rsa( ctx ) ) );
-    if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
-    {
-        status = PSA_ERROR_NOT_SUPPORTED;
-        goto exit;
-    }
-    status = psa_check_rsa_key_byte_aligned( mbedtls_pk_rsa( ctx ) );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* Copy out the pointer to the RSA context, and reset the PK context
-     * such that pk_free doesn't free the RSA context we just grabbed. */
-    *p_rsa = mbedtls_pk_rsa( ctx );
-    ctx.pk_info = NULL;
-
-exit:
-    mbedtls_pk_free( &ctx );
-    return( status );
-}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
-        * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
-        * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
-    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
-
-psa_status_t mbedtls_psa_rsa_import_key(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *data, size_t data_length,
-    uint8_t *key_buffer, size_t key_buffer_size,
-    size_t *key_buffer_length, size_t *bits )
-{
-    psa_status_t status;
-    mbedtls_rsa_context *rsa = NULL;
-
-    /* Parse input */
-    status = mbedtls_psa_rsa_load_representation( attributes->core.type,
-                                                  data,
-                                                  data_length,
-                                                  &rsa );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    *bits = (psa_key_bits_t) PSA_BYTES_TO_BITS( mbedtls_rsa_get_len( rsa ) );
-
-    /* Re-export the data to PSA export format, such that we can store export
-     * representation in the key slot. Export representation in case of RSA is
-     * the smallest representation that's allowed as input, so a straight-up
-     * allocation of the same size as the input buffer will be large enough. */
-    status = mbedtls_psa_rsa_export_key( attributes->core.type,
-                                         rsa,
-                                         key_buffer,
-                                         key_buffer_size,
-                                         key_buffer_length );
-exit:
-    /* Always free the RSA object */
-    mbedtls_rsa_free( rsa );
-    mbedtls_free( rsa );
-
-    return( status );
-}
-
-psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type,
-                                         mbedtls_rsa_context *rsa,
-                                         uint8_t *data,
-                                         size_t data_size,
-                                         size_t *data_length )
-{
-#if defined(MBEDTLS_PK_WRITE_C)
-    int ret;
-    mbedtls_pk_context pk;
-    uint8_t *pos = data + data_size;
-
-    mbedtls_pk_init( &pk );
-    pk.pk_info = &mbedtls_rsa_info;
-    pk.pk_ctx = rsa;
-
-    /* PSA Crypto API defines the format of an RSA key as a DER-encoded
-     * representation of the non-encrypted PKCS#1 RSAPrivateKey for a
-     * private key and of the RFC3279 RSAPublicKey for a public key. */
-    if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
-        ret = mbedtls_pk_write_key_der( &pk, data, data_size );
-    else
-        ret = mbedtls_pk_write_pubkey( &pos, data, &pk );
-
-    if( ret < 0 )
-    {
-        /* Clean up in case pk_write failed halfway through. */
-        memset( data, 0, data_size );
-        return( mbedtls_to_psa_error( ret ) );
-    }
-
-    /* The mbedtls_pk_xxx functions write to the end of the buffer.
-     * Move the data to the beginning and erase remaining data
-     * at the original location. */
-    if( 2 * (size_t) ret <= data_size )
-    {
-        memcpy( data, data + data_size - ret, ret );
-        memset( data + data_size - ret, 0, ret );
-    }
-    else if( (size_t) ret < data_size )
-    {
-        memmove( data, data + data_size - ret, ret );
-        memset( data + ret, 0, data_size - ret );
-    }
-
-    *data_length = ret;
-    return( PSA_SUCCESS );
-#else
-    (void) type;
-    (void) rsa;
-    (void) data;
-    (void) data_size;
-    (void) data_length;
-    return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* MBEDTLS_PK_WRITE_C */
-}
-
-psa_status_t mbedtls_psa_rsa_export_public_key(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    mbedtls_rsa_context *rsa = NULL;
-
-    status = mbedtls_psa_rsa_load_representation(
-                 attributes->core.type, key_buffer, key_buffer_size, &rsa );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    status = mbedtls_psa_rsa_export_key( PSA_KEY_TYPE_RSA_PUBLIC_KEY,
-                                         rsa,
-                                         data,
-                                         data_size,
-                                         data_length );
-
-    mbedtls_rsa_free( rsa );
-    mbedtls_free( rsa );
-
-    return( status );
-}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
-        * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
-    defined(MBEDTLS_GENPRIME)
-static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters,
-                                           size_t domain_parameters_size,
-                                           int *exponent )
-{
-    size_t i;
-    uint32_t acc = 0;
-
-    if( domain_parameters_size == 0 )
-    {
-        *exponent = 65537;
-        return( PSA_SUCCESS );
-    }
-
-    /* Mbed TLS encodes the public exponent as an int. For simplicity, only
-     * support values that fit in a 32-bit integer, which is larger than
-     * int on just about every platform anyway. */
-    if( domain_parameters_size > sizeof( acc ) )
-        return( PSA_ERROR_NOT_SUPPORTED );
-    for( i = 0; i < domain_parameters_size; i++ )
-        acc = ( acc << 8 ) | domain_parameters[i];
-    if( acc > INT_MAX )
-        return( PSA_ERROR_NOT_SUPPORTED );
-    *exponent = acc;
-    return( PSA_SUCCESS );
-}
-
-psa_status_t mbedtls_psa_rsa_generate_key(
-    const psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
-{
-    psa_status_t status;
-    mbedtls_rsa_context rsa;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    int exponent;
-
-    status = psa_rsa_read_exponent( attributes->domain_parameters,
-                                    attributes->domain_parameters_size,
-                                    &exponent );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE );
-    ret = mbedtls_rsa_gen_key( &rsa,
-                               mbedtls_psa_get_random,
-                               MBEDTLS_PSA_RANDOM_STATE,
-                               (unsigned int)attributes->core.bits,
-                               exponent );
-    if( ret != 0 )
-        return( mbedtls_to_psa_error( ret ) );
-
-    status = mbedtls_psa_rsa_export_key( attributes->core.type,
-                                         &rsa, key_buffer, key_buffer_size,
-                                         key_buffer_length );
-    mbedtls_rsa_free( &rsa );
-
-    return( status );
-}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
-        * defined(MBEDTLS_GENPRIME) */
-
-/****************************************************************/
-/* Sign/verify hashes */
-/****************************************************************/
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
-
-/* Decode the hash algorithm from alg and store the mbedtls encoding in
- * md_alg. Verify that the hash length is acceptable. */
-static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
-                                            size_t hash_length,
-                                            mbedtls_md_type_t *md_alg )
-{
-    psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
-    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
-    *md_alg = mbedtls_md_get_type( md_info );
-
-    /* The Mbed TLS RSA module uses an unsigned int for hash length
-     * parameters. Validate that it fits so that we don't risk an
-     * overflow later. */
-#if SIZE_MAX > UINT_MAX
-    if( hash_length > UINT_MAX )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-#endif
-
-    /* For signatures using a hash, the hash length must be correct. */
-    if( alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
-    {
-        if( md_info == NULL )
-            return( PSA_ERROR_NOT_SUPPORTED );
-        if( mbedtls_md_get_size( md_info ) != hash_length )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-
-    return( PSA_SUCCESS );
-}
-
-psa_status_t mbedtls_psa_rsa_sign_hash(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    mbedtls_rsa_context *rsa = NULL;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_md_type_t md_alg;
-
-    status = mbedtls_psa_rsa_load_representation( attributes->core.type,
-                                                  key_buffer,
-                                                  key_buffer_size,
-                                                  &rsa );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    if( signature_size < mbedtls_rsa_get_len( rsa ) )
-    {
-        status = PSA_ERROR_BUFFER_TOO_SMALL;
-        goto exit;
-    }
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
-    if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
-    {
-        mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
-                                 MBEDTLS_MD_NONE );
-        ret = mbedtls_rsa_pkcs1_sign( rsa,
-                                      mbedtls_psa_get_random,
-                                      MBEDTLS_PSA_RANDOM_STATE,
-                                      MBEDTLS_RSA_PRIVATE,
-                                      md_alg,
-                                      (unsigned int) hash_length,
-                                      hash,
-                                      signature );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
-    if( PSA_ALG_IS_RSA_PSS( alg ) )
-    {
-        mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
-        ret = mbedtls_rsa_rsassa_pss_sign( rsa,
-                                           mbedtls_psa_get_random,
-                                           MBEDTLS_PSA_RANDOM_STATE,
-                                           MBEDTLS_RSA_PRIVATE,
-                                           MBEDTLS_MD_NONE,
-                                           (unsigned int) hash_length,
-                                           hash,
-                                           signature );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
-    if( ret == 0 )
-        *signature_length = mbedtls_rsa_get_len( rsa );
-    status = mbedtls_to_psa_error( ret );
-
-exit:
-    mbedtls_rsa_free( rsa );
-    mbedtls_free( rsa );
-
-    return( status );
-}
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
-static int rsa_pss_expected_salt_len( psa_algorithm_t alg,
-                                      const mbedtls_rsa_context *rsa,
-                                      size_t hash_length )
-{
-    if( PSA_ALG_IS_RSA_PSS_ANY_SALT( alg ) )
-        return( MBEDTLS_RSA_SALT_LEN_ANY );
-    /* Otherwise: standard salt length, i.e. largest possible salt length
-     * up to the hash length. */
-    int klen = (int) mbedtls_rsa_get_len( rsa ); // known to fit
-    int hlen = (int) hash_length; // known to fit
-    int room = klen - 2 - hlen;
-    if( room < 0 )
-        return( 0 ); // there is no valid signature in this case anyway
-    else if( room > hlen )
-        return( hlen );
-    else
-        return( room );
-}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
-
-psa_status_t mbedtls_psa_rsa_verify_hash(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    mbedtls_rsa_context *rsa = NULL;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_md_type_t md_alg;
-
-    status = mbedtls_psa_rsa_load_representation( attributes->core.type,
-                                                  key_buffer,
-                                                  key_buffer_size,
-                                                  &rsa );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    if( signature_length != mbedtls_rsa_get_len( rsa ) )
-    {
-        status = PSA_ERROR_INVALID_SIGNATURE;
-        goto exit;
-    }
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
-    if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
-    {
-        mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
-                                 MBEDTLS_MD_NONE );
-        ret = mbedtls_rsa_pkcs1_verify( rsa,
-                                        mbedtls_psa_get_random,
-                                        MBEDTLS_PSA_RANDOM_STATE,
-                                        MBEDTLS_RSA_PUBLIC,
-                                        md_alg,
-                                        (unsigned int) hash_length,
-                                        hash,
-                                        signature );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
-    if( PSA_ALG_IS_RSA_PSS( alg ) )
-    {
-        int slen = rsa_pss_expected_salt_len( alg, rsa, hash_length );
-        mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
-        ret = mbedtls_rsa_rsassa_pss_verify_ext( rsa,
-                                                 mbedtls_psa_get_random,
-                                                 MBEDTLS_PSA_RANDOM_STATE,
-                                                 MBEDTLS_RSA_PUBLIC,
-                                                 md_alg,
-                                                 (unsigned int) hash_length,
-                                                 hash,
-                                                 md_alg,
-                                                 slen,
-                                                 signature );
-    }
-    else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
-    {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
-    /* Mbed TLS distinguishes "invalid padding" from "valid padding but
-     * the rest of the signature is invalid". This has little use in
-     * practice and PSA doesn't report this distinction. */
-    status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ?
-             PSA_ERROR_INVALID_SIGNATURE :
-             mbedtls_to_psa_error( ret );
-
-exit:
-    mbedtls_rsa_free( rsa );
-    mbedtls_free( rsa );
-
-    return( status );
-}
-
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
-        * defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/Sources/mbedtls/library/psa_crypto_rsa.h b/Sources/mbedtls/library/psa_crypto_rsa.h
deleted file mode 100644
index b76613e..0000000
--- a/Sources/mbedtls/library/psa_crypto_rsa.h
+++ /dev/null
@@ -1,215 +0,0 @@
-/*
- *  PSA RSA layer on top of Mbed TLS crypto
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_RSA_H
-#define PSA_CRYPTO_RSA_H
-
-#include <psa/crypto.h>
-#include <mbedtls/rsa.h>
-
-/** Load the contents of a key buffer into an internal RSA representation
- *
- * \param[in] type          The type of key contained in \p data.
- * \param[in] data          The buffer from which to load the representation.
- * \param[in] data_length   The size in bytes of \p data.
- * \param[out] p_rsa        Returns a pointer to an RSA context on success.
- *                          The caller is responsible for freeing both the
- *                          contents of the context and the context itself
- *                          when done.
- */
-psa_status_t mbedtls_psa_rsa_load_representation( psa_key_type_t type,
-                                                  const uint8_t *data,
-                                                  size_t data_length,
-                                                  mbedtls_rsa_context **p_rsa );
-
-/** Import an RSA key in binary format.
- *
- * \note The signature of this function is that of a PSA driver
- *       import_key entry point. This function behaves as an import_key
- *       entry point as defined in the PSA driver interface specification for
- *       transparent drivers.
- *
- * \param[in]  attributes       The attributes for the key to import.
- * \param[in]  data             The buffer containing the key data in import
- *                              format.
- * \param[in]  data_length      Size of the \p data buffer in bytes.
- * \param[out] key_buffer       The buffer containing the key data in output
- *                              format.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes. This
- *                              size is greater or equal to \p data_length.
- * \param[out] key_buffer_length  The length of the data written in \p
- *                                key_buffer in bytes.
- * \param[out] bits             The key size in number of bits.
- *
- * \retval #PSA_SUCCESS  The RSA key was imported successfully.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- *         The key data is not correctly formatted.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- */
-psa_status_t mbedtls_psa_rsa_import_key(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *data, size_t data_length,
-    uint8_t *key_buffer, size_t key_buffer_size,
-    size_t *key_buffer_length, size_t *bits );
-
-/** Export an RSA key to export representation
- *
- * \param[in] type          The type of key (public/private) to export
- * \param[in] rsa           The internal RSA representation from which to export
- * \param[out] data         The buffer to export to
- * \param[in] data_size     The length of the buffer to export to
- * \param[out] data_length  The amount of bytes written to \p data
- */
-psa_status_t mbedtls_psa_rsa_export_key( psa_key_type_t type,
-                                         mbedtls_rsa_context *rsa,
-                                         uint8_t *data,
-                                         size_t data_size,
-                                         size_t *data_length );
-
-/** Export a public RSA key or the public part of an RSA key pair in binary
- *  format.
- *
- * \note The signature of this function is that of a PSA driver
- *       export_public_key entry point. This function behaves as an
- *       export_public_key entry point as defined in the PSA driver interface
- *       specification.
- *
- * \param[in]  attributes       The attributes for the key to export.
- * \param[in]  key_buffer       Material or context of the key to export.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes.
- * \param[out] data             Buffer where the key data is to be written.
- * \param[in]  data_size        Size of the \p data buffer in bytes.
- * \param[out] data_length      On success, the number of bytes written in
- *                              \p data.
- *
- * \retval #PSA_SUCCESS  The RSA public key was exported successfully.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * \retval #PSA_ERROR_HARDWARE_FAILURE
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t mbedtls_psa_rsa_export_public_key(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    uint8_t *data, size_t data_size, size_t *data_length );
-
-/**
- * \brief Generate an RSA key.
- *
- * \note The signature of the function is that of a PSA driver generate_key
- *       entry point.
- *
- * \param[in]  attributes         The attributes for the RSA key to generate.
- * \param[out] key_buffer         Buffer where the key data is to be written.
- * \param[in]  key_buffer_size    Size of \p key_buffer in bytes.
- * \param[out] key_buffer_length  On success, the number of bytes written in
- *                                \p key_buffer.
- *
- * \retval #PSA_SUCCESS
- *         The key was successfully generated.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- *         Key length or type not supported.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of \p key_buffer is too small.
- */
-psa_status_t mbedtls_psa_rsa_generate_key(
-    const psa_key_attributes_t *attributes,
-    uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
-
-/** Sign an already-calculated hash with an RSA private key.
- *
- * \note The signature of this function is that of a PSA driver
- *       sign_hash entry point. This function behaves as a sign_hash
- *       entry point as defined in the PSA driver interface specification for
- *       transparent drivers.
- *
- * \param[in]  attributes       The attributes of the RSA key to use for the
- *                              operation.
- * \param[in]  key_buffer       The buffer containing the RSA key context.
- *                              format.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes.
- * \param[in]  alg              A signature algorithm that is compatible with
- *                              an RSA key.
- * \param[in]  hash             The hash or message to sign.
- * \param[in]  hash_length      Size of the \p hash buffer in bytes.
- * \param[out] signature        Buffer where the signature is to be written.
- * \param[in]  signature_size   Size of the \p signature buffer in bytes.
- * \param[out] signature_length On success, the number of bytes
- *                              that make up the returned signature value.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- *         The size of the \p signature buffer is too small. You can
- *         determine a sufficient buffer size by calling
- *         #PSA_SIGN_OUTPUT_SIZE(\c PSA_KEY_TYPE_RSA_KEY_PAIR, \c key_bits,
- *         \p alg) where \c key_bits is the bit-size of the RSA key.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
- */
-psa_status_t mbedtls_psa_rsa_sign_hash(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    uint8_t *signature, size_t signature_size, size_t *signature_length );
-
-/**
- * \brief Verify the signature a hash or short message using a public RSA key.
- *
- * \note The signature of this function is that of a PSA driver
- *       verify_hash entry point. This function behaves as a verify_hash
- *       entry point as defined in the PSA driver interface specification for
- *       transparent drivers.
- *
- * \param[in]  attributes       The attributes of the RSA key to use for the
- *                              operation.
- * \param[in]  key_buffer       The buffer containing the RSA key context.
- *                              format.
- * \param[in]  key_buffer_size  Size of the \p key_buffer buffer in bytes.
- * \param[in]  alg              A signature algorithm that is compatible with
- *                              an RSA key.
- * \param[in]  hash             The hash or message whose signature is to be
- *                              verified.
- * \param[in]  hash_length      Size of the \p hash buffer in bytes.
- * \param[in]  signature        Buffer containing the signature to verify.
- * \param[in]  signature_length Size of the \p signature buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- *         The signature is valid.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- *         The calculation was performed successfully, but the passed
- *         signature is not a valid signature.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- */
-psa_status_t mbedtls_psa_rsa_verify_hash(
-    const psa_key_attributes_t *attributes,
-    const uint8_t *key_buffer, size_t key_buffer_size,
-    psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
-    const uint8_t *signature, size_t signature_length );
-
-#endif /* PSA_CRYPTO_RSA_H */
diff --git a/Sources/mbedtls/library/psa_crypto_se.c b/Sources/mbedtls/library/psa_crypto_se.c
deleted file mode 100644
index 87d2634..0000000
--- a/Sources/mbedtls/library/psa_crypto_se.c
+++ /dev/null
@@ -1,379 +0,0 @@
-/*
- *  PSA crypto support for secure element drivers
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-
-#include <assert.h>
-#include <stdint.h>
-#include <string.h>
-
-#include "psa/crypto_se_driver.h"
-
-#include "psa_crypto_se.h"
-
-#if defined(MBEDTLS_PSA_ITS_FILE_C)
-#include "psa_crypto_its.h"
-#else /* Native ITS implementation */
-#include "psa/error.h"
-#include "psa/internal_trusted_storage.h"
-#endif
-
-#include "mbedtls/platform.h"
-
-
-
-/****************************************************************/
-/* Driver lookup */
-/****************************************************************/
-
-/* This structure is identical to psa_drv_se_context_t declared in
- * `crypto_se_driver.h`, except that some parts are writable here
- * (non-const, or pointer to non-const). */
-typedef struct
-{
-    void *persistent_data;
-    size_t persistent_data_size;
-    uintptr_t transient_data;
-} psa_drv_se_internal_context_t;
-
-struct psa_se_drv_table_entry_s
-{
-    psa_key_location_t location;
-    const psa_drv_se_t *methods;
-    union
-    {
-        psa_drv_se_internal_context_t internal;
-        psa_drv_se_context_t context;
-    } u;
-};
-
-static psa_se_drv_table_entry_t driver_table[PSA_MAX_SE_DRIVERS];
-
-psa_se_drv_table_entry_t *psa_get_se_driver_entry(
-    psa_key_lifetime_t lifetime )
-{
-    size_t i;
-    psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime );
-    /* In the driver table, location=0 means an entry that isn't used.
-     * No driver has a location of 0 because it's a reserved value
-     * (which designates transparent keys). Make sure we never return
-     * a driver entry for location 0. */
-    if( location == 0 )
-        return( NULL );
-    for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
-    {
-        if( driver_table[i].location == location )
-            return( &driver_table[i] );
-    }
-    return( NULL );
-}
-
-const psa_drv_se_t *psa_get_se_driver_methods(
-    const psa_se_drv_table_entry_t *driver )
-{
-    return( driver->methods );
-}
-
-psa_drv_se_context_t *psa_get_se_driver_context(
-    psa_se_drv_table_entry_t *driver )
-{
-    return( &driver->u.context );
-}
-
-int psa_get_se_driver( psa_key_lifetime_t lifetime,
-                       const psa_drv_se_t **p_methods,
-                       psa_drv_se_context_t **p_drv_context)
-{
-    psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime );
-    if( p_methods != NULL )
-        *p_methods = ( driver ? driver->methods : NULL );
-    if( p_drv_context != NULL )
-        *p_drv_context = ( driver ? &driver->u.context : NULL );
-    return( driver != NULL );
-}
-
-
-
-/****************************************************************/
-/* Persistent data management */
-/****************************************************************/
-
-static psa_status_t psa_get_se_driver_its_file_uid(
-    const psa_se_drv_table_entry_t *driver,
-    psa_storage_uid_t *uid )
-{
-    if( driver->location > PSA_MAX_SE_LOCATION )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-#if SIZE_MAX > UINT32_MAX
-    /* ITS file sizes are limited to 32 bits. */
-    if( driver->u.internal.persistent_data_size > UINT32_MAX )
-        return( PSA_ERROR_NOT_SUPPORTED );
-#endif
-
-    /* See the documentation of PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE. */
-    *uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + driver->location;
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_load_se_persistent_data(
-    const psa_se_drv_table_entry_t *driver )
-{
-    psa_status_t status;
-    psa_storage_uid_t uid;
-    size_t length;
-
-    status = psa_get_se_driver_its_file_uid( driver, &uid );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    /* Read the amount of persistent data that the driver requests.
-     * If the data in storage is larger, it is truncated. If the data
-     * in storage is smaller, silently keep what is already at the end
-     * of the output buffer. */
-    /* psa_get_se_driver_its_file_uid ensures that the size_t
-     * persistent_data_size is in range, but compilers don't know that,
-     * so cast to reassure them. */
-    return( psa_its_get( uid, 0,
-                         (uint32_t) driver->u.internal.persistent_data_size,
-                         driver->u.internal.persistent_data,
-                         &length ) );
-}
-
-psa_status_t psa_save_se_persistent_data(
-    const psa_se_drv_table_entry_t *driver )
-{
-    psa_status_t status;
-    psa_storage_uid_t uid;
-
-    status = psa_get_se_driver_its_file_uid( driver, &uid );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    /* psa_get_se_driver_its_file_uid ensures that the size_t
-     * persistent_data_size is in range, but compilers don't know that,
-     * so cast to reassure them. */
-    return( psa_its_set( uid,
-                         (uint32_t) driver->u.internal.persistent_data_size,
-                         driver->u.internal.persistent_data,
-                         0 ) );
-}
-
-psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location )
-{
-    psa_storage_uid_t uid;
-    if( location > PSA_MAX_SE_LOCATION )
-        return( PSA_ERROR_NOT_SUPPORTED );
-    uid = PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE + location;
-    return( psa_its_remove( uid ) );
-}
-
-psa_status_t psa_find_se_slot_for_key(
-    const psa_key_attributes_t *attributes,
-    psa_key_creation_method_t method,
-    psa_se_drv_table_entry_t *driver,
-    psa_key_slot_number_t *slot_number )
-{
-    psa_status_t status;
-    psa_key_location_t key_location =
-        PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( attributes ) );
-
-    /* If the location is wrong, it's a bug in the library. */
-    if( driver->location != key_location )
-        return( PSA_ERROR_CORRUPTION_DETECTED );
-
-    /* If the driver doesn't support key creation in any way, give up now. */
-    if( driver->methods->key_management == NULL )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    if( psa_get_key_slot_number( attributes, slot_number ) == PSA_SUCCESS )
-    {
-        /* The application wants to use a specific slot. Allow it if
-         * the driver supports it. On a system with isolation,
-         * the crypto service must check that the application is
-         * permitted to request this slot. */
-        psa_drv_se_validate_slot_number_t p_validate_slot_number =
-            driver->methods->key_management->p_validate_slot_number;
-        if( p_validate_slot_number == NULL )
-            return( PSA_ERROR_NOT_SUPPORTED );
-        status = p_validate_slot_number( &driver->u.context,
-                                         driver->u.internal.persistent_data,
-                                         attributes, method,
-                                         *slot_number );
-    }
-    else if( method == PSA_KEY_CREATION_REGISTER )
-    {
-        /* The application didn't specify a slot number. This doesn't
-         * make sense when registering a slot. */
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    }
-    else
-    {
-        /* The application didn't tell us which slot to use. Let the driver
-         * choose. This is the normal case. */
-        psa_drv_se_allocate_key_t p_allocate =
-            driver->methods->key_management->p_allocate;
-        if( p_allocate == NULL )
-            return( PSA_ERROR_NOT_SUPPORTED );
-        status = p_allocate( &driver->u.context,
-                             driver->u.internal.persistent_data,
-                             attributes, method,
-                             slot_number );
-    }
-    return( status );
-}
-
-psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
-                                 psa_key_slot_number_t slot_number )
-{
-    psa_status_t status;
-    psa_status_t storage_status;
-    /* Normally a missing method would mean that the action is not
-     * supported. But psa_destroy_key() is not supposed to return
-     * PSA_ERROR_NOT_SUPPORTED: if you can create a key, you should
-     * be able to destroy it. The only use case for a driver that
-     * does not have a way to destroy keys at all is if the keys are
-     * locked in a read-only state: we can use the keys but not
-     * destroy them. Hence, if the driver doesn't support destroying
-     * keys, it's really a lack of permission. */
-    if( driver->methods->key_management == NULL ||
-        driver->methods->key_management->p_destroy == NULL )
-        return( PSA_ERROR_NOT_PERMITTED );
-    status = driver->methods->key_management->p_destroy(
-        &driver->u.context,
-        driver->u.internal.persistent_data,
-        slot_number );
-    storage_status = psa_save_se_persistent_data( driver );
-    return( status == PSA_SUCCESS ? storage_status : status );
-}
-
-psa_status_t psa_init_all_se_drivers( void )
-{
-    size_t i;
-    for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
-    {
-        psa_se_drv_table_entry_t *driver = &driver_table[i];
-        if( driver->location == 0 )
-            continue; /* skipping unused entry */
-        const psa_drv_se_t *methods = psa_get_se_driver_methods( driver );
-        if( methods->p_init != NULL )
-        {
-            psa_status_t status = methods->p_init(
-                &driver->u.context,
-                driver->u.internal.persistent_data,
-                driver->location );
-            if( status != PSA_SUCCESS )
-                return( status );
-            status = psa_save_se_persistent_data( driver );
-            if( status != PSA_SUCCESS )
-                return( status );
-        }
-    }
-    return( PSA_SUCCESS );
-}
-
-
-
-/****************************************************************/
-/* Driver registration */
-/****************************************************************/
-
-psa_status_t psa_register_se_driver(
-    psa_key_location_t location,
-    const psa_drv_se_t *methods)
-{
-    size_t i;
-    psa_status_t status;
-
-    if( methods->hal_version != PSA_DRV_SE_HAL_VERSION )
-        return( PSA_ERROR_NOT_SUPPORTED );
-    /* Driver table entries are 0-initialized. 0 is not a valid driver
-     * location because it means a transparent key. */
-#if defined(static_assert)
-    static_assert( PSA_KEY_LOCATION_LOCAL_STORAGE == 0,
-                   "Secure element support requires 0 to mean a local key" );
-#endif
-    if( location == PSA_KEY_LOCATION_LOCAL_STORAGE )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-    if( location > PSA_MAX_SE_LOCATION )
-        return( PSA_ERROR_NOT_SUPPORTED );
-
-    for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
-    {
-        if( driver_table[i].location == 0 )
-            break;
-        /* Check that location isn't already in use up to the first free
-         * entry. Since entries are created in order and never deleted,
-         * there can't be a used entry after the first free entry. */
-        if( driver_table[i].location == location )
-            return( PSA_ERROR_ALREADY_EXISTS );
-    }
-    if( i == PSA_MAX_SE_DRIVERS )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-    driver_table[i].location = location;
-    driver_table[i].methods = methods;
-    driver_table[i].u.internal.persistent_data_size =
-        methods->persistent_data_size;
-
-    if( methods->persistent_data_size != 0 )
-    {
-        driver_table[i].u.internal.persistent_data =
-            mbedtls_calloc( 1, methods->persistent_data_size );
-        if( driver_table[i].u.internal.persistent_data == NULL )
-        {
-            status = PSA_ERROR_INSUFFICIENT_MEMORY;
-            goto error;
-        }
-        /* Load the driver's persistent data. On first use, the persistent
-         * data does not exist in storage, and is initialized to
-         * all-bits-zero by the calloc call just above. */
-        status = psa_load_se_persistent_data( &driver_table[i] );
-        if( status != PSA_SUCCESS && status != PSA_ERROR_DOES_NOT_EXIST )
-            goto error;
-    }
-
-    return( PSA_SUCCESS );
-
-error:
-    memset( &driver_table[i], 0, sizeof( driver_table[i] ) );
-    return( status );
-}
-
-void psa_unregister_all_se_drivers( void )
-{
-    size_t i;
-    for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
-    {
-        if( driver_table[i].u.internal.persistent_data != NULL )
-            mbedtls_free( driver_table[i].u.internal.persistent_data );
-    }
-    memset( driver_table, 0, sizeof( driver_table ) );
-}
-
-
-
-/****************************************************************/
-/* The end */
-/****************************************************************/
-
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
diff --git a/Sources/mbedtls/library/psa_crypto_se.h b/Sources/mbedtls/library/psa_crypto_se.h
deleted file mode 100644
index 6d965ee..0000000
--- a/Sources/mbedtls/library/psa_crypto_se.h
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- *  PSA crypto support for secure element drivers
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_SE_H
-#define PSA_CRYPTO_SE_H
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "psa/crypto.h"
-#include "psa/crypto_se_driver.h"
-
-/** The maximum location value that this implementation supports
- * for a secure element.
- *
- * This is not a characteristic that each PSA implementation has, but a
- * limitation of the current implementation due to the constraints imposed
- * by storage. See #PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE.
- *
- * The minimum location value for a secure element is 1, like on any
- * PSA implementation (0 means a transparent key).
- */
-#define PSA_MAX_SE_LOCATION 255
-
-/** The base of the range of ITS file identifiers for secure element
- * driver persistent data.
- *
- * We use a slice of the implementation reserved range 0xffff0000..0xffffffff,
- * specifically the range 0xfffffe00..0xfffffeff. The length of this range
- * drives the value of #PSA_MAX_SE_LOCATION. The identifier 0xfffffe00 is
- * actually not used since it corresponds to #PSA_KEY_LOCATION_LOCAL_STORAGE
- * which doesn't have a driver.
- */
-#define PSA_CRYPTO_SE_DRIVER_ITS_UID_BASE ( (psa_key_id_t) 0xfffffe00 )
-
-/** The maximum number of registered secure element driver locations. */
-#define PSA_MAX_SE_DRIVERS 4
-
-/** Unregister all secure element drivers.
- *
- * \warning Do not call this function while the library is in the initialized
- *          state. This function is only intended to be called at the end
- *          of mbedtls_psa_crypto_free().
- */
-void psa_unregister_all_se_drivers( void );
-
-/** Initialize all secure element drivers.
- *
- * Called from psa_crypto_init().
- */
-psa_status_t psa_init_all_se_drivers( void );
-
-/** A structure that describes a registered secure element driver.
- *
- * A secure element driver table entry contains a pointer to the
- * driver's method table as well as the driver context structure.
- */
-typedef struct psa_se_drv_table_entry_s psa_se_drv_table_entry_t;
-
-/** Return the secure element driver information for a lifetime value.
- *
- * \param lifetime              The lifetime value to query.
- * \param[out] p_methods        On output, if there is a driver,
- *                              \c *methods points to its method table.
- *                              Otherwise \c *methods is \c NULL.
- * \param[out] p_drv_context    On output, if there is a driver,
- *                              \c *drv_context points to its context
- *                              structure.
- *                              Otherwise \c *drv_context is \c NULL.
- *
- * \retval 1
- *         \p lifetime corresponds to a registered driver.
- * \retval 0
- *         \p lifetime does not correspond to a registered driver.
- */
-int psa_get_se_driver( psa_key_lifetime_t lifetime,
-                       const psa_drv_se_t **p_methods,
-                       psa_drv_se_context_t **p_drv_context);
-
-/** Return the secure element driver table entry for a lifetime value.
- *
- * \param lifetime      The lifetime value to query.
- *
- * \return The driver table entry for \p lifetime, or
- *         \p NULL if \p lifetime does not correspond to a registered driver.
- */
-psa_se_drv_table_entry_t *psa_get_se_driver_entry(
-    psa_key_lifetime_t lifetime );
-
-/** Return the method table for a secure element driver.
- *
- * \param[in] driver    The driver table entry to access, or \c NULL.
- *
- * \return The driver's method table.
- *         \c NULL if \p driver is \c NULL.
- */
-const psa_drv_se_t *psa_get_se_driver_methods(
-    const psa_se_drv_table_entry_t *driver );
-
-/** Return the context of a secure element driver.
- *
- * \param[in] driver    The driver table entry to access, or \c NULL.
- *
- * \return A pointer to the driver context.
- *         \c NULL if \p driver is \c NULL.
- */
-psa_drv_se_context_t *psa_get_se_driver_context(
-    psa_se_drv_table_entry_t *driver );
-
-/** Find a free slot for a key that is to be created.
- *
- * This function calls the relevant method in the driver to find a suitable
- * slot for a key with the given attributes.
- *
- * \param[in] attributes    Metadata about the key that is about to be created.
- * \param[in] driver        The driver table entry to query.
- * \param[out] slot_number  On success, a slot number that is free in this
- *                          secure element.
- */
-psa_status_t psa_find_se_slot_for_key(
-    const psa_key_attributes_t *attributes,
-    psa_key_creation_method_t method,
-    psa_se_drv_table_entry_t *driver,
-    psa_key_slot_number_t *slot_number );
-
-/** Destroy a key in a secure element.
- *
- * This function calls the relevant driver method to destroy a key
- * and updates the driver's persistent data.
- */
-psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
-                                 psa_key_slot_number_t slot_number );
-
-/** Load the persistent data of a secure element driver.
- *
- * \param driver        The driver table entry containing the persistent
- *                      data to load from storage.
- *
- * \return #PSA_SUCCESS
- * \return #PSA_ERROR_NOT_SUPPORTED
- * \return #PSA_ERROR_DOES_NOT_EXIST
- * \return #PSA_ERROR_STORAGE_FAILURE
- * \return #PSA_ERROR_DATA_CORRUPT
- * \return #PSA_ERROR_INVALID_ARGUMENT
- */
-psa_status_t psa_load_se_persistent_data(
-    const psa_se_drv_table_entry_t *driver );
-
-/** Save the persistent data of a secure element driver.
- *
- * \param[in] driver    The driver table entry containing the persistent
- *                      data to save to storage.
- *
- * \return #PSA_SUCCESS
- * \return #PSA_ERROR_NOT_SUPPORTED
- * \return #PSA_ERROR_NOT_PERMITTED
- * \return #PSA_ERROR_NOT_SUPPORTED
- * \return #PSA_ERROR_INSUFFICIENT_STORAGE
- * \return #PSA_ERROR_STORAGE_FAILURE
- * \return #PSA_ERROR_INVALID_ARGUMENT
- */
-psa_status_t psa_save_se_persistent_data(
-    const psa_se_drv_table_entry_t *driver );
-
-/** Destroy the persistent data of a secure element driver.
- *
- * This is currently only used for testing.
- *
- * \param[in] location  The location identifier for the driver whose
- *                      persistent data is to be erased.
- */
-psa_status_t psa_destroy_se_persistent_data( psa_key_location_t location );
-
-
-/** The storage representation of a key whose data is in a secure element.
- */
-typedef struct
-{
-    uint8_t slot_number[sizeof( psa_key_slot_number_t )];
-} psa_se_key_data_storage_t;
-
-#endif /* PSA_CRYPTO_SE_H */
diff --git a/Sources/mbedtls/library/psa_crypto_slot_management.c b/Sources/mbedtls/library/psa_crypto_slot_management.c
deleted file mode 100644
index 3fba736..0000000
--- a/Sources/mbedtls/library/psa_crypto_slot_management.c
+++ /dev/null
@@ -1,581 +0,0 @@
-/*
- *  PSA crypto layer on top of Mbed TLS crypto
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-#include "psa/crypto.h"
-
-#include "psa_crypto_core.h"
-#include "psa_crypto_driver_wrappers.h"
-#include "psa_crypto_slot_management.h"
-#include "psa_crypto_storage.h"
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#include "psa_crypto_se.h"
-#endif
-
-#include <stdlib.h>
-#include <string.h>
-#include "mbedtls/platform.h"
-
-#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
-
-typedef struct
-{
-    psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
-    unsigned key_slots_initialized : 1;
-} psa_global_data_t;
-
-static psa_global_data_t global_data;
-
-int psa_is_valid_key_id( mbedtls_svc_key_id_t key, int vendor_ok )
-{
-    psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
-
-    if( ( PSA_KEY_ID_USER_MIN <= key_id ) &&
-        ( key_id <= PSA_KEY_ID_USER_MAX ) )
-        return( 1 );
-
-    if( vendor_ok &&
-        ( PSA_KEY_ID_VENDOR_MIN <= key_id ) &&
-        ( key_id <= PSA_KEY_ID_VENDOR_MAX ) )
-        return( 1 );
-
-    return( 0 );
-}
-
-/** Get the description in memory of a key given its identifier and lock it.
- *
- * The descriptions of volatile keys and loaded persistent keys are
- * stored in key slots. This function returns a pointer to the key slot
- * containing the description of a key given its identifier.
- *
- * The function searches the key slots containing the description of the key
- * with \p key identifier. The function does only read accesses to the key
- * slots. The function does not load any persistent key thus does not access
- * any storage.
- *
- * For volatile key identifiers, only one key slot is queried as a volatile
- * key with identifier key_id can only be stored in slot of index
- * ( key_id - #PSA_KEY_ID_VOLATILE_MIN ).
- *
- * On success, the function locks the key slot. It is the responsibility of
- * the caller to unlock the key slot when it does not access it anymore.
- *
- * \param key           Key identifier to query.
- * \param[out] p_slot   On success, `*p_slot` contains a pointer to the
- *                      key slot containing the description of the key
- *                      identified by \p key.
- *
- * \retval #PSA_SUCCESS
- *         The pointer to the key slot containing the description of the key
- *         identified by \p key was returned.
- * \retval #PSA_ERROR_INVALID_HANDLE
- *         \p key is not a valid key identifier.
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- *         There is no key with key identifier \p key in the key slots.
- */
-static psa_status_t psa_get_and_lock_key_slot_in_memory(
-    mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_id_t key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key );
-    size_t slot_idx;
-    psa_key_slot_t *slot = NULL;
-
-    if( psa_key_id_is_volatile( key_id ) )
-    {
-        slot = &global_data.key_slots[ key_id - PSA_KEY_ID_VOLATILE_MIN ];
-
-        /*
-         * Check if both the PSA key identifier key_id and the owner
-         * identifier of key match those of the key slot.
-         *
-         * Note that, if the key slot is not occupied, its PSA key identifier
-         * is equal to zero. This is an invalid value for a PSA key identifier
-         * and thus cannot be equal to the valid PSA key identifier key_id.
-         */
-        status = mbedtls_svc_key_id_equal( key, slot->attr.id ) ?
-                 PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
-    }
-    else
-    {
-        if ( !psa_is_valid_key_id( key, 1 ) )
-            return( PSA_ERROR_INVALID_HANDLE );
-
-        for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
-        {
-            slot = &global_data.key_slots[ slot_idx ];
-            if( mbedtls_svc_key_id_equal( key, slot->attr.id ) )
-                break;
-        }
-        status = ( slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT ) ?
-                 PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST;
-    }
-
-    if( status == PSA_SUCCESS )
-    {
-        status = psa_lock_key_slot( slot );
-        if( status == PSA_SUCCESS )
-            *p_slot = slot;
-    }
-
-    return( status );
-}
-
-psa_status_t psa_initialize_key_slots( void )
-{
-    /* Nothing to do: program startup and psa_wipe_all_key_slots() both
-     * guarantee that the key slots are initialized to all-zero, which
-     * means that all the key slots are in a valid, empty state. */
-    global_data.key_slots_initialized = 1;
-    return( PSA_SUCCESS );
-}
-
-void psa_wipe_all_key_slots( void )
-{
-    size_t slot_idx;
-
-    for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
-    {
-        psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
-        slot->lock_count = 1;
-        (void) psa_wipe_key_slot( slot );
-    }
-    global_data.key_slots_initialized = 0;
-}
-
-psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
-                                     psa_key_slot_t **p_slot )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    size_t slot_idx;
-    psa_key_slot_t *selected_slot, *unlocked_persistent_key_slot;
-
-    if( ! global_data.key_slots_initialized )
-    {
-        status = PSA_ERROR_BAD_STATE;
-        goto error;
-    }
-
-    selected_slot = unlocked_persistent_key_slot = NULL;
-    for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
-    {
-        psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
-        if( ! psa_is_key_slot_occupied( slot ) )
-        {
-            selected_slot = slot;
-            break;
-        }
-
-        if( ( unlocked_persistent_key_slot == NULL ) &&
-            ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) &&
-            ( ! psa_is_key_slot_locked( slot ) ) )
-            unlocked_persistent_key_slot = slot;
-    }
-
-    /*
-     * If there is no unused key slot and there is at least one unlocked key
-     * slot containing the description of a persistent key, recycle the first
-     * such key slot we encountered. If we later need to operate on the
-     * persistent key we are evicting now, we will reload its description from
-     * storage.
-     */
-    if( ( selected_slot == NULL ) &&
-        ( unlocked_persistent_key_slot != NULL ) )
-    {
-        selected_slot = unlocked_persistent_key_slot;
-        selected_slot->lock_count = 1;
-        psa_wipe_key_slot( selected_slot );
-    }
-
-    if( selected_slot != NULL )
-    {
-       status = psa_lock_key_slot( selected_slot );
-       if( status != PSA_SUCCESS )
-           goto error;
-
-        *volatile_key_id = PSA_KEY_ID_VOLATILE_MIN +
-            ( (psa_key_id_t)( selected_slot - global_data.key_slots ) );
-        *p_slot = selected_slot;
-
-        return( PSA_SUCCESS );
-    }
-    status = PSA_ERROR_INSUFFICIENT_MEMORY;
-
-error:
-    *p_slot = NULL;
-    *volatile_key_id = 0;
-
-    return( status );
-}
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-static psa_status_t psa_load_persistent_key_into_slot( psa_key_slot_t *slot )
-{
-    psa_status_t status = PSA_SUCCESS;
-    uint8_t *key_data = NULL;
-    size_t key_data_length = 0;
-
-    status = psa_load_persistent_key( &slot->attr,
-                                      &key_data, &key_data_length );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-    /* Special handling is required for loading keys associated with a
-     * dynamically registered SE interface. */
-    const psa_drv_se_t *drv;
-    psa_drv_se_context_t *drv_context;
-    if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
-    {
-        psa_se_key_data_storage_t *data;
-
-        if( key_data_length != sizeof( *data ) )
-        {
-            status = PSA_ERROR_DATA_INVALID;
-            goto exit;
-        }
-        data = (psa_se_key_data_storage_t *) key_data;
-        status = psa_copy_key_material_into_slot(
-                     slot, data->slot_number, sizeof( data->slot_number ) );
-        goto exit;
-    }
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-    status = psa_copy_key_material_into_slot( slot, key_data, key_data_length );
-
-exit:
-    psa_free_persistent_key_data( key_data, key_data_length );
-    return( status );
-}
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-
-#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
-
-static psa_status_t psa_load_builtin_key_into_slot( psa_key_slot_t *slot )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-    psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE;
-    psa_drv_slot_number_t slot_number = 0;
-    size_t key_buffer_size = 0;
-    size_t key_buffer_length = 0;
-
-    if( ! psa_key_id_is_builtin(
-            MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id ) ) )
-    {
-        return( PSA_ERROR_DOES_NOT_EXIST );
-    }
-
-    /* Check the platform function to see whether this key actually exists */
-    status = mbedtls_psa_platform_get_builtin_key(
-                slot->attr.id, &lifetime, &slot_number );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    /* Set required key attributes to ensure get_builtin_key can retrieve the
-     * full attributes. */
-    psa_set_key_id( &attributes, slot->attr.id );
-    psa_set_key_lifetime( &attributes, lifetime );
-
-    /* Get the full key attributes from the driver in order to be able to
-     * calculate the required buffer size. */
-    status = psa_driver_wrapper_get_builtin_key(
-                slot_number, &attributes,
-                NULL, 0, NULL );
-    if( status != PSA_ERROR_BUFFER_TOO_SMALL )
-    {
-        /* Builtin keys cannot be defined by the attributes alone */
-        if( status == PSA_SUCCESS )
-            status = PSA_ERROR_CORRUPTION_DETECTED;
-        return( status );
-    }
-
-    /* If the key should exist according to the platform, then ask the driver
-     * what its expected size is. */
-    status = psa_driver_wrapper_get_key_buffer_size( &attributes,
-                                                     &key_buffer_size );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    /* Allocate a buffer of the required size and load the builtin key directly
-     * into the (now properly sized) slot buffer. */
-    status = psa_allocate_buffer_to_slot( slot, key_buffer_size );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    status = psa_driver_wrapper_get_builtin_key(
-                slot_number, &attributes,
-                slot->key.data, slot->key.bytes, &key_buffer_length );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    /* Copy actual key length and core attributes into the slot on success */
-    slot->key.bytes = key_buffer_length;
-    slot->attr = attributes.core;
-
-exit:
-    if( status != PSA_SUCCESS )
-        psa_remove_key_data_from_memory( slot );
-    return( status );
-}
-#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-
-psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key,
-                                        psa_key_slot_t **p_slot )
-{
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    *p_slot = NULL;
-    if( ! global_data.key_slots_initialized )
-        return( PSA_ERROR_BAD_STATE );
-
-    /*
-     * On success, the pointer to the slot is passed directly to the caller
-     * thus no need to unlock the key slot here.
-     */
-    status = psa_get_and_lock_key_slot_in_memory( key, p_slot );
-    if( status != PSA_ERROR_DOES_NOT_EXIST )
-        return( status );
-
-    /* Loading keys from storage requires support for such a mechanism */
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \
-    defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
-    psa_key_id_t volatile_key_id;
-
-    status = psa_get_empty_key_slot( &volatile_key_id, p_slot );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    (*p_slot)->attr.id = key;
-    (*p_slot)->attr.lifetime = PSA_KEY_LIFETIME_PERSISTENT;
-
-    status = PSA_ERROR_DOES_NOT_EXIST;
-#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
-    /* Load keys in the 'builtin' range through their own interface */
-    status = psa_load_builtin_key_into_slot( *p_slot );
-#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-    if( status == PSA_ERROR_DOES_NOT_EXIST )
-        status = psa_load_persistent_key_into_slot( *p_slot );
-#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
-
-    if( status != PSA_SUCCESS )
-    {
-        psa_wipe_key_slot( *p_slot );
-        if( status == PSA_ERROR_DOES_NOT_EXIST )
-            status = PSA_ERROR_INVALID_HANDLE;
-    }
-    else
-        /* Add implicit usage flags. */
-        psa_extend_key_usage_flags( &(*p_slot)->attr.policy.usage );
-
-    return( status );
-#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-    return( PSA_ERROR_INVALID_HANDLE );
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-}
-
-psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot )
-{
-    if( slot == NULL )
-        return( PSA_SUCCESS );
-
-    if( slot->lock_count > 0 )
-    {
-        slot->lock_count--;
-        return( PSA_SUCCESS );
-    }
-
-    /*
-     * As the return error code may not be handled in case of multiple errors,
-     * do our best to report if the lock counter is equal to zero: if
-     * available call MBEDTLS_PARAM_FAILED that may terminate execution (if
-     * called as part of the execution of a unit test suite this will stop the
-     * test suite execution).
-     */
-#ifdef MBEDTLS_CHECK_PARAMS
-    MBEDTLS_PARAM_FAILED( slot->lock_count > 0 );
-#endif
-
-    return( PSA_ERROR_CORRUPTION_DETECTED );
-}
-
-psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
-                                        psa_se_drv_table_entry_t **p_drv )
-{
-    if ( psa_key_lifetime_is_external( lifetime ) )
-    {
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-        /* Check whether a driver is registered against this lifetime */
-        psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime );
-        if( driver != NULL )
-        {
-            if (p_drv != NULL)
-                *p_drv = driver;
-            return( PSA_SUCCESS );
-        }
-#else /* MBEDTLS_PSA_CRYPTO_SE_C */
-        (void) p_drv;
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
-        /* Key location for external keys gets checked by the wrapper */
-        return( PSA_SUCCESS );
-#else /* MBEDTLS_PSA_CRYPTO_DRIVERS */
-        /* No support for external lifetimes at all, or dynamic interface
-         * did not find driver for requested lifetime. */
-        return( PSA_ERROR_INVALID_ARGUMENT );
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
-    }
-    else
-        /* Local/internal keys are always valid */
-        return( PSA_SUCCESS );
-}
-
-psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime )
-{
-    if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
-    {
-        /* Volatile keys are always supported */
-        return( PSA_SUCCESS );
-    }
-    else
-    {
-        /* Persistent keys require storage support */
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-        if( PSA_KEY_LIFETIME_IS_READ_ONLY( lifetime ) )
-            return( PSA_ERROR_INVALID_ARGUMENT );
-        else
-            return( PSA_SUCCESS );
-#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-        return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
-    }
-}
-
-psa_status_t psa_open_key( mbedtls_svc_key_id_t key, psa_key_handle_t *handle )
-{
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || \
-    defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
-    psa_status_t status;
-    psa_key_slot_t *slot;
-
-    status = psa_get_and_lock_key_slot( key, &slot );
-    if( status != PSA_SUCCESS )
-    {
-        *handle = PSA_KEY_HANDLE_INIT;
-        if( status == PSA_ERROR_INVALID_HANDLE )
-            status = PSA_ERROR_DOES_NOT_EXIST;
-
-        return( status );
-    }
-
-    *handle = key;
-
-    return( psa_unlock_key_slot( slot ) );
-
-#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-    (void) key;
-    *handle = PSA_KEY_HANDLE_INIT;
-    return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-}
-
-psa_status_t psa_close_key( psa_key_handle_t handle )
-{
-    psa_status_t status;
-    psa_key_slot_t *slot;
-
-    if( psa_key_handle_is_null( handle ) )
-        return( PSA_SUCCESS );
-
-    status = psa_get_and_lock_key_slot_in_memory( handle, &slot );
-    if( status != PSA_SUCCESS )
-    {
-        if( status == PSA_ERROR_DOES_NOT_EXIST )
-            status = PSA_ERROR_INVALID_HANDLE;
-
-        return( status );
-    }
-    if( slot->lock_count <= 1 )
-        return( psa_wipe_key_slot( slot ) );
-    else
-        return( psa_unlock_key_slot( slot ) );
-}
-
-psa_status_t psa_purge_key( mbedtls_svc_key_id_t key )
-{
-    psa_status_t status;
-    psa_key_slot_t *slot;
-
-    status = psa_get_and_lock_key_slot_in_memory( key, &slot );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    if( ( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) &&
-        ( slot->lock_count <= 1 ) )
-        return( psa_wipe_key_slot( slot ) );
-    else
-        return( psa_unlock_key_slot( slot ) );
-}
-
-void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats )
-{
-    size_t slot_idx;
-
-    memset( stats, 0, sizeof( *stats ) );
-
-    for( slot_idx = 0; slot_idx < MBEDTLS_PSA_KEY_SLOT_COUNT; slot_idx++ )
-    {
-        const psa_key_slot_t *slot = &global_data.key_slots[ slot_idx ];
-        if( psa_is_key_slot_locked( slot ) )
-        {
-            ++stats->locked_slots;
-        }
-        if( ! psa_is_key_slot_occupied( slot ) )
-        {
-            ++stats->empty_slots;
-            continue;
-        }
-        if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
-            ++stats->volatile_slots;
-        else
-        {
-            psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
-            ++stats->persistent_slots;
-            if( id > stats->max_open_internal_key_id )
-                stats->max_open_internal_key_id = id;
-        }
-        if( PSA_KEY_LIFETIME_GET_LOCATION( slot->attr.lifetime ) !=
-            PSA_KEY_LOCATION_LOCAL_STORAGE )
-        {
-            psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
-            ++stats->external_slots;
-            if( id > stats->max_open_external_key_id )
-                stats->max_open_external_key_id = id;
-        }
-    }
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/Sources/mbedtls/library/psa_crypto_slot_management.h b/Sources/mbedtls/library/psa_crypto_slot_management.h
deleted file mode 100644
index d539bdd..0000000
--- a/Sources/mbedtls/library/psa_crypto_slot_management.h
+++ /dev/null
@@ -1,224 +0,0 @@
-/*
- *  PSA crypto layer on top of Mbed TLS crypto
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_SLOT_MANAGEMENT_H
-#define PSA_CRYPTO_SLOT_MANAGEMENT_H
-
-#include "psa/crypto.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_se.h"
-
-/** Range of volatile key identifiers.
- *
- *  The last #MBEDTLS_PSA_KEY_SLOT_COUNT identifiers of the implementation
- *  range of key identifiers are reserved for volatile key identifiers.
- *  A volatile key identifier is equal to #PSA_KEY_ID_VOLATILE_MIN plus the
- *  index of the key slot containing the volatile key definition.
- */
-
-/** The minimum value for a volatile key identifier.
- */
-#define PSA_KEY_ID_VOLATILE_MIN  ( PSA_KEY_ID_VENDOR_MAX - \
-                                   MBEDTLS_PSA_KEY_SLOT_COUNT + 1 )
-
-/** The maximum value for a volatile key identifier.
- */
-#define PSA_KEY_ID_VOLATILE_MAX  PSA_KEY_ID_VENDOR_MAX
-
-/** Test whether a key identifier is a volatile key identifier.
- *
- * \param key_id  Key identifier to test.
- *
- * \retval 1
- *         The key identifier is a volatile key identifier.
- * \retval 0
- *         The key identifier is not a volatile key identifier.
- */
-static inline int psa_key_id_is_volatile( psa_key_id_t key_id )
-{
-    return( ( key_id >= PSA_KEY_ID_VOLATILE_MIN ) &&
-            ( key_id <= PSA_KEY_ID_VOLATILE_MAX ) );
-}
-
-/** Get the description of a key given its identifier and lock it.
- *
- * The descriptions of volatile keys and loaded persistent keys are stored in
- * key slots. This function returns a pointer to the key slot containing the
- * description of a key given its identifier.
- *
- * In case of a persistent key, the function loads the description of the key
- * into a key slot if not already done.
- *
- * On success, the returned key slot is locked. It is the responsibility of
- * the caller to unlock the key slot when it does not access it anymore.
- *
- * \param key           Key identifier to query.
- * \param[out] p_slot   On success, `*p_slot` contains a pointer to the
- *                      key slot containing the description of the key
- *                      identified by \p key.
- *
- * \retval #PSA_SUCCESS
- *         \p *p_slot contains a pointer to the key slot containing the
- *         description of the key identified by \p key.
- *         The key slot counter has been incremented.
- * \retval #PSA_ERROR_BAD_STATE
- *         The library has not been initialized.
- * \retval #PSA_ERROR_INVALID_HANDLE
- *         \p key is not a valid key identifier.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- *         \p key is a persistent key identifier. The implementation does not
- *         have sufficient resources to load the persistent key. This can be
- *         due to a lack of empty key slot, or available memory.
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- *         There is no key with key identifier \p key.
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_CORRUPT
- */
-psa_status_t psa_get_and_lock_key_slot( mbedtls_svc_key_id_t key,
-                                        psa_key_slot_t **p_slot );
-
-/** Initialize the key slot structures.
- *
- * \retval #PSA_SUCCESS
- *         Currently this function always succeeds.
- */
-psa_status_t psa_initialize_key_slots( void );
-
-/** Delete all data from key slots in memory.
- *
- * This does not affect persistent storage. */
-void psa_wipe_all_key_slots( void );
-
-/** Find a free key slot.
- *
- * This function returns a key slot that is available for use and is in its
- * ground state (all-bits-zero). On success, the key slot is locked. It is
- * the responsibility of the caller to unlock the key slot when it does not
- * access it anymore.
- *
- * \param[out] volatile_key_id   On success, volatile key identifier
- *                               associated to the returned slot.
- * \param[out] p_slot            On success, a pointer to the slot.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_BAD_STATE
- */
-psa_status_t psa_get_empty_key_slot( psa_key_id_t *volatile_key_id,
-                                     psa_key_slot_t **p_slot );
-
-/** Lock a key slot.
- *
- * This function increments the key slot lock counter by one.
- *
- * \param[in] slot  The key slot.
- *
- * \retval #PSA_SUCCESS
-               The key slot lock counter was incremented.
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- *             The lock counter already reached its maximum value and was not
- *             increased.
- */
-static inline psa_status_t psa_lock_key_slot( psa_key_slot_t *slot )
-{
-    if( slot->lock_count >= SIZE_MAX )
-        return( PSA_ERROR_CORRUPTION_DETECTED );
-
-    slot->lock_count++;
-
-    return( PSA_SUCCESS );
-}
-
-/** Unlock a key slot.
- *
- * This function decrements the key slot lock counter by one.
- *
- * \note To ease the handling of errors in retrieving a key slot
- *       a NULL input pointer is valid, and the function returns
- *       successfully without doing anything in that case.
- *
- * \param[in] slot  The key slot.
- * \retval #PSA_SUCCESS
- *             \p slot is NULL or the key slot lock counter has been
- *             decremented successfully.
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- *             The lock counter was equal to 0.
- *
- */
-psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot );
-
-/** Test whether a lifetime designates a key in an external cryptoprocessor.
- *
- * \param lifetime      The lifetime to test.
- *
- * \retval 1
- *         The lifetime designates an external key. There should be a
- *         registered driver for this lifetime, otherwise the key cannot
- *         be created or manipulated.
- * \retval 0
- *         The lifetime designates a key that is volatile or in internal
- *         storage.
- */
-static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime )
-{
-    return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime )
-                != PSA_KEY_LOCATION_LOCAL_STORAGE );
-}
-
-/** Validate a key's location.
- *
- * This function checks whether the key's attributes point to a location that
- * is known to the PSA Core, and returns the driver function table if the key
- * is to be found in an external location.
- *
- * \param[in] lifetime      The key lifetime attribute.
- * \param[out] p_drv        On success, when a key is located in external
- *                          storage, returns a pointer to the driver table
- *                          associated with the key's storage location.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- */
-psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime,
-                                        psa_se_drv_table_entry_t **p_drv );
-
-/** Validate the persistence of a key.
- *
- * \param[in] lifetime  The key lifetime attribute.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_NOT_SUPPORTED The key is persistent but persistent keys
- *             are not supported.
- */
-psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime );
-
-/** Validate a key identifier.
- *
- * \param[in] key           The key identifier.
- * \param[in] vendor_ok     Non-zero to indicate that key identifiers in the
- *                          vendor range are allowed, volatile key identifiers
- *                          excepted \c 0 otherwise.
- *
- * \retval <> 0 if the key identifier is valid, 0 otherwise.
- */
-int psa_is_valid_key_id( mbedtls_svc_key_id_t key, int vendor_ok );
-
-#endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */
diff --git a/Sources/mbedtls/library/psa_crypto_storage.c b/Sources/mbedtls/library/psa_crypto_storage.c
deleted file mode 100644
index 24bfdae..0000000
--- a/Sources/mbedtls/library/psa_crypto_storage.c
+++ /dev/null
@@ -1,484 +0,0 @@
-/*
- *  PSA persistent key storage
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-
-#include <stdlib.h>
-#include <string.h>
-
-#include "psa/crypto.h"
-#include "psa_crypto_storage.h"
-#include "mbedtls/platform_util.h"
-
-#if defined(MBEDTLS_PSA_ITS_FILE_C)
-#include "psa_crypto_its.h"
-#else /* Native ITS implementation */
-#include "psa/error.h"
-#include "psa/internal_trusted_storage.h"
-#endif
-
-#include "mbedtls/platform.h"
-
-/****************************************************************/
-/* Key storage */
-/****************************************************************/
-
-/* Determine a file name (ITS file identifier) for the given key identifier.
- * The file name must be distinct from any file that is used for a purpose
- * other than storing a key. Currently, the only such file is the random seed
- * file whose name is PSA_CRYPTO_ITS_RANDOM_SEED_UID and whose value is
- * 0xFFFFFF52. */
-static psa_storage_uid_t psa_its_identifier_of_slot( mbedtls_svc_key_id_t key )
-{
-#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
-    /* Encode the owner in the upper 32 bits. This means that if
-     * owner values are nonzero (as they are on a PSA platform),
-     * no key file will ever have a value less than 0x100000000, so
-     * the whole range 0..0xffffffff is available for non-key files. */
-    uint32_t unsigned_owner_id = MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( key );
-    return(  ( (uint64_t) unsigned_owner_id << 32 ) |
-             MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key ) );
-#else
-    /* Use the key id directly as a file name.
-     * psa_is_key_id_valid() in psa_crypto_slot_management.c
-     * is responsible for ensuring that key identifiers do not have a
-     * value that is reserved for non-key files. */
-    return( key );
-#endif
-}
-
-/**
- * \brief Load persistent data for the given key slot number.
- *
- * This function reads data from a storage backend and returns the data in a
- * buffer.
- *
- * \param key               Persistent identifier of the key to be loaded. This
- *                          should be an occupied storage location.
- * \param[out] data         Buffer where the data is to be written.
- * \param data_size         Size of the \c data buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- */
-static psa_status_t psa_crypto_storage_load(
-    const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size )
-{
-    psa_status_t status;
-    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_storage_info_t data_identifier_info;
-    size_t data_length = 0;
-
-    status = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( status  != PSA_SUCCESS )
-        return( status );
-
-    status = psa_its_get( data_identifier, 0, (uint32_t) data_size, data, &data_length );
-    if( data_size  != data_length )
-        return( PSA_ERROR_DATA_INVALID );
-
-    return( status );
-}
-
-int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key )
-{
-    psa_status_t ret;
-    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_storage_info_t data_identifier_info;
-
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-
-    if( ret == PSA_ERROR_DOES_NOT_EXIST )
-        return( 0 );
-    return( 1 );
-}
-
-/**
- * \brief Store persistent data for the given key slot number.
- *
- * This function stores the given data buffer to a persistent storage.
- *
- * \param key           Persistent identifier of the key to be stored. This
- *                      should be an unoccupied storage location.
- * \param[in] data      Buffer containing the data to be stored.
- * \param data_length   The number of bytes
- *                      that make up the data.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_INVALID
- */
-static psa_status_t psa_crypto_storage_store( const mbedtls_svc_key_id_t key,
-                                              const uint8_t *data,
-                                              size_t data_length )
-{
-    psa_status_t status;
-    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_storage_info_t data_identifier_info;
-
-    if( psa_is_key_present_in_storage( key ) == 1 )
-        return( PSA_ERROR_ALREADY_EXISTS );
-
-    status = psa_its_set( data_identifier, (uint32_t) data_length, data, 0 );
-    if( status != PSA_SUCCESS )
-    {
-        return( PSA_ERROR_DATA_INVALID );
-    }
-
-    status = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( status != PSA_SUCCESS )
-    {
-        goto exit;
-    }
-
-    if( data_identifier_info.size != data_length )
-    {
-        status = PSA_ERROR_DATA_INVALID;
-        goto exit;
-    }
-
-exit:
-    if( status != PSA_SUCCESS )
-    {
-        /* Remove the file in case we managed to create it but something
-         * went wrong. It's ok if the file doesn't exist. If the file exists
-         * but the removal fails, we're already reporting an error so there's
-         * nothing else we can do. */
-        (void) psa_its_remove( data_identifier );
-    }
-    return( status );
-}
-
-psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key )
-{
-    psa_status_t ret;
-    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_storage_info_t data_identifier_info;
-
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( ret == PSA_ERROR_DOES_NOT_EXIST )
-        return( PSA_SUCCESS );
-
-    if( psa_its_remove( data_identifier ) != PSA_SUCCESS )
-        return( PSA_ERROR_DATA_INVALID );
-
-    ret = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( ret != PSA_ERROR_DOES_NOT_EXIST )
-        return( PSA_ERROR_DATA_INVALID );
-
-    return( PSA_SUCCESS );
-}
-
-/**
- * \brief Get data length for given key slot number.
- *
- * \param key               Persistent identifier whose stored data length
- *                          is to be obtained.
- * \param[out] data_length  The number of bytes that make up the data.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- * \retval #PSA_ERROR_DATA_CORRUPT
- */
-static psa_status_t psa_crypto_storage_get_data_length(
-    const mbedtls_svc_key_id_t key,
-    size_t *data_length )
-{
-    psa_status_t status;
-    psa_storage_uid_t data_identifier = psa_its_identifier_of_slot( key );
-    struct psa_storage_info_t data_identifier_info;
-
-    status = psa_its_get_info( data_identifier, &data_identifier_info );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    *data_length = (size_t) data_identifier_info.size;
-
-    return( PSA_SUCCESS );
-}
-
-/**
- * Persistent key storage magic header.
- */
-#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
-#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) )
-
-typedef struct {
-    uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH];
-    uint8_t version[4];
-    uint8_t lifetime[sizeof( psa_key_lifetime_t )];
-    uint8_t type[2];
-    uint8_t bits[2];
-    uint8_t policy[sizeof( psa_key_policy_t )];
-    uint8_t data_len[4];
-    uint8_t key_data[];
-} psa_persistent_key_storage_format;
-
-void psa_format_key_data_for_storage( const uint8_t *data,
-                                      const size_t data_length,
-                                      const psa_core_key_attributes_t *attr,
-                                      uint8_t *storage_data )
-{
-    psa_persistent_key_storage_format *storage_format =
-        (psa_persistent_key_storage_format *) storage_data;
-
-    memcpy( storage_format->magic, PSA_KEY_STORAGE_MAGIC_HEADER, PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH );
-    MBEDTLS_PUT_UINT32_LE( 0, storage_format->version, 0 );
-    MBEDTLS_PUT_UINT32_LE( attr->lifetime, storage_format->lifetime, 0 );
-    MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->type, storage_format->type, 0 );
-    MBEDTLS_PUT_UINT16_LE( (uint16_t) attr->bits, storage_format->bits, 0 );
-    MBEDTLS_PUT_UINT32_LE( attr->policy.usage, storage_format->policy, 0 );
-    MBEDTLS_PUT_UINT32_LE( attr->policy.alg, storage_format->policy, sizeof( uint32_t ) );
-    MBEDTLS_PUT_UINT32_LE( attr->policy.alg2, storage_format->policy, 2 * sizeof( uint32_t ) );
-    MBEDTLS_PUT_UINT32_LE( data_length, storage_format->data_len, 0 );
-    memcpy( storage_format->key_data, data, data_length );
-}
-
-static psa_status_t check_magic_header( const uint8_t *data )
-{
-    if( memcmp( data, PSA_KEY_STORAGE_MAGIC_HEADER,
-                PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ) != 0 )
-        return( PSA_ERROR_DATA_INVALID );
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
-                                              size_t storage_data_length,
-                                              uint8_t **key_data,
-                                              size_t *key_data_length,
-                                              psa_core_key_attributes_t *attr )
-{
-    psa_status_t status;
-    const psa_persistent_key_storage_format *storage_format =
-        (const psa_persistent_key_storage_format *)storage_data;
-    uint32_t version;
-
-    if( storage_data_length < sizeof(*storage_format) )
-        return( PSA_ERROR_DATA_INVALID );
-
-    status = check_magic_header( storage_data );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    version = MBEDTLS_GET_UINT32_LE( storage_format->version, 0 );
-    if( version != 0 )
-        return( PSA_ERROR_DATA_INVALID );
-
-    *key_data_length = MBEDTLS_GET_UINT32_LE( storage_format->data_len, 0 );
-    if( *key_data_length > ( storage_data_length - sizeof(*storage_format) ) ||
-        *key_data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
-        return( PSA_ERROR_DATA_INVALID );
-
-    if( *key_data_length == 0 )
-    {
-        *key_data = NULL;
-    }
-    else
-    {
-        *key_data = mbedtls_calloc( 1, *key_data_length );
-        if( *key_data == NULL )
-            return( PSA_ERROR_INSUFFICIENT_MEMORY );
-        memcpy( *key_data, storage_format->key_data, *key_data_length );
-    }
-
-    attr->lifetime = MBEDTLS_GET_UINT32_LE( storage_format->lifetime, 0 );
-    attr->type = MBEDTLS_GET_UINT16_LE( storage_format->type, 0 );
-    attr->bits = MBEDTLS_GET_UINT16_LE( storage_format->bits, 0 );
-    attr->policy.usage = MBEDTLS_GET_UINT32_LE( storage_format->policy, 0 );
-    attr->policy.alg = MBEDTLS_GET_UINT32_LE( storage_format->policy, sizeof( uint32_t ) );
-    attr->policy.alg2 = MBEDTLS_GET_UINT32_LE( storage_format->policy, 2 * sizeof( uint32_t ) );
-
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
-                                      const uint8_t *data,
-                                      const size_t data_length )
-{
-    size_t storage_data_length;
-    uint8_t *storage_data;
-    psa_status_t status;
-
-    /* All keys saved to persistent storage always have a key context */
-    if( data == NULL || data_length == 0 )
-        return( PSA_ERROR_INVALID_ARGUMENT );
-
-    if( data_length > PSA_CRYPTO_MAX_STORAGE_SIZE )
-        return( PSA_ERROR_INSUFFICIENT_STORAGE );
-    storage_data_length = data_length + sizeof( psa_persistent_key_storage_format );
-
-    storage_data = mbedtls_calloc( 1, storage_data_length );
-    if( storage_data == NULL )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-    psa_format_key_data_for_storage( data, data_length, attr, storage_data );
-
-    status = psa_crypto_storage_store( attr->id,
-                                       storage_data, storage_data_length );
-
-    mbedtls_platform_zeroize( storage_data, storage_data_length );
-    mbedtls_free( storage_data );
-
-    return( status );
-}
-
-void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length )
-{
-    if( key_data != NULL )
-    {
-        mbedtls_platform_zeroize( key_data, key_data_length );
-    }
-    mbedtls_free( key_data );
-}
-
-psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
-                                      uint8_t **data,
-                                      size_t *data_length )
-{
-    psa_status_t status = PSA_SUCCESS;
-    uint8_t *loaded_data;
-    size_t storage_data_length = 0;
-    mbedtls_svc_key_id_t key = attr->id;
-
-    status = psa_crypto_storage_get_data_length( key, &storage_data_length );
-    if( status != PSA_SUCCESS )
-        return( status );
-
-    loaded_data = mbedtls_calloc( 1, storage_data_length );
-
-    if( loaded_data == NULL )
-        return( PSA_ERROR_INSUFFICIENT_MEMORY );
-
-    status = psa_crypto_storage_load( key, loaded_data, storage_data_length );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-    status = psa_parse_key_data_from_storage( loaded_data, storage_data_length,
-                                              data, data_length, attr );
-
-    /* All keys saved to persistent storage always have a key context */
-    if( status == PSA_SUCCESS &&
-        ( *data == NULL || *data_length == 0 ) )
-        status = PSA_ERROR_STORAGE_FAILURE;
-
-exit:
-    mbedtls_platform_zeroize( loaded_data, storage_data_length );
-    mbedtls_free( loaded_data );
-    return( status );
-}
-
-
-
-/****************************************************************/
-/* Transactions */
-/****************************************************************/
-
-#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
-
-psa_crypto_transaction_t psa_crypto_transaction;
-
-psa_status_t psa_crypto_save_transaction( void )
-{
-    struct psa_storage_info_t p_info;
-    psa_status_t status;
-    status = psa_its_get_info( PSA_CRYPTO_ITS_TRANSACTION_UID, &p_info );
-    if( status == PSA_SUCCESS )
-    {
-        /* This shouldn't happen: we're trying to start a transaction while
-         * there is still a transaction that hasn't been replayed. */
-        return( PSA_ERROR_CORRUPTION_DETECTED );
-    }
-    else if( status != PSA_ERROR_DOES_NOT_EXIST )
-        return( status );
-    return( psa_its_set( PSA_CRYPTO_ITS_TRANSACTION_UID,
-                         sizeof( psa_crypto_transaction ),
-                         &psa_crypto_transaction,
-                         0 ) );
-}
-
-psa_status_t psa_crypto_load_transaction( void )
-{
-    psa_status_t status;
-    size_t length;
-    status = psa_its_get( PSA_CRYPTO_ITS_TRANSACTION_UID, 0,
-                          sizeof( psa_crypto_transaction ),
-                          &psa_crypto_transaction, &length );
-    if( status != PSA_SUCCESS )
-        return( status );
-    if( length != sizeof( psa_crypto_transaction ) )
-        return( PSA_ERROR_DATA_INVALID );
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_crypto_stop_transaction( void )
-{
-    psa_status_t status = psa_its_remove( PSA_CRYPTO_ITS_TRANSACTION_UID );
-    /* Whether or not updating the storage succeeded, the transaction is
-     * finished now. It's too late to go back, so zero out the in-memory
-     * data. */
-    memset( &psa_crypto_transaction, 0, sizeof( psa_crypto_transaction ) );
-    return( status );
-}
-
-#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
-
-
-
-/****************************************************************/
-/* Random generator state */
-/****************************************************************/
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
-                                                 size_t seed_size )
-{
-    psa_status_t status;
-    struct psa_storage_info_t p_info;
-
-    status = psa_its_get_info( PSA_CRYPTO_ITS_RANDOM_SEED_UID, &p_info );
-
-    if( PSA_ERROR_DOES_NOT_EXIST == status ) /* No seed exists */
-    {
-        status = psa_its_set( PSA_CRYPTO_ITS_RANDOM_SEED_UID, seed_size, seed, 0 );
-    }
-    else if( PSA_SUCCESS == status )
-    {
-        /* You should not be here. Seed needs to be injected only once */
-        status = PSA_ERROR_NOT_PERMITTED;
-    }
-    return( status );
-}
-#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
-
-
-
-/****************************************************************/
-/* The end */
-/****************************************************************/
-
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
diff --git a/Sources/mbedtls/library/psa_crypto_storage.h b/Sources/mbedtls/library/psa_crypto_storage.h
deleted file mode 100644
index 970e108..0000000
--- a/Sources/mbedtls/library/psa_crypto_storage.h
+++ /dev/null
@@ -1,399 +0,0 @@
-/**
- * \file psa_crypto_storage.h
- *
- * \brief PSA cryptography module: Mbed TLS key storage
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_STORAGE_H
-#define PSA_CRYPTO_STORAGE_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include "psa/crypto.h"
-#include "psa/crypto_se_driver.h"
-
-#include <stdint.h>
-#include <string.h>
-
-/* Limit the maximum key size in storage. This should have no effect
- * since the key size is limited in memory. */
-#define PSA_CRYPTO_MAX_STORAGE_SIZE ( PSA_BITS_TO_BYTES( PSA_MAX_KEY_BITS ) )
-/* Sanity check: a file size must fit in 32 bits. Allow a generous
- * 64kB of metadata. */
-#if PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
-#error PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
-#endif
-
-/** The maximum permitted persistent slot number.
- *
- * In Mbed Crypto 0.1.0b:
- * - Using the file backend, all key ids are ok except 0.
- * - Using the ITS backend, all key ids are ok except 0xFFFFFF52
- *   (#PSA_CRYPTO_ITS_RANDOM_SEED_UID) for which the file contains the
- *   device's random seed (if this feature is enabled).
- * - Only key ids from 1 to #MBEDTLS_PSA_KEY_SLOT_COUNT are actually used.
- *
- * Since we need to preserve the random seed, avoid using that key slot.
- * Reserve a whole range of key slots just in case something else comes up.
- *
- * This limitation will probably become moot when we implement client
- * separation for key storage.
- */
-#define PSA_MAX_PERSISTENT_KEY_IDENTIFIER PSA_KEY_ID_VENDOR_MAX
-
-/**
- * \brief Checks if persistent data is stored for the given key slot number
- *
- * This function checks if any key data or metadata exists for the key slot in
- * the persistent storage.
- *
- * \param key           Persistent identifier to check.
- *
- * \retval 0
- *         No persistent data present for slot number
- * \retval 1
- *         Persistent data present for slot number
- */
-int psa_is_key_present_in_storage( const mbedtls_svc_key_id_t key );
-
-/**
- * \brief Format key data and metadata and save to a location for given key
- *        slot.
- *
- * This function formats the key data and metadata and saves it to a
- * persistent storage backend. The storage location corresponding to the
- * key slot must be empty, otherwise this function will fail. This function
- * should be called after loading the key into an internal slot to ensure the
- * persistent key is not saved into a storage location corresponding to an
- * already occupied non-persistent key, as well as ensuring the key data is
- * validated.
- *
- * Note: This function will only succeed for key buffers which are not
- * empty. If passed a NULL pointer or zero-length, the function will fail
- * with #PSA_ERROR_INVALID_ARGUMENT.
- *
- * \param[in] attr          The attributes of the key to save.
- *                          The key identifier field in the attributes
- *                          determines the key's location.
- * \param[in] data          Buffer containing the key data.
- * \param data_length       The number of bytes that make up the key data.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- */
-psa_status_t psa_save_persistent_key( const psa_core_key_attributes_t *attr,
-                                      const uint8_t *data,
-                                      const size_t data_length );
-
-/**
- * \brief Parses key data and metadata and load persistent key for given
- * key slot number.
- *
- * This function reads from a storage backend, parses the key data and
- * metadata and writes them to the appropriate output parameters.
- *
- * Note: This function allocates a buffer and returns a pointer to it through
- * the data parameter. On successful return, the pointer is guaranteed to be
- * valid and the buffer contains at least one byte of data.
- * psa_free_persistent_key_data() must be called on the data buffer
- * afterwards to zeroize and free this buffer.
- *
- * \param[in,out] attr      On input, the key identifier field identifies
- *                          the key to load. Other fields are ignored.
- *                          On success, the attribute structure contains
- *                          the key metadata that was loaded from storage.
- * \param[out] data         Pointer to an allocated key data buffer on return.
- * \param[out] data_length  The number of bytes that make up the key data.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- */
-psa_status_t psa_load_persistent_key( psa_core_key_attributes_t *attr,
-                                      uint8_t **data,
-                                      size_t *data_length );
-
-/**
- * \brief Remove persistent data for the given key slot number.
- *
- * \param key           Persistent identifier of the key to remove
- *                      from persistent storage.
- *
- * \retval #PSA_SUCCESS
- *         The key was successfully removed,
- *         or the key did not exist.
- * \retval #PSA_ERROR_DATA_INVALID
- */
-psa_status_t psa_destroy_persistent_key( const mbedtls_svc_key_id_t key );
-
-/**
- * \brief Free the temporary buffer allocated by psa_load_persistent_key().
- *
- * This function must be called at some point after psa_load_persistent_key()
- * to zeroize and free the memory allocated to the buffer in that function.
- *
- * \param key_data        Buffer for the key data.
- * \param key_data_length Size of the key data buffer.
- *
- */
-void psa_free_persistent_key_data( uint8_t *key_data, size_t key_data_length );
-
-/**
- * \brief Formats key data and metadata for persistent storage
- *
- * \param[in] data          Buffer containing the key data.
- * \param data_length       Length of the key data buffer.
- * \param[in] attr          The core attributes of the key.
- * \param[out] storage_data Output buffer for the formatted data.
- *
- */
-void psa_format_key_data_for_storage( const uint8_t *data,
-                                      const size_t data_length,
-                                      const psa_core_key_attributes_t *attr,
-                                      uint8_t *storage_data );
-
-/**
- * \brief Parses persistent storage data into key data and metadata
- *
- * \param[in] storage_data     Buffer for the storage data.
- * \param storage_data_length  Length of the storage data buffer
- * \param[out] key_data        On output, pointer to a newly allocated buffer
- *                             containing the key data. This must be freed
- *                             using psa_free_persistent_key_data()
- * \param[out] key_data_length Length of the key data buffer
- * \param[out] attr            On success, the attribute structure is filled
- *                             with the loaded key metadata.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
- * \retval #PSA_ERROR_DATA_INVALID
- */
-psa_status_t psa_parse_key_data_from_storage( const uint8_t *storage_data,
-                                              size_t storage_data_length,
-                                              uint8_t **key_data,
-                                              size_t *key_data_length,
-                                              psa_core_key_attributes_t *attr );
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-/** This symbol is defined if transaction support is required. */
-#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS
-#endif
-
-#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
-
-/** The type of transaction that is in progress.
- */
-/* This is an integer type rather than an enum for two reasons: to support
- * unknown values when loading a transaction file, and to ensure that the
- * type has a known size.
- */
-typedef uint16_t psa_crypto_transaction_type_t;
-
-/** No transaction is in progress.
- *
- * This has the value 0, so zero-initialization sets a transaction's type to
- * this value.
- */
-#define PSA_CRYPTO_TRANSACTION_NONE             ( (psa_crypto_transaction_type_t) 0x0000 )
-
-/** A key creation transaction.
- *
- * This is only used for keys in an external cryptoprocessor (secure element).
- * Keys in RAM or in internal storage are created atomically in storage
- * (simple file creation), so they do not need a transaction mechanism.
- */
-#define PSA_CRYPTO_TRANSACTION_CREATE_KEY       ( (psa_crypto_transaction_type_t) 0x0001 )
-
-/** A key destruction transaction.
- *
- * This is only used for keys in an external cryptoprocessor (secure element).
- * Keys in RAM or in internal storage are destroyed atomically in storage
- * (simple file deletion), so they do not need a transaction mechanism.
- */
-#define PSA_CRYPTO_TRANSACTION_DESTROY_KEY      ( (psa_crypto_transaction_type_t) 0x0002 )
-
-/** Transaction data.
- *
- * This type is designed to be serialized by writing the memory representation
- * and reading it back on the same device.
- *
- * \note The transaction mechanism is designed for a single active transaction
- *       at a time. The transaction object is #psa_crypto_transaction.
- *
- * \note If an API call starts a transaction, it must complete this transaction
- *       before returning to the application.
- *
- * The lifetime of a transaction is the following (note that only one
- * transaction may be active at a time):
- *
- * -# Call psa_crypto_prepare_transaction() to initialize the transaction
- *    object in memory and declare the type of transaction that is starting.
- * -# Fill in the type-specific fields of #psa_crypto_transaction.
- * -# Call psa_crypto_save_transaction() to start the transaction. This
- *    saves the transaction data to internal storage.
- * -# Perform the work of the transaction by modifying files, contacting
- *    external entities, or whatever needs doing. Note that the transaction
- *    may be interrupted by a power failure, so you need to have a way
- *    recover from interruptions either by undoing what has been done
- *    so far or by resuming where you left off.
- * -# If there are intermediate stages in the transaction, update
- *    the fields of #psa_crypto_transaction and call
- *    psa_crypto_save_transaction() again when each stage is reached.
- * -# When the transaction is over, call psa_crypto_stop_transaction() to
- *    remove the transaction data in storage and in memory.
- *
- * If the system crashes while a transaction is in progress, psa_crypto_init()
- * calls psa_crypto_load_transaction() and takes care of completing or
- * rewinding the transaction. This is done in psa_crypto_recover_transaction()
- * in psa_crypto.c. If you add a new type of transaction, be
- * sure to add code for it in psa_crypto_recover_transaction().
- */
-typedef union
-{
-    /* Each element of this union must have the following properties
-     * to facilitate serialization and deserialization:
-     *
-     * - The element is a struct.
-     * - The first field of the struct is `psa_crypto_transaction_type_t type`.
-     * - Elements of the struct are arranged such a way that there is
-     *   no padding.
-     */
-    struct psa_crypto_transaction_unknown_s
-    {
-        psa_crypto_transaction_type_t type;
-        uint16_t unused1;
-        uint32_t unused2;
-        uint64_t unused3;
-        uint64_t unused4;
-    } unknown;
-    /* ::type is #PSA_CRYPTO_TRANSACTION_CREATE_KEY or
-     * #PSA_CRYPTO_TRANSACTION_DESTROY_KEY. */
-    struct psa_crypto_transaction_key_s
-    {
-        psa_crypto_transaction_type_t type;
-        uint16_t unused1;
-        psa_key_lifetime_t lifetime;
-        psa_key_slot_number_t slot;
-        mbedtls_svc_key_id_t id;
-    } key;
-} psa_crypto_transaction_t;
-
-/** The single active transaction.
- */
-extern psa_crypto_transaction_t psa_crypto_transaction;
-
-/** Prepare for a transaction.
- *
- * There must not be an ongoing transaction.
- *
- * \param type          The type of transaction to start.
- */
-static inline void psa_crypto_prepare_transaction(
-    psa_crypto_transaction_type_t type )
-{
-    psa_crypto_transaction.unknown.type = type;
-}
-
-/** Save the transaction data to storage.
- *
- * You may call this function multiple times during a transaction to
- * atomically update the transaction state.
- *
- * \retval #PSA_SUCCESS
- * \retval #PSA_ERROR_DATA_CORRUPT
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_STORAGE_FAILURE
- */
-psa_status_t psa_crypto_save_transaction( void );
-
-/** Load the transaction data from storage, if any.
- *
- * This function is meant to be called from psa_crypto_init() to recover
- * in case a transaction was interrupted by a system crash.
- *
- * \retval #PSA_SUCCESS
- *         The data about the ongoing transaction has been loaded to
- *         #psa_crypto_transaction.
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- *         There is no ongoing transaction.
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_DATA_INVALID
- * \retval #PSA_ERROR_DATA_CORRUPT
- */
-psa_status_t psa_crypto_load_transaction( void );
-
-/** Indicate that the current transaction is finished.
- *
- * Call this function at the very end of transaction processing.
- * This function does not "commit" or "abort" the transaction: the storage
- * subsystem has no concept of "commit" and "abort", just saving and
- * removing the transaction information in storage.
- *
- * This function erases the transaction data in storage (if any) and
- * resets the transaction data in memory.
- *
- * \retval #PSA_SUCCESS
- *         There was transaction data in storage.
- * \retval #PSA_ERROR_DOES_NOT_EXIST
- *         There was no transaction data in storage.
- * \retval #PSA_ERROR_STORAGE_FAILURE
- *         It was impossible to determine whether there was transaction data
- *         in storage, or the transaction data could not be erased.
- */
-psa_status_t psa_crypto_stop_transaction( void );
-
-/** The ITS file identifier for the transaction data.
- *
- * 0xffffffNN = special file; 0x74 = 't' for transaction.
- */
-#define PSA_CRYPTO_ITS_TRANSACTION_UID ( (psa_key_id_t) 0xffffff74 )
-
-#endif /* PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS */
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-/** Backend side of mbedtls_psa_inject_entropy().
- *
- * This function stores the supplied data into the entropy seed file.
- *
- * \retval #PSA_SUCCESS
- *         Success
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE
- * \retval #PSA_ERROR_NOT_PERMITTED
- *         The entropy seed file already exists.
- */
-psa_status_t mbedtls_psa_storage_inject_entropy( const unsigned char *seed,
-                                                 size_t seed_size );
-#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* PSA_CRYPTO_STORAGE_H */
diff --git a/Sources/mbedtls/library/psa_its_file.c b/Sources/mbedtls/library/psa_its_file.c
deleted file mode 100644
index ddd9fa9..0000000
--- a/Sources/mbedtls/library/psa_its_file.c
+++ /dev/null
@@ -1,250 +0,0 @@
-/*
- *  PSA ITS simulator over stdio files.
- */
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PSA_ITS_FILE_C)
-
-#include "mbedtls/platform.h"
-
-#if defined(_WIN32)
-#include <windows.h>
-#endif
-
-#include "psa_crypto_its.h"
-
-#include <limits.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <string.h>
-
-#if !defined(PSA_ITS_STORAGE_PREFIX)
-#define PSA_ITS_STORAGE_PREFIX ""
-#endif
-
-#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08x%08x"
-#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
-#define PSA_ITS_STORAGE_FILENAME_LENGTH         \
-    ( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
-      16 + /*UID (64-bit number in hex)*/                               \
-      sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \
-      1 /*terminating null byte*/ )
-#define PSA_ITS_STORAGE_TEMP \
-    PSA_ITS_STORAGE_PREFIX "tempfile" PSA_ITS_STORAGE_SUFFIX
-
-/* The maximum value of psa_storage_info_t.size */
-#define PSA_ITS_MAX_SIZE 0xffffffff
-
-#define PSA_ITS_MAGIC_STRING "PSA\0ITS\0"
-#define PSA_ITS_MAGIC_LENGTH 8
-
-/* As rename fails on Windows if the new filepath already exists,
- * use MoveFileExA with the MOVEFILE_REPLACE_EXISTING flag instead.
- * Returns 0 on success, nonzero on failure. */
-#if defined(_WIN32)
-#define rename_replace_existing( oldpath, newpath ) \
-    ( ! MoveFileExA( oldpath, newpath, MOVEFILE_REPLACE_EXISTING ) )
-#else
-#define rename_replace_existing( oldpath, newpath ) rename( oldpath, newpath )
-#endif
-
-typedef struct
-{
-    uint8_t magic[PSA_ITS_MAGIC_LENGTH];
-    uint8_t size[sizeof( uint32_t )];
-    uint8_t flags[sizeof( psa_storage_create_flags_t )];
-} psa_its_file_header_t;
-
-static void psa_its_fill_filename( psa_storage_uid_t uid, char *filename )
-{
-    /* Break up the UID into two 32-bit pieces so as not to rely on
-     * long long support in snprintf. */
-    mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
-                      "%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
-                      PSA_ITS_STORAGE_PREFIX,
-                      (unsigned) ( uid >> 32 ),
-                      (unsigned) ( uid & 0xffffffff ),
-                      PSA_ITS_STORAGE_SUFFIX );
-}
-
-static psa_status_t psa_its_read_file( psa_storage_uid_t uid,
-                                       struct psa_storage_info_t *p_info,
-                                       FILE **p_stream )
-{
-    char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
-    psa_its_file_header_t header;
-    size_t n;
-
-    *p_stream = NULL;
-    psa_its_fill_filename( uid, filename );
-    *p_stream = fopen( filename, "rb" );
-    if( *p_stream == NULL )
-        return( PSA_ERROR_DOES_NOT_EXIST );
-
-    n = fread( &header, 1, sizeof( header ), *p_stream );
-    if( n != sizeof( header ) )
-        return( PSA_ERROR_DATA_CORRUPT );
-    if( memcmp( header.magic, PSA_ITS_MAGIC_STRING,
-                PSA_ITS_MAGIC_LENGTH ) != 0 )
-        return( PSA_ERROR_DATA_CORRUPT );
-
-    p_info->size = ( header.size[0] |
-                     header.size[1] << 8 |
-                     header.size[2] << 16 |
-                     header.size[3] << 24 );
-    p_info->flags = ( header.flags[0] |
-                      header.flags[1] << 8 |
-                      header.flags[2] << 16 |
-                      header.flags[3] << 24 );
-    return( PSA_SUCCESS );
-}
-
-psa_status_t psa_its_get_info( psa_storage_uid_t uid,
-                               struct psa_storage_info_t *p_info )
-{
-    psa_status_t status;
-    FILE *stream = NULL;
-    status = psa_its_read_file( uid, p_info, &stream );
-    if( stream != NULL )
-        fclose( stream );
-    return( status );
-}
-
-psa_status_t psa_its_get( psa_storage_uid_t uid,
-                          uint32_t data_offset,
-                          uint32_t data_length,
-                          void *p_data,
-                          size_t *p_data_length )
-{
-    psa_status_t status;
-    FILE *stream = NULL;
-    size_t n;
-    struct psa_storage_info_t info;
-
-    status = psa_its_read_file( uid, &info, &stream );
-    if( status != PSA_SUCCESS )
-        goto exit;
-    status = PSA_ERROR_INVALID_ARGUMENT;
-    if( data_offset + data_length < data_offset )
-        goto exit;
-#if SIZE_MAX < 0xffffffff
-    if( data_offset + data_length > SIZE_MAX )
-        goto exit;
-#endif
-    if( data_offset + data_length > info.size )
-        goto exit;
-
-    status = PSA_ERROR_STORAGE_FAILURE;
-#if LONG_MAX < 0xffffffff
-    while( data_offset > LONG_MAX )
-    {
-        if( fseek( stream, LONG_MAX, SEEK_CUR ) != 0 )
-            goto exit;
-        data_offset -= LONG_MAX;
-    }
-#endif
-    if( fseek( stream, data_offset, SEEK_CUR ) != 0 )
-        goto exit;
-    n = fread( p_data, 1, data_length, stream );
-    if( n != data_length )
-        goto exit;
-    status = PSA_SUCCESS;
-    if( p_data_length != NULL )
-        *p_data_length = n;
-
-exit:
-    if( stream != NULL )
-        fclose( stream );
-    return( status );
-}
-
-psa_status_t psa_its_set( psa_storage_uid_t uid,
-                          uint32_t data_length,
-                          const void *p_data,
-                          psa_storage_create_flags_t create_flags )
-{
-    if( uid == 0 )
-    {
-        return( PSA_ERROR_INVALID_HANDLE );
-    }
-
-    psa_status_t status = PSA_ERROR_STORAGE_FAILURE;
-    char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
-    FILE *stream = NULL;
-    psa_its_file_header_t header;
-    size_t n;
-
-    memcpy( header.magic, PSA_ITS_MAGIC_STRING, PSA_ITS_MAGIC_LENGTH );
-    MBEDTLS_PUT_UINT32_LE( data_length, header.size, 0 );
-    MBEDTLS_PUT_UINT32_LE( create_flags, header.flags, 0 );
-
-    psa_its_fill_filename( uid, filename );
-    stream = fopen( PSA_ITS_STORAGE_TEMP, "wb" );
-    if( stream == NULL )
-        goto exit;
-
-    status = PSA_ERROR_INSUFFICIENT_STORAGE;
-    n = fwrite( &header, 1, sizeof( header ), stream );
-    if( n != sizeof( header ) )
-        goto exit;
-    if( data_length != 0 )
-    {
-        n = fwrite( p_data, 1, data_length, stream );
-        if( n != data_length )
-            goto exit;
-    }
-    status = PSA_SUCCESS;
-
-exit:
-    if( stream != NULL )
-    {
-        int ret = fclose( stream );
-        if( status == PSA_SUCCESS && ret != 0 )
-            status = PSA_ERROR_INSUFFICIENT_STORAGE;
-    }
-    if( status == PSA_SUCCESS )
-    {
-        if( rename_replace_existing( PSA_ITS_STORAGE_TEMP, filename ) != 0 )
-            status = PSA_ERROR_STORAGE_FAILURE;
-    }
-    /* The temporary file may still exist, but only in failure cases where
-     * we're already reporting an error. So there's nothing we can do on
-     * failure. If the function succeeded, and in some error cases, the
-     * temporary file doesn't exist and so remove() is expected to fail.
-     * Thus we just ignore the return status of remove(). */
-    (void) remove( PSA_ITS_STORAGE_TEMP );
-    return( status );
-}
-
-psa_status_t psa_its_remove( psa_storage_uid_t uid )
-{
-    char filename[PSA_ITS_STORAGE_FILENAME_LENGTH];
-    FILE *stream;
-    psa_its_fill_filename( uid, filename );
-    stream = fopen( filename, "rb" );
-    if( stream == NULL )
-        return( PSA_ERROR_DOES_NOT_EXIST );
-    fclose( stream );
-    if( remove( filename ) != 0 )
-        return( PSA_ERROR_STORAGE_FAILURE );
-    return( PSA_SUCCESS );
-}
-
-#endif /* MBEDTLS_PSA_ITS_FILE_C */
diff --git a/Sources/mbedtls/library/ripemd160.c b/Sources/mbedtls/library/ripemd160.c
deleted file mode 100644
index 55e259e..0000000
--- a/Sources/mbedtls/library/ripemd160.c
+++ /dev/null
@@ -1,529 +0,0 @@
-/*
- *  RIPE MD-160 implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- *  The RIPEMD-160 algorithm was designed by RIPE in 1996
- *  http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html
- *  http://ehash.iaik.tugraz.at/wiki/RIPEMD-160
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_RIPEMD160_C)
-
-#include "mbedtls/ripemd160.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_RIPEMD160_ALT)
-
-void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx )
-{
-    memset( ctx, 0, sizeof( mbedtls_ripemd160_context ) );
-}
-
-void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ripemd160_context ) );
-}
-
-void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
-                        const mbedtls_ripemd160_context *src )
-{
-    *dst = *src;
-}
-
-/*
- * RIPEMD-160 context setup
- */
-int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx )
-{
-    ctx->total[0] = 0;
-    ctx->total[1] = 0;
-
-    ctx->state[0] = 0x67452301;
-    ctx->state[1] = 0xEFCDAB89;
-    ctx->state[2] = 0x98BADCFE;
-    ctx->state[3] = 0x10325476;
-    ctx->state[4] = 0xC3D2E1F0;
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx )
-{
-    mbedtls_ripemd160_starts_ret( ctx );
-}
-#endif
-
-#if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
-/*
- * Process one block
- */
-int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
-                                        const unsigned char data[64] )
-{
-    struct
-    {
-        uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16];
-    } local;
-
-    local.X[ 0] = MBEDTLS_GET_UINT32_LE( data,  0 );
-    local.X[ 1] = MBEDTLS_GET_UINT32_LE( data,  4 );
-    local.X[ 2] = MBEDTLS_GET_UINT32_LE( data,  8 );
-    local.X[ 3] = MBEDTLS_GET_UINT32_LE( data, 12 );
-    local.X[ 4] = MBEDTLS_GET_UINT32_LE( data, 16 );
-    local.X[ 5] = MBEDTLS_GET_UINT32_LE( data, 20 );
-    local.X[ 6] = MBEDTLS_GET_UINT32_LE( data, 24 );
-    local.X[ 7] = MBEDTLS_GET_UINT32_LE( data, 28 );
-    local.X[ 8] = MBEDTLS_GET_UINT32_LE( data, 32 );
-    local.X[ 9] = MBEDTLS_GET_UINT32_LE( data, 36 );
-    local.X[10] = MBEDTLS_GET_UINT32_LE( data, 40 );
-    local.X[11] = MBEDTLS_GET_UINT32_LE( data, 44 );
-    local.X[12] = MBEDTLS_GET_UINT32_LE( data, 48 );
-    local.X[13] = MBEDTLS_GET_UINT32_LE( data, 52 );
-    local.X[14] = MBEDTLS_GET_UINT32_LE( data, 56 );
-    local.X[15] = MBEDTLS_GET_UINT32_LE( data, 60 );
-
-    local.A = local.Ap = ctx->state[0];
-    local.B = local.Bp = ctx->state[1];
-    local.C = local.Cp = ctx->state[2];
-    local.D = local.Dp = ctx->state[3];
-    local.E = local.Ep = ctx->state[4];
-
-#define F1( x, y, z )   ( (x) ^ (y) ^ (z) )
-#define F2( x, y, z )   ( ( (x) & (y) ) | ( ~(x) & (z) ) )
-#define F3( x, y, z )   ( ( (x) | ~(y) ) ^ (z) )
-#define F4( x, y, z )   ( ( (x) & (z) ) | ( (y) & ~(z) ) )
-#define F5( x, y, z )   ( (x) ^ ( (y) | ~(z) ) )
-
-#define S( x, n ) ( ( (x) << (n) ) | ( (x) >> (32 - (n)) ) )
-
-#define P( a, b, c, d, e, r, s, f, k )                      \
-    do                                                      \
-    {                                                       \
-        (a) += f( (b), (c), (d) ) + local.X[r] + (k);       \
-        (a) = S( (a), (s) ) + (e);                          \
-        (c) = S( (c), 10 );                                 \
-    } while( 0 )
-
-#define P2( a, b, c, d, e, r, s, rp, sp )                               \
-    do                                                                  \
-    {                                                                   \
-        P( (a), (b), (c), (d), (e), (r), (s), F, K );                   \
-        P( a ## p, b ## p, c ## p, d ## p, e ## p,                      \
-           (rp), (sp), Fp, Kp );                                        \
-    } while( 0 )
-
-#define F   F1
-#define K   0x00000000
-#define Fp  F5
-#define Kp  0x50A28BE6
-    P2( local.A, local.B, local.C, local.D, local.E,  0, 11,  5,  8 );
-    P2( local.E, local.A, local.B, local.C, local.D,  1, 14, 14,  9 );
-    P2( local.D, local.E, local.A, local.B, local.C,  2, 15,  7,  9 );
-    P2( local.C, local.D, local.E, local.A, local.B,  3, 12,  0, 11 );
-    P2( local.B, local.C, local.D, local.E, local.A,  4,  5,  9, 13 );
-    P2( local.A, local.B, local.C, local.D, local.E,  5,  8,  2, 15 );
-    P2( local.E, local.A, local.B, local.C, local.D,  6,  7, 11, 15 );
-    P2( local.D, local.E, local.A, local.B, local.C,  7,  9,  4,  5 );
-    P2( local.C, local.D, local.E, local.A, local.B,  8, 11, 13,  7 );
-    P2( local.B, local.C, local.D, local.E, local.A,  9, 13,  6,  7 );
-    P2( local.A, local.B, local.C, local.D, local.E, 10, 14, 15,  8 );
-    P2( local.E, local.A, local.B, local.C, local.D, 11, 15,  8, 11 );
-    P2( local.D, local.E, local.A, local.B, local.C, 12,  6,  1, 14 );
-    P2( local.C, local.D, local.E, local.A, local.B, 13,  7, 10, 14 );
-    P2( local.B, local.C, local.D, local.E, local.A, 14,  9,  3, 12 );
-    P2( local.A, local.B, local.C, local.D, local.E, 15,  8, 12,  6 );
-#undef F
-#undef K
-#undef Fp
-#undef Kp
-
-#define F   F2
-#define K   0x5A827999
-#define Fp  F4
-#define Kp  0x5C4DD124
-    P2( local.E, local.A, local.B, local.C, local.D,  7,  7,  6,  9 );
-    P2( local.D, local.E, local.A, local.B, local.C,  4,  6, 11, 13 );
-    P2( local.C, local.D, local.E, local.A, local.B, 13,  8,  3, 15 );
-    P2( local.B, local.C, local.D, local.E, local.A,  1, 13,  7,  7 );
-    P2( local.A, local.B, local.C, local.D, local.E, 10, 11,  0, 12 );
-    P2( local.E, local.A, local.B, local.C, local.D,  6,  9, 13,  8 );
-    P2( local.D, local.E, local.A, local.B, local.C, 15,  7,  5,  9 );
-    P2( local.C, local.D, local.E, local.A, local.B,  3, 15, 10, 11 );
-    P2( local.B, local.C, local.D, local.E, local.A, 12,  7, 14,  7 );
-    P2( local.A, local.B, local.C, local.D, local.E,  0, 12, 15,  7 );
-    P2( local.E, local.A, local.B, local.C, local.D,  9, 15,  8, 12 );
-    P2( local.D, local.E, local.A, local.B, local.C,  5,  9, 12,  7 );
-    P2( local.C, local.D, local.E, local.A, local.B,  2, 11,  4,  6 );
-    P2( local.B, local.C, local.D, local.E, local.A, 14,  7,  9, 15 );
-    P2( local.A, local.B, local.C, local.D, local.E, 11, 13,  1, 13 );
-    P2( local.E, local.A, local.B, local.C, local.D,  8, 12,  2, 11 );
-#undef F
-#undef K
-#undef Fp
-#undef Kp
-
-#define F   F3
-#define K   0x6ED9EBA1
-#define Fp  F3
-#define Kp  0x6D703EF3
-    P2( local.D, local.E, local.A, local.B, local.C,  3, 11, 15,  9 );
-    P2( local.C, local.D, local.E, local.A, local.B, 10, 13,  5,  7 );
-    P2( local.B, local.C, local.D, local.E, local.A, 14,  6,  1, 15 );
-    P2( local.A, local.B, local.C, local.D, local.E,  4,  7,  3, 11 );
-    P2( local.E, local.A, local.B, local.C, local.D,  9, 14,  7,  8 );
-    P2( local.D, local.E, local.A, local.B, local.C, 15,  9, 14,  6 );
-    P2( local.C, local.D, local.E, local.A, local.B,  8, 13,  6,  6 );
-    P2( local.B, local.C, local.D, local.E, local.A,  1, 15,  9, 14 );
-    P2( local.A, local.B, local.C, local.D, local.E,  2, 14, 11, 12 );
-    P2( local.E, local.A, local.B, local.C, local.D,  7,  8,  8, 13 );
-    P2( local.D, local.E, local.A, local.B, local.C,  0, 13, 12,  5 );
-    P2( local.C, local.D, local.E, local.A, local.B,  6,  6,  2, 14 );
-    P2( local.B, local.C, local.D, local.E, local.A, 13,  5, 10, 13 );
-    P2( local.A, local.B, local.C, local.D, local.E, 11, 12,  0, 13 );
-    P2( local.E, local.A, local.B, local.C, local.D,  5,  7,  4,  7 );
-    P2( local.D, local.E, local.A, local.B, local.C, 12,  5, 13,  5 );
-#undef F
-#undef K
-#undef Fp
-#undef Kp
-
-#define F   F4
-#define K   0x8F1BBCDC
-#define Fp  F2
-#define Kp  0x7A6D76E9
-    P2( local.C, local.D, local.E, local.A, local.B,  1, 11,  8, 15 );
-    P2( local.B, local.C, local.D, local.E, local.A,  9, 12,  6,  5 );
-    P2( local.A, local.B, local.C, local.D, local.E, 11, 14,  4,  8 );
-    P2( local.E, local.A, local.B, local.C, local.D, 10, 15,  1, 11 );
-    P2( local.D, local.E, local.A, local.B, local.C,  0, 14,  3, 14 );
-    P2( local.C, local.D, local.E, local.A, local.B,  8, 15, 11, 14 );
-    P2( local.B, local.C, local.D, local.E, local.A, 12,  9, 15,  6 );
-    P2( local.A, local.B, local.C, local.D, local.E,  4,  8,  0, 14 );
-    P2( local.E, local.A, local.B, local.C, local.D, 13,  9,  5,  6 );
-    P2( local.D, local.E, local.A, local.B, local.C,  3, 14, 12,  9 );
-    P2( local.C, local.D, local.E, local.A, local.B,  7,  5,  2, 12 );
-    P2( local.B, local.C, local.D, local.E, local.A, 15,  6, 13,  9 );
-    P2( local.A, local.B, local.C, local.D, local.E, 14,  8,  9, 12 );
-    P2( local.E, local.A, local.B, local.C, local.D,  5,  6,  7,  5 );
-    P2( local.D, local.E, local.A, local.B, local.C,  6,  5, 10, 15 );
-    P2( local.C, local.D, local.E, local.A, local.B,  2, 12, 14,  8 );
-#undef F
-#undef K
-#undef Fp
-#undef Kp
-
-#define F   F5
-#define K   0xA953FD4E
-#define Fp  F1
-#define Kp  0x00000000
-    P2( local.B, local.C, local.D, local.E, local.A,  4,  9, 12,  8 );
-    P2( local.A, local.B, local.C, local.D, local.E,  0, 15, 15,  5 );
-    P2( local.E, local.A, local.B, local.C, local.D,  5,  5, 10, 12 );
-    P2( local.D, local.E, local.A, local.B, local.C,  9, 11,  4,  9 );
-    P2( local.C, local.D, local.E, local.A, local.B,  7,  6,  1, 12 );
-    P2( local.B, local.C, local.D, local.E, local.A, 12,  8,  5,  5 );
-    P2( local.A, local.B, local.C, local.D, local.E,  2, 13,  8, 14 );
-    P2( local.E, local.A, local.B, local.C, local.D, 10, 12,  7,  6 );
-    P2( local.D, local.E, local.A, local.B, local.C, 14,  5,  6,  8 );
-    P2( local.C, local.D, local.E, local.A, local.B,  1, 12,  2, 13 );
-    P2( local.B, local.C, local.D, local.E, local.A,  3, 13, 13,  6 );
-    P2( local.A, local.B, local.C, local.D, local.E,  8, 14, 14,  5 );
-    P2( local.E, local.A, local.B, local.C, local.D, 11, 11,  0, 15 );
-    P2( local.D, local.E, local.A, local.B, local.C,  6,  8,  3, 13 );
-    P2( local.C, local.D, local.E, local.A, local.B, 15,  5,  9, 11 );
-    P2( local.B, local.C, local.D, local.E, local.A, 13,  6, 11, 11 );
-#undef F
-#undef K
-#undef Fp
-#undef Kp
-
-    local.C       = ctx->state[1] + local.C + local.Dp;
-    ctx->state[1] = ctx->state[2] + local.D + local.Ep;
-    ctx->state[2] = ctx->state[3] + local.E + local.Ap;
-    ctx->state[3] = ctx->state[4] + local.A + local.Bp;
-    ctx->state[4] = ctx->state[0] + local.B + local.Cp;
-    ctx->state[0] = local.C;
-
-    /* Zeroise variables to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( &local, sizeof( local ) );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx,
-                                const unsigned char data[64] )
-{
-    mbedtls_internal_ripemd160_process( ctx, data );
-}
-#endif
-#endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */
-
-/*
- * RIPEMD-160 process buffer
- */
-int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx,
-                                  const unsigned char *input,
-                                  size_t ilen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t fill;
-    uint32_t left;
-
-    if( ilen == 0 )
-        return( 0 );
-
-    left = ctx->total[0] & 0x3F;
-    fill = 64 - left;
-
-    ctx->total[0] += (uint32_t) ilen;
-    ctx->total[0] &= 0xFFFFFFFF;
-
-    if( ctx->total[0] < (uint32_t) ilen )
-        ctx->total[1]++;
-
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
-
-        if( ( ret = mbedtls_internal_ripemd160_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
-
-        input += fill;
-        ilen  -= fill;
-        left = 0;
-    }
-
-    while( ilen >= 64 )
-    {
-        if( ( ret = mbedtls_internal_ripemd160_process( ctx, input ) ) != 0 )
-            return( ret );
-
-        input += 64;
-        ilen  -= 64;
-    }
-
-    if( ilen > 0 )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
-    }
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
-                               const unsigned char *input,
-                               size_t ilen )
-{
-    mbedtls_ripemd160_update_ret( ctx, input, ilen );
-}
-#endif
-
-static const unsigned char ripemd160_padding[64] =
-{
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-
-/*
- * RIPEMD-160 final digest
- */
-int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
-                                  unsigned char output[20] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    uint32_t last, padn;
-    uint32_t high, low;
-    unsigned char msglen[8];
-
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
-
-    MBEDTLS_PUT_UINT32_LE( low,  msglen, 0 );
-    MBEDTLS_PUT_UINT32_LE( high, msglen, 4 );
-
-    last = ctx->total[0] & 0x3F;
-    padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last );
-
-    ret = mbedtls_ripemd160_update_ret( ctx, ripemd160_padding, padn );
-    if( ret != 0 )
-        return( ret );
-
-    ret = mbedtls_ripemd160_update_ret( ctx, msglen, 8 );
-    if( ret != 0 )
-        return( ret );
-
-    MBEDTLS_PUT_UINT32_LE( ctx->state[0], output,  0 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[1], output,  4 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[2], output,  8 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[3], output, 12 );
-    MBEDTLS_PUT_UINT32_LE( ctx->state[4], output, 16 );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
-                               unsigned char output[20] )
-{
-    mbedtls_ripemd160_finish_ret( ctx, output );
-}
-#endif
-
-#endif /* ! MBEDTLS_RIPEMD160_ALT */
-
-/*
- * output = RIPEMD-160( input buffer )
- */
-int mbedtls_ripemd160_ret( const unsigned char *input,
-                           size_t ilen,
-                           unsigned char output[20] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ripemd160_context ctx;
-
-    mbedtls_ripemd160_init( &ctx );
-
-    if( ( ret = mbedtls_ripemd160_starts_ret( &ctx ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_ripemd160_update_ret( &ctx, input, ilen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_ripemd160_finish_ret( &ctx, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_ripemd160_free( &ctx );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ripemd160( const unsigned char *input,
-                        size_t ilen,
-                        unsigned char output[20] )
-{
-    mbedtls_ripemd160_ret( input, ilen, output );
-}
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * Test vectors from the RIPEMD-160 paper and
- * http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html#HMAC
- */
-#define TESTS   8
-static const unsigned char ripemd160_test_str[TESTS][81] =
-{
-    { "" },
-    { "a" },
-    { "abc" },
-    { "message digest" },
-    { "abcdefghijklmnopqrstuvwxyz" },
-    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
-    { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" },
-    { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" },
-};
-
-static const size_t ripemd160_test_strlen[TESTS] =
-{
-    0, 1, 3, 14, 26, 56, 62, 80
-};
-
-static const unsigned char ripemd160_test_md[TESTS][20] =
-{
-    { 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54, 0x61, 0x28,
-      0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48, 0xb2, 0x25, 0x8d, 0x31 },
-    { 0x0b, 0xdc, 0x9d, 0x2d, 0x25, 0x6b, 0x3e, 0xe9, 0xda, 0xae,
-      0x34, 0x7b, 0xe6, 0xf4, 0xdc, 0x83, 0x5a, 0x46, 0x7f, 0xfe },
-    { 0x8e, 0xb2, 0x08, 0xf7, 0xe0, 0x5d, 0x98, 0x7a, 0x9b, 0x04,
-      0x4a, 0x8e, 0x98, 0xc6, 0xb0, 0x87, 0xf1, 0x5a, 0x0b, 0xfc },
-    { 0x5d, 0x06, 0x89, 0xef, 0x49, 0xd2, 0xfa, 0xe5, 0x72, 0xb8,
-      0x81, 0xb1, 0x23, 0xa8, 0x5f, 0xfa, 0x21, 0x59, 0x5f, 0x36 },
-    { 0xf7, 0x1c, 0x27, 0x10, 0x9c, 0x69, 0x2c, 0x1b, 0x56, 0xbb,
-      0xdc, 0xeb, 0x5b, 0x9d, 0x28, 0x65, 0xb3, 0x70, 0x8d, 0xbc },
-    { 0x12, 0xa0, 0x53, 0x38, 0x4a, 0x9c, 0x0c, 0x88, 0xe4, 0x05,
-      0xa0, 0x6c, 0x27, 0xdc, 0xf4, 0x9a, 0xda, 0x62, 0xeb, 0x2b },
-    { 0xb0, 0xe2, 0x0b, 0x6e, 0x31, 0x16, 0x64, 0x02, 0x86, 0xed,
-      0x3a, 0x87, 0xa5, 0x71, 0x30, 0x79, 0xb2, 0x1f, 0x51, 0x89 },
-    { 0x9b, 0x75, 0x2e, 0x45, 0x57, 0x3d, 0x4b, 0x39, 0xf4, 0xdb,
-      0xd3, 0x32, 0x3c, 0xab, 0x82, 0xbf, 0x63, 0x32, 0x6b, 0xfb },
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_ripemd160_self_test( int verbose )
-{
-    int i, ret = 0;
-    unsigned char output[20];
-
-    memset( output, 0, sizeof output );
-
-    for( i = 0; i < TESTS; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  RIPEMD-160 test #%d: ", i + 1 );
-
-        ret = mbedtls_ripemd160_ret( ripemd160_test_str[i],
-                                     ripemd160_test_strlen[i], output );
-        if( ret != 0 )
-            goto fail;
-
-        if( memcmp( output, ripemd160_test_md[i], 20 ) != 0 )
-        {
-            ret = 1;
-            goto fail;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    return( 0 );
-
-fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_RIPEMD160_C */
diff --git a/Sources/mbedtls/library/rsa.c b/Sources/mbedtls/library/rsa.c
deleted file mode 100644
index 9c39fa5..0000000
--- a/Sources/mbedtls/library/rsa.c
+++ /dev/null
@@ -1,2582 +0,0 @@
-/*
- *  The RSA public-key cryptosystem
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-/*
- *  The following sources were referenced in the design of this implementation
- *  of the RSA algorithm:
- *
- *  [1] A method for obtaining digital signatures and public-key cryptosystems
- *      R Rivest, A Shamir, and L Adleman
- *      http://people.csail.mit.edu/rivest/pubs.html#RSA78
- *
- *  [2] Handbook of Applied Cryptography - 1997, Chapter 8
- *      Menezes, van Oorschot and Vanstone
- *
- *  [3] Malware Guard Extension: Using SGX to Conceal Cache Attacks
- *      Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice and
- *      Stefan Mangard
- *      https://arxiv.org/abs/1702.08719v2
- *
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_RSA_C)
-
-#include "mbedtls/rsa.h"
-#include "mbedtls/rsa_internal.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-#include "constant_time_internal.h"
-#include "mbedtls/constant_time.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_PKCS1_V21)
-#include "mbedtls/md.h"
-#endif
-
-#if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__) && !defined(__NetBSD__)
-#include <stdlib.h>
-#endif
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_RSA_ALT)
-
-/* Parameter validation macros */
-#define RSA_VALIDATE_RET( cond )                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
-#define RSA_VALIDATE( cond )                                           \
-    MBEDTLS_INTERNAL_VALIDATE( cond )
-
-int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
-                        const mbedtls_mpi *N,
-                        const mbedtls_mpi *P, const mbedtls_mpi *Q,
-                        const mbedtls_mpi *D, const mbedtls_mpi *E )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    RSA_VALIDATE_RET( ctx != NULL );
-
-    if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
-        ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
-        ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->Q, Q ) ) != 0 ) ||
-        ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) ||
-        ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
-    }
-
-    if( N != NULL )
-        ctx->len = mbedtls_mpi_size( &ctx->N );
-
-    return( 0 );
-}
-
-int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
-                            unsigned char const *N, size_t N_len,
-                            unsigned char const *P, size_t P_len,
-                            unsigned char const *Q, size_t Q_len,
-                            unsigned char const *D, size_t D_len,
-                            unsigned char const *E, size_t E_len )
-{
-    int ret = 0;
-    RSA_VALIDATE_RET( ctx != NULL );
-
-    if( N != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->N, N, N_len ) );
-        ctx->len = mbedtls_mpi_size( &ctx->N );
-    }
-
-    if( P != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->P, P, P_len ) );
-
-    if( Q != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->Q, Q, Q_len ) );
-
-    if( D != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->D, D, D_len ) );
-
-    if( E != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->E, E, E_len ) );
-
-cleanup:
-
-    if( ret != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
-
-    return( 0 );
-}
-
-/*
- * Checks whether the context fields are set in such a way
- * that the RSA primitives will be able to execute without error.
- * It does *not* make guarantees for consistency of the parameters.
- */
-static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv,
-                              int blinding_needed )
-{
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    /* blinding_needed is only used for NO_CRT to decide whether
-     * P,Q need to be present or not. */
-    ((void) blinding_needed);
-#endif
-
-    if( ctx->len != mbedtls_mpi_size( &ctx->N ) ||
-        ctx->len > MBEDTLS_MPI_MAX_SIZE )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-    /*
-     * 1. Modular exponentiation needs positive, odd moduli.
-     */
-
-    /* Modular exponentiation wrt. N is always used for
-     * RSA public key operations. */
-    if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) <= 0 ||
-        mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0  )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    /* Modular exponentiation for P and Q is only
-     * used for private key operations and if CRT
-     * is used. */
-    if( is_priv &&
-        ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 ||
-          mbedtls_mpi_get_bit( &ctx->P, 0 ) == 0 ||
-          mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ||
-          mbedtls_mpi_get_bit( &ctx->Q, 0 ) == 0  ) )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-#endif /* !MBEDTLS_RSA_NO_CRT */
-
-    /*
-     * 2. Exponents must be positive
-     */
-
-    /* Always need E for public key operations */
-    if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-#if defined(MBEDTLS_RSA_NO_CRT)
-    /* For private key operations, use D or DP & DQ
-     * as (unblinded) exponents. */
-    if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-#else
-    if( is_priv &&
-        ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) <= 0 ||
-          mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) <= 0  ) )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-#endif /* MBEDTLS_RSA_NO_CRT */
-
-    /* Blinding shouldn't make exponents negative either,
-     * so check that P, Q >= 1 if that hasn't yet been
-     * done as part of 1. */
-#if defined(MBEDTLS_RSA_NO_CRT)
-    if( is_priv && blinding_needed &&
-        ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 ||
-          mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-#endif
-
-    /* It wouldn't lead to an error if it wasn't satisfied,
-     * but check for QP >= 1 nonetheless. */
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    if( is_priv &&
-        mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-#endif
-
-    return( 0 );
-}
-
-int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
-{
-    int ret = 0;
-    int have_N, have_P, have_Q, have_D, have_E;
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    int have_DP, have_DQ, have_QP;
-#endif
-    int n_missing, pq_missing, d_missing, is_pub, is_priv;
-
-    RSA_VALIDATE_RET( ctx != NULL );
-
-    have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 );
-    have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 );
-    have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 );
-    have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 );
-    have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 );
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    have_DP = ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) != 0 );
-    have_DQ = ( mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) != 0 );
-    have_QP = ( mbedtls_mpi_cmp_int( &ctx->QP, 0 ) != 0 );
-#endif
-
-    /*
-     * Check whether provided parameters are enough
-     * to deduce all others. The following incomplete
-     * parameter sets for private keys are supported:
-     *
-     * (1) P, Q missing.
-     * (2) D and potentially N missing.
-     *
-     */
-
-    n_missing  =              have_P &&  have_Q &&  have_D && have_E;
-    pq_missing =   have_N && !have_P && !have_Q &&  have_D && have_E;
-    d_missing  =              have_P &&  have_Q && !have_D && have_E;
-    is_pub     =   have_N && !have_P && !have_Q && !have_D && have_E;
-
-    /* These three alternatives are mutually exclusive */
-    is_priv = n_missing || pq_missing || d_missing;
-
-    if( !is_priv && !is_pub )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    /*
-     * Step 1: Deduce N if P, Q are provided.
-     */
-
-    if( !have_N && have_P && have_Q )
-    {
-        if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P,
-                                         &ctx->Q ) ) != 0 )
-        {
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
-        }
-
-        ctx->len = mbedtls_mpi_size( &ctx->N );
-    }
-
-    /*
-     * Step 2: Deduce and verify all remaining core parameters.
-     */
-
-    if( pq_missing )
-    {
-        ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D,
-                                         &ctx->P, &ctx->Q );
-        if( ret != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
-
-    }
-    else if( d_missing )
-    {
-        if( ( ret = mbedtls_rsa_deduce_private_exponent( &ctx->P,
-                                                         &ctx->Q,
-                                                         &ctx->E,
-                                                         &ctx->D ) ) != 0 )
-        {
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
-        }
-    }
-
-    /*
-     * Step 3: Deduce all additional parameters specific
-     *         to our current RSA implementation.
-     */
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    if( is_priv && ! ( have_DP && have_DQ && have_QP ) )
-    {
-        ret = mbedtls_rsa_deduce_crt( &ctx->P,  &ctx->Q,  &ctx->D,
-                                      &ctx->DP, &ctx->DQ, &ctx->QP );
-        if( ret != 0 )
-            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
-    }
-#endif /* MBEDTLS_RSA_NO_CRT */
-
-    /*
-     * Step 3: Basic sanity checks
-     */
-
-    return( rsa_check_context( ctx, is_priv, 1 ) );
-}
-
-int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
-                            unsigned char *N, size_t N_len,
-                            unsigned char *P, size_t P_len,
-                            unsigned char *Q, size_t Q_len,
-                            unsigned char *D, size_t D_len,
-                            unsigned char *E, size_t E_len )
-{
-    int ret = 0;
-    int is_priv;
-    RSA_VALIDATE_RET( ctx != NULL );
-
-    /* Check if key is private or public */
-    is_priv =
-        mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
-
-    if( !is_priv )
-    {
-        /* If we're trying to export private parameters for a public key,
-         * something must be wrong. */
-        if( P != NULL || Q != NULL || D != NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    }
-
-    if( N != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->N, N, N_len ) );
-
-    if( P != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->P, P, P_len ) );
-
-    if( Q != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->Q, Q, Q_len ) );
-
-    if( D != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->D, D, D_len ) );
-
-    if( E != NULL )
-        MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->E, E, E_len ) );
-
-cleanup:
-
-    return( ret );
-}
-
-int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
-                        mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
-                        mbedtls_mpi *D, mbedtls_mpi *E )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    int is_priv;
-    RSA_VALIDATE_RET( ctx != NULL );
-
-    /* Check if key is private or public */
-    is_priv =
-        mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
-
-    if( !is_priv )
-    {
-        /* If we're trying to export private parameters for a public key,
-         * something must be wrong. */
-        if( P != NULL || Q != NULL || D != NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    }
-
-    /* Export all requested core parameters. */
-
-    if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->N ) ) != 0 ) ||
-        ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->P ) ) != 0 ) ||
-        ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->Q ) ) != 0 ) ||
-        ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->D ) ) != 0 ) ||
-        ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->E ) ) != 0 ) )
-    {
-        return( ret );
-    }
-
-    return( 0 );
-}
-
-/*
- * Export CRT parameters
- * This must also be implemented if CRT is not used, for being able to
- * write DER encoded RSA keys. The helper function mbedtls_rsa_deduce_crt
- * can be used in this case.
- */
-int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
-                            mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    int is_priv;
-    RSA_VALIDATE_RET( ctx != NULL );
-
-    /* Check if key is private or public */
-    is_priv =
-        mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
-
-    if( !is_priv )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    /* Export all requested blinding parameters. */
-    if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->DP ) ) != 0 ) ||
-        ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) ||
-        ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
-    }
-#else
-    if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
-                                        DP, DQ, QP ) ) != 0 )
-    {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
-    }
-#endif
-
-    return( 0 );
-}
-
-/*
- * Initialize an RSA context
- */
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx,
-               int padding,
-               int hash_id )
-{
-    RSA_VALIDATE( ctx != NULL );
-    RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
-                  padding == MBEDTLS_RSA_PKCS_V21 );
-
-    memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
-
-    mbedtls_rsa_set_padding( ctx, padding, hash_id );
-
-#if defined(MBEDTLS_THREADING_C)
-    /* Set ctx->ver to nonzero to indicate that the mutex has been
-     * initialized and will need to be freed. */
-    ctx->ver = 1;
-    mbedtls_mutex_init( &ctx->mutex );
-#endif
-}
-
-/*
- * Set padding for an existing RSA context
- */
-void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
-                              int hash_id )
-{
-    RSA_VALIDATE( ctx != NULL );
-    RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 ||
-                  padding == MBEDTLS_RSA_PKCS_V21 );
-
-    ctx->padding = padding;
-    ctx->hash_id = hash_id;
-}
-
-/*
- * Get length in bytes of RSA modulus
- */
-
-size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx )
-{
-    return( ctx->len );
-}
-
-
-#if defined(MBEDTLS_GENPRIME)
-
-/*
- * Generate an RSA keypair
- *
- * This generation method follows the RSA key pair generation procedure of
- * FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072.
- */
-int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
-                 int (*f_rng)(void *, unsigned char *, size_t),
-                 void *p_rng,
-                 unsigned int nbits, int exponent )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_mpi H, G, L;
-    int prime_quality = 0;
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( f_rng != NULL );
-
-    /*
-     * If the modulus is 1024 bit long or shorter, then the security strength of
-     * the RSA algorithm is less than or equal to 80 bits and therefore an error
-     * rate of 2^-80 is sufficient.
-     */
-    if( nbits > 1024 )
-        prime_quality = MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR;
-
-    mbedtls_mpi_init( &H );
-    mbedtls_mpi_init( &G );
-    mbedtls_mpi_init( &L );
-
-    if( nbits < 128 || exponent < 3 || nbits % 2 != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    /*
-     * find primes P and Q with Q < P so that:
-     * 1.  |P-Q| > 2^( nbits / 2 - 100 )
-     * 2.  GCD( E, (P-1)*(Q-1) ) == 1
-     * 3.  E^-1 mod LCM(P-1, Q-1) > 2^( nbits / 2 )
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) );
-
-    do
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1,
-                                                prime_quality, f_rng, p_rng ) );
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1,
-                                                prime_quality, f_rng, p_rng ) );
-
-        /* make sure the difference between p and q is not too small (FIPS 186-4 §B.3.3 step 5.4) */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &H, &ctx->P, &ctx->Q ) );
-        if( mbedtls_mpi_bitlen( &H ) <= ( ( nbits >= 200 ) ? ( ( nbits >> 1 ) - 99 ) : 0 ) )
-            continue;
-
-        /* not required by any standards, but some users rely on the fact that P > Q */
-        if( H.s < 0 )
-            mbedtls_mpi_swap( &ctx->P, &ctx->Q );
-
-        /* Temporarily replace P,Q by P-1, Q-1 */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) );
-
-        /* check GCD( E, (P-1)*(Q-1) ) == 1 (FIPS 186-4 §B.3.1 criterion 2(a)) */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H  ) );
-        if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 )
-            continue;
-
-        /* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) (FIPS 186-4 §B.3.1 criterion 3(b)) */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->P, &ctx->Q ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L, NULL, &H, &G ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &L ) );
-
-        if( mbedtls_mpi_bitlen( &ctx->D ) <= ( ( nbits + 1 ) / 2 ) ) // (FIPS 186-4 §B.3.1 criterion 3(a))
-            continue;
-
-        break;
-    }
-    while( 1 );
-
-    /* Restore P,Q */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P,  &ctx->P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q,  &ctx->Q, 1 ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
-
-    ctx->len = mbedtls_mpi_size( &ctx->N );
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    /*
-     * DP = D mod (P - 1)
-     * DQ = D mod (Q - 1)
-     * QP = Q^-1 mod P
-     */
-    MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
-                                             &ctx->DP, &ctx->DQ, &ctx->QP ) );
-#endif /* MBEDTLS_RSA_NO_CRT */
-
-    /* Double-check */
-    MBEDTLS_MPI_CHK( mbedtls_rsa_check_privkey( ctx ) );
-
-cleanup:
-
-    mbedtls_mpi_free( &H );
-    mbedtls_mpi_free( &G );
-    mbedtls_mpi_free( &L );
-
-    if( ret != 0 )
-    {
-        mbedtls_rsa_free( ctx );
-
-        if( ( -ret & ~0x7f ) == 0 )
-            ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_KEY_GEN_FAILED, ret );
-        return( ret );
-    }
-
-    return( 0 );
-}
-
-#endif /* MBEDTLS_GENPRIME */
-
-/*
- * Check a public RSA key
- */
-int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
-{
-    RSA_VALIDATE_RET( ctx != NULL );
-
-    if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 )
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-
-    if( mbedtls_mpi_bitlen( &ctx->N ) < 128 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-
-    if( mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 ||
-        mbedtls_mpi_bitlen( &ctx->E )     < 2  ||
-        mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-
-    return( 0 );
-}
-
-/*
- * Check for the consistency of all fields in an RSA private key context
- */
-int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
-{
-    RSA_VALIDATE_RET( ctx != NULL );
-
-    if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
-        rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-
-    if( mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q,
-                                     &ctx->D, &ctx->E, NULL, NULL ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    else if( mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D,
-                                       &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-#endif
-
-    return( 0 );
-}
-
-/*
- * Check if contexts holding a public and private key match
- */
-int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
-                                const mbedtls_rsa_context *prv )
-{
-    RSA_VALIDATE_RET( pub != NULL );
-    RSA_VALIDATE_RET( prv != NULL );
-
-    if( mbedtls_rsa_check_pubkey( pub )  != 0 ||
-        mbedtls_rsa_check_privkey( prv ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-
-    if( mbedtls_mpi_cmp_mpi( &pub->N, &prv->N ) != 0 ||
-        mbedtls_mpi_cmp_mpi( &pub->E, &prv->E ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
-    }
-
-    return( 0 );
-}
-
-/*
- * Do an RSA public key operation
- */
-int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
-                const unsigned char *input,
-                unsigned char *output )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t olen;
-    mbedtls_mpi T;
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( input != NULL );
-    RSA_VALIDATE_RET( output != NULL );
-
-    if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    mbedtls_mpi_init( &T );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
-
-    if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
-    {
-        ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    olen = ctx->len;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
-
-cleanup:
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    mbedtls_mpi_free( &T );
-
-    if( ret != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret ) );
-
-    return( 0 );
-}
-
-/*
- * Generate or update blinding values, see section 10 of:
- *  KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
- *  DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
- *  Berlin Heidelberg, 1996. p. 104-113.
- */
-static int rsa_prepare_blinding( mbedtls_rsa_context *ctx,
-                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
-    int ret, count = 0;
-    mbedtls_mpi R;
-
-    mbedtls_mpi_init( &R );
-
-    if( ctx->Vf.p != NULL )
-    {
-        /* We already have blinding values, just update them by squaring */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) );
-
-        goto cleanup;
-    }
-
-    /* Unblinding value: Vf = random number, invertible mod N */
-    do {
-        if( count++ > 10 )
-        {
-            ret = MBEDTLS_ERR_RSA_RNG_FAILED;
-            goto cleanup;
-        }
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) );
-
-        /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from inv_mod. */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, ctx->len - 1, f_rng, p_rng ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vf, &R ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
-
-        /* At this point, Vi is invertible mod N if and only if both Vf and R
-         * are invertible mod N. If one of them isn't, we don't need to know
-         * which one, we just loop and choose new values for both of them.
-         * (Each iteration succeeds with overwhelming probability.) */
-        ret = mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vi, &ctx->N );
-        if( ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
-            goto cleanup;
-
-    } while( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
-
-    /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
-
-    /* Blinding value: Vi = Vf^(-e) mod N
-     * (Vi already contains Vf^-1 at this point) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) );
-
-
-cleanup:
-    mbedtls_mpi_free( &R );
-
-    return( ret );
-}
-
-/*
- * Exponent blinding supposed to prevent side-channel attacks using multiple
- * traces of measurements to recover the RSA key. The more collisions are there,
- * the more bits of the key can be recovered. See [3].
- *
- * Collecting n collisions with m bit long blinding value requires 2^(m-m/n)
- * observations on average.
- *
- * For example with 28 byte blinding to achieve 2 collisions the adversary has
- * to make 2^112 observations on average.
- *
- * (With the currently (as of 2017 April) known best algorithms breaking 2048
- * bit RSA requires approximately as much time as trying out 2^112 random keys.
- * Thus in this sense with 28 byte blinding the security is not reduced by
- * side-channel attacks like the one in [3])
- *
- * This countermeasure does not help if the key recovery is possible with a
- * single trace.
- */
-#define RSA_EXPONENT_BLINDING 28
-
-/*
- * Do an RSA private key operation
- */
-int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
-                 int (*f_rng)(void *, unsigned char *, size_t),
-                 void *p_rng,
-                 const unsigned char *input,
-                 unsigned char *output )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t olen;
-
-    /* Temporary holding the result */
-    mbedtls_mpi T;
-
-    /* Temporaries holding P-1, Q-1 and the
-     * exponent blinding factor, respectively. */
-    mbedtls_mpi P1, Q1, R;
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    /* Temporaries holding the results mod p resp. mod q. */
-    mbedtls_mpi TP, TQ;
-
-    /* Temporaries holding the blinded exponents for
-     * the mod p resp. mod q computation (if used). */
-    mbedtls_mpi DP_blind, DQ_blind;
-
-    /* Pointers to actual exponents to be used - either the unblinded
-     * or the blinded ones, depending on the presence of a PRNG. */
-    mbedtls_mpi *DP = &ctx->DP;
-    mbedtls_mpi *DQ = &ctx->DQ;
-#else
-    /* Temporary holding the blinded exponent (if used). */
-    mbedtls_mpi D_blind;
-
-    /* Pointer to actual exponent to be used - either the unblinded
-     * or the blinded one, depending on the presence of a PRNG. */
-    mbedtls_mpi *D = &ctx->D;
-#endif /* MBEDTLS_RSA_NO_CRT */
-
-    /* Temporaries holding the initial input and the double
-     * checked result; should be the same in the end. */
-    mbedtls_mpi I, C;
-
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( input  != NULL );
-    RSA_VALIDATE_RET( output != NULL );
-
-    if( rsa_check_context( ctx, 1             /* private key checks */,
-                                f_rng != NULL /* blinding y/n       */ ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    /* MPI Initialization */
-    mbedtls_mpi_init( &T );
-
-    mbedtls_mpi_init( &P1 );
-    mbedtls_mpi_init( &Q1 );
-    mbedtls_mpi_init( &R );
-
-    if( f_rng != NULL )
-    {
-#if defined(MBEDTLS_RSA_NO_CRT)
-        mbedtls_mpi_init( &D_blind );
-#else
-        mbedtls_mpi_init( &DP_blind );
-        mbedtls_mpi_init( &DQ_blind );
-#endif
-    }
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ );
-#endif
-
-    mbedtls_mpi_init( &I );
-    mbedtls_mpi_init( &C );
-
-    /* End of MPI initialization */
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
-    if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
-    {
-        ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) );
-
-    if( f_rng != NULL )
-    {
-        /*
-         * Blinding
-         * T = T * Vi mod N
-         */
-        MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
-
-        /*
-         * Exponent blinding
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
-
-#if defined(MBEDTLS_RSA_NO_CRT)
-        /*
-         * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
-                         f_rng, p_rng ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &P1, &Q1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &D_blind, &R ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) );
-
-        D = &D_blind;
-#else
-        /*
-         * DP_blind = ( P - 1 ) * R + DP
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
-                         f_rng, p_rng ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DP_blind, &P1, &R ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DP_blind, &DP_blind,
-                    &ctx->DP ) );
-
-        DP = &DP_blind;
-
-        /*
-         * DQ_blind = ( Q - 1 ) * R + DQ
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
-                         f_rng, p_rng ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DQ_blind, &Q1, &R ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DQ_blind, &DQ_blind,
-                    &ctx->DQ ) );
-
-        DQ = &DQ_blind;
-#endif /* MBEDTLS_RSA_NO_CRT */
-    }
-
-#if defined(MBEDTLS_RSA_NO_CRT)
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) );
-#else
-    /*
-     * Faster decryption using the CRT
-     *
-     * TP = input ^ dP mod P
-     * TQ = input ^ dQ mod Q
-     */
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TP, &T, DP, &ctx->P, &ctx->RP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TQ, &T, DQ, &ctx->Q, &ctx->RQ ) );
-
-    /*
-     * T = (TP - TQ) * (Q^-1 mod P) mod P
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &TP, &TQ ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->QP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &TP, &ctx->P ) );
-
-    /*
-     * T = TQ + T * Q
-     */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &TP, &T, &ctx->Q ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) );
-#endif /* MBEDTLS_RSA_NO_CRT */
-
-    if( f_rng != NULL )
-    {
-        /*
-         * Unblind
-         * T = T * Vf mod N
-         */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
-    }
-
-    /* Verify the result to prevent glitching attacks. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E,
-                                          &ctx->N, &ctx->RN ) );
-    if( mbedtls_mpi_cmp_mpi( &C, &I ) != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
-        goto cleanup;
-    }
-
-    olen = ctx->len;
-    MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
-
-cleanup:
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-#endif
-
-    mbedtls_mpi_free( &P1 );
-    mbedtls_mpi_free( &Q1 );
-    mbedtls_mpi_free( &R );
-
-    if( f_rng != NULL )
-    {
-#if defined(MBEDTLS_RSA_NO_CRT)
-        mbedtls_mpi_free( &D_blind );
-#else
-        mbedtls_mpi_free( &DP_blind );
-        mbedtls_mpi_free( &DQ_blind );
-#endif
-    }
-
-    mbedtls_mpi_free( &T );
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    mbedtls_mpi_free( &TP ); mbedtls_mpi_free( &TQ );
-#endif
-
-    mbedtls_mpi_free( &C );
-    mbedtls_mpi_free( &I );
-
-    if( ret != 0 && ret >= -0x007f )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret ) );
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_PKCS1_V21)
-/**
- * Generate and apply the MGF1 operation (from PKCS#1 v2.1) to a buffer.
- *
- * \param dst       buffer to mask
- * \param dlen      length of destination buffer
- * \param src       source of the mask generation
- * \param slen      length of the source buffer
- * \param md_ctx    message digest context to use
- */
-static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
-                      size_t slen, mbedtls_md_context_t *md_ctx )
-{
-    unsigned char mask[MBEDTLS_MD_MAX_SIZE];
-    unsigned char counter[4];
-    unsigned char *p;
-    unsigned int hlen;
-    size_t i, use_len;
-    int ret = 0;
-
-    memset( mask, 0, MBEDTLS_MD_MAX_SIZE );
-    memset( counter, 0, 4 );
-
-    hlen = mbedtls_md_get_size( md_ctx->md_info );
-
-    /* Generate and apply dbMask */
-    p = dst;
-
-    while( dlen > 0 )
-    {
-        use_len = hlen;
-        if( dlen < hlen )
-            use_len = dlen;
-
-        if( ( ret = mbedtls_md_starts( md_ctx ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md_update( md_ctx, src, slen ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md_update( md_ctx, counter, 4 ) ) != 0 )
-            goto exit;
-        if( ( ret = mbedtls_md_finish( md_ctx, mask ) ) != 0 )
-            goto exit;
-
-        for( i = 0; i < use_len; ++i )
-            *p++ ^= mask[i];
-
-        counter[3]++;
-
-        dlen -= use_len;
-    }
-
-exit:
-    mbedtls_platform_zeroize( mask, sizeof( mask ) );
-
-    return( ret );
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V21)
-/*
- * Implementation of the PKCS#1 v2.1 RSAES-OAEP-ENCRYPT function
- */
-int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng,
-                            int mode,
-                            const unsigned char *label, size_t label_len,
-                            size_t ilen,
-                            const unsigned char *input,
-                            unsigned char *output )
-{
-    size_t olen;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *p = output;
-    unsigned int hlen;
-    const mbedtls_md_info_t *md_info;
-    mbedtls_md_context_t md_ctx;
-
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
-    RSA_VALIDATE_RET( output != NULL );
-    RSA_VALIDATE_RET( ilen == 0 || input != NULL );
-    RSA_VALIDATE_RET( label_len == 0 || label != NULL );
-
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    if( f_rng == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    olen = ctx->len;
-    hlen = mbedtls_md_get_size( md_info );
-
-    /* first comparison checks for overflow */
-    if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    memset( output, 0, olen );
-
-    *p++ = 0;
-
-    /* Generate a random octet string seed */
-    if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
-
-    p += hlen;
-
-    /* Construct DB */
-    if( ( ret = mbedtls_md( md_info, label, label_len, p ) ) != 0 )
-        return( ret );
-    p += hlen;
-    p += olen - 2 * hlen - 2 - ilen;
-    *p++ = 1;
-    if( ilen != 0 )
-        memcpy( p, input, ilen );
-
-    mbedtls_md_init( &md_ctx );
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
-        goto exit;
-
-    /* maskedDB: Apply dbMask to DB */
-    if( ( ret = mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
-                          &md_ctx ) ) != 0 )
-        goto exit;
-
-    /* maskedSeed: Apply seedMask to seed */
-    if( ( ret = mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
-                          &md_ctx ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_md_free( &md_ctx );
-
-    if( ret != 0 )
-        return( ret );
-
-    return( ( mode == MBEDTLS_RSA_PUBLIC )
-            ? mbedtls_rsa_public(  ctx, output, output )
-            : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V15)
-/*
- * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-ENCRYPT function
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 int mode, size_t ilen,
-                                 const unsigned char *input,
-                                 unsigned char *output )
-{
-    size_t nb_pad, olen;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *p = output;
-
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
-    RSA_VALIDATE_RET( output != NULL );
-    RSA_VALIDATE_RET( ilen == 0 || input != NULL );
-
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    olen = ctx->len;
-
-    /* first comparison checks for overflow */
-    if( ilen + 11 < ilen || olen < ilen + 11 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    nb_pad = olen - 3 - ilen;
-
-    *p++ = 0;
-    if( mode == MBEDTLS_RSA_PUBLIC )
-    {
-        if( f_rng == NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        *p++ = MBEDTLS_RSA_CRYPT;
-
-        while( nb_pad-- > 0 )
-        {
-            int rng_dl = 100;
-
-            do {
-                ret = f_rng( p_rng, p, 1 );
-            } while( *p == 0 && --rng_dl && ret == 0 );
-
-            /* Check if RNG failed to generate data */
-            if( rng_dl == 0 || ret != 0 )
-                return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
-
-            p++;
-        }
-    }
-    else
-    {
-        *p++ = MBEDTLS_RSA_SIGN;
-
-        while( nb_pad-- > 0 )
-            *p++ = 0xFF;
-    }
-
-    *p++ = 0;
-    if( ilen != 0 )
-        memcpy( p, input, ilen );
-
-    return( ( mode == MBEDTLS_RSA_PUBLIC )
-            ? mbedtls_rsa_public(  ctx, output, output )
-            : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Add the message padding, then do an RSA operation
- */
-int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng,
-                       int mode, size_t ilen,
-                       const unsigned char *input,
-                       unsigned char *output )
-{
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
-    RSA_VALIDATE_RET( output != NULL );
-    RSA_VALIDATE_RET( ilen == 0 || input != NULL );
-
-    switch( ctx->padding )
-    {
-#if defined(MBEDTLS_PKCS1_V15)
-        case MBEDTLS_RSA_PKCS_V15:
-            return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen,
-                                                input, output );
-#endif
-
-#if defined(MBEDTLS_PKCS1_V21)
-        case MBEDTLS_RSA_PKCS_V21:
-            return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0,
-                                           ilen, input, output );
-#endif
-
-        default:
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-    }
-}
-
-#if defined(MBEDTLS_PKCS1_V21)
-/*
- * Implementation of the PKCS#1 v2.1 RSAES-OAEP-DECRYPT function
- */
-int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng,
-                            int mode,
-                            const unsigned char *label, size_t label_len,
-                            size_t *olen,
-                            const unsigned char *input,
-                            unsigned char *output,
-                            size_t output_max_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t ilen, i, pad_len;
-    unsigned char *p, bad, pad_done;
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-    unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
-    unsigned int hlen;
-    const mbedtls_md_info_t *md_info;
-    mbedtls_md_context_t md_ctx;
-
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
-    RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
-    RSA_VALIDATE_RET( label_len == 0 || label != NULL );
-    RSA_VALIDATE_RET( input != NULL );
-    RSA_VALIDATE_RET( olen != NULL );
-
-    /*
-     * Parameters sanity checks
-     */
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    ilen = ctx->len;
-
-    if( ilen < 16 || ilen > sizeof( buf ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    hlen = mbedtls_md_get_size( md_info );
-
-    // checking for integer underflow
-    if( 2 * hlen + 2 > ilen )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    /*
-     * RSA operation
-     */
-    ret = ( mode == MBEDTLS_RSA_PUBLIC )
-          ? mbedtls_rsa_public(  ctx, input, buf )
-          : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
-
-    if( ret != 0 )
-        goto cleanup;
-
-    /*
-     * Unmask data and generate lHash
-     */
-    mbedtls_md_init( &md_ctx );
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
-    {
-        mbedtls_md_free( &md_ctx );
-        goto cleanup;
-    }
-
-    /* seed: Apply seedMask to maskedSeed */
-    if( ( ret = mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
-                          &md_ctx ) ) != 0 ||
-    /* DB: Apply dbMask to maskedDB */
-        ( ret = mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
-                          &md_ctx ) ) != 0 )
-    {
-        mbedtls_md_free( &md_ctx );
-        goto cleanup;
-    }
-
-    mbedtls_md_free( &md_ctx );
-
-    /* Generate lHash */
-    if( ( ret = mbedtls_md( md_info, label, label_len, lhash ) ) != 0 )
-        goto cleanup;
-
-    /*
-     * Check contents, in "constant-time"
-     */
-    p = buf;
-    bad = 0;
-
-    bad |= *p++; /* First byte must be 0 */
-
-    p += hlen; /* Skip seed */
-
-    /* Check lHash */
-    for( i = 0; i < hlen; i++ )
-        bad |= lhash[i] ^ *p++;
-
-    /* Get zero-padding len, but always read till end of buffer
-     * (minus one, for the 01 byte) */
-    pad_len = 0;
-    pad_done = 0;
-    for( i = 0; i < ilen - 2 * hlen - 2; i++ )
-    {
-        pad_done |= p[i];
-        pad_len += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1;
-    }
-
-    p += pad_len;
-    bad |= *p++ ^ 0x01;
-
-    /*
-     * The only information "leaked" is whether the padding was correct or not
-     * (eg, no data is copied if it was not correct). This meets the
-     * recommendations in PKCS#1 v2.2: an opponent cannot distinguish between
-     * the different error conditions.
-     */
-    if( bad != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
-        goto cleanup;
-    }
-
-    if( ilen - ( p - buf ) > output_max_len )
-    {
-        ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
-        goto cleanup;
-    }
-
-    *olen = ilen - (p - buf);
-    if( *olen != 0 )
-        memcpy( output, p, *olen );
-    ret = 0;
-
-cleanup:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-    mbedtls_platform_zeroize( lhash, sizeof( lhash ) );
-
-    return( ret );
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V15)
-/*
- * Implementation of the PKCS#1 v2.1 RSAES-PKCS1-V1_5-DECRYPT function
- */
-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 int mode,
-                                 size_t *olen,
-                                 const unsigned char *input,
-                                 unsigned char *output,
-                                 size_t output_max_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t ilen;
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
-    RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
-    RSA_VALIDATE_RET( input != NULL );
-    RSA_VALIDATE_RET( olen != NULL );
-
-    ilen = ctx->len;
-
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    if( ilen < 16 || ilen > sizeof( buf ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    ret = ( mode == MBEDTLS_RSA_PUBLIC )
-          ? mbedtls_rsa_public(  ctx, input, buf )
-          : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
-
-    if( ret != 0 )
-        goto cleanup;
-
-    ret = mbedtls_ct_rsaes_pkcs1_v15_unpadding( mode, buf, ilen,
-                                                output, output_max_len, olen );
-
-cleanup:
-    mbedtls_platform_zeroize( buf, sizeof( buf ) );
-
-    return( ret );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Do an RSA operation, then remove the message padding
- */
-int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng,
-                       int mode, size_t *olen,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t output_max_len)
-{
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
-    RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
-    RSA_VALIDATE_RET( input != NULL );
-    RSA_VALIDATE_RET( olen != NULL );
-
-    switch( ctx->padding )
-    {
-#if defined(MBEDTLS_PKCS1_V15)
-        case MBEDTLS_RSA_PKCS_V15:
-            return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen,
-                                                input, output, output_max_len );
-#endif
-
-#if defined(MBEDTLS_PKCS1_V21)
-        case MBEDTLS_RSA_PKCS_V21:
-            return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0,
-                                           olen, input, output,
-                                           output_max_len );
-#endif
-
-        default:
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-    }
-}
-
-#if defined(MBEDTLS_PKCS1_V21)
-static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         int mode,
-                         mbedtls_md_type_t md_alg,
-                         unsigned int hashlen,
-                         const unsigned char *hash,
-                         int saltlen,
-                         unsigned char *sig )
-{
-    size_t olen;
-    unsigned char *p = sig;
-    unsigned char *salt = NULL;
-    size_t slen, min_slen, hlen, offset = 0;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t msb;
-    const mbedtls_md_info_t *md_info;
-    mbedtls_md_context_t md_ctx;
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
-    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
-                        hashlen == 0 ) ||
-                      hash != NULL );
-    RSA_VALIDATE_RET( sig != NULL );
-
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    if( f_rng == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    olen = ctx->len;
-
-    if( md_alg != MBEDTLS_MD_NONE )
-    {
-        /* Gather length of hash to sign */
-        md_info = mbedtls_md_info_from_type( md_alg );
-        if( md_info == NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        hashlen = mbedtls_md_get_size( md_info );
-    }
-
-    md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    hlen = mbedtls_md_get_size( md_info );
-
-    if (saltlen == MBEDTLS_RSA_SALT_LEN_ANY)
-    {
-       /* Calculate the largest possible salt length, up to the hash size.
-        * Normally this is the hash length, which is the maximum salt length
-        * according to FIPS 185-4 §5.5 (e) and common practice. If there is not
-        * enough room, use the maximum salt length that fits. The constraint is
-        * that the hash length plus the salt length plus 2 bytes must be at most
-        * the key length. This complies with FIPS 186-4 §5.5 (e) and RFC 8017
-        * (PKCS#1 v2.2) §9.1.1 step 3. */
-        min_slen = hlen - 2;
-        if( olen < hlen + min_slen + 2 )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-        else if( olen >= hlen + hlen + 2 )
-            slen = hlen;
-        else
-            slen = olen - hlen - 2;
-    }
-    else if ( (saltlen < 0) || (saltlen + hlen + 2 > olen) )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-    else
-    {
-        slen = (size_t) saltlen;
-    }
-
-    memset( sig, 0, olen );
-
-    /* Note: EMSA-PSS encoding is over the length of N - 1 bits */
-    msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
-    p += olen - hlen - slen - 2;
-    *p++ = 0x01;
-
-    /* Generate salt of length slen in place in the encoded message */
-    salt = p;
-    if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
-
-    p += slen;
-
-    mbedtls_md_init( &md_ctx );
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
-        goto exit;
-
-    /* Generate H = Hash( M' ) */
-    if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md_update( &md_ctx, p, 8 ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md_update( &md_ctx, hash, hashlen ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md_update( &md_ctx, salt, slen ) ) != 0 )
-        goto exit;
-    if( ( ret = mbedtls_md_finish( &md_ctx, p ) ) != 0 )
-        goto exit;
-
-    /* Compensate for boundary condition when applying mask */
-    if( msb % 8 == 0 )
-        offset = 1;
-
-    /* maskedDB: Apply dbMask to DB */
-    if( ( ret = mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen,
-                          &md_ctx ) ) != 0 )
-        goto exit;
-
-    msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
-    sig[0] &= 0xFF >> ( olen * 8 - msb );
-
-    p += hlen;
-    *p++ = 0xBC;
-
-exit:
-    mbedtls_md_free( &md_ctx );
-
-    if( ret != 0 )
-        return( ret );
-
-    return( ( mode == MBEDTLS_RSA_PUBLIC )
-            ? mbedtls_rsa_public(  ctx, sig, sig )
-            : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) );
-}
-
-/*
- * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function with
- * the option to pass in the salt length.
- */
-int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         mbedtls_md_type_t md_alg,
-                         unsigned int hashlen,
-                         const unsigned char *hash,
-                         int saltlen,
-                         unsigned char *sig )
-{
-    return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg,
-                                hashlen, hash, saltlen, sig );
-}
-
-
-/*
- * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function
- */
-int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         int mode,
-                         mbedtls_md_type_t md_alg,
-                         unsigned int hashlen,
-                         const unsigned char *hash,
-                         unsigned char *sig )
-{
-    return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
-                                hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig );
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V15)
-/*
- * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-V1_5-SIGN function
- */
-
-/* Construct a PKCS v1.5 encoding of a hashed message
- *
- * This is used both for signature generation and verification.
- *
- * Parameters:
- * - md_alg:  Identifies the hash algorithm used to generate the given hash;
- *            MBEDTLS_MD_NONE if raw data is signed.
- * - hashlen: Length of hash in case hashlen is MBEDTLS_MD_NONE.
- * - hash:    Buffer containing the hashed message or the raw data.
- * - dst_len: Length of the encoded message.
- * - dst:     Buffer to hold the encoded message.
- *
- * Assumptions:
- * - hash has size hashlen if md_alg == MBEDTLS_MD_NONE.
- * - hash has size corresponding to md_alg if md_alg != MBEDTLS_MD_NONE.
- * - dst points to a buffer of size at least dst_len.
- *
- */
-static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg,
-                                        unsigned int hashlen,
-                                        const unsigned char *hash,
-                                        size_t dst_len,
-                                        unsigned char *dst )
-{
-    size_t oid_size  = 0;
-    size_t nb_pad    = dst_len;
-    unsigned char *p = dst;
-    const char *oid  = NULL;
-
-    /* Are we signing hashed or raw data? */
-    if( md_alg != MBEDTLS_MD_NONE )
-    {
-        const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
-        if( md_info == NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        hashlen = mbedtls_md_get_size( md_info );
-
-        /* Double-check that 8 + hashlen + oid_size can be used as a
-         * 1-byte ASN.1 length encoding and that there's no overflow. */
-        if( 8 + hashlen + oid_size  >= 0x80         ||
-            10 + hashlen            <  hashlen      ||
-            10 + hashlen + oid_size <  10 + hashlen )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        /*
-         * Static bounds check:
-         * - Need 10 bytes for five tag-length pairs.
-         *   (Insist on 1-byte length encodings to protect against variants of
-         *    Bleichenbacher's forgery attack against lax PKCS#1v1.5 verification)
-         * - Need hashlen bytes for hash
-         * - Need oid_size bytes for hash alg OID.
-         */
-        if( nb_pad < 10 + hashlen + oid_size )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-        nb_pad -= 10 + hashlen + oid_size;
-    }
-    else
-    {
-        if( nb_pad < hashlen )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        nb_pad -= hashlen;
-    }
-
-    /* Need space for signature header and padding delimiter (3 bytes),
-     * and 8 bytes for the minimal padding */
-    if( nb_pad < 3 + 8 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    nb_pad -= 3;
-
-    /* Now nb_pad is the amount of memory to be filled
-     * with padding, and at least 8 bytes long. */
-
-    /* Write signature header and padding */
-    *p++ = 0;
-    *p++ = MBEDTLS_RSA_SIGN;
-    memset( p, 0xFF, nb_pad );
-    p += nb_pad;
-    *p++ = 0;
-
-    /* Are we signing raw data? */
-    if( md_alg == MBEDTLS_MD_NONE )
-    {
-        memcpy( p, hash, hashlen );
-        return( 0 );
-    }
-
-    /* Signing hashed data, add corresponding ASN.1 structure
-     *
-     * DigestInfo ::= SEQUENCE {
-     *   digestAlgorithm DigestAlgorithmIdentifier,
-     *   digest Digest }
-     * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-     * Digest ::= OCTET STRING
-     *
-     * Schematic:
-     * TAG-SEQ + LEN [ TAG-SEQ + LEN [ TAG-OID  + LEN [ OID  ]
-     *                                 TAG-NULL + LEN [ NULL ] ]
-     *                 TAG-OCTET + LEN [ HASH ] ]
-     */
-    *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
-    *p++ = (unsigned char)( 0x08 + oid_size + hashlen );
-    *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
-    *p++ = (unsigned char)( 0x04 + oid_size );
-    *p++ = MBEDTLS_ASN1_OID;
-    *p++ = (unsigned char) oid_size;
-    memcpy( p, oid, oid_size );
-    p += oid_size;
-    *p++ = MBEDTLS_ASN1_NULL;
-    *p++ = 0x00;
-    *p++ = MBEDTLS_ASN1_OCTET_STRING;
-    *p++ = (unsigned char) hashlen;
-    memcpy( p, hash, hashlen );
-    p += hashlen;
-
-    /* Just a sanity-check, should be automatic
-     * after the initial bounds check. */
-    if( p != dst + dst_len )
-    {
-        mbedtls_platform_zeroize( dst, dst_len );
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-    return( 0 );
-}
-
-/*
- * Do an RSA operation to sign the message digest
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng,
-                               int mode,
-                               mbedtls_md_type_t md_alg,
-                               unsigned int hashlen,
-                               const unsigned char *hash,
-                               unsigned char *sig )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *sig_try = NULL, *verif = NULL;
-
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
-    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
-                        hashlen == 0 ) ||
-                      hash != NULL );
-    RSA_VALIDATE_RET( sig != NULL );
-
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    /*
-     * Prepare PKCS1-v1.5 encoding (padding and hash identifier)
-     */
-
-    if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash,
-                                             ctx->len, sig ) ) != 0 )
-        return( ret );
-
-    /*
-     * Call respective RSA primitive
-     */
-
-    if( mode == MBEDTLS_RSA_PUBLIC )
-    {
-        /* Skip verification on a public key operation */
-        return( mbedtls_rsa_public( ctx, sig, sig ) );
-    }
-
-    /* Private key operation
-     *
-     * In order to prevent Lenstra's attack, make the signature in a
-     * temporary buffer and check it before returning it.
-     */
-
-    sig_try = mbedtls_calloc( 1, ctx->len );
-    if( sig_try == NULL )
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-
-    verif = mbedtls_calloc( 1, ctx->len );
-    if( verif == NULL )
-    {
-        mbedtls_free( sig_try );
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
-    }
-
-    MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
-
-    if( mbedtls_ct_memcmp( verif, sig, ctx->len ) != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
-        goto cleanup;
-    }
-
-    memcpy( sig, sig_try, ctx->len );
-
-cleanup:
-    mbedtls_platform_zeroize( sig_try, ctx->len );
-    mbedtls_platform_zeroize( verif, ctx->len );
-    mbedtls_free( sig_try );
-    mbedtls_free( verif );
-
-    if( ret != 0 )
-        memset( sig, '!', ctx->len );
-    return( ret );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Do an RSA operation to sign the message digest
- */
-int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
-                    int (*f_rng)(void *, unsigned char *, size_t),
-                    void *p_rng,
-                    int mode,
-                    mbedtls_md_type_t md_alg,
-                    unsigned int hashlen,
-                    const unsigned char *hash,
-                    unsigned char *sig )
-{
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
-    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
-                        hashlen == 0 ) ||
-                      hash != NULL );
-    RSA_VALIDATE_RET( sig != NULL );
-
-    switch( ctx->padding )
-    {
-#if defined(MBEDTLS_PKCS1_V15)
-        case MBEDTLS_RSA_PKCS_V15:
-            return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg,
-                                              hashlen, hash, sig );
-#endif
-
-#if defined(MBEDTLS_PKCS1_V21)
-        case MBEDTLS_RSA_PKCS_V21:
-            return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
-                                        hashlen, hash, sig );
-#endif
-
-        default:
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-    }
-}
-
-#if defined(MBEDTLS_PKCS1_V21)
-/*
- * Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function
- */
-int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng,
-                               int mode,
-                               mbedtls_md_type_t md_alg,
-                               unsigned int hashlen,
-                               const unsigned char *hash,
-                               mbedtls_md_type_t mgf1_hash_id,
-                               int expected_salt_len,
-                               const unsigned char *sig )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t siglen;
-    unsigned char *p;
-    unsigned char *hash_start;
-    unsigned char result[MBEDTLS_MD_MAX_SIZE];
-    unsigned char zeros[8];
-    unsigned int hlen;
-    size_t observed_salt_len, msb;
-    const mbedtls_md_info_t *md_info;
-    mbedtls_md_context_t md_ctx;
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
-    RSA_VALIDATE_RET( sig != NULL );
-    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
-                        hashlen == 0 ) ||
-                      hash != NULL );
-
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    siglen = ctx->len;
-
-    if( siglen < 16 || siglen > sizeof( buf ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    ret = ( mode == MBEDTLS_RSA_PUBLIC )
-          ? mbedtls_rsa_public(  ctx, sig, buf )
-          : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf );
-
-    if( ret != 0 )
-        return( ret );
-
-    p = buf;
-
-    if( buf[siglen - 1] != 0xBC )
-        return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-
-    if( md_alg != MBEDTLS_MD_NONE )
-    {
-        /* Gather length of hash to sign */
-        md_info = mbedtls_md_info_from_type( md_alg );
-        if( md_info == NULL )
-            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-        hashlen = mbedtls_md_get_size( md_info );
-    }
-
-    md_info = mbedtls_md_info_from_type( mgf1_hash_id );
-    if( md_info == NULL )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    hlen = mbedtls_md_get_size( md_info );
-
-    memset( zeros, 0, 8 );
-
-    /*
-     * Note: EMSA-PSS verification is over the length of N - 1 bits
-     */
-    msb = mbedtls_mpi_bitlen( &ctx->N ) - 1;
-
-    if( buf[0] >> ( 8 - siglen * 8 + msb ) )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    /* Compensate for boundary condition when applying mask */
-    if( msb % 8 == 0 )
-    {
-        p++;
-        siglen -= 1;
-    }
-
-    if( siglen < hlen + 2 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    hash_start = p + siglen - hlen - 1;
-
-    mbedtls_md_init( &md_ctx );
-    if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
-        goto exit;
-
-    ret = mgf_mask( p, siglen - hlen - 1, hash_start, hlen, &md_ctx );
-    if( ret != 0 )
-        goto exit;
-
-    buf[0] &= 0xFF >> ( siglen * 8 - msb );
-
-    while( p < hash_start - 1 && *p == 0 )
-        p++;
-
-    if( *p++ != 0x01 )
-    {
-        ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
-        goto exit;
-    }
-
-    observed_salt_len = hash_start - p;
-
-    if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY &&
-        observed_salt_len != (size_t) expected_salt_len )
-    {
-        ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
-        goto exit;
-    }
-
-    /*
-     * Generate H = Hash( M' )
-     */
-    ret = mbedtls_md_starts( &md_ctx );
-    if ( ret != 0 )
-        goto exit;
-    ret = mbedtls_md_update( &md_ctx, zeros, 8 );
-    if ( ret != 0 )
-        goto exit;
-    ret = mbedtls_md_update( &md_ctx, hash, hashlen );
-    if ( ret != 0 )
-        goto exit;
-    ret = mbedtls_md_update( &md_ctx, p, observed_salt_len );
-    if ( ret != 0 )
-        goto exit;
-    ret = mbedtls_md_finish( &md_ctx, result );
-    if ( ret != 0 )
-        goto exit;
-
-    if( memcmp( hash_start, result, hlen ) != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
-        goto exit;
-    }
-
-exit:
-    mbedtls_md_free( &md_ctx );
-
-    return( ret );
-}
-
-/*
- * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function
- */
-int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng,
-                           int mode,
-                           mbedtls_md_type_t md_alg,
-                           unsigned int hashlen,
-                           const unsigned char *hash,
-                           const unsigned char *sig )
-{
-    mbedtls_md_type_t mgf1_hash_id;
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
-    RSA_VALIDATE_RET( sig != NULL );
-    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
-                        hashlen == 0 ) ||
-                      hash != NULL );
-
-    mgf1_hash_id = ( ctx->hash_id != MBEDTLS_MD_NONE )
-                             ? (mbedtls_md_type_t) ctx->hash_id
-                             : md_alg;
-
-    return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode,
-                                       md_alg, hashlen, hash,
-                                       mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY,
-                                       sig ) );
-
-}
-#endif /* MBEDTLS_PKCS1_V21 */
-
-#if defined(MBEDTLS_PKCS1_V15)
-/*
- * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
- */
-int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 int mode,
-                                 mbedtls_md_type_t md_alg,
-                                 unsigned int hashlen,
-                                 const unsigned char *hash,
-                                 const unsigned char *sig )
-{
-    int ret = 0;
-    size_t sig_len;
-    unsigned char *encoded = NULL, *encoded_expected = NULL;
-
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
-    RSA_VALIDATE_RET( sig != NULL );
-    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
-                        hashlen == 0 ) ||
-                      hash != NULL );
-
-    sig_len = ctx->len;
-
-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
-    /*
-     * Prepare expected PKCS1 v1.5 encoding of hash.
-     */
-
-    if( ( encoded          = mbedtls_calloc( 1, sig_len ) ) == NULL ||
-        ( encoded_expected = mbedtls_calloc( 1, sig_len ) ) == NULL )
-    {
-        ret = MBEDTLS_ERR_MPI_ALLOC_FAILED;
-        goto cleanup;
-    }
-
-    if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, sig_len,
-                                             encoded_expected ) ) != 0 )
-        goto cleanup;
-
-    /*
-     * Apply RSA primitive to get what should be PKCS1 encoded hash.
-     */
-
-    ret = ( mode == MBEDTLS_RSA_PUBLIC )
-          ? mbedtls_rsa_public(  ctx, sig, encoded )
-          : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, encoded );
-    if( ret != 0 )
-        goto cleanup;
-
-    /*
-     * Compare
-     */
-
-    if( ( ret = mbedtls_ct_memcmp( encoded, encoded_expected,
-                                              sig_len ) ) != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
-        goto cleanup;
-    }
-
-cleanup:
-
-    if( encoded != NULL )
-    {
-        mbedtls_platform_zeroize( encoded, sig_len );
-        mbedtls_free( encoded );
-    }
-
-    if( encoded_expected != NULL )
-    {
-        mbedtls_platform_zeroize( encoded_expected, sig_len );
-        mbedtls_free( encoded_expected );
-    }
-
-    return( ret );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Do an RSA operation and check the message digest
- */
-int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng,
-                      int mode,
-                      mbedtls_md_type_t md_alg,
-                      unsigned int hashlen,
-                      const unsigned char *hash,
-                      const unsigned char *sig )
-{
-    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
-    RSA_VALIDATE_RET( sig != NULL );
-    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
-                        hashlen == 0 ) ||
-                      hash != NULL );
-
-    switch( ctx->padding )
-    {
-#if defined(MBEDTLS_PKCS1_V15)
-        case MBEDTLS_RSA_PKCS_V15:
-            return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, f_rng, p_rng, mode, md_alg,
-                                                hashlen, hash, sig );
-#endif
-
-#if defined(MBEDTLS_PKCS1_V21)
-        case MBEDTLS_RSA_PKCS_V21:
-            return mbedtls_rsa_rsassa_pss_verify( ctx, f_rng, p_rng, mode, md_alg,
-                                          hashlen, hash, sig );
-#endif
-
-        default:
-            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
-    }
-}
-
-/*
- * Copy the components of an RSA key
- */
-int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    RSA_VALIDATE_RET( dst != NULL );
-    RSA_VALIDATE_RET( src != NULL );
-
-    dst->len = src->len;
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->N, &src->N ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->E, &src->E ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->D, &src->D ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->P, &src->P ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Q, &src->Q ) );
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DP, &src->DP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DQ, &src->DQ ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->QP, &src->QP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RP, &src->RP ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RQ, &src->RQ ) );
-#endif
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vi, &src->Vi ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vf, &src->Vf ) );
-
-    dst->padding = src->padding;
-    dst->hash_id = src->hash_id;
-
-cleanup:
-    if( ret != 0 )
-        mbedtls_rsa_free( dst );
-
-    return( ret );
-}
-
-/*
- * Free the components of an RSA key
- */
-void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_mpi_free( &ctx->Vi );
-    mbedtls_mpi_free( &ctx->Vf );
-    mbedtls_mpi_free( &ctx->RN );
-    mbedtls_mpi_free( &ctx->D  );
-    mbedtls_mpi_free( &ctx->Q  );
-    mbedtls_mpi_free( &ctx->P  );
-    mbedtls_mpi_free( &ctx->E  );
-    mbedtls_mpi_free( &ctx->N  );
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    mbedtls_mpi_free( &ctx->RQ );
-    mbedtls_mpi_free( &ctx->RP );
-    mbedtls_mpi_free( &ctx->QP );
-    mbedtls_mpi_free( &ctx->DQ );
-    mbedtls_mpi_free( &ctx->DP );
-#endif /* MBEDTLS_RSA_NO_CRT */
-
-#if defined(MBEDTLS_THREADING_C)
-    /* Free the mutex, but only if it hasn't been freed already. */
-    if( ctx->ver != 0 )
-    {
-        mbedtls_mutex_free( &ctx->mutex );
-        ctx->ver = 0;
-    }
-#endif
-}
-
-#endif /* !MBEDTLS_RSA_ALT */
-
-#if defined(MBEDTLS_SELF_TEST)
-
-#include "mbedtls/sha1.h"
-
-/*
- * Example RSA-1024 keypair, for test purposes
- */
-#define KEY_LEN 128
-
-#define RSA_N   "9292758453063D803DD603D5E777D788" \
-                "8ED1D5BF35786190FA2F23EBC0848AEA" \
-                "DDA92CA6C3D80B32C4D109BE0F36D6AE" \
-                "7130B9CED7ACDF54CFC7555AC14EEBAB" \
-                "93A89813FBF3C4F8066D2D800F7C38A8" \
-                "1AE31942917403FF4946B0A83D3D3E05" \
-                "EE57C6F5F5606FB5D4BC6CD34EE0801A" \
-                "5E94BB77B07507233A0BC7BAC8F90F79"
-
-#define RSA_E   "10001"
-
-#define RSA_D   "24BF6185468786FDD303083D25E64EFC" \
-                "66CA472BC44D253102F8B4A9D3BFA750" \
-                "91386C0077937FE33FA3252D28855837" \
-                "AE1B484A8A9A45F7EE8C0C634F99E8CD" \
-                "DF79C5CE07EE72C7F123142198164234" \
-                "CABB724CF78B8173B9F880FC86322407" \
-                "AF1FEDFDDE2BEB674CA15F3E81A1521E" \
-                "071513A1E85B5DFA031F21ECAE91A34D"
-
-#define RSA_P   "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
-                "2C01CAD19EA484A87EA4377637E75500" \
-                "FCB2005C5C7DD6EC4AC023CDA285D796" \
-                "C3D9E75E1EFC42488BB4F1D13AC30A57"
-
-#define RSA_Q   "C000DF51A7C77AE8D7C7370C1FF55B69" \
-                "E211C2B9E5DB1ED0BF61D0D9899620F4" \
-                "910E4168387E3C30AA1E00C339A79508" \
-                "8452DD96A9A5EA5D9DCA68DA636032AF"
-
-#define PT_LEN  24
-#define RSA_PT  "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
-                "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
-
-#if defined(MBEDTLS_PKCS1_V15)
-static int myrand( void *rng_state, unsigned char *output, size_t len )
-{
-#if !defined(__OpenBSD__) && !defined(__NetBSD__)
-    size_t i;
-
-    if( rng_state != NULL )
-        rng_state  = NULL;
-
-    for( i = 0; i < len; ++i )
-        output[i] = rand();
-#else
-    if( rng_state != NULL )
-        rng_state = NULL;
-
-    arc4random_buf( output, len );
-#endif /* !OpenBSD && !NetBSD */
-
-    return( 0 );
-}
-#endif /* MBEDTLS_PKCS1_V15 */
-
-/*
- * Checkup routine
- */
-int mbedtls_rsa_self_test( int verbose )
-{
-    int ret = 0;
-#if defined(MBEDTLS_PKCS1_V15)
-    size_t len;
-    mbedtls_rsa_context rsa;
-    unsigned char rsa_plaintext[PT_LEN];
-    unsigned char rsa_decrypted[PT_LEN];
-    unsigned char rsa_ciphertext[KEY_LEN];
-#if defined(MBEDTLS_SHA1_C)
-    unsigned char sha1sum[20];
-#endif
-
-    mbedtls_mpi K;
-
-    mbedtls_mpi_init( &K );
-    mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_N  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, &K, NULL, NULL, NULL, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_P  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, &K, NULL, NULL, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_Q  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, &K, NULL, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_D  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, &K, NULL ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_E  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, NULL, &K ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_rsa_complete( &rsa ) );
-
-    if( verbose != 0 )
-        mbedtls_printf( "  RSA key validation: " );
-
-    if( mbedtls_rsa_check_pubkey(  &rsa ) != 0 ||
-        mbedtls_rsa_check_privkey( &rsa ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n  PKCS#1 encryption : " );
-
-    memcpy( rsa_plaintext, RSA_PT, PT_LEN );
-
-    if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC,
-                                   PT_LEN, rsa_plaintext,
-                                   rsa_ciphertext ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n  PKCS#1 decryption : " );
-
-    if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE,
-                                   &len, rsa_ciphertext, rsa_decrypted,
-                                   sizeof(rsa_decrypted) ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-
-#if defined(MBEDTLS_SHA1_C)
-    if( verbose != 0 )
-        mbedtls_printf( "  PKCS#1 data sign  : " );
-
-    if( mbedtls_sha1_ret( rsa_plaintext, PT_LEN, sha1sum ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        return( 1 );
-    }
-
-    if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL,
-                                MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0,
-                                sha1sum, rsa_ciphertext ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n  PKCS#1 sig. verify: " );
-
-    if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL,
-                                  MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0,
-                                  sha1sum, rsa_ciphertext ) != 0 )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "failed\n" );
-
-        ret = 1;
-        goto cleanup;
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "passed\n" );
-#endif /* MBEDTLS_SHA1_C */
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-cleanup:
-    mbedtls_mpi_free( &K );
-    mbedtls_rsa_free( &rsa );
-#else /* MBEDTLS_PKCS1_V15 */
-    ((void) verbose);
-#endif /* MBEDTLS_PKCS1_V15 */
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_RSA_C */
diff --git a/Sources/mbedtls/library/rsa_internal.c b/Sources/mbedtls/library/rsa_internal.c
deleted file mode 100644
index d6ba97a..0000000
--- a/Sources/mbedtls/library/rsa_internal.c
+++ /dev/null
@@ -1,486 +0,0 @@
-/*
- *  Helper functions for the RSA module
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_RSA_C)
-
-#include "mbedtls/rsa.h"
-#include "mbedtls/bignum.h"
-#include "mbedtls/rsa_internal.h"
-
-/*
- * Compute RSA prime factors from public and private exponents
- *
- * Summary of algorithm:
- * Setting F := lcm(P-1,Q-1), the idea is as follows:
- *
- * (a) For any 1 <= X < N with gcd(X,N)=1, we have X^F = 1 modulo N, so X^(F/2)
- *     is a square root of 1 in Z/NZ. Since Z/NZ ~= Z/PZ x Z/QZ by CRT and the
- *     square roots of 1 in Z/PZ and Z/QZ are +1 and -1, this leaves the four
- *     possibilities X^(F/2) = (+-1, +-1). If it happens that X^(F/2) = (-1,+1)
- *     or (+1,-1), then gcd(X^(F/2) + 1, N) will be equal to one of the prime
- *     factors of N.
- *
- * (b) If we don't know F/2 but (F/2) * K for some odd (!) K, then the same
- *     construction still applies since (-)^K is the identity on the set of
- *     roots of 1 in Z/NZ.
- *
- * The public and private key primitives (-)^E and (-)^D are mutually inverse
- * bijections on Z/NZ if and only if (-)^(DE) is the identity on Z/NZ, i.e.
- * if and only if DE - 1 is a multiple of F, say DE - 1 = F * L.
- * Splitting L = 2^t * K with K odd, we have
- *
- *   DE - 1 = FL = (F/2) * (2^(t+1)) * K,
- *
- * so (F / 2) * K is among the numbers
- *
- *   (DE - 1) >> 1, (DE - 1) >> 2, ..., (DE - 1) >> ord
- *
- * where ord is the order of 2 in (DE - 1).
- * We can therefore iterate through these numbers apply the construction
- * of (a) and (b) above to attempt to factor N.
- *
- */
-int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N,
-                     mbedtls_mpi const *E, mbedtls_mpi const *D,
-                     mbedtls_mpi *P, mbedtls_mpi *Q )
-{
-    int ret = 0;
-
-    uint16_t attempt;  /* Number of current attempt  */
-    uint16_t iter;     /* Number of squares computed in the current attempt */
-
-    uint16_t order;    /* Order of 2 in DE - 1 */
-
-    mbedtls_mpi T;  /* Holds largest odd divisor of DE - 1     */
-    mbedtls_mpi K;  /* Temporary holding the current candidate */
-
-    const unsigned char primes[] = { 2,
-           3,    5,    7,   11,   13,   17,   19,   23,
-          29,   31,   37,   41,   43,   47,   53,   59,
-          61,   67,   71,   73,   79,   83,   89,   97,
-         101,  103,  107,  109,  113,  127,  131,  137,
-         139,  149,  151,  157,  163,  167,  173,  179,
-         181,  191,  193,  197,  199,  211,  223,  227,
-         229,  233,  239,  241,  251
-    };
-
-    const size_t num_primes = sizeof( primes ) / sizeof( *primes );
-
-    if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 ||
-        mbedtls_mpi_cmp_int( D, 1 ) <= 0 ||
-        mbedtls_mpi_cmp_mpi( D, N ) >= 0 ||
-        mbedtls_mpi_cmp_int( E, 1 ) <= 0 ||
-        mbedtls_mpi_cmp_mpi( E, N ) >= 0 )
-    {
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-    }
-
-    /*
-     * Initializations and temporary changes
-     */
-
-    mbedtls_mpi_init( &K );
-    mbedtls_mpi_init( &T );
-
-    /* T := DE - 1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D,  E ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) );
-
-    if( ( order = (uint16_t) mbedtls_mpi_lsb( &T ) ) == 0 )
-    {
-        ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-        goto cleanup;
-    }
-
-    /* After this operation, T holds the largest odd divisor of DE - 1. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) );
-
-    /*
-     * Actual work
-     */
-
-    /* Skip trying 2 if N == 1 mod 8 */
-    attempt = 0;
-    if( N->p[0] % 8 == 1 )
-        attempt = 1;
-
-    for( ; attempt < num_primes; ++attempt )
-    {
-        mbedtls_mpi_lset( &K, primes[attempt] );
-
-        /* Check if gcd(K,N) = 1 */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) );
-        if( mbedtls_mpi_cmp_int( P, 1 ) != 0 )
-            continue;
-
-        /* Go through K^T + 1, K^(2T) + 1, K^(4T) + 1, ...
-         * and check whether they have nontrivial GCD with N. */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, &T, N,
-                             Q /* temporarily use Q for storing Montgomery
-                                * multiplication helper values */ ) );
-
-        for( iter = 1; iter <= order; ++iter )
-        {
-            /* If we reach 1 prematurely, there's no point
-             * in continuing to square K */
-            if( mbedtls_mpi_cmp_int( &K, 1 ) == 0 )
-                break;
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) );
-
-            if( mbedtls_mpi_cmp_int( P, 1 ) ==  1 &&
-                mbedtls_mpi_cmp_mpi( P, N ) == -1 )
-            {
-                /*
-                 * Have found a nontrivial divisor P of N.
-                 * Set Q := N / P.
-                 */
-
-                MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, NULL, N, P ) );
-                goto cleanup;
-            }
-
-            MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) );
-            MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) );
-        }
-
-        /*
-         * If we get here, then either we prematurely aborted the loop because
-         * we reached 1, or K holds primes[attempt]^(DE - 1) mod N, which must
-         * be 1 if D,E,N were consistent.
-         * Check if that's the case and abort if not, to avoid very long,
-         * yet eventually failing, computations if N,D,E were not sane.
-         */
-        if( mbedtls_mpi_cmp_int( &K, 1 ) != 0 )
-        {
-            break;
-        }
-    }
-
-    ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-
-cleanup:
-
-    mbedtls_mpi_free( &K );
-    mbedtls_mpi_free( &T );
-    return( ret );
-}
-
-/*
- * Given P, Q and the public exponent E, deduce D.
- * This is essentially a modular inversion.
- */
-int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P,
-                                         mbedtls_mpi const *Q,
-                                         mbedtls_mpi const *E,
-                                         mbedtls_mpi *D )
-{
-    int ret = 0;
-    mbedtls_mpi K, L;
-
-    if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 )
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-
-    if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 ||
-        mbedtls_mpi_cmp_int( Q, 1 ) <= 0 ||
-        mbedtls_mpi_cmp_int( E, 0 ) == 0 )
-    {
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
-    }
-
-    mbedtls_mpi_init( &K );
-    mbedtls_mpi_init( &L );
-
-    /* Temporarily put K := P-1 and L := Q-1 */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) );
-
-    /* Temporarily put D := gcd(P-1, Q-1) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, &K, &L ) );
-
-    /* K := LCM(P-1, Q-1) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &L ) );
-    MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) );
-
-    /* Compute modular inverse of E in LCM(P-1, Q-1) */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) );
-
-cleanup:
-
-    mbedtls_mpi_free( &K );
-    mbedtls_mpi_free( &L );
-
-    return( ret );
-}
-
-/*
- * Check that RSA CRT parameters are in accordance with core parameters.
- */
-int mbedtls_rsa_validate_crt( const mbedtls_mpi *P,  const mbedtls_mpi *Q,
-                              const mbedtls_mpi *D,  const mbedtls_mpi *DP,
-                              const mbedtls_mpi *DQ, const mbedtls_mpi *QP )
-{
-    int ret = 0;
-
-    mbedtls_mpi K, L;
-    mbedtls_mpi_init( &K );
-    mbedtls_mpi_init( &L );
-
-    /* Check that DP - D == 0 mod P - 1 */
-    if( DP != NULL )
-    {
-        if( P == NULL )
-        {
-            ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
-            goto cleanup;
-        }
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) );
-
-        if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-    }
-
-    /* Check that DQ - D == 0 mod Q - 1 */
-    if( DQ != NULL )
-    {
-        if( Q == NULL )
-        {
-            ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
-            goto cleanup;
-        }
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) );
-
-        if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-    }
-
-    /* Check that QP * Q - 1 == 0 mod P */
-    if( QP != NULL )
-    {
-        if( P == NULL || Q == NULL )
-        {
-            ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
-            goto cleanup;
-        }
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) );
-        if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-    }
-
-cleanup:
-
-    /* Wrap MPI error codes by RSA check failure error code */
-    if( ret != 0 &&
-        ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED &&
-        ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
-    {
-        ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-    }
-
-    mbedtls_mpi_free( &K );
-    mbedtls_mpi_free( &L );
-
-    return( ret );
-}
-
-/*
- * Check that core RSA parameters are sane.
- */
-int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P,
-                                 const mbedtls_mpi *Q, const mbedtls_mpi *D,
-                                 const mbedtls_mpi *E,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng )
-{
-    int ret = 0;
-    mbedtls_mpi K, L;
-
-    mbedtls_mpi_init( &K );
-    mbedtls_mpi_init( &L );
-
-    /*
-     * Step 1: If PRNG provided, check that P and Q are prime
-     */
-
-#if defined(MBEDTLS_GENPRIME)
-    /*
-     * When generating keys, the strongest security we support aims for an error
-     * rate of at most 2^-100 and we are aiming for the same certainty here as
-     * well.
-     */
-    if( f_rng != NULL && P != NULL &&
-        ( ret = mbedtls_mpi_is_prime_ext( P, 50, f_rng, p_rng ) ) != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-        goto cleanup;
-    }
-
-    if( f_rng != NULL && Q != NULL &&
-        ( ret = mbedtls_mpi_is_prime_ext( Q, 50, f_rng, p_rng ) ) != 0 )
-    {
-        ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-        goto cleanup;
-    }
-#else
-    ((void) f_rng);
-    ((void) p_rng);
-#endif /* MBEDTLS_GENPRIME */
-
-    /*
-     * Step 2: Check that 1 < N = P * Q
-     */
-
-    if( P != NULL && Q != NULL && N != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) );
-        if( mbedtls_mpi_cmp_int( N, 1 )  <= 0 ||
-            mbedtls_mpi_cmp_mpi( &K, N ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-    }
-
-    /*
-     * Step 3: Check and 1 < D, E < N if present.
-     */
-
-    if( N != NULL && D != NULL && E != NULL )
-    {
-        if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 ||
-             mbedtls_mpi_cmp_int( E, 1 ) <= 0 ||
-             mbedtls_mpi_cmp_mpi( D, N ) >= 0 ||
-             mbedtls_mpi_cmp_mpi( E, N ) >= 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-    }
-
-    /*
-     * Step 4: Check that D, E are inverse modulo P-1 and Q-1
-     */
-
-    if( P != NULL && Q != NULL && D != NULL && E != NULL )
-    {
-        if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 ||
-            mbedtls_mpi_cmp_int( Q, 1 ) <= 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-
-        /* Compute DE-1 mod P-1 */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, P, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) );
-        if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-
-        /* Compute DE-1 mod Q-1 */
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) );
-        if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
-    }
-
-cleanup:
-
-    mbedtls_mpi_free( &K );
-    mbedtls_mpi_free( &L );
-
-    /* Wrap MPI error codes by RSA check failure error code */
-    if( ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED )
-    {
-        ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-    }
-
-    return( ret );
-}
-
-int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
-                            const mbedtls_mpi *D, mbedtls_mpi *DP,
-                            mbedtls_mpi *DQ, mbedtls_mpi *QP )
-{
-    int ret = 0;
-    mbedtls_mpi K;
-    mbedtls_mpi_init( &K );
-
-    /* DP = D mod P-1 */
-    if( DP != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1  ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) );
-    }
-
-    /* DQ = D mod Q-1 */
-    if( DQ != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1  ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) );
-    }
-
-    /* QP = Q^{-1} mod P */
-    if( QP != NULL )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) );
-    }
-
-cleanup:
-    mbedtls_mpi_free( &K );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_RSA_C */
diff --git a/Sources/mbedtls/library/sha1.c b/Sources/mbedtls/library/sha1.c
deleted file mode 100644
index 7f0c875..0000000
--- a/Sources/mbedtls/library/sha1.c
+++ /dev/null
@@ -1,546 +0,0 @@
-/*
- *  FIPS-180-1 compliant SHA-1 implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The SHA-1 standard was published by NIST in 1993.
- *
- *  http://www.itl.nist.gov/fipspubs/fip180-1.htm
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_SHA1_C)
-
-#include "mbedtls/sha1.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#define SHA1_VALIDATE_RET(cond)                             \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA1_BAD_INPUT_DATA )
-
-#define SHA1_VALIDATE(cond)  MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#if !defined(MBEDTLS_SHA1_ALT)
-
-void mbedtls_sha1_init( mbedtls_sha1_context *ctx )
-{
-    SHA1_VALIDATE( ctx != NULL );
-
-    memset( ctx, 0, sizeof( mbedtls_sha1_context ) );
-}
-
-void mbedtls_sha1_free( mbedtls_sha1_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) );
-}
-
-void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
-                         const mbedtls_sha1_context *src )
-{
-    SHA1_VALIDATE( dst != NULL );
-    SHA1_VALIDATE( src != NULL );
-
-    *dst = *src;
-}
-
-/*
- * SHA-1 context setup
- */
-int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx )
-{
-    SHA1_VALIDATE_RET( ctx != NULL );
-
-    ctx->total[0] = 0;
-    ctx->total[1] = 0;
-
-    ctx->state[0] = 0x67452301;
-    ctx->state[1] = 0xEFCDAB89;
-    ctx->state[2] = 0x98BADCFE;
-    ctx->state[3] = 0x10325476;
-    ctx->state[4] = 0xC3D2E1F0;
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_starts( mbedtls_sha1_context *ctx )
-{
-    mbedtls_sha1_starts_ret( ctx );
-}
-#endif
-
-#if !defined(MBEDTLS_SHA1_PROCESS_ALT)
-int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
-                                   const unsigned char data[64] )
-{
-    struct
-    {
-        uint32_t temp, W[16], A, B, C, D, E;
-    } local;
-
-    SHA1_VALIDATE_RET( ctx != NULL );
-    SHA1_VALIDATE_RET( (const unsigned char *)data != NULL );
-
-    local.W[ 0] = MBEDTLS_GET_UINT32_BE( data,  0 );
-    local.W[ 1] = MBEDTLS_GET_UINT32_BE( data,  4 );
-    local.W[ 2] = MBEDTLS_GET_UINT32_BE( data,  8 );
-    local.W[ 3] = MBEDTLS_GET_UINT32_BE( data, 12 );
-    local.W[ 4] = MBEDTLS_GET_UINT32_BE( data, 16 );
-    local.W[ 5] = MBEDTLS_GET_UINT32_BE( data, 20 );
-    local.W[ 6] = MBEDTLS_GET_UINT32_BE( data, 24 );
-    local.W[ 7] = MBEDTLS_GET_UINT32_BE( data, 28 );
-    local.W[ 8] = MBEDTLS_GET_UINT32_BE( data, 32 );
-    local.W[ 9] = MBEDTLS_GET_UINT32_BE( data, 36 );
-    local.W[10] = MBEDTLS_GET_UINT32_BE( data, 40 );
-    local.W[11] = MBEDTLS_GET_UINT32_BE( data, 44 );
-    local.W[12] = MBEDTLS_GET_UINT32_BE( data, 48 );
-    local.W[13] = MBEDTLS_GET_UINT32_BE( data, 52 );
-    local.W[14] = MBEDTLS_GET_UINT32_BE( data, 56 );
-    local.W[15] = MBEDTLS_GET_UINT32_BE( data, 60 );
-
-#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n))))
-
-#define R(t)                                                    \
-    (                                                           \
-        local.temp = local.W[( (t) -  3 ) & 0x0F] ^             \
-                     local.W[( (t) -  8 ) & 0x0F] ^             \
-                     local.W[( (t) - 14 ) & 0x0F] ^             \
-                     local.W[  (t)        & 0x0F],              \
-        ( local.W[(t) & 0x0F] = S(local.temp,1) )               \
-    )
-
-#define P(a,b,c,d,e,x)                                          \
-    do                                                          \
-    {                                                           \
-        (e) += S((a),5) + F((b),(c),(d)) + K + (x);             \
-        (b) = S((b),30);                                        \
-    } while( 0 )
-
-    local.A = ctx->state[0];
-    local.B = ctx->state[1];
-    local.C = ctx->state[2];
-    local.D = ctx->state[3];
-    local.E = ctx->state[4];
-
-#define F(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
-#define K 0x5A827999
-
-    P( local.A, local.B, local.C, local.D, local.E, local.W[0]  );
-    P( local.E, local.A, local.B, local.C, local.D, local.W[1]  );
-    P( local.D, local.E, local.A, local.B, local.C, local.W[2]  );
-    P( local.C, local.D, local.E, local.A, local.B, local.W[3]  );
-    P( local.B, local.C, local.D, local.E, local.A, local.W[4]  );
-    P( local.A, local.B, local.C, local.D, local.E, local.W[5]  );
-    P( local.E, local.A, local.B, local.C, local.D, local.W[6]  );
-    P( local.D, local.E, local.A, local.B, local.C, local.W[7]  );
-    P( local.C, local.D, local.E, local.A, local.B, local.W[8]  );
-    P( local.B, local.C, local.D, local.E, local.A, local.W[9]  );
-    P( local.A, local.B, local.C, local.D, local.E, local.W[10] );
-    P( local.E, local.A, local.B, local.C, local.D, local.W[11] );
-    P( local.D, local.E, local.A, local.B, local.C, local.W[12] );
-    P( local.C, local.D, local.E, local.A, local.B, local.W[13] );
-    P( local.B, local.C, local.D, local.E, local.A, local.W[14] );
-    P( local.A, local.B, local.C, local.D, local.E, local.W[15] );
-    P( local.E, local.A, local.B, local.C, local.D, R(16) );
-    P( local.D, local.E, local.A, local.B, local.C, R(17) );
-    P( local.C, local.D, local.E, local.A, local.B, R(18) );
-    P( local.B, local.C, local.D, local.E, local.A, R(19) );
-
-#undef K
-#undef F
-
-#define F(x,y,z) ((x) ^ (y) ^ (z))
-#define K 0x6ED9EBA1
-
-    P( local.A, local.B, local.C, local.D, local.E, R(20) );
-    P( local.E, local.A, local.B, local.C, local.D, R(21) );
-    P( local.D, local.E, local.A, local.B, local.C, R(22) );
-    P( local.C, local.D, local.E, local.A, local.B, R(23) );
-    P( local.B, local.C, local.D, local.E, local.A, R(24) );
-    P( local.A, local.B, local.C, local.D, local.E, R(25) );
-    P( local.E, local.A, local.B, local.C, local.D, R(26) );
-    P( local.D, local.E, local.A, local.B, local.C, R(27) );
-    P( local.C, local.D, local.E, local.A, local.B, R(28) );
-    P( local.B, local.C, local.D, local.E, local.A, R(29) );
-    P( local.A, local.B, local.C, local.D, local.E, R(30) );
-    P( local.E, local.A, local.B, local.C, local.D, R(31) );
-    P( local.D, local.E, local.A, local.B, local.C, R(32) );
-    P( local.C, local.D, local.E, local.A, local.B, R(33) );
-    P( local.B, local.C, local.D, local.E, local.A, R(34) );
-    P( local.A, local.B, local.C, local.D, local.E, R(35) );
-    P( local.E, local.A, local.B, local.C, local.D, R(36) );
-    P( local.D, local.E, local.A, local.B, local.C, R(37) );
-    P( local.C, local.D, local.E, local.A, local.B, R(38) );
-    P( local.B, local.C, local.D, local.E, local.A, R(39) );
-
-#undef K
-#undef F
-
-#define F(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
-#define K 0x8F1BBCDC
-
-    P( local.A, local.B, local.C, local.D, local.E, R(40) );
-    P( local.E, local.A, local.B, local.C, local.D, R(41) );
-    P( local.D, local.E, local.A, local.B, local.C, R(42) );
-    P( local.C, local.D, local.E, local.A, local.B, R(43) );
-    P( local.B, local.C, local.D, local.E, local.A, R(44) );
-    P( local.A, local.B, local.C, local.D, local.E, R(45) );
-    P( local.E, local.A, local.B, local.C, local.D, R(46) );
-    P( local.D, local.E, local.A, local.B, local.C, R(47) );
-    P( local.C, local.D, local.E, local.A, local.B, R(48) );
-    P( local.B, local.C, local.D, local.E, local.A, R(49) );
-    P( local.A, local.B, local.C, local.D, local.E, R(50) );
-    P( local.E, local.A, local.B, local.C, local.D, R(51) );
-    P( local.D, local.E, local.A, local.B, local.C, R(52) );
-    P( local.C, local.D, local.E, local.A, local.B, R(53) );
-    P( local.B, local.C, local.D, local.E, local.A, R(54) );
-    P( local.A, local.B, local.C, local.D, local.E, R(55) );
-    P( local.E, local.A, local.B, local.C, local.D, R(56) );
-    P( local.D, local.E, local.A, local.B, local.C, R(57) );
-    P( local.C, local.D, local.E, local.A, local.B, R(58) );
-    P( local.B, local.C, local.D, local.E, local.A, R(59) );
-
-#undef K
-#undef F
-
-#define F(x,y,z) ((x) ^ (y) ^ (z))
-#define K 0xCA62C1D6
-
-    P( local.A, local.B, local.C, local.D, local.E, R(60) );
-    P( local.E, local.A, local.B, local.C, local.D, R(61) );
-    P( local.D, local.E, local.A, local.B, local.C, R(62) );
-    P( local.C, local.D, local.E, local.A, local.B, R(63) );
-    P( local.B, local.C, local.D, local.E, local.A, R(64) );
-    P( local.A, local.B, local.C, local.D, local.E, R(65) );
-    P( local.E, local.A, local.B, local.C, local.D, R(66) );
-    P( local.D, local.E, local.A, local.B, local.C, R(67) );
-    P( local.C, local.D, local.E, local.A, local.B, R(68) );
-    P( local.B, local.C, local.D, local.E, local.A, R(69) );
-    P( local.A, local.B, local.C, local.D, local.E, R(70) );
-    P( local.E, local.A, local.B, local.C, local.D, R(71) );
-    P( local.D, local.E, local.A, local.B, local.C, R(72) );
-    P( local.C, local.D, local.E, local.A, local.B, R(73) );
-    P( local.B, local.C, local.D, local.E, local.A, R(74) );
-    P( local.A, local.B, local.C, local.D, local.E, R(75) );
-    P( local.E, local.A, local.B, local.C, local.D, R(76) );
-    P( local.D, local.E, local.A, local.B, local.C, R(77) );
-    P( local.C, local.D, local.E, local.A, local.B, R(78) );
-    P( local.B, local.C, local.D, local.E, local.A, R(79) );
-
-#undef K
-#undef F
-
-    ctx->state[0] += local.A;
-    ctx->state[1] += local.B;
-    ctx->state[2] += local.C;
-    ctx->state[3] += local.D;
-    ctx->state[4] += local.E;
-
-    /* Zeroise buffers and variables to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( &local, sizeof( local ) );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
-                           const unsigned char data[64] )
-{
-    mbedtls_internal_sha1_process( ctx, data );
-}
-#endif
-#endif /* !MBEDTLS_SHA1_PROCESS_ALT */
-
-/*
- * SHA-1 process buffer
- */
-int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx,
-                             const unsigned char *input,
-                             size_t ilen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t fill;
-    uint32_t left;
-
-    SHA1_VALIDATE_RET( ctx != NULL );
-    SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
-
-    if( ilen == 0 )
-        return( 0 );
-
-    left = ctx->total[0] & 0x3F;
-    fill = 64 - left;
-
-    ctx->total[0] += (uint32_t) ilen;
-    ctx->total[0] &= 0xFFFFFFFF;
-
-    if( ctx->total[0] < (uint32_t) ilen )
-        ctx->total[1]++;
-
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
-
-        if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
-
-        input += fill;
-        ilen  -= fill;
-        left = 0;
-    }
-
-    while( ilen >= 64 )
-    {
-        if( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 )
-            return( ret );
-
-        input += 64;
-        ilen  -= 64;
-    }
-
-    if( ilen > 0 )
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
-                          const unsigned char *input,
-                          size_t ilen )
-{
-    mbedtls_sha1_update_ret( ctx, input, ilen );
-}
-#endif
-
-/*
- * SHA-1 final digest
- */
-int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
-                             unsigned char output[20] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    uint32_t used;
-    uint32_t high, low;
-
-    SHA1_VALIDATE_RET( ctx != NULL );
-    SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
-
-    /*
-     * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
-     */
-    used = ctx->total[0] & 0x3F;
-
-    ctx->buffer[used++] = 0x80;
-
-    if( used <= 56 )
-    {
-        /* Enough room for padding + length in current block */
-        memset( ctx->buffer + used, 0, 56 - used );
-    }
-    else
-    {
-        /* We'll need an extra block */
-        memset( ctx->buffer + used, 0, 64 - used );
-
-        if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
-
-        memset( ctx->buffer, 0, 56 );
-    }
-
-    /*
-     * Add message length
-     */
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
-
-    MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 );
-    MBEDTLS_PUT_UINT32_BE( low,  ctx->buffer, 60 );
-
-    if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 )
-        return( ret );
-
-    /*
-     * Output final state
-     */
-    MBEDTLS_PUT_UINT32_BE( ctx->state[0], output,  0 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[1], output,  4 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[2], output,  8 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
-                          unsigned char output[20] )
-{
-    mbedtls_sha1_finish_ret( ctx, output );
-}
-#endif
-
-#endif /* !MBEDTLS_SHA1_ALT */
-
-/*
- * output = SHA-1( input buffer )
- */
-int mbedtls_sha1_ret( const unsigned char *input,
-                      size_t ilen,
-                      unsigned char output[20] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_sha1_context ctx;
-
-    SHA1_VALIDATE_RET( ilen == 0 || input != NULL );
-    SHA1_VALIDATE_RET( (unsigned char *)output != NULL );
-
-    mbedtls_sha1_init( &ctx );
-
-    if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_sha1_update_ret( &ctx, input, ilen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_sha1_finish_ret( &ctx, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_sha1_free( &ctx );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha1( const unsigned char *input,
-                   size_t ilen,
-                   unsigned char output[20] )
-{
-    mbedtls_sha1_ret( input, ilen, output );
-}
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * FIPS-180-1 test vectors
- */
-static const unsigned char sha1_test_buf[3][57] =
-{
-    { "abc" },
-    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
-    { "" }
-};
-
-static const size_t sha1_test_buflen[3] =
-{
-    3, 56, 1000
-};
-
-static const unsigned char sha1_test_sum[3][20] =
-{
-    { 0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, 0x6A, 0xBA, 0x3E,
-      0x25, 0x71, 0x78, 0x50, 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D },
-    { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 0xBA, 0xAE,
-      0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 0xE5, 0x46, 0x70, 0xF1 },
-    { 0x34, 0xAA, 0x97, 0x3C, 0xD4, 0xC4, 0xDA, 0xA4, 0xF6, 0x1E,
-      0xEB, 0x2B, 0xDB, 0xAD, 0x27, 0x31, 0x65, 0x34, 0x01, 0x6F }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_sha1_self_test( int verbose )
-{
-    int i, j, buflen, ret = 0;
-    unsigned char buf[1024];
-    unsigned char sha1sum[20];
-    mbedtls_sha1_context ctx;
-
-    mbedtls_sha1_init( &ctx );
-
-    /*
-     * SHA-1
-     */
-    for( i = 0; i < 3; i++ )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "  SHA-1 test #%d: ", i + 1 );
-
-        if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 )
-            goto fail;
-
-        if( i == 2 )
-        {
-            memset( buf, 'a', buflen = 1000 );
-
-            for( j = 0; j < 1000; j++ )
-            {
-                ret = mbedtls_sha1_update_ret( &ctx, buf, buflen );
-                if( ret != 0 )
-                    goto fail;
-            }
-        }
-        else
-        {
-            ret = mbedtls_sha1_update_ret( &ctx, sha1_test_buf[i],
-                                           sha1_test_buflen[i] );
-            if( ret != 0 )
-                goto fail;
-        }
-
-        if( ( ret = mbedtls_sha1_finish_ret( &ctx, sha1sum ) ) != 0 )
-            goto fail;
-
-        if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 )
-        {
-            ret = 1;
-            goto fail;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    goto exit;
-
-fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-exit:
-    mbedtls_sha1_free( &ctx );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_SHA1_C */
diff --git a/Sources/mbedtls/library/sha256.c b/Sources/mbedtls/library/sha256.c
deleted file mode 100644
index 6f1306e..0000000
--- a/Sources/mbedtls/library/sha256.c
+++ /dev/null
@@ -1,575 +0,0 @@
-/*
- *  FIPS-180-2 compliant SHA-256 implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The SHA-256 Secure Hash Standard was published by NIST in 2002.
- *
- *  http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_SHA256_C)
-
-#include "mbedtls/sha256.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#define SHA256_VALIDATE_RET(cond)                           \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA256_BAD_INPUT_DATA )
-#define SHA256_VALIDATE(cond)  MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#if !defined(MBEDTLS_SHA256_ALT)
-
-void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
-{
-    SHA256_VALIDATE( ctx != NULL );
-
-    memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
-}
-
-void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) );
-}
-
-void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
-                           const mbedtls_sha256_context *src )
-{
-    SHA256_VALIDATE( dst != NULL );
-    SHA256_VALIDATE( src != NULL );
-
-    *dst = *src;
-}
-
-/*
- * SHA-256 context setup
- */
-int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
-{
-    SHA256_VALIDATE_RET( ctx != NULL );
-    SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
-
-    ctx->total[0] = 0;
-    ctx->total[1] = 0;
-
-    if( is224 == 0 )
-    {
-        /* SHA-256 */
-        ctx->state[0] = 0x6A09E667;
-        ctx->state[1] = 0xBB67AE85;
-        ctx->state[2] = 0x3C6EF372;
-        ctx->state[3] = 0xA54FF53A;
-        ctx->state[4] = 0x510E527F;
-        ctx->state[5] = 0x9B05688C;
-        ctx->state[6] = 0x1F83D9AB;
-        ctx->state[7] = 0x5BE0CD19;
-    }
-    else
-    {
-        /* SHA-224 */
-        ctx->state[0] = 0xC1059ED8;
-        ctx->state[1] = 0x367CD507;
-        ctx->state[2] = 0x3070DD17;
-        ctx->state[3] = 0xF70E5939;
-        ctx->state[4] = 0xFFC00B31;
-        ctx->state[5] = 0x68581511;
-        ctx->state[6] = 0x64F98FA7;
-        ctx->state[7] = 0xBEFA4FA4;
-    }
-
-    ctx->is224 = is224;
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
-                            int is224 )
-{
-    mbedtls_sha256_starts_ret( ctx, is224 );
-}
-#endif
-
-#if !defined(MBEDTLS_SHA256_PROCESS_ALT)
-static const uint32_t K[] =
-{
-    0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5,
-    0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5,
-    0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
-    0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174,
-    0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC,
-    0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA,
-    0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7,
-    0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967,
-    0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13,
-    0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85,
-    0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3,
-    0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070,
-    0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5,
-    0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3,
-    0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208,
-    0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2,
-};
-
-#define  SHR(x,n) (((x) & 0xFFFFFFFF) >> (n))
-#define ROTR(x,n) (SHR(x,n) | ((x) << (32 - (n))))
-
-#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^  SHR(x, 3))
-#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^  SHR(x,10))
-
-#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
-#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
-
-#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
-#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
-
-#define R(t)                                                        \
-    (                                                               \
-        local.W[t] = S1(local.W[(t) -  2]) + local.W[(t) -  7] +    \
-                     S0(local.W[(t) - 15]) + local.W[(t) - 16]      \
-    )
-
-#define P(a,b,c,d,e,f,g,h,x,K)                                      \
-    do                                                              \
-    {                                                               \
-        local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x);    \
-        local.temp2 = S2(a) + F0((a),(b),(c));                      \
-        (d) += local.temp1; (h) = local.temp1 + local.temp2;        \
-    } while( 0 )
-
-int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
-                                const unsigned char data[64] )
-{
-    struct
-    {
-        uint32_t temp1, temp2, W[64];
-        uint32_t A[8];
-    } local;
-
-    unsigned int i;
-
-    SHA256_VALIDATE_RET( ctx != NULL );
-    SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
-
-    for( i = 0; i < 8; i++ )
-        local.A[i] = ctx->state[i];
-
-#if defined(MBEDTLS_SHA256_SMALLER)
-    for( i = 0; i < 64; i++ )
-    {
-        if( i < 16 )
-            local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i );
-        else
-            R( i );
-
-        P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
-           local.A[5], local.A[6], local.A[7], local.W[i], K[i] );
-
-        local.temp1 = local.A[7]; local.A[7] = local.A[6];
-        local.A[6] = local.A[5]; local.A[5] = local.A[4];
-        local.A[4] = local.A[3]; local.A[3] = local.A[2];
-        local.A[2] = local.A[1]; local.A[1] = local.A[0];
-        local.A[0] = local.temp1;
-    }
-#else /* MBEDTLS_SHA256_SMALLER */
-    for( i = 0; i < 16; i++ )
-        local.W[i] = MBEDTLS_GET_UINT32_BE( data, 4 * i );
-
-    for( i = 0; i < 16; i += 8 )
-    {
-        P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
-           local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0] );
-        P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
-           local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1] );
-        P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
-           local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2] );
-        P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
-           local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3] );
-        P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
-           local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4] );
-        P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
-           local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5] );
-        P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
-           local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6] );
-        P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
-           local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7] );
-    }
-
-    for( i = 16; i < 64; i += 8 )
-    {
-        P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
-           local.A[5], local.A[6], local.A[7], R(i+0), K[i+0] );
-        P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
-           local.A[4], local.A[5], local.A[6], R(i+1), K[i+1] );
-        P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
-           local.A[3], local.A[4], local.A[5], R(i+2), K[i+2] );
-        P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
-           local.A[2], local.A[3], local.A[4], R(i+3), K[i+3] );
-        P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
-           local.A[1], local.A[2], local.A[3], R(i+4), K[i+4] );
-        P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
-           local.A[0], local.A[1], local.A[2], R(i+5), K[i+5] );
-        P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
-           local.A[7], local.A[0], local.A[1], R(i+6), K[i+6] );
-        P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
-           local.A[6], local.A[7], local.A[0], R(i+7), K[i+7] );
-    }
-#endif /* MBEDTLS_SHA256_SMALLER */
-
-    for( i = 0; i < 8; i++ )
-        ctx->state[i] += local.A[i];
-
-    /* Zeroise buffers and variables to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( &local, sizeof( local ) );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
-                             const unsigned char data[64] )
-{
-    mbedtls_internal_sha256_process( ctx, data );
-}
-#endif
-#endif /* !MBEDTLS_SHA256_PROCESS_ALT */
-
-/*
- * SHA-256 process buffer
- */
-int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
-                               const unsigned char *input,
-                               size_t ilen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t fill;
-    uint32_t left;
-
-    SHA256_VALIDATE_RET( ctx != NULL );
-    SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
-
-    if( ilen == 0 )
-        return( 0 );
-
-    left = ctx->total[0] & 0x3F;
-    fill = 64 - left;
-
-    ctx->total[0] += (uint32_t) ilen;
-    ctx->total[0] &= 0xFFFFFFFF;
-
-    if( ctx->total[0] < (uint32_t) ilen )
-        ctx->total[1]++;
-
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
-
-        if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
-
-        input += fill;
-        ilen  -= fill;
-        left = 0;
-    }
-
-    while( ilen >= 64 )
-    {
-        if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 )
-            return( ret );
-
-        input += 64;
-        ilen  -= 64;
-    }
-
-    if( ilen > 0 )
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen )
-{
-    mbedtls_sha256_update_ret( ctx, input, ilen );
-}
-#endif
-
-/*
- * SHA-256 final digest
- */
-int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
-                               unsigned char output[32] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    uint32_t used;
-    uint32_t high, low;
-
-    SHA256_VALIDATE_RET( ctx != NULL );
-    SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
-
-    /*
-     * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
-     */
-    used = ctx->total[0] & 0x3F;
-
-    ctx->buffer[used++] = 0x80;
-
-    if( used <= 56 )
-    {
-        /* Enough room for padding + length in current block */
-        memset( ctx->buffer + used, 0, 56 - used );
-    }
-    else
-    {
-        /* We'll need an extra block */
-        memset( ctx->buffer + used, 0, 64 - used );
-
-        if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
-
-        memset( ctx->buffer, 0, 56 );
-    }
-
-    /*
-     * Add message length
-     */
-    high = ( ctx->total[0] >> 29 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
-
-    MBEDTLS_PUT_UINT32_BE( high, ctx->buffer, 56 );
-    MBEDTLS_PUT_UINT32_BE( low,  ctx->buffer, 60 );
-
-    if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 )
-        return( ret );
-
-    /*
-     * Output final state
-     */
-    MBEDTLS_PUT_UINT32_BE( ctx->state[0], output,  0 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[1], output,  4 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[2], output,  8 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[3], output, 12 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[4], output, 16 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[5], output, 20 );
-    MBEDTLS_PUT_UINT32_BE( ctx->state[6], output, 24 );
-
-    if( ctx->is224 == 0 )
-        MBEDTLS_PUT_UINT32_BE( ctx->state[7], output, 28 );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
-                            unsigned char output[32] )
-{
-    mbedtls_sha256_finish_ret( ctx, output );
-}
-#endif
-
-#endif /* !MBEDTLS_SHA256_ALT */
-
-/*
- * output = SHA-256( input buffer )
- */
-int mbedtls_sha256_ret( const unsigned char *input,
-                        size_t ilen,
-                        unsigned char output[32],
-                        int is224 )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_sha256_context ctx;
-
-    SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 );
-    SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
-    SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
-
-    mbedtls_sha256_init( &ctx );
-
-    if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_sha256_free( &ctx );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha256( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[32],
-                     int is224 )
-{
-    mbedtls_sha256_ret( input, ilen, output, is224 );
-}
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-/*
- * FIPS-180-2 test vectors
- */
-static const unsigned char sha256_test_buf[3][57] =
-{
-    { "abc" },
-    { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
-    { "" }
-};
-
-static const size_t sha256_test_buflen[3] =
-{
-    3, 56, 1000
-};
-
-static const unsigned char sha256_test_sum[6][32] =
-{
-    /*
-     * SHA-224 test vectors
-     */
-    { 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
-      0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
-      0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
-      0xE3, 0x6C, 0x9D, 0xA7 },
-    { 0x75, 0x38, 0x8B, 0x16, 0x51, 0x27, 0x76, 0xCC,
-      0x5D, 0xBA, 0x5D, 0xA1, 0xFD, 0x89, 0x01, 0x50,
-      0xB0, 0xC6, 0x45, 0x5C, 0xB4, 0xF5, 0x8B, 0x19,
-      0x52, 0x52, 0x25, 0x25 },
-    { 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
-      0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
-      0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
-      0x4E, 0xE7, 0xAD, 0x67 },
-
-    /*
-     * SHA-256 test vectors
-     */
-    { 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
-      0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
-      0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
-      0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD },
-    { 0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
-      0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
-      0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
-      0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1 },
-    { 0xCD, 0xC7, 0x6E, 0x5C, 0x99, 0x14, 0xFB, 0x92,
-      0x81, 0xA1, 0xC7, 0xE2, 0x84, 0xD7, 0x3E, 0x67,
-      0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
-      0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
-};
-
-/*
- * Checkup routine
- */
-int mbedtls_sha256_self_test( int verbose )
-{
-    int i, j, k, buflen, ret = 0;
-    unsigned char *buf;
-    unsigned char sha256sum[32];
-    mbedtls_sha256_context ctx;
-
-    buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
-    if( NULL == buf )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "Buffer allocation failed\n" );
-
-        return( 1 );
-    }
-
-    mbedtls_sha256_init( &ctx );
-
-    for( i = 0; i < 6; i++ )
-    {
-        j = i % 3;
-        k = i < 3;
-
-        if( verbose != 0 )
-            mbedtls_printf( "  SHA-%d test #%d: ", 256 - k * 32, j + 1 );
-
-        if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 )
-            goto fail;
-
-        if( j == 2 )
-        {
-            memset( buf, 'a', buflen = 1000 );
-
-            for( j = 0; j < 1000; j++ )
-            {
-                ret = mbedtls_sha256_update_ret( &ctx, buf, buflen );
-                if( ret != 0 )
-                    goto fail;
-            }
-
-        }
-        else
-        {
-            ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j],
-                                             sha256_test_buflen[j] );
-            if( ret != 0 )
-                 goto fail;
-        }
-
-        if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 )
-            goto fail;
-
-
-        if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
-        {
-            ret = 1;
-            goto fail;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    goto exit;
-
-fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-exit:
-    mbedtls_sha256_free( &ctx );
-    mbedtls_free( buf );
-
-    return( ret );
-}
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_SHA256_C */
diff --git a/Sources/mbedtls/library/sha512.c b/Sources/mbedtls/library/sha512.c
deleted file mode 100644
index 1a6872c..0000000
--- a/Sources/mbedtls/library/sha512.c
+++ /dev/null
@@ -1,652 +0,0 @@
-/*
- *  FIPS-180-2 compliant SHA-384/512 implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The SHA-512 Secure Hash Standard was published by NIST in 2002.
- *
- *  http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_SHA512_C)
-
-#include "mbedtls/sha512.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/error.h"
-
-#if defined(_MSC_VER) || defined(__WATCOMC__)
-  #define UL64(x) x##ui64
-#else
-  #define UL64(x) x##ULL
-#endif
-
-#include <string.h>
-
-#include "mbedtls/platform.h"
-
-#define SHA512_VALIDATE_RET(cond)                           \
-    MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_SHA512_BAD_INPUT_DATA )
-#define SHA512_VALIDATE(cond)  MBEDTLS_INTERNAL_VALIDATE( cond )
-
-#if !defined(MBEDTLS_SHA512_ALT)
-
-#if defined(MBEDTLS_SHA512_SMALLER)
-static void sha512_put_uint64_be( uint64_t n, unsigned char *b, uint8_t i )
-{
-    MBEDTLS_PUT_UINT64_BE(n, b, i);
-}
-#else
-#define sha512_put_uint64_be    MBEDTLS_PUT_UINT64_BE
-#endif /* MBEDTLS_SHA512_SMALLER */
-
-void mbedtls_sha512_init( mbedtls_sha512_context *ctx )
-{
-    SHA512_VALIDATE( ctx != NULL );
-
-    memset( ctx, 0, sizeof( mbedtls_sha512_context ) );
-}
-
-void mbedtls_sha512_free( mbedtls_sha512_context *ctx )
-{
-    if( ctx == NULL )
-        return;
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) );
-}
-
-void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
-                           const mbedtls_sha512_context *src )
-{
-    SHA512_VALIDATE( dst != NULL );
-    SHA512_VALIDATE( src != NULL );
-
-    *dst = *src;
-}
-
-/*
- * SHA-512 context setup
- */
-int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 )
-{
-    SHA512_VALIDATE_RET( ctx != NULL );
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-    SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
-#else
-    SHA512_VALIDATE_RET( is384 == 0 );
-#endif
-
-    ctx->total[0] = 0;
-    ctx->total[1] = 0;
-
-    if( is384 == 0 )
-    {
-        /* SHA-512 */
-        ctx->state[0] = UL64(0x6A09E667F3BCC908);
-        ctx->state[1] = UL64(0xBB67AE8584CAA73B);
-        ctx->state[2] = UL64(0x3C6EF372FE94F82B);
-        ctx->state[3] = UL64(0xA54FF53A5F1D36F1);
-        ctx->state[4] = UL64(0x510E527FADE682D1);
-        ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
-        ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
-        ctx->state[7] = UL64(0x5BE0CD19137E2179);
-    }
-    else
-    {
-#if defined(MBEDTLS_SHA512_NO_SHA384)
-        return( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA );
-#else
-        /* SHA-384 */
-        ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
-        ctx->state[1] = UL64(0x629A292A367CD507);
-        ctx->state[2] = UL64(0x9159015A3070DD17);
-        ctx->state[3] = UL64(0x152FECD8F70E5939);
-        ctx->state[4] = UL64(0x67332667FFC00B31);
-        ctx->state[5] = UL64(0x8EB44A8768581511);
-        ctx->state[6] = UL64(0xDB0C2E0D64F98FA7);
-        ctx->state[7] = UL64(0x47B5481DBEFA4FA4);
-#endif /* MBEDTLS_SHA512_NO_SHA384 */
-    }
-
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-    ctx->is384 = is384;
-#endif
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
-                            int is384 )
-{
-    mbedtls_sha512_starts_ret( ctx, is384 );
-}
-#endif
-
-#if !defined(MBEDTLS_SHA512_PROCESS_ALT)
-
-/*
- * Round constants
- */
-static const uint64_t K[80] =
-{
-    UL64(0x428A2F98D728AE22),  UL64(0x7137449123EF65CD),
-    UL64(0xB5C0FBCFEC4D3B2F),  UL64(0xE9B5DBA58189DBBC),
-    UL64(0x3956C25BF348B538),  UL64(0x59F111F1B605D019),
-    UL64(0x923F82A4AF194F9B),  UL64(0xAB1C5ED5DA6D8118),
-    UL64(0xD807AA98A3030242),  UL64(0x12835B0145706FBE),
-    UL64(0x243185BE4EE4B28C),  UL64(0x550C7DC3D5FFB4E2),
-    UL64(0x72BE5D74F27B896F),  UL64(0x80DEB1FE3B1696B1),
-    UL64(0x9BDC06A725C71235),  UL64(0xC19BF174CF692694),
-    UL64(0xE49B69C19EF14AD2),  UL64(0xEFBE4786384F25E3),
-    UL64(0x0FC19DC68B8CD5B5),  UL64(0x240CA1CC77AC9C65),
-    UL64(0x2DE92C6F592B0275),  UL64(0x4A7484AA6EA6E483),
-    UL64(0x5CB0A9DCBD41FBD4),  UL64(0x76F988DA831153B5),
-    UL64(0x983E5152EE66DFAB),  UL64(0xA831C66D2DB43210),
-    UL64(0xB00327C898FB213F),  UL64(0xBF597FC7BEEF0EE4),
-    UL64(0xC6E00BF33DA88FC2),  UL64(0xD5A79147930AA725),
-    UL64(0x06CA6351E003826F),  UL64(0x142929670A0E6E70),
-    UL64(0x27B70A8546D22FFC),  UL64(0x2E1B21385C26C926),
-    UL64(0x4D2C6DFC5AC42AED),  UL64(0x53380D139D95B3DF),
-    UL64(0x650A73548BAF63DE),  UL64(0x766A0ABB3C77B2A8),
-    UL64(0x81C2C92E47EDAEE6),  UL64(0x92722C851482353B),
-    UL64(0xA2BFE8A14CF10364),  UL64(0xA81A664BBC423001),
-    UL64(0xC24B8B70D0F89791),  UL64(0xC76C51A30654BE30),
-    UL64(0xD192E819D6EF5218),  UL64(0xD69906245565A910),
-    UL64(0xF40E35855771202A),  UL64(0x106AA07032BBD1B8),
-    UL64(0x19A4C116B8D2D0C8),  UL64(0x1E376C085141AB53),
-    UL64(0x2748774CDF8EEB99),  UL64(0x34B0BCB5E19B48A8),
-    UL64(0x391C0CB3C5C95A63),  UL64(0x4ED8AA4AE3418ACB),
-    UL64(0x5B9CCA4F7763E373),  UL64(0x682E6FF3D6B2B8A3),
-    UL64(0x748F82EE5DEFB2FC),  UL64(0x78A5636F43172F60),
-    UL64(0x84C87814A1F0AB72),  UL64(0x8CC702081A6439EC),
-    UL64(0x90BEFFFA23631E28),  UL64(0xA4506CEBDE82BDE9),
-    UL64(0xBEF9A3F7B2C67915),  UL64(0xC67178F2E372532B),
-    UL64(0xCA273ECEEA26619C),  UL64(0xD186B8C721C0C207),
-    UL64(0xEADA7DD6CDE0EB1E),  UL64(0xF57D4F7FEE6ED178),
-    UL64(0x06F067AA72176FBA),  UL64(0x0A637DC5A2C898A6),
-    UL64(0x113F9804BEF90DAE),  UL64(0x1B710B35131C471B),
-    UL64(0x28DB77F523047D84),  UL64(0x32CAAB7B40C72493),
-    UL64(0x3C9EBE0A15C9BEBC),  UL64(0x431D67C49C100D4C),
-    UL64(0x4CC5D4BECB3E42B6),  UL64(0x597F299CFC657E2A),
-    UL64(0x5FCB6FAB3AD6FAEC),  UL64(0x6C44198C4A475817)
-};
-
-int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
-                                     const unsigned char data[128] )
-{
-    int i;
-    struct
-    {
-        uint64_t temp1, temp2, W[80];
-        uint64_t A[8];
-    } local;
-
-    SHA512_VALIDATE_RET( ctx != NULL );
-    SHA512_VALIDATE_RET( (const unsigned char *)data != NULL );
-
-#define  SHR(x,n) ((x) >> (n))
-#define ROTR(x,n) (SHR((x),(n)) | ((x) << (64 - (n))))
-
-#define S0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^  SHR(x, 7))
-#define S1(x) (ROTR(x,19) ^ ROTR(x,61) ^  SHR(x, 6))
-
-#define S2(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
-#define S3(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
-
-#define F0(x,y,z) (((x) & (y)) | ((z) & ((x) | (y))))
-#define F1(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
-
-#define P(a,b,c,d,e,f,g,h,x,K)                                      \
-    do                                                              \
-    {                                                               \
-        local.temp1 = (h) + S3(e) + F1((e),(f),(g)) + (K) + (x);    \
-        local.temp2 = S2(a) + F0((a),(b),(c));                      \
-        (d) += local.temp1; (h) = local.temp1 + local.temp2;        \
-    } while( 0 )
-
-    for( i = 0; i < 8; i++ )
-        local.A[i] = ctx->state[i];
-
-#if defined(MBEDTLS_SHA512_SMALLER)
-    for( i = 0; i < 80; i++ )
-    {
-        if( i < 16 )
-        {
-            local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 );
-        }
-        else
-        {
-            local.W[i] = S1(local.W[i -  2]) + local.W[i -  7] +
-                   S0(local.W[i - 15]) + local.W[i - 16];
-        }
-
-        P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
-           local.A[5], local.A[6], local.A[7], local.W[i], K[i] );
-
-        local.temp1 = local.A[7]; local.A[7] = local.A[6];
-        local.A[6] = local.A[5]; local.A[5] = local.A[4];
-        local.A[4] = local.A[3]; local.A[3] = local.A[2];
-        local.A[2] = local.A[1]; local.A[1] = local.A[0];
-        local.A[0] = local.temp1;
-    }
-#else /* MBEDTLS_SHA512_SMALLER */
-    for( i = 0; i < 16; i++ )
-    {
-        local.W[i] = MBEDTLS_GET_UINT64_BE( data, i << 3 );
-    }
-
-    for( ; i < 80; i++ )
-    {
-        local.W[i] = S1(local.W[i -  2]) + local.W[i -  7] +
-               S0(local.W[i - 15]) + local.W[i - 16];
-    }
-
-    i = 0;
-    do
-    {
-        P( local.A[0], local.A[1], local.A[2], local.A[3], local.A[4],
-           local.A[5], local.A[6], local.A[7], local.W[i], K[i] ); i++;
-        P( local.A[7], local.A[0], local.A[1], local.A[2], local.A[3],
-           local.A[4], local.A[5], local.A[6], local.W[i], K[i] ); i++;
-        P( local.A[6], local.A[7], local.A[0], local.A[1], local.A[2],
-           local.A[3], local.A[4], local.A[5], local.W[i], K[i] ); i++;
-        P( local.A[5], local.A[6], local.A[7], local.A[0], local.A[1],
-           local.A[2], local.A[3], local.A[4], local.W[i], K[i] ); i++;
-        P( local.A[4], local.A[5], local.A[6], local.A[7], local.A[0],
-           local.A[1], local.A[2], local.A[3], local.W[i], K[i] ); i++;
-        P( local.A[3], local.A[4], local.A[5], local.A[6], local.A[7],
-           local.A[0], local.A[1], local.A[2], local.W[i], K[i] ); i++;
-        P( local.A[2], local.A[3], local.A[4], local.A[5], local.A[6],
-           local.A[7], local.A[0], local.A[1], local.W[i], K[i] ); i++;
-        P( local.A[1], local.A[2], local.A[3], local.A[4], local.A[5],
-           local.A[6], local.A[7], local.A[0], local.W[i], K[i] ); i++;
-    }
-    while( i < 80 );
-#endif /* MBEDTLS_SHA512_SMALLER */
-
-    for( i = 0; i < 8; i++ )
-        ctx->state[i] += local.A[i];
-
-    /* Zeroise buffers and variables to clear sensitive data from memory. */
-    mbedtls_platform_zeroize( &local, sizeof( local ) );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_process( mbedtls_sha512_context *ctx,
-                             const unsigned char data[128] )
-{
-    mbedtls_internal_sha512_process( ctx, data );
-}
-#endif
-#endif /* !MBEDTLS_SHA512_PROCESS_ALT */
-
-/*
- * SHA-512 process buffer
- */
-int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
-                               const unsigned char *input,
-                               size_t ilen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t fill;
-    unsigned int left;
-
-    SHA512_VALIDATE_RET( ctx != NULL );
-    SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
-
-    if( ilen == 0 )
-        return( 0 );
-
-    left = (unsigned int) (ctx->total[0] & 0x7F);
-    fill = 128 - left;
-
-    ctx->total[0] += (uint64_t) ilen;
-
-    if( ctx->total[0] < (uint64_t) ilen )
-        ctx->total[1]++;
-
-    if( left && ilen >= fill )
-    {
-        memcpy( (void *) (ctx->buffer + left), input, fill );
-
-        if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
-
-        input += fill;
-        ilen  -= fill;
-        left = 0;
-    }
-
-    while( ilen >= 128 )
-    {
-        if( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 )
-            return( ret );
-
-        input += 128;
-        ilen  -= 128;
-    }
-
-    if( ilen > 0 )
-        memcpy( (void *) (ctx->buffer + left), input, ilen );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
-                            const unsigned char *input,
-                            size_t ilen )
-{
-    mbedtls_sha512_update_ret( ctx, input, ilen );
-}
-#endif
-
-/*
- * SHA-512 final digest
- */
-int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
-                               unsigned char output[64] )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned used;
-    uint64_t high, low;
-
-    SHA512_VALIDATE_RET( ctx != NULL );
-    SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
-
-    /*
-     * Add padding: 0x80 then 0x00 until 16 bytes remain for the length
-     */
-    used = ctx->total[0] & 0x7F;
-
-    ctx->buffer[used++] = 0x80;
-
-    if( used <= 112 )
-    {
-        /* Enough room for padding + length in current block */
-        memset( ctx->buffer + used, 0, 112 - used );
-    }
-    else
-    {
-        /* We'll need an extra block */
-        memset( ctx->buffer + used, 0, 128 - used );
-
-        if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
-            return( ret );
-
-        memset( ctx->buffer, 0, 112 );
-    }
-
-    /*
-     * Add message length
-     */
-    high = ( ctx->total[0] >> 61 )
-         | ( ctx->total[1] <<  3 );
-    low  = ( ctx->total[0] <<  3 );
-
-    sha512_put_uint64_be( high, ctx->buffer, 112 );
-    sha512_put_uint64_be( low,  ctx->buffer, 120 );
-
-    if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 )
-        return( ret );
-
-    /*
-     * Output final state
-     */
-    sha512_put_uint64_be( ctx->state[0], output,  0 );
-    sha512_put_uint64_be( ctx->state[1], output,  8 );
-    sha512_put_uint64_be( ctx->state[2], output, 16 );
-    sha512_put_uint64_be( ctx->state[3], output, 24 );
-    sha512_put_uint64_be( ctx->state[4], output, 32 );
-    sha512_put_uint64_be( ctx->state[5], output, 40 );
-
-    int truncated = 0;
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-    truncated = ctx->is384;
-#endif
-    if( !truncated )
-    {
-        sha512_put_uint64_be( ctx->state[6], output, 48 );
-        sha512_put_uint64_be( ctx->state[7], output, 56 );
-    }
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
-                            unsigned char output[64] )
-{
-    mbedtls_sha512_finish_ret( ctx, output );
-}
-#endif
-
-#endif /* !MBEDTLS_SHA512_ALT */
-
-/*
- * output = SHA-512( input buffer )
- */
-int mbedtls_sha512_ret( const unsigned char *input,
-                    size_t ilen,
-                    unsigned char output[64],
-                    int is384 )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_sha512_context ctx;
-
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-    SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 );
-#else
-    SHA512_VALIDATE_RET( is384 == 0 );
-#endif
-    SHA512_VALIDATE_RET( ilen == 0 || input != NULL );
-    SHA512_VALIDATE_RET( (unsigned char *)output != NULL );
-
-    mbedtls_sha512_init( &ctx );
-
-    if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_sha512_update_ret( &ctx, input, ilen ) ) != 0 )
-        goto exit;
-
-    if( ( ret = mbedtls_sha512_finish_ret( &ctx, output ) ) != 0 )
-        goto exit;
-
-exit:
-    mbedtls_sha512_free( &ctx );
-
-    return( ret );
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_sha512( const unsigned char *input,
-                     size_t ilen,
-                     unsigned char output[64],
-                     int is384 )
-{
-    mbedtls_sha512_ret( input, ilen, output, is384 );
-}
-#endif
-
-#if defined(MBEDTLS_SELF_TEST)
-
-/*
- * FIPS-180-2 test vectors
- */
-static const unsigned char sha512_test_buf[3][113] =
-{
-    { "abc" },
-    { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
-    { "" }
-};
-
-static const size_t sha512_test_buflen[3] =
-{
-    3, 112, 1000
-};
-
-static const unsigned char sha512_test_sum[][64] =
-{
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-    /*
-     * SHA-384 test vectors
-     */
-    { 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
-      0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
-      0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
-      0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED,
-      0x80, 0x86, 0x07, 0x2B, 0xA1, 0xE7, 0xCC, 0x23,
-      0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7 },
-    { 0x09, 0x33, 0x0C, 0x33, 0xF7, 0x11, 0x47, 0xE8,
-      0x3D, 0x19, 0x2F, 0xC7, 0x82, 0xCD, 0x1B, 0x47,
-      0x53, 0x11, 0x1B, 0x17, 0x3B, 0x3B, 0x05, 0xD2,
-      0x2F, 0xA0, 0x80, 0x86, 0xE3, 0xB0, 0xF7, 0x12,
-      0xFC, 0xC7, 0xC7, 0x1A, 0x55, 0x7E, 0x2D, 0xB9,
-      0x66, 0xC3, 0xE9, 0xFA, 0x91, 0x74, 0x60, 0x39 },
-    { 0x9D, 0x0E, 0x18, 0x09, 0x71, 0x64, 0x74, 0xCB,
-      0x08, 0x6E, 0x83, 0x4E, 0x31, 0x0A, 0x4A, 0x1C,
-      0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
-      0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
-      0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
-      0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
-#endif /* !MBEDTLS_SHA512_NO_SHA384 */
-
-    /*
-     * SHA-512 test vectors
-     */
-    { 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
-      0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
-      0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
-      0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A,
-      0x21, 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8,
-      0x36, 0xBA, 0x3C, 0x23, 0xA3, 0xFE, 0xEB, 0xBD,
-      0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, 0x0E,
-      0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F },
-    { 0x8E, 0x95, 0x9B, 0x75, 0xDA, 0xE3, 0x13, 0xDA,
-      0x8C, 0xF4, 0xF7, 0x28, 0x14, 0xFC, 0x14, 0x3F,
-      0x8F, 0x77, 0x79, 0xC6, 0xEB, 0x9F, 0x7F, 0xA1,
-      0x72, 0x99, 0xAE, 0xAD, 0xB6, 0x88, 0x90, 0x18,
-      0x50, 0x1D, 0x28, 0x9E, 0x49, 0x00, 0xF7, 0xE4,
-      0x33, 0x1B, 0x99, 0xDE, 0xC4, 0xB5, 0x43, 0x3A,
-      0xC7, 0xD3, 0x29, 0xEE, 0xB6, 0xDD, 0x26, 0x54,
-      0x5E, 0x96, 0xE5, 0x5B, 0x87, 0x4B, 0xE9, 0x09 },
-    { 0xE7, 0x18, 0x48, 0x3D, 0x0C, 0xE7, 0x69, 0x64,
-      0x4E, 0x2E, 0x42, 0xC7, 0xBC, 0x15, 0xB4, 0x63,
-      0x8E, 0x1F, 0x98, 0xB1, 0x3B, 0x20, 0x44, 0x28,
-      0x56, 0x32, 0xA8, 0x03, 0xAF, 0xA9, 0x73, 0xEB,
-      0xDE, 0x0F, 0xF2, 0x44, 0x87, 0x7E, 0xA6, 0x0A,
-      0x4C, 0xB0, 0x43, 0x2C, 0xE5, 0x77, 0xC3, 0x1B,
-      0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
-      0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
-};
-
-#define ARRAY_LENGTH( a )   ( sizeof( a ) / sizeof( ( a )[0] ) )
-
-/*
- * Checkup routine
- */
-int mbedtls_sha512_self_test( int verbose )
-{
-    int i, j, k, buflen, ret = 0;
-    unsigned char *buf;
-    unsigned char sha512sum[64];
-    mbedtls_sha512_context ctx;
-
-    buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
-    if( NULL == buf )
-    {
-        if( verbose != 0 )
-            mbedtls_printf( "Buffer allocation failed\n" );
-
-        return( 1 );
-    }
-
-    mbedtls_sha512_init( &ctx );
-
-    for( i = 0; i < (int) ARRAY_LENGTH(sha512_test_sum); i++ )
-    {
-        j = i % 3;
-#if !defined(MBEDTLS_SHA512_NO_SHA384)
-        k = i < 3;
-#else
-        k = 0;
-#endif
-
-        if( verbose != 0 )
-            mbedtls_printf( "  SHA-%d test #%d: ", 512 - k * 128, j + 1 );
-
-        if( ( ret = mbedtls_sha512_starts_ret( &ctx, k ) ) != 0 )
-            goto fail;
-
-        if( j == 2 )
-        {
-            memset( buf, 'a', buflen = 1000 );
-
-            for( j = 0; j < 1000; j++ )
-            {
-                ret = mbedtls_sha512_update_ret( &ctx, buf, buflen );
-                if( ret != 0 )
-                    goto fail;
-            }
-        }
-        else
-        {
-            ret = mbedtls_sha512_update_ret( &ctx, sha512_test_buf[j],
-                                             sha512_test_buflen[j] );
-            if( ret != 0 )
-                goto fail;
-        }
-
-        if( ( ret = mbedtls_sha512_finish_ret( &ctx, sha512sum ) ) != 0 )
-            goto fail;
-
-        if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
-        {
-            ret = 1;
-            goto fail;
-        }
-
-        if( verbose != 0 )
-            mbedtls_printf( "passed\n" );
-    }
-
-    if( verbose != 0 )
-        mbedtls_printf( "\n" );
-
-    goto exit;
-
-fail:
-    if( verbose != 0 )
-        mbedtls_printf( "failed\n" );
-
-exit:
-    mbedtls_sha512_free( &ctx );
-    mbedtls_free( buf );
-
-    return( ret );
-}
-
-#undef ARRAY_LENGTH
-
-#endif /* MBEDTLS_SELF_TEST */
-
-#endif /* MBEDTLS_SHA512_C */
diff --git a/Sources/mbedtls/library/ssl_cache.c b/Sources/mbedtls/library/ssl_cache.c
deleted file mode 100644
index 7a600ca..0000000
--- a/Sources/mbedtls/library/ssl_cache.c
+++ /dev/null
@@ -1,339 +0,0 @@
-/*
- *  SSL session cache implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- * These session callbacks use a simple chained list
- * to store and retrieve the session information.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_SSL_CACHE_C)
-
-#include "mbedtls/platform.h"
-
-#include "mbedtls/ssl_cache.h"
-#include "mbedtls/ssl_internal.h"
-
-#include <string.h>
-
-void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache )
-{
-    memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) );
-
-    cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT;
-    cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES;
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &cache->mutex );
-#endif
-}
-
-int mbedtls_ssl_cache_get( void *data, mbedtls_ssl_session *session )
-{
-    int ret = 1;
-#if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t t = mbedtls_time( NULL );
-#endif
-    mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
-    mbedtls_ssl_cache_entry *cur, *entry;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_lock( &cache->mutex ) != 0 )
-        return( 1 );
-#endif
-
-    cur = cache->chain;
-    entry = NULL;
-
-    while( cur != NULL )
-    {
-        entry = cur;
-        cur = cur->next;
-
-#if defined(MBEDTLS_HAVE_TIME)
-        if( cache->timeout != 0 &&
-            (int) ( t - entry->timestamp ) > cache->timeout )
-            continue;
-#endif
-
-        if( session->id_len != entry->session.id_len ||
-            memcmp( session->id, entry->session.id,
-                    entry->session.id_len ) != 0 )
-        {
-            continue;
-        }
-
-        ret = mbedtls_ssl_session_copy( session, &entry->session );
-        if( ret != 0 )
-        {
-            ret = 1;
-            goto exit;
-        }
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
-    defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-        /*
-         * Restore peer certificate (without rest of the original chain)
-         */
-        if( entry->peer_cert.p != NULL )
-        {
-            /* `session->peer_cert` is NULL after the call to
-             * mbedtls_ssl_session_copy(), because cache entries
-             * have the `peer_cert` field set to NULL. */
-
-            if( ( session->peer_cert = mbedtls_calloc( 1,
-                                 sizeof(mbedtls_x509_crt) ) ) == NULL )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            mbedtls_x509_crt_init( session->peer_cert );
-            if( mbedtls_x509_crt_parse( session->peer_cert, entry->peer_cert.p,
-                                entry->peer_cert.len ) != 0 )
-            {
-                mbedtls_free( session->peer_cert );
-                session->peer_cert = NULL;
-                ret = 1;
-                goto exit;
-            }
-        }
-#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-        ret = 0;
-        goto exit;
-    }
-
-exit:
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
-        ret = 1;
-#endif
-
-    return( ret );
-}
-
-int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
-{
-    int ret = 1;
-#if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0;
-    mbedtls_ssl_cache_entry *old = NULL;
-#endif
-    mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
-    mbedtls_ssl_cache_entry *cur, *prv;
-    int count = 0;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &cache->mutex ) ) != 0 )
-        return( ret );
-#endif
-
-    cur = cache->chain;
-    prv = NULL;
-
-    while( cur != NULL )
-    {
-        count++;
-
-#if defined(MBEDTLS_HAVE_TIME)
-        if( cache->timeout != 0 &&
-            (int) ( t - cur->timestamp ) > cache->timeout )
-        {
-            cur->timestamp = t;
-            break; /* expired, reuse this slot, update timestamp */
-        }
-#endif
-
-        if( memcmp( session->id, cur->session.id, cur->session.id_len ) == 0 )
-            break; /* client reconnected, keep timestamp for session id */
-
-#if defined(MBEDTLS_HAVE_TIME)
-        if( oldest == 0 || cur->timestamp < oldest )
-        {
-            oldest = cur->timestamp;
-            old = cur;
-        }
-#endif
-
-        prv = cur;
-        cur = cur->next;
-    }
-
-    if( cur == NULL )
-    {
-#if defined(MBEDTLS_HAVE_TIME)
-        /*
-         * Reuse oldest entry if max_entries reached
-         */
-        if( count >= cache->max_entries )
-        {
-            if( old == NULL )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            cur = old;
-        }
-#else /* MBEDTLS_HAVE_TIME */
-        /*
-         * Reuse first entry in chain if max_entries reached,
-         * but move to last place
-         */
-        if( count >= cache->max_entries )
-        {
-            if( cache->chain == NULL )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            cur = cache->chain;
-            cache->chain = cur->next;
-            cur->next = NULL;
-            prv->next = cur;
-        }
-#endif /* MBEDTLS_HAVE_TIME */
-        else
-        {
-            /*
-             * max_entries not reached, create new entry
-             */
-            cur = mbedtls_calloc( 1, sizeof(mbedtls_ssl_cache_entry) );
-            if( cur == NULL )
-            {
-                ret = 1;
-                goto exit;
-            }
-
-            if( prv == NULL )
-                cache->chain = cur;
-            else
-                prv->next = cur;
-        }
-
-#if defined(MBEDTLS_HAVE_TIME)
-        cur->timestamp = t;
-#endif
-    }
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
-    defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    /*
-     * If we're reusing an entry, free its certificate first
-     */
-    if( cur->peer_cert.p != NULL )
-    {
-        mbedtls_free( cur->peer_cert.p );
-        memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) );
-    }
-#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-    /* Copy the entire session; this temporarily makes a copy of the
-     * X.509 CRT structure even though we only want to store the raw CRT.
-     * This inefficiency will go away as soon as we implement on-demand
-     * parsing of CRTs, in which case there's no need for the `peer_cert`
-     * field anymore in the first place, and we're done after this call. */
-    ret = mbedtls_ssl_session_copy( &cur->session, session );
-    if( ret != 0 )
-    {
-        ret = 1;
-        goto exit;
-    }
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
-    defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    /* If present, free the X.509 structure and only store the raw CRT data. */
-    if( cur->session.peer_cert != NULL )
-    {
-        cur->peer_cert.p =
-            mbedtls_calloc( 1, cur->session.peer_cert->raw.len );
-        if( cur->peer_cert.p == NULL )
-        {
-            ret = 1;
-            goto exit;
-        }
-
-        memcpy( cur->peer_cert.p,
-                cur->session.peer_cert->raw.p,
-                cur->session.peer_cert->raw.len );
-        cur->peer_cert.len = session->peer_cert->raw.len;
-
-        mbedtls_x509_crt_free( cur->session.peer_cert );
-        mbedtls_free( cur->session.peer_cert );
-        cur->session.peer_cert = NULL;
-    }
-#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-    ret = 0;
-
-exit:
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &cache->mutex ) != 0 )
-        ret = 1;
-#endif
-
-    return( ret );
-}
-
-#if defined(MBEDTLS_HAVE_TIME)
-void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout )
-{
-    if( timeout < 0 ) timeout = 0;
-
-    cache->timeout = timeout;
-}
-#endif /* MBEDTLS_HAVE_TIME */
-
-void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max )
-{
-    if( max < 0 ) max = 0;
-
-    cache->max_entries = max;
-}
-
-void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache )
-{
-    mbedtls_ssl_cache_entry *cur, *prv;
-
-    cur = cache->chain;
-
-    while( cur != NULL )
-    {
-        prv = cur;
-        cur = cur->next;
-
-        mbedtls_ssl_session_free( &prv->session );
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
-    defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-        mbedtls_free( prv->peer_cert.p );
-#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-        mbedtls_free( prv );
-    }
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &cache->mutex );
-#endif
-    cache->chain = NULL;
-}
-
-#endif /* MBEDTLS_SSL_CACHE_C */
diff --git a/Sources/mbedtls/library/ssl_ciphersuites.c b/Sources/mbedtls/library/ssl_ciphersuites.c
deleted file mode 100644
index 2bc8a9b..0000000
--- a/Sources/mbedtls/library/ssl_ciphersuites.c
+++ /dev/null
@@ -1,2369 +0,0 @@
-/**
- * \file ssl_ciphersuites.c
- *
- * \brief SSL ciphersuites for mbed TLS
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_SSL_TLS_C)
-
-#include "mbedtls/platform.h"
-
-#include "mbedtls/ssl_ciphersuites.h"
-#include "mbedtls/ssl.h"
-
-#include <string.h>
-
-#undef HAVE_SHA384
-#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
-#define HAVE_SHA384
-#endif
-
-/*
- * Ordered from most preferred to least preferred in terms of security.
- *
- * Current rule (except RC4 and 3DES, weak and null which come last):
- * 1. By key exchange:
- *    Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK
- * 2. By key length and cipher:
- *    ChaCha > AES-256 > Camellia-256 > ARIA-256 > AES-128 > Camellia-128 > ARIA-128
- * 3. By cipher mode when relevant GCM > CCM > CBC > CCM_8
- * 4. By hash function used when relevant
- * 5. By key exchange/auth again: EC > non-EC
- */
-static const int ciphersuite_preference[] =
-{
-#if defined(MBEDTLS_SSL_CIPHERSUITES)
-    MBEDTLS_SSL_CIPHERSUITES,
-#else
-    /* Chacha-Poly ephemeral suites */
-    MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-
-    /* All AES-256 ephemeral suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8,
-
-    /* All CAMELLIA-256 ephemeral suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
-    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-
-    /* All ARIA-256 ephemeral suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
-    MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
-    MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
-
-    /* All AES-128 ephemeral suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
-    MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8,
-
-    /* All CAMELLIA-128 ephemeral suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-
-    /* All ARIA-128 ephemeral suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
-    MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
-
-    /* The PSK ephemeral suites */
-    MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
-    MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
-    MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8,
-    MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
-    MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
-
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8,
-    MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
-    MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
-
-    /* The ECJPAKE suite */
-    MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
-
-    /* All AES-256 suites */
-    MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
-    MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
-    MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8,
-
-    /* All CAMELLIA-256 suites */
-    MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
-    MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
-    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
-
-    /* All ARIA-256 suites */
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
-    MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
-    MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
-
-    /* All AES-128 suites */
-    MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
-    MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8,
-
-    /* All CAMELLIA-128 suites */
-    MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
-    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
-
-    /* All ARIA-128 suites */
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
-    MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
-    MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
-
-    /* The RSA PSK suites */
-    MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
-    MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
-    MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
-    MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
-
-    MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
-    MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
-
-    /* The PSK suites */
-    MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
-    MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_PSK_WITH_AES_256_CCM,
-    MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
-    MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,
-    MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
-    MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
-
-    MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_PSK_WITH_AES_128_CCM,
-    MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8,
-    MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
-    MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
-
-    /* 3DES suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
-    MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA,
-
-    /* RC4 suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_RSA_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_RSA_WITH_RC4_128_MD5,
-    MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA,
-    MBEDTLS_TLS_PSK_WITH_RC4_128_SHA,
-
-    /* Weak suites */
-    MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA,
-    MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA,
-
-    /* NULL suites */
-    MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA,
-    MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
-    MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
-    MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384,
-    MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256,
-    MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA,
-
-    MBEDTLS_TLS_RSA_WITH_NULL_SHA256,
-    MBEDTLS_TLS_RSA_WITH_NULL_SHA,
-    MBEDTLS_TLS_RSA_WITH_NULL_MD5,
-    MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
-    MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384,
-    MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256,
-    MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA,
-    MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
-    MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
-    MBEDTLS_TLS_PSK_WITH_NULL_SHA,
-
-#endif /* MBEDTLS_SSL_CIPHERSUITES */
-    0
-};
-
-static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
-{
-#if defined(MBEDTLS_CHACHAPOLY_C) && \
-    defined(MBEDTLS_SHA256_C) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-      "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
-      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
-      MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
-      "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
-      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
-      MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-    { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-      "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
-      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
-      MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-    { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
-      "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256",
-      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
-      MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
-      "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
-      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
-      MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-    { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
-      "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256",
-      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
-      MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-    { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
-      "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256",
-      MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
-      MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#endif /* MBEDTLS_CHACHAPOLY_C &&
-          MBEDTLS_SHA256_C &&
-          MBEDTLS_SSL_PROTO_TLS1_2 */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_SHA1_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA256_C */
-#if defined(HAVE_SHA384)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* HAVE_SHA384 */
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_SHA1_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA256_C */
-#if defined(HAVE_SHA384)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(HAVE_SHA384) && defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 && MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(HAVE_SHA384) && defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 && MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA1_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-    { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_MD5_C)
-    { MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif
-#endif /* MBEDTLS_ARC4_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_SHA1_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA256_C */
-#if defined(HAVE_SHA384)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS-ECDH-RSA-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_SHA1_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_SHA1_C */
-#if defined(MBEDTLS_SHA256_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA256_C */
-#if defined(HAVE_SHA384)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_GCM_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_GCM_C */
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS-ECDH-ECDSA-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-    { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8",
-      MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-    { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#if defined(MBEDTLS_AES_C)
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-
-    { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_AES_C */
-
-#if defined(MBEDTLS_CAMELLIA_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#if defined(MBEDTLS_GCM_C)
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA256_C */
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* HAVE_SHA384 */
-#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_CAMELLIA_C */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
-      MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-
-#if defined(MBEDTLS_ARC4_C)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
-      MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_NODTLS },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_ARC4_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_CCM_C)
-    { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
-      MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_SHORT_TAG },
-#endif /* MBEDTLS_CCM_C */
-#endif /* MBEDTLS_AES_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_ENABLE_WEAK_CIPHERSUITES)
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if defined(MBEDTLS_MD5_C)
-    { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-
-#if defined(MBEDTLS_SHA256_C)
-    { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-
-#if defined(HAVE_SHA384)
-    { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-
-#if defined(MBEDTLS_DES_C)
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA",
-      MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if defined(MBEDTLS_SHA1_C)
-    { MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA",
-      MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_CIPHERSUITE_WEAK },
-#endif /* MBEDTLS_SHA1_C */
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-#endif /* MBEDTLS_DES_C */
-#endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */
-
-#if defined(MBEDTLS_ARIA_C)
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-
-#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
-             "TLS-RSA-WITH-ARIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
-             "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256,
-             "TLS-RSA-WITH-ARIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256,
-             "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-
-#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
-             "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
-             "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
-             "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
-             "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-
-#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
-             "TLS-PSK-WITH-ARIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384,MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
-             "TLS-PSK-WITH-ARIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256,
-             "TLS-PSK-WITH-ARIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256,
-             "TLS-PSK-WITH-ARIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
-
-#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
-             "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
-             "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
-             "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
-             "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
-
-#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
-             "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
-             "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
-             "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
-             "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
-             "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
-             "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-
-#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
-             "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
-             "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
-             "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
-             "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-
-#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
-             "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
-             "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
-             "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
-             "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-
-#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
-             "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
-             "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
-             "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
-             "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-
-#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
-             "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
-    { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
-             "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
-             "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C))
-    { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
-             "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
-      0 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-
-#endif /* MBEDTLS_ARIA_C */
-
-
-    { 0, "",
-      MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE,
-      0, 0, 0, 0, 0 }
-};
-
-#if defined(MBEDTLS_SSL_CIPHERSUITES)
-const int *mbedtls_ssl_list_ciphersuites( void )
-{
-    return( ciphersuite_preference );
-}
-#else
-#define MAX_CIPHERSUITES    sizeof( ciphersuite_definitions     ) /         \
-                            sizeof( ciphersuite_definitions[0]  )
-static int supported_ciphersuites[MAX_CIPHERSUITES];
-static int supported_init = 0;
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ciphersuite_is_removed( const mbedtls_ssl_ciphersuite_t *cs_info )
-{
-    (void)cs_info;
-
-#if defined(MBEDTLS_REMOVE_ARC4_CIPHERSUITES)
-    if( cs_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
-        return( 1 );
-#endif /* MBEDTLS_REMOVE_ARC4_CIPHERSUITES */
-
-#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
-    if( cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_ECB ||
-        cs_info->cipher == MBEDTLS_CIPHER_DES_EDE3_CBC )
-    {
-        return( 1 );
-    }
-#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
-
-    return( 0 );
-}
-
-const int *mbedtls_ssl_list_ciphersuites( void )
-{
-    /*
-     * On initial call filter out all ciphersuites not supported by current
-     * build based on presence in the ciphersuite_definitions.
-     */
-    if( supported_init == 0 )
-    {
-        const int *p;
-        int *q;
-
-        for( p = ciphersuite_preference, q = supported_ciphersuites;
-             *p != 0 && q < supported_ciphersuites + MAX_CIPHERSUITES - 1;
-             p++ )
-        {
-            const mbedtls_ssl_ciphersuite_t *cs_info;
-            if( ( cs_info = mbedtls_ssl_ciphersuite_from_id( *p ) ) != NULL &&
-                !ciphersuite_is_removed( cs_info ) )
-            {
-                *(q++) = *p;
-            }
-        }
-        *q = 0;
-
-        supported_init = 1;
-    }
-
-    return( supported_ciphersuites );
-}
-#endif /* MBEDTLS_SSL_CIPHERSUITES */
-
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(
-                                                const char *ciphersuite_name )
-{
-    const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
-
-    if( NULL == ciphersuite_name )
-        return( NULL );
-
-    while( cur->id != 0 )
-    {
-        if( 0 == strcmp( cur->name, ciphersuite_name ) )
-            return( cur );
-
-        cur++;
-    }
-
-    return( NULL );
-}
-
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite )
-{
-    const mbedtls_ssl_ciphersuite_t *cur = ciphersuite_definitions;
-
-    while( cur->id != 0 )
-    {
-        if( cur->id == ciphersuite )
-            return( cur );
-
-        cur++;
-    }
-
-    return( NULL );
-}
-
-const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id )
-{
-    const mbedtls_ssl_ciphersuite_t *cur;
-
-    cur = mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
-
-    if( cur == NULL )
-        return( "unknown" );
-
-    return( cur->name );
-}
-
-int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name )
-{
-    const mbedtls_ssl_ciphersuite_t *cur;
-
-    cur = mbedtls_ssl_ciphersuite_from_string( ciphersuite_name );
-
-    if( cur == NULL )
-        return( 0 );
-
-    return( cur->id );
-}
-
-#if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-            return( MBEDTLS_PK_RSA );
-
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( MBEDTLS_PK_ECDSA );
-
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return( MBEDTLS_PK_ECKEY );
-
-        default:
-            return( MBEDTLS_PK_NONE );
-    }
-}
-
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-            return( MBEDTLS_PK_RSA );
-
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( MBEDTLS_PK_ECDSA );
-
-        default:
-            return( MBEDTLS_PK_NONE );
-    }
-}
-
-#endif /* MBEDTLS_PK_C */
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
-{
-    switch( info->key_exchange )
-    {
-        case MBEDTLS_KEY_EXCHANGE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-        case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-            return( 1 );
-
-        default:
-            return( 0 );
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
-#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/Sources/mbedtls/library/ssl_cli.c b/Sources/mbedtls/library/ssl_cli.c
deleted file mode 100644
index b40ddb7..0000000
--- a/Sources/mbedtls/library/ssl_cli.c
+++ /dev/null
@@ -1,4611 +0,0 @@
-/*
- *  SSLv3/TLSv1 client-side functions
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_SSL_CLI_C)
-
-#include "mbedtls/platform.h"
-
-#include "mbedtls/ssl.h"
-#include "mbedtls/ssl_internal.h"
-#include "mbedtls/debug.h"
-#include "mbedtls/error.h"
-#include "mbedtls/constant_time.h"
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "mbedtls/psa_util.h"
-#include "psa/crypto.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#include <string.h>
-
-#include <stdint.h>
-
-#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-#include "mbedtls/platform_util.h"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
-{
-    if( conf->psk_identity     == NULL ||
-        conf->psk_identity_len == 0     )
-    {
-        return( 0 );
-    }
-
-    if( conf->psk != NULL && conf->psk_len != 0 )
-        return( 1 );
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    if( ! mbedtls_svc_key_id_is_null( conf->psk_opaque ) )
-        return( 1 );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf )
-{
-    if( conf->psk_identity     == NULL ||
-        conf->psk_identity_len == 0     )
-    {
-        return( 0 );
-    }
-
-    if( conf->psk != NULL && conf->psk_len != 0 )
-        return( 1 );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
-                                   unsigned char *buf,
-                                   const unsigned char *end,
-                                   size_t *olen )
-{
-    unsigned char *p = buf;
-    size_t hostname_len;
-
-    *olen = 0;
-
-    if( ssl->hostname == NULL )
-        return( 0 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding server name extension: %s",
-          ssl->hostname ) );
-
-    hostname_len = strlen( ssl->hostname );
-
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 );
-
-    /*
-     * Sect. 3, RFC 6066 (TLS Extensions Definitions)
-     *
-     * In order to provide any of the server names, clients MAY include an
-     * extension of type "server_name" in the (extended) client hello. The
-     * "extension_data" field of this extension SHALL contain
-     * "ServerNameList" where:
-     *
-     * struct {
-     *     NameType name_type;
-     *     select (name_type) {
-     *         case host_name: HostName;
-     *     } name;
-     * } ServerName;
-     *
-     * enum {
-     *     host_name(0), (255)
-     * } NameType;
-     *
-     * opaque HostName<1..2^16-1>;
-     *
-     * struct {
-     *     ServerName server_name_list<1..2^16-1>
-     * } ServerNameList;
-     *
-     */
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SERVERNAME, p, 0 );
-    p += 2;
-
-    MBEDTLS_PUT_UINT16_BE( hostname_len + 5, p, 0 );
-    p += 2;
-
-    MBEDTLS_PUT_UINT16_BE( hostname_len + 3, p, 0 );
-    p += 2;
-
-    *p++ = MBEDTLS_BYTE_0( MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME );
-
-    MBEDTLS_PUT_UINT16_BE( hostname_len, p, 0 );
-    p += 2;
-
-    memcpy( p, ssl->hostname, hostname_len );
-
-    *olen = hostname_len + 9;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
-                                        unsigned char *buf,
-                                        const unsigned char *end,
-                                        size_t *olen )
-{
-    unsigned char *p = buf;
-
-    *olen = 0;
-
-    /* We're always including a TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the
-     * initial ClientHello, in which case also adding the renegotiation
-     * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */
-    if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-        return( 0 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding renegotiation extension" ) );
-
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 + ssl->verify_data_len );
-
-    /*
-     * Secure renegotiation
-     */
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO, p, 0 );
-    p += 2;
-
-    *p++ = 0x00;
-    *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len + 1 );
-    *p++ = MBEDTLS_BYTE_0( ssl->verify_data_len );
-
-    memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
-
-    *olen = 5 + ssl->verify_data_len;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-/*
- * Only if we handle at least one key exchange that needs signatures.
- */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
-                                               unsigned char *buf,
-                                               const unsigned char *end,
-                                               size_t *olen )
-{
-    unsigned char *p = buf;
-    size_t sig_alg_len = 0;
-    const int *md;
-
-#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
-    unsigned char *sig_alg_list = buf + 6;
-#endif
-
-    *olen = 0;
-
-    if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
-        return( 0 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding signature_algorithms extension" ) );
-
-    if( ssl->conf->sig_hashes == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
-    for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
-    {
-#if defined(MBEDTLS_ECDSA_C)
-        sig_alg_len += 2;
-#endif
-#if defined(MBEDTLS_RSA_C)
-        sig_alg_len += 2;
-#endif
-        if( sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3,
-                ( "length in bytes of sig-hash-alg extension too big" ) );
-            return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-        }
-    }
-
-    /* Empty signature algorithms list, this is a configuration error. */
-    if( sig_alg_len == 0 )
-        return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 );
-
-    /*
-     * Prepare signature_algorithms extension (TLS 1.2)
-     */
-    sig_alg_len = 0;
-
-    for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
-    {
-#if defined(MBEDTLS_ECDSA_C)
-        sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
-        sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_ECDSA;
-#endif
-#if defined(MBEDTLS_RSA_C)
-        sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
-        sig_alg_list[sig_alg_len++] = MBEDTLS_SSL_SIG_RSA;
-#endif
-    }
-
-    /*
-     * enum {
-     *     none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
-     *     sha512(6), (255)
-     * } HashAlgorithm;
-     *
-     * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
-     *   SignatureAlgorithm;
-     *
-     * struct {
-     *     HashAlgorithm hash;
-     *     SignatureAlgorithm signature;
-     * } SignatureAndHashAlgorithm;
-     *
-     * SignatureAndHashAlgorithm
-     *   supported_signature_algorithms<2..2^16-2>;
-     */
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SIG_ALG, p, 0 );
-    p += 2;
-
-    MBEDTLS_PUT_UINT16_BE( sig_alg_len + 2, p, 0 );
-    p += 2;
-
-    MBEDTLS_PUT_UINT16_BE( sig_alg_len, p, 0 );
-    p += 2;
-
-    *olen = 6 + sig_alg_len;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
-          MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
-                                                    unsigned char *buf,
-                                                    const unsigned char *end,
-                                                    size_t *olen )
-{
-    unsigned char *p = buf;
-    unsigned char *elliptic_curve_list = p + 6;
-    size_t elliptic_curve_len = 0;
-    const mbedtls_ecp_curve_info *info;
-    const mbedtls_ecp_group_id *grp_id;
-
-    *olen = 0;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding supported_elliptic_curves extension" ) );
-
-    if( ssl->conf->curve_list == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
-    for( grp_id = ssl->conf->curve_list;
-         *grp_id != MBEDTLS_ECP_DP_NONE;
-         grp_id++ )
-    {
-        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
-        if( info == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "invalid curve in ssl configuration" ) );
-            return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-        }
-        elliptic_curve_len += 2;
-
-        if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3,
-                ( "malformed supported_elliptic_curves extension in config" ) );
-            return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-        }
-    }
-
-    /* Empty elliptic curve list, this is a configuration error. */
-    if( elliptic_curve_len == 0 )
-        return( MBEDTLS_ERR_SSL_BAD_CONFIG );
-
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len );
-
-    elliptic_curve_len = 0;
-
-    for( grp_id = ssl->conf->curve_list;
-         *grp_id != MBEDTLS_ECP_DP_NONE;
-         grp_id++ )
-    {
-        info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
-        elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_1( info->tls_id );
-        elliptic_curve_list[elliptic_curve_len++] = MBEDTLS_BYTE_0( info->tls_id );
-    }
-
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES, p, 0 );
-    p += 2;
-
-    MBEDTLS_PUT_UINT16_BE( elliptic_curve_len + 2, p, 0 );
-    p += 2;
-
-    MBEDTLS_PUT_UINT16_BE( elliptic_curve_len, p, 0 );
-    p += 2;
-
-    *olen = 6 + elliptic_curve_len;
-
-    return( 0 );
-}
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
-                                                  unsigned char *buf,
-                                                  const unsigned char *end,
-                                                  size_t *olen )
-{
-    unsigned char *p = buf;
-    (void) ssl; /* ssl used for debugging only */
-
-    *olen = 0;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding supported_point_formats extension" ) );
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
-
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS, p, 0 );
-    p += 2;
-
-    *p++ = 0x00;
-    *p++ = 2;
-
-    *p++ = 1;
-    *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED;
-
-    *olen = 6;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
-          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
-                                       unsigned char *buf,
-                                       const unsigned char *end,
-                                       size_t *olen )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *p = buf;
-    size_t kkpp_len;
-
-    *olen = 0;
-
-    /* Skip costly extension if we can't use EC J-PAKE anyway */
-    if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
-        return( 0 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding ecjpake_kkpp extension" ) );
-
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
-
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 );
-    p += 2;
-
-    /*
-     * We may need to send ClientHello multiple times for Hello verification.
-     * We don't want to compute fresh values every time (both for performance
-     * and consistency reasons), so cache the extension content.
-     */
-    if( ssl->handshake->ecjpake_cache == NULL ||
-        ssl->handshake->ecjpake_cache_len == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) );
-
-        ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
-                                               p + 2, end - p - 2, &kkpp_len,
-                                               ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1 ,
-                "mbedtls_ecjpake_write_round_one", ret );
-            return( ret );
-        }
-
-        ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len );
-        if( ssl->handshake->ecjpake_cache == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "allocation failed" ) );
-            return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-        }
-
-        memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len );
-        ssl->handshake->ecjpake_cache_len = kkpp_len;
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "re-using cached ecjpake parameters" ) );
-
-        kkpp_len = ssl->handshake->ecjpake_cache_len;
-        MBEDTLS_SSL_CHK_BUF_PTR( p + 2, end, kkpp_len );
-
-        memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
-    }
-
-    MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 );
-    p += 2;
-
-    *olen = kkpp_len + 4;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_cid_ext( mbedtls_ssl_context *ssl,
-                              unsigned char *buf,
-                              const unsigned char *end,
-                              size_t *olen )
-{
-    unsigned char *p = buf;
-    size_t ext_len;
-
-    /*
-     * Quoting draft-ietf-tls-dtls-connection-id-05
-     * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05
-     *
-     *   struct {
-     *      opaque cid<0..2^8-1>;
-     *   } ConnectionId;
-    */
-
-    *olen = 0;
-    if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
-        ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
-    {
-        return( 0 );
-    }
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding CID extension" ) );
-
-    /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
-     * which is at most 255, so the increment cannot overflow. */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) );
-
-    /* Add extension ID + size */
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_CID, p, 0 );
-    p += 2;
-    ext_len = (size_t) ssl->own_cid_len + 1;
-    MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
-    p += 2;
-
-    *p++ = (uint8_t) ssl->own_cid_len;
-    memcpy( p, ssl->own_cid, ssl->own_cid_len );
-
-    *olen = ssl->own_cid_len + 5;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
-                                              unsigned char *buf,
-                                              const unsigned char *end,
-                                              size_t *olen )
-{
-    unsigned char *p = buf;
-
-    *olen = 0;
-
-    if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE )
-        return( 0 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding max_fragment_length extension" ) );
-
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 );
-
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, p, 0 );
-    p += 2;
-
-    *p++ = 0x00;
-    *p++ = 1;
-
-    *p++ = ssl->conf->mfl_code;
-
-    *olen = 5;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
-                                         unsigned char *buf,
-                                         const unsigned char *end,
-                                         size_t *olen )
-{
-    unsigned char *p = buf;
-
-    *olen = 0;
-
-    if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
-        return( 0 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding truncated_hmac extension" ) );
-
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
-
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_TRUNCATED_HMAC, p, 0 );
-    p += 2;
-
-    *p++ = 0x00;
-    *p++ = 0x00;
-
-    *olen = 4;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
-                                           unsigned char *buf,
-                                           const unsigned char *end,
-                                           size_t *olen )
-{
-    unsigned char *p = buf;
-
-    *olen = 0;
-
-    if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
-        ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-        return( 0 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding encrypt_then_mac extension" ) );
-
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
-
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC, p, 0 );
-    p += 2;
-
-    *p++ = 0x00;
-    *p++ = 0x00;
-
-    *olen = 4;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
-                                      unsigned char *buf,
-                                      const unsigned char *end,
-                                      size_t *olen )
-{
-    unsigned char *p = buf;
-
-    *olen = 0;
-
-    if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
-        ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-        return( 0 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding extended_master_secret extension" ) );
-
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
-
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET, p, 0 );
-    p += 2;
-
-    *p++ = 0x00;
-    *p++ = 0x00;
-
-    *olen = 4;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
-                                         unsigned char *buf,
-                                         const unsigned char *end,
-                                         size_t *olen )
-{
-    unsigned char *p = buf;
-    size_t tlen = ssl->session_negotiate->ticket_len;
-
-    *olen = 0;
-
-    if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
-        return( 0 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, adding session ticket extension" ) );
-
-    /* The addition is safe here since the ticket length is 16 bit. */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen );
-
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_SESSION_TICKET, p, 0 );
-    p += 2;
-
-    MBEDTLS_PUT_UINT16_BE( tlen, p, 0 );
-    p += 2;
-
-    *olen = 4;
-
-    if( ssl->session_negotiate->ticket == NULL || tlen == 0 )
-        return( 0 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen ) );
-
-    memcpy( p, ssl->session_negotiate->ticket, tlen );
-
-    *olen += tlen;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-#if defined(MBEDTLS_SSL_ALPN)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
-                               unsigned char *buf,
-                               const unsigned char *end,
-                               size_t *olen )
-{
-    unsigned char *p = buf;
-    size_t alpnlen = 0;
-    const char **cur;
-
-    *olen = 0;
-
-    if( ssl->conf->alpn_list == NULL )
-        return( 0 );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
-
-    for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
-        alpnlen += strlen( *cur ) + 1;
-
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen );
-
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ALPN, p, 0 );
-    p += 2;
-
-    /*
-     * opaque ProtocolName<1..2^8-1>;
-     *
-     * struct {
-     *     ProtocolName protocol_name_list<2..2^16-1>
-     * } ProtocolNameList;
-     */
-
-    /* Skip writing extension and list length for now */
-    p += 4;
-
-    for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
-    {
-        /*
-         * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
-         * protocol names is less than 255.
-         */
-        *p = (unsigned char)strlen( *cur );
-        memcpy( p + 1, *cur, *p );
-        p += 1 + *p;
-    }
-
-    *olen = p - buf;
-
-    /* List length = olen - 2 (ext_type) - 2 (ext_len) - 2 (list_len) */
-    MBEDTLS_PUT_UINT16_BE( *olen - 6, buf, 4 );
-
-    /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
-    MBEDTLS_PUT_UINT16_BE( *olen - 4, buf, 2 );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_ALPN */
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl,
-                                   unsigned char *buf,
-                                   const unsigned char *end,
-                                   size_t *olen )
-{
-    unsigned char *p = buf;
-    size_t protection_profiles_index = 0, ext_len = 0;
-    uint16_t mki_len = 0, profile_value = 0;
-
-    *olen = 0;
-
-    if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
-        ( ssl->conf->dtls_srtp_profile_list == NULL ) ||
-        ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
-    {
-        return( 0 );
-    }
-
-    /* RFC 5764 section 4.1.1
-     * uint8 SRTPProtectionProfile[2];
-     *
-     * struct {
-     *   SRTPProtectionProfiles SRTPProtectionProfiles;
-     *   opaque srtp_mki<0..255>;
-     * } UseSRTPData;
-     * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
-     */
-    if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED )
-    {
-        mki_len = ssl->dtls_srtp_info.mki_len;
-    }
-    /* Extension length = 2 bytes for profiles length,
-     *                    ssl->conf->dtls_srtp_profile_list_len * 2 (each profile is 2 bytes length ),
-     *                    1 byte for srtp_mki vector length and the mki_len value
-     */
-    ext_len = 2 + 2 * ( ssl->conf->dtls_srtp_profile_list_len ) + 1 + mki_len;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding use_srtp extension" ) );
-
-    /* Check there is room in the buffer for the extension + 4 bytes
-     * - the extension tag (2 bytes)
-     * - the extension length (2 bytes)
-     */
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, ext_len + 4 );
-
-    MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_USE_SRTP, p, 0 );
-    p += 2;
-
-    MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
-    p += 2;
-
-    /* protection profile length: 2*(ssl->conf->dtls_srtp_profile_list_len) */
-    /* micro-optimization:
-     * the list size is limited to MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH
-     * which is lower than 127, so the upper byte of the length is always 0
-     * For the documentation, the more generic code is left in comments
-     * *p++ = (unsigned char)( ( ( 2 * ssl->conf->dtls_srtp_profile_list_len )
-     *                        >> 8 ) & 0xFF );
-     */
-    *p++ = 0;
-    *p++ = MBEDTLS_BYTE_0( 2 * ssl->conf->dtls_srtp_profile_list_len );
-
-    for( protection_profiles_index=0;
-         protection_profiles_index < ssl->conf->dtls_srtp_profile_list_len;
-         protection_profiles_index++ )
-    {
-        profile_value = mbedtls_ssl_check_srtp_profile_value
-                ( ssl->conf->dtls_srtp_profile_list[protection_profiles_index] );
-        if( profile_value != MBEDTLS_TLS_SRTP_UNSET )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "ssl_write_use_srtp_ext, add profile: %04x",
-                                        profile_value ) );
-            MBEDTLS_PUT_UINT16_BE( profile_value, p, 0 );
-            p += 2;
-        }
-        else
-        {
-            /*
-             * Note: we shall never arrive here as protection profiles
-             * is checked by mbedtls_ssl_conf_dtls_srtp_protection_profiles function
-             */
-            MBEDTLS_SSL_DEBUG_MSG( 3,
-                    ( "client hello, "
-                      "illegal DTLS-SRTP protection profile %d",
-                      ssl->conf->dtls_srtp_profile_list[protection_profiles_index]
-                    ) );
-            return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
-        }
-    }
-
-    *p++ = mki_len & 0xFF;
-
-    if( mki_len != 0 )
-    {
-        memcpy( p, ssl->dtls_srtp_info.mki_value, mki_len );
-        /*
-         * Increment p to point to the current position.
-         */
-        p += mki_len;
-        MBEDTLS_SSL_DEBUG_BUF( 3, "sending mki",  ssl->dtls_srtp_info.mki_value,
-                               ssl->dtls_srtp_info.mki_len );
-    }
-
-    /*
-     * total extension length: extension type (2 bytes)
-     *                         + extension length (2 bytes)
-     *                         + protection profile length (2 bytes)
-     *                         + 2 * number of protection profiles
-     *                         + srtp_mki vector length(1 byte)
-     *                         + mki value
-     */
-    *olen = p - buf;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-
-/*
- * Generate random bytes for ClientHello
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_generate_random( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *p = ssl->handshake->randbytes;
-#if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t t;
-#endif
-
-    /*
-     * When responding to a verify request, MUST reuse random (RFC 6347 4.2.1)
-     */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake->verify_cookie != NULL )
-    {
-        return( 0 );
-    }
-#endif
-
-#if defined(MBEDTLS_HAVE_TIME)
-    t = mbedtls_time( NULL );
-    MBEDTLS_PUT_UINT32_BE( t, p, 0 );
-    p += 4;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
-                                (long long) t ) );
-#else
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
-        return( ret );
-
-    p += 4;
-#endif /* MBEDTLS_HAVE_TIME */
-
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 28 ) ) != 0 )
-        return( ret );
-
-    return( 0 );
-}
-
-/**
- * \brief           Validate cipher suite against config in SSL context.
- *
- * \param suite_info    cipher suite to validate
- * \param ssl           SSL context
- * \param min_minor_ver Minimal minor version to accept a cipher suite
- * \param max_minor_ver Maximal minor version to accept a cipher suite
- *
- * \return          0 if valid, else 1
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_validate_ciphersuite(
-    const mbedtls_ssl_ciphersuite_t * suite_info,
-    const mbedtls_ssl_context * ssl,
-    int min_minor_ver, int max_minor_ver )
-{
-    (void) ssl;
-    if( suite_info == NULL )
-        return( 1 );
-
-    if( suite_info->min_minor_ver > max_minor_ver ||
-            suite_info->max_minor_ver < min_minor_ver )
-        return( 1 );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-            ( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
-        return( 1 );
-#endif
-
-#if defined(MBEDTLS_ARC4_C)
-    if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
-            suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
-        return( 1 );
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE &&
-            mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
-        return( 1 );
-#endif
-
-    /* Don't suggest PSK-based ciphersuite if no PSK is available. */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
-        ssl_conf_has_static_psk( ssl->conf ) == 0 )
-    {
-        return( 1 );
-    }
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
-    return( 0 );
-}
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t i, n, olen, ext_len = 0;
-
-    unsigned char *buf;
-    unsigned char *p, *q;
-    const unsigned char *end;
-
-    unsigned char offer_compress;
-    const int *ciphersuites;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    int uses_ec = 0;
-#endif
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client hello" ) );
-
-    if( ssl->conf->f_rng == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided") );
-        return( MBEDTLS_ERR_SSL_NO_RNG );
-    }
-
-    int renegotiating = 0;
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-        renegotiating = 1;
-#endif
-    if( !renegotiating )
-    {
-        ssl->major_ver = ssl->conf->min_major_ver;
-        ssl->minor_ver = ssl->conf->min_minor_ver;
-    }
-
-    if( ssl->conf->max_major_ver == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "configured max major version is invalid, consider using mbedtls_ssl_config_defaults()" ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    buf = ssl->out_msg;
-    end = buf + MBEDTLS_SSL_OUT_CONTENT_LEN;
-
-    /*
-     * Check if there's enough space for the first part of the ClientHello
-     * consisting of the 38 bytes described below, the session identifier (at
-     * most 32 bytes) and its length (1 byte).
-     *
-     * Use static upper bounds instead of the actual values
-     * to allow the compiler to optimize this away.
-     */
-    MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 );
-
-    /*
-     * The 38 first bytes of the ClientHello:
-     *     0  .   0   handshake type (written later)
-     *     1  .   3   handshake length (written later)
-     *     4  .   5   highest version supported
-     *     6  .   9   current UNIX time
-     *    10  .  37   random bytes
-     *
-     * The current UNIX time (4 bytes) and following 28 random bytes are written
-     * by ssl_generate_random() into ssl->handshake->randbytes buffer and then
-     * copied from there into the output buffer.
-     */
-
-    p = buf + 4;
-    mbedtls_ssl_write_version( ssl->conf->max_major_ver,
-                               ssl->conf->max_minor_ver,
-                               ssl->conf->transport, p );
-    p += 2;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
-                   buf[4], buf[5] ) );
-
-    if( ( ret = ssl_generate_random( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret );
-        return( ret );
-    }
-
-    memcpy( p, ssl->handshake->randbytes, 32 );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, random bytes", p, 32 );
-    p += 32;
-
-    /*
-     *    38  .  38   session id length
-     *    39  . 39+n  session id
-     *   39+n . 39+n  DTLS only: cookie length (1 byte)
-     *   40+n .  ..   DTLS only: cookie
-     *   ..   . ..    ciphersuitelist length (2 bytes)
-     *   ..   . ..    ciphersuitelist
-     *   ..   . ..    compression methods length (1 byte)
-     *   ..   . ..    compression methods
-     *   ..   . ..    extensions length (2 bytes)
-     *   ..   . ..    extensions
-     */
-    n = ssl->session_negotiate->id_len;
-
-    if( n < 16 || n > 32 ||
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-        ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
-#endif
-        ssl->handshake->resume == 0 )
-    {
-        n = 0;
-    }
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    /*
-     * RFC 5077 section 3.4: "When presenting a ticket, the client MAY
-     * generate and include a Session ID in the TLS ClientHello."
-     */
-    if( !renegotiating )
-    {
-        if( ssl->session_negotiate->ticket != NULL &&
-                ssl->session_negotiate->ticket_len != 0 )
-        {
-            ret = ssl->conf->f_rng( ssl->conf->p_rng,
-                                    ssl->session_negotiate->id, 32 );
-
-            if( ret != 0 )
-                return( ret );
-
-            ssl->session_negotiate->id_len = n = 32;
-        }
-    }
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-    /*
-     * The first check of the output buffer size above (
-     * MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 );)
-     * has checked that there is enough space in the output buffer for the
-     * session identifier length byte and the session identifier (n <= 32).
-     */
-    *p++ = (unsigned char) n;
-
-    for( i = 0; i < n; i++ )
-        *p++ = ssl->session_negotiate->id[i];
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3,   "client hello, session id", buf + 39, n );
-
-    /*
-     *   With 'n' being the length of the session identifier
-     *
-     *   39+n . 39+n  DTLS only: cookie length (1 byte)
-     *   40+n .  ..   DTLS only: cookie
-     *   ..   . ..    ciphersuitelist length (2 bytes)
-     *   ..   . ..    ciphersuitelist
-     *   ..   . ..    compression methods length (1 byte)
-     *   ..   . ..    compression methods
-     *   ..   . ..    extensions length (2 bytes)
-     *   ..   . ..    extensions
-     */
-
-    /*
-     * DTLS cookie
-     */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
-
-        if( ssl->handshake->verify_cookie == NULL )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) );
-            *p++ = 0;
-        }
-        else
-        {
-            MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, cookie",
-                              ssl->handshake->verify_cookie,
-                              ssl->handshake->verify_cookie_len );
-
-            *p++ = ssl->handshake->verify_cookie_len;
-
-            MBEDTLS_SSL_CHK_BUF_PTR( p, end,
-                                     ssl->handshake->verify_cookie_len );
-            memcpy( p, ssl->handshake->verify_cookie,
-                       ssl->handshake->verify_cookie_len );
-            p += ssl->handshake->verify_cookie_len;
-        }
-    }
-#endif
-
-    /*
-     * Ciphersuite list
-     */
-    ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
-
-    /* Skip writing ciphersuite length for now */
-    n = 0;
-    q = p;
-
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-    p += 2;
-
-    for( i = 0; ciphersuites[i] != 0; i++ )
-    {
-        ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( ciphersuites[i] );
-
-        if( ssl_validate_ciphersuite( ciphersuite_info, ssl,
-                                      ssl->conf->min_minor_ver,
-                                      ssl->conf->max_minor_ver ) != 0 )
-            continue;
-
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)",
-                                    (unsigned int)ciphersuites[i], ciphersuite_info->name ) );
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-        uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info );
-#endif
-
-        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-
-        n++;
-        MBEDTLS_PUT_UINT16_BE( ciphersuites[i], p, 0 );
-        p += 2;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites (excluding SCSVs)", n ) );
-
-    /*
-     * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
-     */
-    if( !renegotiating )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
-        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-        MBEDTLS_PUT_UINT16_BE( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO, p, 0 );
-        p += 2;
-        n++;
-    }
-
-    /* Some versions of OpenSSL don't handle it correctly if not at end */
-#if defined(MBEDTLS_SSL_FALLBACK_SCSV)
-    if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
-
-        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-        MBEDTLS_PUT_UINT16_BE( MBEDTLS_SSL_FALLBACK_SCSV_VALUE, p, 0 );
-        p += 2;
-        n++;
-    }
-#endif
-
-    *q++ = (unsigned char)( n >> 7 );
-    *q++ = (unsigned char)( n << 1 );
-
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    offer_compress = 1;
-#else
-    offer_compress = 0;
-#endif
-
-    /*
-     * We don't support compression with DTLS right now: if many records come
-     * in the same datagram, uncompressing one could overwrite the next one.
-     * We don't want to add complexity for handling that case unless there is
-     * an actual need for it.
-     */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        offer_compress = 0;
-#endif
-
-    if( offer_compress )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) );
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d",
-                                    MBEDTLS_SSL_COMPRESS_DEFLATE,
-                                    MBEDTLS_SSL_COMPRESS_NULL ) );
-
-        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 );
-        *p++ = 2;
-        *p++ = MBEDTLS_SSL_COMPRESS_DEFLATE;
-        *p++ = MBEDTLS_SSL_COMPRESS_NULL;
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 1 ) );
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d",
-                            MBEDTLS_SSL_COMPRESS_NULL ) );
-
-        MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-        *p++ = 1;
-        *p++ = MBEDTLS_SSL_COMPRESS_NULL;
-    }
-
-    /* First write extensions, then the total length */
-
-    MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
-
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-    if( ( ret = ssl_write_hostname_ext( ssl, p + 2 + ext_len,
-                                        end, &olen ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_hostname_ext", ret );
-        return( ret );
-    }
-    ext_len += olen;
-#endif
-
-    /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added
-     * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ( ret = ssl_write_renegotiation_ext( ssl, p + 2 + ext_len,
-                                             end, &olen ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret );
-        return( ret );
-    }
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-    if( ( ret = ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len,
-                                                    end, &olen ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_signature_algorithms_ext", ret );
-        return( ret );
-    }
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( uses_ec )
-    {
-        if( ( ret = ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len,
-                                                             end, &olen ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_elliptic_curves_ext", ret );
-            return( ret );
-        }
-        ext_len += olen;
-
-        if( ( ret = ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len,
-                                                           end, &olen ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret );
-            return( ret );
-        }
-        ext_len += olen;
-    }
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len,
-                                            end, &olen ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret );
-        return( ret );
-    }
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    if( ( ret = ssl_write_cid_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_cid_ext", ret );
-        return( ret );
-    }
-    ext_len += olen;
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    if( ( ret = ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len,
-                                                   end, &olen ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret );
-        return( ret );
-    }
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-    if( ( ret = ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len,
-                                              end, &olen ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_truncated_hmac_ext", ret );
-        return( ret );
-    }
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-    if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len,
-                                                end, &olen ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret );
-        return( ret );
-    }
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-    if( ( ret = ssl_write_extended_ms_ext( ssl, p + 2 + ext_len,
-                                           end, &olen ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret );
-        return( ret );
-    }
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_ALPN)
-    if( ( ret = ssl_write_alpn_ext( ssl, p + 2 + ext_len,
-                                    end, &olen ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_alpn_ext", ret );
-        return( ret );
-    }
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-    if( ( ret = ssl_write_use_srtp_ext( ssl, p + 2 + ext_len,
-                                        end, &olen ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_use_srtp_ext", ret );
-        return( ret );
-    }
-    ext_len += olen;
-#endif
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( ( ret = ssl_write_session_ticket_ext( ssl, p + 2 + ext_len,
-                                              end, &olen ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret );
-        return( ret );
-    }
-    ext_len += olen;
-#endif
-
-    /* olen unused if all extensions are disabled */
-    ((void) olen);
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
-                                ext_len ) );
-
-    if( ext_len > 0 )
-    {
-        /* No need to check for space here, because the extension
-         * writing functions already took care of that. */
-        MBEDTLS_PUT_UINT16_BE( ext_len, p, 0 );
-        p += 2 + ext_len;
-    }
-
-    ssl->out_msglen  = p - buf;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_CLIENT_HELLO;
-
-    ssl->state++;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        mbedtls_ssl_send_flight_completed( ssl );
-#endif
-
-    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-        return( ret );
-    }
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_flight_transmit", ret );
-        return( ret );
-    }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client hello" ) );
-
-    return( 0 );
-}
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
-{
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
-    {
-        /* Check verify-data in constant-time. The length OTOH is no secret */
-        if( len    != 1 + ssl->verify_data_len * 2 ||
-            buf[0] !=     ssl->verify_data_len * 2 ||
-            mbedtls_ct_memcmp( buf + 1,
-                          ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
-            mbedtls_ct_memcmp( buf + 1 + ssl->verify_data_len,
-                          ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-        }
-    }
-    else
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-    {
-        if( len != 1 || buf[0] != 0x00 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "non-zero length renegotiation info" ) );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-        }
-
-        ssl->secure_renegotiation = MBEDTLS_SSL_SECURE_RENEGOTIATION;
-    }
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl,
-                                              const unsigned char *buf,
-                                              size_t len )
-{
-    /*
-     * server should use the extension only if we did,
-     * and if so the server's value should match ours (and len is always 1)
-     */
-    if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ||
-        len != 1 ||
-        buf[0] != ssl->conf->mfl_code )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "non-matching max fragment length extension" ) );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
-{
-    if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
-        len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "non-matching truncated HMAC extension" ) );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    ((void) buf);
-
-    ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl,
-                              const unsigned char *buf,
-                              size_t len )
-{
-    size_t peer_cid_len;
-
-    if( /* CID extension only makes sense in DTLS */
-        ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
-        /* The server must only send the CID extension if we have offered it. */
-        ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension unexpected" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    if( len == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    peer_cid_len = *buf++;
-    len--;
-
-    if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    if( len != peer_cid_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED;
-    ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len;
-    memcpy( ssl->handshake->peer_cid, buf, peer_cid_len );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "Server CID", buf, peer_cid_len );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
-{
-    if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
-        ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
-        len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "non-matching encrypt-then-MAC extension" ) );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    ((void) buf);
-
-    ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
-{
-    if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
-        ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
-        len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "non-matching extended master secret extension" ) );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    ((void) buf);
-
-    ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
-                                         const unsigned char *buf,
-                                         size_t len )
-{
-    if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
-        len != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "non-matching session ticket extension" ) );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    ((void) buf);
-
-    ssl->handshake->new_session_ticket = 1;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl,
-                                                  const unsigned char *buf,
-                                                  size_t len )
-{
-    size_t list_size;
-    const unsigned char *p;
-
-    if( len == 0 || (size_t)( buf[0] + 1 ) != len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-    list_size = buf[0];
-
-    p = buf + 1;
-    while( list_size > 0 )
-    {
-        if( p[0] == MBEDTLS_ECP_PF_UNCOMPRESSED ||
-            p[0] == MBEDTLS_ECP_PF_COMPRESSED )
-        {
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
-            ssl->handshake->ecdh_ctx.point_format = p[0];
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-            ssl->handshake->ecjpake_ctx.point_format = p[0];
-#endif
-            MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) );
-            return( 0 );
-        }
-
-        list_size--;
-        p++;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "no point format in common" ) );
-    mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                    MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-    return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
-          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl,
-                                   const unsigned char *buf,
-                                   size_t len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if( ssl->handshake->ciphersuite_info->key_exchange !=
-        MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) );
-        return( 0 );
-    }
-
-    /* If we got here, we no longer need our cached extension */
-    mbedtls_free( ssl->handshake->ecjpake_cache );
-    ssl->handshake->ecjpake_cache = NULL;
-    ssl->handshake->ecjpake_cache_len = 0;
-
-    if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx,
-                                                buf, len ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( ret );
-    }
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_SSL_ALPN)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl,
-                               const unsigned char *buf, size_t len )
-{
-    size_t list_len, name_len;
-    const char **p;
-
-    /* If we didn't send it, the server shouldn't send it */
-    if( ssl->conf->alpn_list == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching ALPN extension" ) );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    /*
-     * opaque ProtocolName<1..2^8-1>;
-     *
-     * struct {
-     *     ProtocolName protocol_name_list<2..2^16-1>
-     * } ProtocolNameList;
-     *
-     * the "ProtocolNameList" MUST contain exactly one "ProtocolName"
-     */
-
-    /* Min length is 2 (list_len) + 1 (name_len) + 1 (name) */
-    if( len < 4 )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    list_len = ( buf[0] << 8 ) | buf[1];
-    if( list_len != len - 2 )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    name_len = buf[2];
-    if( name_len != list_len - 1 )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    /* Check that the server chosen protocol was in our list and save it */
-    for( p = ssl->conf->alpn_list; *p != NULL; p++ )
-    {
-        if( name_len == strlen( *p ) &&
-            memcmp( buf + 3, *p, name_len ) == 0 )
-        {
-            ssl->alpn_chosen = *p;
-            return( 0 );
-        }
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "ALPN extension: no matching protocol" ) );
-    mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                    MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-    return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-}
-#endif /* MBEDTLS_SSL_ALPN */
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_use_srtp_ext( mbedtls_ssl_context *ssl,
-                                   const unsigned char *buf,
-                                   size_t len )
-{
-    mbedtls_ssl_srtp_profile server_protection = MBEDTLS_TLS_SRTP_UNSET;
-    size_t i, mki_len = 0;
-    uint16_t server_protection_profile_value = 0;
-
-    /* If use_srtp is not configured, just ignore the extension */
-    if( ( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) ||
-        ( ssl->conf->dtls_srtp_profile_list == NULL ) ||
-        ( ssl->conf->dtls_srtp_profile_list_len == 0 ) )
-        return( 0 );
-
-    /* RFC 5764 section 4.1.1
-     * uint8 SRTPProtectionProfile[2];
-     *
-     * struct {
-     *   SRTPProtectionProfiles SRTPProtectionProfiles;
-     *   opaque srtp_mki<0..255>;
-     * } UseSRTPData;
-
-     * SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>;
-     *
-     */
-    if( ssl->conf->dtls_srtp_mki_support == MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED )
-    {
-        mki_len = ssl->dtls_srtp_info.mki_len;
-    }
-
-    /*
-     * Length is 5 + optional mki_value : one protection profile length (2 bytes)
-     *                                      + protection profile (2 bytes)
-     *                                      + mki_len(1 byte)
-     *                                      and optional srtp_mki
-     */
-    if( ( len < 5 ) || ( len != ( buf[4] + 5u ) ) )
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-
-    /*
-     * get the server protection profile
-     */
-
-    /*
-     * protection profile length must be 0x0002 as we must have only
-     * one protection profile in server Hello
-     */
-    if( (  buf[0] != 0 ) || ( buf[1] != 2 ) )
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-
-    server_protection_profile_value = ( buf[2] << 8 ) | buf[3];
-    server_protection = mbedtls_ssl_check_srtp_profile_value(
-                    server_protection_profile_value );
-    if( server_protection != MBEDTLS_TLS_SRTP_UNSET )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "found srtp profile: %s",
-                                      mbedtls_ssl_get_srtp_profile_as_string(
-                                              server_protection ) ) );
-    }
-
-    ssl->dtls_srtp_info.chosen_dtls_srtp_profile = MBEDTLS_TLS_SRTP_UNSET;
-
-    /*
-     * Check we have the server profile in our list
-     */
-    for( i=0; i < ssl->conf->dtls_srtp_profile_list_len; i++)
-    {
-        if( server_protection == ssl->conf->dtls_srtp_profile_list[i] )
-        {
-            ssl->dtls_srtp_info.chosen_dtls_srtp_profile = ssl->conf->dtls_srtp_profile_list[i];
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "selected srtp profile: %s",
-                                      mbedtls_ssl_get_srtp_profile_as_string(
-                                              server_protection ) ) );
-            break;
-        }
-    }
-
-    /* If no match was found : server problem, it shall never answer with incompatible profile */
-    if( ssl->dtls_srtp_info.chosen_dtls_srtp_profile == MBEDTLS_TLS_SRTP_UNSET )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    /* If server does not use mki in its reply, make sure the client won't keep
-     * one as negotiated */
-    if( len == 5 )
-    {
-        ssl->dtls_srtp_info.mki_len = 0;
-    }
-
-    /*
-     * RFC5764:
-     *  If the client detects a nonzero-length MKI in the server's response
-     *  that is different than the one the client offered, then the client
-     *  MUST abort the handshake and SHOULD send an invalid_parameter alert.
-     */
-    if( len > 5  && ( buf[4] != mki_len ||
-        ( memcmp( ssl->dtls_srtp_info.mki_value, &buf[5], mki_len ) ) ) )
-    {
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-#if defined (MBEDTLS_DEBUG_C)
-    if( len > 5 )
-    {
-        MBEDTLS_SSL_DEBUG_BUF( 3, "received mki", ssl->dtls_srtp_info.mki_value,
-                                                  ssl->dtls_srtp_info.mki_len );
-    }
-#endif
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-
-/*
- * Parse HelloVerifyRequest.  Only called after verifying the HS type.
- */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
-{
-    const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
-    int major_ver, minor_ver;
-    unsigned char cookie_len;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse hello verify request" ) );
-
-    /* Check that there is enough room for:
-     * - 2 bytes of version
-     * - 1 byte of cookie_len
-     */
-    if( mbedtls_ssl_hs_hdr_len( ssl ) + 3 > ssl->in_msglen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "incoming HelloVerifyRequest message is too short" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                    MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    /*
-     * struct {
-     *   ProtocolVersion server_version;
-     *   opaque cookie<0..2^8-1>;
-     * } HelloVerifyRequest;
-     */
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
-    mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
-    p += 2;
-
-    /*
-     * Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
-     * even is lower than our min version.
-     */
-    if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
-        minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
-        major_ver > ssl->conf->max_major_ver  ||
-        minor_ver > ssl->conf->max_minor_ver  )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server version" ) );
-
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
-
-        return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
-    }
-
-    cookie_len = *p++;
-    if( ( ssl->in_msg + ssl->in_msglen ) - p < cookie_len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "cookie length does not match incoming message size" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                    MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-    MBEDTLS_SSL_DEBUG_BUF( 3, "cookie", p, cookie_len );
-
-    mbedtls_free( ssl->handshake->verify_cookie );
-
-    ssl->handshake->verify_cookie = mbedtls_calloc( 1, cookie_len );
-    if( ssl->handshake->verify_cookie  == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc failed (%d bytes)", cookie_len ) );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-    }
-
-    memcpy( ssl->handshake->verify_cookie, p, cookie_len );
-    ssl->handshake->verify_cookie_len = cookie_len;
-
-    /* Start over at ClientHello */
-    ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
-    mbedtls_ssl_reset_checksum( ssl );
-
-    mbedtls_ssl_recv_flight_completed( ssl );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse hello verify request" ) );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-static int is_compression_bad( mbedtls_ssl_context *ssl, unsigned char comp )
-{
-    int bad_comp = 0;
-
-    /* Suppress warnings in some configurations */
-    (void) ssl;
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-    /* See comments in ssl_write_client_hello() */
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        comp != MBEDTLS_SSL_COMPRESS_NULL )
-        bad_comp = 1;
-#endif
-
-    if( comp != MBEDTLS_SSL_COMPRESS_NULL &&
-        comp != MBEDTLS_SSL_COMPRESS_DEFLATE )
-        bad_comp = 1;
-#else /* MBEDTLS_ZLIB_SUPPORT */
-    if( comp != MBEDTLS_SSL_COMPRESS_NULL )
-        bad_comp = 1;
-#endif/* MBEDTLS_ZLIB_SUPPORT */
-    return bad_comp;
-}
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
-{
-    int ret, i;
-    size_t n;
-    size_t ext_len;
-    unsigned char *buf, *ext;
-    unsigned char comp;
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    int renegotiation_info_seen = 0;
-#endif
-    int handshake_failure = 0;
-    const mbedtls_ssl_ciphersuite_t *suite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
-
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
-        /* No alert on a read error. */
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    buf = ssl->in_msg;
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-        if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
-        {
-            ssl->renego_records_seen++;
-
-            if( ssl->conf->renego_max_records >= 0 &&
-                ssl->renego_records_seen > ssl->conf->renego_max_records )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1,
-                    ( "renegotiation requested, but not honored by server" ) );
-                return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-            }
-
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "non-handshake message during renegotiation" ) );
-
-            ssl->keep_current_message = 1;
-            return( MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO );
-        }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-    {
-        if( buf[0] == MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "received hello verify request" ) );
-            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) );
-            return( ssl_parse_hello_verify_request( ssl ) );
-        }
-        else
-        {
-            /* We made it through the verification process */
-            mbedtls_free( ssl->handshake->verify_cookie );
-            ssl->handshake->verify_cookie = NULL;
-            ssl->handshake->verify_cookie_len = 0;
-        }
-    }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-    if( ssl->in_hslen < 38 + mbedtls_ssl_hs_hdr_len( ssl ) ||
-        buf[0] != MBEDTLS_SSL_HS_SERVER_HELLO )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    /*
-     *  0   .  1    server_version
-     *  2   . 33    random (maybe including 4 bytes of Unix time)
-     * 34   . 34    session_id length = n
-     * 35   . 34+n  session_id
-     * 35+n . 36+n  cipher_suite
-     * 37+n . 37+n  compression_method
-     *
-     * 38+n . 39+n  extensions length (optional)
-     * 40+n .  ..   extensions
-     */
-    buf += mbedtls_ssl_hs_hdr_len( ssl );
-
-    MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, version", buf + 0, 2 );
-    mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
-                      ssl->conf->transport, buf + 0 );
-
-    if( ssl->major_ver < ssl->conf->min_major_ver ||
-        ssl->minor_ver < ssl->conf->min_minor_ver ||
-        ssl->major_ver > ssl->conf->max_major_ver ||
-        ssl->minor_ver > ssl->conf->max_minor_ver )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "server version out of bounds -  min: [%d:%d], server: [%d:%d], max: [%d:%d]",
-              ssl->conf->min_major_ver,
-              ssl->conf->min_minor_ver,
-              ssl->major_ver, ssl->minor_ver,
-              ssl->conf->max_major_ver,
-              ssl->conf->max_minor_ver ) );
-
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                     MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
-
-        return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
-                                     ( (unsigned long) buf[2] << 24 ) |
-                                     ( (unsigned long) buf[3] << 16 ) |
-                                     ( (unsigned long) buf[4] <<  8 ) |
-                                     ( (unsigned long) buf[5]       ) ) );
-
-    memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
-
-    n = buf[34];
-
-    MBEDTLS_SSL_DEBUG_BUF( 3,   "server hello, random bytes", buf + 2, 32 );
-
-    if( n > 32 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    if( ssl->in_hslen > mbedtls_ssl_hs_hdr_len( ssl ) + 39 + n )
-    {
-        ext_len = ( ( buf[38 + n] <<  8 )
-                  | ( buf[39 + n]       ) );
-
-        if( ( ext_len > 0 && ext_len < 4 ) ||
-            ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-        }
-    }
-    else if( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) + 38 + n )
-    {
-        ext_len = 0;
-    }
-    else
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    /* ciphersuite (used later) */
-    i = ( buf[35 + n] << 8 ) | buf[36 + n];
-
-    /*
-     * Read and check compression
-     */
-    comp = buf[37 + n];
-
-    if( is_compression_bad( ssl, comp ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "server hello, bad compression: %d", comp ) );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-    }
-
-    /*
-     * Initialize update checksum functions
-     */
-    ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i );
-    if( ssl->handshake->ciphersuite_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "ciphersuite info for %04x not found", (unsigned int)i ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3,   "server hello, session id", buf + 35, n );
-
-    /*
-     * Check if the session can be resumed
-     */
-    if( ssl->handshake->resume == 0 || n == 0 ||
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-        ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE ||
-#endif
-        ssl->session_negotiate->ciphersuite != i ||
-        ssl->session_negotiate->compression != comp ||
-        ssl->session_negotiate->id_len != n ||
-        memcmp( ssl->session_negotiate->id, buf + 35, n ) != 0 )
-    {
-        ssl->state++;
-        ssl->handshake->resume = 0;
-#if defined(MBEDTLS_HAVE_TIME)
-        ssl->session_negotiate->start = mbedtls_time( NULL );
-#endif
-        ssl->session_negotiate->ciphersuite = i;
-        ssl->session_negotiate->compression = comp;
-        ssl->session_negotiate->id_len = n;
-        memcpy( ssl->session_negotiate->id, buf + 35, n );
-    }
-    else
-    {
-        ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
-                   ssl->handshake->resume ? "a" : "no" ) );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", (unsigned) i ) );
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
-                                buf[37 + n] ) );
-
-    /*
-     * Perform cipher suite validation in same way as in ssl_write_client_hello.
-     */
-    i = 0;
-    while( 1 )
-    {
-        if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-        }
-
-        if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] ==
-            ssl->session_negotiate->ciphersuite )
-        {
-            break;
-        }
-    }
-
-    suite_info = mbedtls_ssl_ciphersuite_from_id(
-        ssl->session_negotiate->ciphersuite );
-    if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver,
-                                  ssl->minor_ver ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3,
-        ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
-        ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        ssl->handshake->ecrs_enabled = 1;
-    }
-#endif
-
-    if( comp != MBEDTLS_SSL_COMPRESS_NULL
-#if defined(MBEDTLS_ZLIB_SUPPORT)
-        && comp != MBEDTLS_SSL_COMPRESS_DEFLATE
-#endif
-      )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-    ssl->session_negotiate->compression = comp;
-
-    ext = buf + 40 + n;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2,
-        ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, ext_len ) );
-
-    while( ext_len )
-    {
-        unsigned int ext_id   = ( ( ext[0] <<  8 )
-                                | ( ext[1]       ) );
-        unsigned int ext_size = ( ( ext[2] <<  8 )
-                                | ( ext[3]       ) );
-
-        if( ext_size + 4 > ext_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-            mbedtls_ssl_send_alert_message(
-                ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-        }
-
-        switch( ext_id )
-        {
-        case MBEDTLS_TLS_EXT_RENEGOTIATION_INFO:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found renegotiation extension" ) );
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-            renegotiation_info_seen = 1;
-#endif
-
-            if( ( ret = ssl_parse_renegotiation_info( ssl, ext + 4,
-                                                      ext_size ) ) != 0 )
-                return( ret );
-
-            break;
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-        case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
-            MBEDTLS_SSL_DEBUG_MSG( 3,
-                ( "found max_fragment_length extension" ) );
-
-            if( ( ret = ssl_parse_max_fragment_length_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-        case MBEDTLS_TLS_EXT_TRUNCATED_HMAC:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found truncated_hmac extension" ) );
-
-            if( ( ret = ssl_parse_truncated_hmac_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-        case MBEDTLS_TLS_EXT_CID:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) );
-
-            if( ( ret = ssl_parse_cid_ext( ssl,
-                                           ext + 4,
-                                           ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-        case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt_then_mac extension" ) );
-
-            if( ( ret = ssl_parse_encrypt_then_mac_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
-
-#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-        case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
-            MBEDTLS_SSL_DEBUG_MSG( 3,
-                ( "found extended_master_secret extension" ) );
-
-            if( ( ret = ssl_parse_extended_ms_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-        case MBEDTLS_TLS_EXT_SESSION_TICKET:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found session_ticket extension" ) );
-
-            if( ( ret = ssl_parse_session_ticket_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-        case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
-            MBEDTLS_SSL_DEBUG_MSG( 3,
-                ( "found supported_point_formats extension" ) );
-
-            if( ( ret = ssl_parse_supported_point_formats_ext( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
-          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-        case MBEDTLS_TLS_EXT_ECJPAKE_KKPP:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ecjpake_kkpp extension" ) );
-
-            if( ( ret = ssl_parse_ecjpake_kkpp( ssl,
-                            ext + 4, ext_size ) ) != 0 )
-            {
-                return( ret );
-            }
-
-            break;
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-
-#if defined(MBEDTLS_SSL_ALPN)
-        case MBEDTLS_TLS_EXT_ALPN:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
-
-            if( ( ret = ssl_parse_alpn_ext( ssl, ext + 4, ext_size ) ) != 0 )
-                return( ret );
-
-            break;
-#endif /* MBEDTLS_SSL_ALPN */
-
-#if defined(MBEDTLS_SSL_DTLS_SRTP)
-        case MBEDTLS_TLS_EXT_USE_SRTP:
-            MBEDTLS_SSL_DEBUG_MSG( 3, ( "found use_srtp extension" ) );
-
-            if( ( ret = ssl_parse_use_srtp_ext( ssl, ext + 4, ext_size ) ) != 0 )
-                return( ret );
-
-            break;
-#endif /* MBEDTLS_SSL_DTLS_SRTP */
-
-        default:
-            MBEDTLS_SSL_DEBUG_MSG( 3,
-                ( "unknown extension found: %u (ignoring)", ext_id ) );
-        }
-
-        ext_len -= 4 + ext_size;
-        ext += 4 + ext_size;
-
-        if( ext_len > 0 && ext_len < 4 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-        }
-    }
-
-    /*
-     * mbedtls_ssl_derive_keys() has to be called after the parsing of the
-     * extensions. It sets the transform data for the resumed session which in
-     * case of DTLS includes the server CID extracted from the CID extension.
-     */
-    if( ssl->handshake->resume )
-    {
-        if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-            return( ret );
-        }
-    }
-
-    /*
-     * Renegotiation security checks
-     */
-    if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-        ssl->conf->allow_legacy_renegotiation ==
-        MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "legacy renegotiation, breaking off handshake" ) );
-        handshake_failure = 1;
-    }
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-             ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION &&
-             renegotiation_info_seen == 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "renegotiation_info extension missing (secure)" ) );
-        handshake_failure = 1;
-    }
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-             ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-             ssl->conf->allow_legacy_renegotiation ==
-             MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
-        handshake_failure = 1;
-    }
-    else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
-             ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
-             renegotiation_info_seen == 1 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "renegotiation_info extension present (legacy)" ) );
-        handshake_failure = 1;
-    }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-    if( handshake_failure == 1 )
-    {
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello" ) );
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
-                                       unsigned char **p,
-                                       unsigned char *end )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-    size_t dhm_actual_bitlen;
-
-    /*
-     * Ephemeral DH parameters:
-     *
-     * struct {
-     *     opaque dh_p<1..2^16-1>;
-     *     opaque dh_g<1..2^16-1>;
-     *     opaque dh_Ys<1..2^16-1>;
-     * } ServerDHParams;
-     */
-    if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx,
-                                         p, end ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 2, ( "mbedtls_dhm_read_params" ), ret );
-        return( ret );
-    }
-
-    dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
-    if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
-                                    dhm_actual_bitlen,
-                                    ssl->conf->dhm_min_bitlen ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-
-    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: P ", &ssl->handshake->dhm_ctx.P  );
-    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G  );
-    MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GY", &ssl->handshake->dhm_ctx.GY );
-
-    return( ret );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_server_ecdh_params( const mbedtls_ssl_context *ssl )
-{
-    const mbedtls_ecp_curve_info *curve_info;
-    mbedtls_ecp_group_id grp_id;
-#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    grp_id = ssl->handshake->ecdh_ctx.grp.id;
-#else
-    grp_id = ssl->handshake->ecdh_ctx.grp_id;
-#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
-
-    curve_info = mbedtls_ecp_curve_info_from_grp_id( grp_id );
-    if( curve_info == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "ECDH curve: %s", curve_info->name ) );
-
-#if defined(MBEDTLS_ECP_C)
-    if( mbedtls_ssl_check_curve( ssl, grp_id ) != 0 )
-        return( -1 );
-#else
-    if( ssl->handshake->ecdh_ctx.grp.nbits < 163 ||
-        ssl->handshake->ecdh_ctx.grp.nbits > 521 )
-        return( -1 );
-#endif /* MBEDTLS_ECP_C */
-
-    MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
-                            MBEDTLS_DEBUG_ECDH_QP );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO) &&                           \
-        ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||     \
-          defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_ecdh_params_psa( mbedtls_ssl_context *ssl,
-                                             unsigned char **p,
-                                             unsigned char *end )
-{
-    uint16_t tls_id;
-    size_t ecdh_bits = 0;
-    uint8_t ecpoint_len;
-    mbedtls_ssl_handshake_params *handshake = ssl->handshake;
-
-    /*
-     * Parse ECC group
-     */
-
-    if( end - *p < 4 )
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-
-    /* First byte is curve_type; only named_curve is handled */
-    if( *(*p)++ != MBEDTLS_ECP_TLS_NAMED_CURVE )
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-
-    /* Next two bytes are the namedcurve value */
-    tls_id = *(*p)++;
-    tls_id <<= 8;
-    tls_id |= *(*p)++;
-
-    /* Check it's a curve we offered */
-    if( mbedtls_ssl_check_curve_tls_id( ssl, tls_id ) != 0 )
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-
-    /* Convert EC group to PSA key type. */
-    if( ( handshake->ecdh_psa_type =
-          mbedtls_psa_parse_tls_ecc_group( tls_id, &ecdh_bits ) ) == 0 )
-    {
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-    if( ecdh_bits > 0xffff )
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    handshake->ecdh_bits = (uint16_t) ecdh_bits;
-
-    /*
-     * Put peer's ECDH public key in the format understood by PSA.
-     */
-
-    ecpoint_len = *(*p)++;
-    if( (size_t)( end - *p ) < ecpoint_len )
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-
-    if( mbedtls_psa_tls_ecpoint_to_psa_ec(
-                                    *p, ecpoint_len,
-                                    handshake->ecdh_psa_peerkey,
-                                    sizeof( handshake->ecdh_psa_peerkey ),
-                                    &handshake->ecdh_psa_peerkey_len ) != 0 )
-    {
-        return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-    }
-
-    *p += ecpoint_len;
-    return( 0 );
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
-            ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-              MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
-                                         unsigned char **p,
-                                         unsigned char *end )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-
-    /*
-     * Ephemeral ECDH parameters:
-     *
-     * struct {
-     *     ECParameters curve_params;
-     *     ECPoint      public;
-     * } ServerECDHParams;
-     */
-    if( ( ret = mbedtls_ecdh_read_params( &ssl->handshake->ecdh_ctx,
-                                  (const unsigned char **) p, end ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret );
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-        if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-            ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
-#endif
-        return( ret );
-    }
-
-    if( ssl_check_server_ecdh_params( ssl ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "bad server key exchange message (ECDHE curve)" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-
-    return( ret );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
-                                      unsigned char **p,
-                                      unsigned char *end )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-    uint16_t  len;
-    ((void) ssl);
-
-    /*
-     * PSK parameters:
-     *
-     * opaque psk_identity_hint<0..2^16-1>;
-     */
-    if( end - (*p) < 2 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "bad server key exchange message (psk_identity_hint length)" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-    len = (*p)[0] << 8 | (*p)[1];
-    *p += 2;
-
-    if( end - (*p) < len )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "bad server key exchange message (psk_identity_hint length)" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-
-    /*
-     * Note: we currently ignore the PSK identity hint, as we only allow one
-     * PSK to be provisioned on the client. This could be changed later if
-     * someone needs that feature.
-     */
-    *p += len;
-    ret = 0;
-
-    return( ret );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||                           \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-/*
- * Generate a pre-master secret and encrypt it with the server's RSA key
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
-                                    size_t offset, size_t *olen,
-                                    size_t pms_offset )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2;
-    unsigned char *p = ssl->handshake->premaster + pms_offset;
-    mbedtls_pk_context * peer_pk;
-
-    if( offset + len_bytes > MBEDTLS_SSL_OUT_CONTENT_LEN )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small for encrypted pms" ) );
-        return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-    }
-
-    /*
-     * Generate (part of) the pre-master as
-     *  struct {
-     *      ProtocolVersion client_version;
-     *      opaque random[46];
-     *  } PreMasterSecret;
-     */
-    mbedtls_ssl_write_version( ssl->conf->max_major_ver,
-                               ssl->conf->max_minor_ver,
-                               ssl->conf->transport, p );
-
-    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "f_rng", ret );
-        return( ret );
-    }
-
-    ssl->handshake->pmslen = 48;
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    peer_pk = &ssl->handshake->peer_pubkey;
-#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    if( ssl->session_negotiate->peer_cert == NULL )
-    {
-        /* Should never happen */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-    peer_pk = &ssl->session_negotiate->peer_cert->pk;
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-    /*
-     * Now write it out, encrypted
-     */
-    if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_RSA ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate key type mismatch" ) );
-        return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
-    }
-
-    if( ( ret = mbedtls_pk_encrypt( peer_pk,
-                            p, ssl->handshake->pmslen,
-                            ssl->out_msg + offset + len_bytes, olen,
-                            MBEDTLS_SSL_OUT_CONTENT_LEN - offset - len_bytes,
-                            ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_rsa_pkcs1_encrypt", ret );
-        return( ret );
-    }
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( len_bytes == 2 )
-    {
-        MBEDTLS_PUT_UINT16_BE( *olen, ssl->out_msg, offset );
-        *olen += 2;
-    }
-#endif
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    /* We don't need the peer's public key anymore. Free it. */
-    mbedtls_pk_free( peer_pk );
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
-                                          unsigned char **p,
-                                          unsigned char *end,
-                                          mbedtls_md_type_t *md_alg,
-                                          mbedtls_pk_type_t *pk_alg )
-{
-    ((void) ssl);
-    *md_alg = MBEDTLS_MD_NONE;
-    *pk_alg = MBEDTLS_PK_NONE;
-
-    /* Only in TLS 1.2 */
-    if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        return( 0 );
-    }
-
-    if( (*p) + 2 > end )
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-
-    /*
-     * Get hash algorithm
-     */
-    if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) )
-        == MBEDTLS_MD_NONE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-
-    /*
-     * Get signature algorithm
-     */
-    if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) )
-        == MBEDTLS_PK_NONE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-
-    /*
-     * Check if the hash is acceptable
-     */
-    if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d",
-                                (*p)[1] ) );
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d",
-                                (*p)[0] ) );
-    *p += 2;
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const mbedtls_ecp_keypair *peer_key;
-    mbedtls_pk_context * peer_pk;
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    peer_pk = &ssl->handshake->peer_pubkey;
-#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    if( ssl->session_negotiate->peer_cert == NULL )
-    {
-        /* Should never happen */
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-    peer_pk = &ssl->session_negotiate->peer_cert->pk;
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-    /* This is a public key, so it can't be opaque, so can_do() is a good
-     * enough check to ensure pk_ec() is safe to use below. */
-    if( ! mbedtls_pk_can_do( peer_pk, MBEDTLS_PK_ECKEY ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
-        return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
-    }
-
-    peer_key = mbedtls_pk_ec( *peer_pk );
-
-    if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
-                                 MBEDTLS_ECDH_THEIRS ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
-        return( ret );
-    }
-
-    if( ssl_check_server_ecdh_params( ssl ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE );
-    }
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    /* We don't need the peer's public key anymore. Free it,
-     * so that more RAM is available for upcoming expensive
-     * operations like ECDHE. */
-    mbedtls_pk_free( peer_pk );
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-    return( ret );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->handshake->ciphersuite_info;
-    unsigned char *p = NULL, *end = NULL;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
-
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
-        ssl->state++;
-        return( 0 );
-    }
-    ((void) p);
-    ((void) end);
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
-    {
-        if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( ret );
-        }
-
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse server key exchange" ) );
-        ssl->state++;
-        return( 0 );
-    }
-    ((void) p);
-    ((void) end);
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( ssl->handshake->ecrs_enabled &&
-        ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing )
-    {
-        goto start_processing;
-    }
-#endif
-
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-    /*
-     * ServerKeyExchange may be skipped with PSK and RSA-PSK when the server
-     * doesn't use a psk_identity_hint
-     */
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE )
-    {
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-            ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-        {
-            /* Current message is probably either
-             * CertificateRequest or ServerHelloDone */
-            ssl->keep_current_message = 1;
-            goto exit;
-        }
-
-        MBEDTLS_SSL_DEBUG_MSG( 1,
-            ( "server key exchange message must not be skipped" ) );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( ssl->handshake->ecrs_enabled )
-        ssl->handshake->ecrs_state = ssl_ecrs_ske_start_processing;
-
-start_processing:
-#endif
-    p   = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
-    end = ssl->in_msg + ssl->in_hslen;
-    MBEDTLS_SSL_DEBUG_BUF( 3,   "server key exchange", p, end - p );
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-    {
-        if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
-    } /* FALLTHROUGH */
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||                       \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-        ; /* nothing more to do */
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                       \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
-    {
-        if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) &&                           \
-        ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||     \
-          defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
-    {
-        if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
-    }
-    else
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
-            ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-              MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
-    {
-        if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx,
-                                              p, end - p );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
-    {
-        size_t sig_len, hashlen;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-        unsigned char hash[PSA_HASH_MAX_SIZE];
-#else
-        unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-#endif
-        mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
-        mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
-        unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
-        size_t params_len = p - params;
-        void *rs_ctx = NULL;
-
-        mbedtls_pk_context * peer_pk;
-
-        /*
-         * Handle the digitally-signed structure
-         */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-        {
-            if( ssl_parse_signature_algorithm( ssl, &p, end,
-                                               &md_alg, &pk_alg ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1,
-                    ( "bad server key exchange message" ) );
-                mbedtls_ssl_send_alert_message(
-                    ssl,
-                    MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                    MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-                return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-            }
-
-            if( pk_alg !=
-                mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1,
-                    ( "bad server key exchange message" ) );
-                mbedtls_ssl_send_alert_message(
-                    ssl,
-                    MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                    MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
-                return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-            }
-        }
-        else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-        if( ssl->minor_ver < MBEDTLS_SSL_MINOR_VERSION_3 )
-        {
-            pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
-
-            /* Default hash for ECDSA is SHA-1 */
-            if( pk_alg == MBEDTLS_PK_ECDSA && md_alg == MBEDTLS_MD_NONE )
-                md_alg = MBEDTLS_MD_SHA1;
-        }
-        else
-#endif
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        /*
-         * Read signature
-         */
-
-        if( p > end - 2 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
-        sig_len = ( p[0] << 8 ) | p[1];
-        p += 2;
-
-        if( p != end - sig_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
-        }
-
-        MBEDTLS_SSL_DEBUG_BUF( 3, "signature", p, sig_len );
-
-        /*
-         * Compute the hash that has been signed
-         */
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-        if( md_alg == MBEDTLS_MD_NONE )
-        {
-            hashlen = 36;
-            ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, params,
-                                                           params_len );
-            if( ret != 0 )
-                return( ret );
-        }
-        else
-#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
-          MBEDTLS_SSL_PROTO_TLS1_1 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( md_alg != MBEDTLS_MD_NONE )
-        {
-            ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
-                                                          params, params_len,
-                                                          md_alg );
-            if( ret != 0 )
-                return( ret );
-        }
-        else
-#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
-          MBEDTLS_SSL_PROTO_TLS1_2 */
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-        peer_pk = &ssl->handshake->peer_pubkey;
-#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-        if( ssl->session_negotiate->peer_cert == NULL )
-        {
-            /* Should never happen */
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-        peer_pk = &ssl->session_negotiate->peer_cert->pk;
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-        /*
-         * Verify signature
-         */
-        if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
-            return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
-        }
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-        if( ssl->handshake->ecrs_enabled )
-            rs_ctx = &ssl->handshake->ecrs_ctx.pk;
-#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */
-
-        if( ( ret = mbedtls_pk_verify_restartable( peer_pk,
-                        md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
-        {
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
-                return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
-            }
-#endif /* MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED */
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
-            return( ret );
-        }
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-        /* We don't need the peer's public key anymore. Free it,
-         * so that more RAM is available for upcoming expensive
-         * operations like ECDHE. */
-        mbedtls_pk_free( peer_pk );
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    }
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
-
-exit:
-    ssl->state++;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server key exchange" ) );
-
-    return( 0 );
-}
-
-#if ! defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
-{
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->handshake->ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
-
-    if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-}
-#else /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char *buf;
-    size_t n = 0;
-    size_t cert_type_len = 0, dn_len = 0;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->handshake->ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
-
-    if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-    ssl->state++;
-    ssl->client_auth = ( ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST );
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "got %s certificate request",
-                        ssl->client_auth ? "a" : "no" ) );
-
-    if( ssl->client_auth == 0 )
-    {
-        /* Current message is probably the ServerHelloDone */
-        ssl->keep_current_message = 1;
-        goto exit;
-    }
-
-    /*
-     *  struct {
-     *      ClientCertificateType certificate_types<1..2^8-1>;
-     *      SignatureAndHashAlgorithm
-     *        supported_signature_algorithms<2^16-1>; -- TLS 1.2 only
-     *      DistinguishedName certificate_authorities<0..2^16-1>;
-     *  } CertificateRequest;
-     *
-     *  Since we only support a single certificate on clients, let's just
-     *  ignore all the information that's supposed to help us pick a
-     *  certificate.
-     *
-     *  We could check that our certificate matches the request, and bail out
-     *  if it doesn't, but it's simpler to just send the certificate anyway,
-     *  and give the server the opportunity to decide if it should terminate
-     *  the connection when it doesn't like our certificate.
-     *
-     *  Same goes for the hash in TLS 1.2's signature_algorithms: at this
-     *  point we only have one hash available (see comments in
-     *  write_certificate_verify), so let's just use what we have.
-     *
-     *  However, we still minimally parse the message to check it is at least
-     *  superficially sane.
-     */
-    buf = ssl->in_msg;
-
-    /* certificate_types */
-    if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
-    }
-    cert_type_len = buf[mbedtls_ssl_hs_hdr_len( ssl )];
-    n = cert_type_len;
-
-    /*
-     * In the subsequent code there are two paths that read from buf:
-     *     * the length of the signature algorithms field (if minor version of
-     *       SSL is 3),
-     *     * distinguished name length otherwise.
-     * Both reach at most the index:
-     *    ...hdr_len + 2 + n,
-     * therefore the buffer length at this point must be greater than that
-     * regardless of the actual code path.
-     */
-    if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
-    }
-
-    /* supported_signature_algorithms */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        size_t sig_alg_len =
-            ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] <<  8 )
-              | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n]   ) );
-#if defined(MBEDTLS_DEBUG_C)
-        unsigned char* sig_alg;
-        size_t i;
-#endif
-
-        /*
-         * The furthest access in buf is in the loop few lines below:
-         *     sig_alg[i + 1],
-         * where:
-         *     sig_alg = buf + ...hdr_len + 3 + n,
-         *     max(i) = sig_alg_len - 1.
-         * Therefore the furthest access is:
-         *     buf[...hdr_len + 3 + n + sig_alg_len - 1 + 1],
-         * which reduces to:
-         *     buf[...hdr_len + 3 + n + sig_alg_len],
-         * which is one less than we need the buf to be.
-         */
-        if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl )
-                                + 3 + n + sig_alg_len )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-            return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
-        }
-
-#if defined(MBEDTLS_DEBUG_C)
-        sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
-        for( i = 0; i < sig_alg_len; i += 2 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 3,
-                ( "Supported Signature Algorithm found: %d,%d",
-                  sig_alg[i], sig_alg[i + 1]  ) );
-        }
-#endif
-
-        n += 2 + sig_alg_len;
-    }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-
-    /* certificate_authorities */
-    dn_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] <<  8 )
-             | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n]       ) );
-
-    n += dn_len;
-    if( ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
-    }
-
-exit:
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate request" ) );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) );
-
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-    if( ssl->in_hslen  != mbedtls_ssl_hs_hdr_len( ssl ) ||
-        ssl->in_msg[0] != MBEDTLS_SSL_HS_SERVER_HELLO_DONE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello done message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE );
-    }
-
-    ssl->state++;
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
-        mbedtls_ssl_recv_flight_completed( ssl );
-#endif
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse server hello done" ) );
-
-    return( 0 );
-}
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    size_t header_len;
-    size_t content_len;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->handshake->ciphersuite_info;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
-
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA )
-    {
-        /*
-         * DHM key exchange -- send G^X mod P
-         */
-        content_len = ssl->handshake->dhm_ctx.len;
-
-        MBEDTLS_PUT_UINT16_BE( content_len, ssl->out_msg, 4 );
-        header_len = 6;
-
-        ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
-                          (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
-                          &ssl->out_msg[header_len], content_len,
-                          ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
-            return( ret );
-        }
-
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: X ", &ssl->handshake->dhm_ctx.X  );
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
-
-        if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
-                                  ssl->handshake->premaster,
-                                  MBEDTLS_PREMASTER_SIZE,
-                                  &ssl->handshake->pmslen,
-                                  ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
-            return( ret );
-        }
-
-        MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: K ", &ssl->handshake->dhm_ctx.K  );
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) &&                           \
-        ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||     \
-          defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) )
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
-    {
-        psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-        psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
-        psa_key_attributes_t key_attributes;
-
-        mbedtls_ssl_handshake_params *handshake = ssl->handshake;
-
-        unsigned char own_pubkey[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
-        size_t own_pubkey_len;
-        unsigned char *own_pubkey_ecpoint;
-        size_t own_pubkey_ecpoint_len;
-
-        header_len = 4;
-
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Perform PSA-based ECDH computation." ) );
-
-        /*
-         * Generate EC private key for ECDHE exchange.
-         */
-
-        /* The master secret is obtained from the shared ECDH secret by
-         * applying the TLS 1.2 PRF with a specific salt and label. While
-         * the PSA Crypto API encourages combining key agreement schemes
-         * such as ECDH with fixed KDFs such as TLS 1.2 PRF, it does not
-         * yet support the provisioning of salt + label to the KDF.
-         * For the time being, we therefore need to split the computation
-         * of the ECDH secret and the application of the TLS 1.2 PRF. */
-        key_attributes = psa_key_attributes_init();
-        psa_set_key_usage_flags( &key_attributes, PSA_KEY_USAGE_DERIVE );
-        psa_set_key_algorithm( &key_attributes, PSA_ALG_ECDH );
-        psa_set_key_type( &key_attributes, handshake->ecdh_psa_type );
-        psa_set_key_bits( &key_attributes, handshake->ecdh_bits );
-
-        /* Generate ECDH private key. */
-        status = psa_generate_key( &key_attributes,
-                                   &handshake->ecdh_psa_privkey );
-        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-
-        /* Export the public part of the ECDH private key from PSA
-         * and convert it to ECPoint format used in ClientKeyExchange. */
-        status = psa_export_public_key( handshake->ecdh_psa_privkey,
-                                        own_pubkey, sizeof( own_pubkey ),
-                                        &own_pubkey_len );
-        if( status != PSA_SUCCESS )
-        {
-            psa_destroy_key( handshake->ecdh_psa_privkey );
-            handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-
-        if( mbedtls_psa_tls_psa_ec_to_ecpoint( own_pubkey,
-                                               own_pubkey_len,
-                                               &own_pubkey_ecpoint,
-                                               &own_pubkey_ecpoint_len ) != 0 )
-        {
-            psa_destroy_key( handshake->ecdh_psa_privkey );
-            handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-
-        /* Copy ECPoint structure to outgoing message buffer. */
-        ssl->out_msg[header_len] = (unsigned char) own_pubkey_ecpoint_len;
-        memcpy( ssl->out_msg + header_len + 1,
-                own_pubkey_ecpoint, own_pubkey_ecpoint_len );
-        content_len = own_pubkey_ecpoint_len + 1;
-
-        /* The ECDH secret is the premaster secret used for key derivation. */
-
-        /* Compute ECDH shared secret. */
-        status = psa_raw_key_agreement( PSA_ALG_ECDH,
-                                        handshake->ecdh_psa_privkey,
-                                        handshake->ecdh_psa_peerkey,
-                                        handshake->ecdh_psa_peerkey_len,
-                                        ssl->handshake->premaster,
-                                        sizeof( ssl->handshake->premaster ),
-                                        &ssl->handshake->pmslen );
-
-        destruction_status = psa_destroy_key( handshake->ecdh_psa_privkey );
-        handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
-
-        if( status != PSA_SUCCESS || destruction_status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-    }
-    else
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
-            ( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-              MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ) */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
-    {
-        /*
-         * ECDH key exchange -- send client public value
-         */
-        header_len = 4;
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-        if( ssl->handshake->ecrs_enabled )
-        {
-            if( ssl->handshake->ecrs_state == ssl_ecrs_cke_ecdh_calc_secret )
-                goto ecdh_calc_secret;
-
-            mbedtls_ecdh_enable_restart( &ssl->handshake->ecdh_ctx );
-        }
-#endif
-
-        ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
-                                &content_len,
-                                &ssl->out_msg[header_len], 1000,
-                                ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-                ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
-#endif
-            return( ret );
-        }
-
-        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
-                                MBEDTLS_DEBUG_ECDH_Q );
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-        if( ssl->handshake->ecrs_enabled )
-        {
-            ssl->handshake->ecrs_n = content_len;
-            ssl->handshake->ecrs_state = ssl_ecrs_cke_ecdh_calc_secret;
-        }
-
-ecdh_calc_secret:
-        if( ssl->handshake->ecrs_enabled )
-            content_len = ssl->handshake->ecrs_n;
-#endif
-        if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
-                                  &ssl->handshake->pmslen,
-                                  ssl->handshake->premaster,
-                                  MBEDTLS_MPI_MAX_SIZE,
-                                  ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-                ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
-#endif
-            return( ret );
-        }
-
-        MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
-                                MBEDTLS_DEBUG_ECDH_Z );
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
-    if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) )
-    {
-        /*
-         * opaque psk_identity<0..2^16-1>;
-         */
-        if( ssl_conf_has_static_psk( ssl->conf ) == 0 )
-        {
-            /* We don't offer PSK suites if we don't have a PSK,
-             * and we check that the server's choice is among the
-             * ciphersuites we offered, so this should never happen. */
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        header_len = 4;
-        content_len = ssl->conf->psk_identity_len;
-
-        if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "psk identity too long or SSL buffer too short" ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-        }
-
-        ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len );
-        ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len );
-
-        memcpy( ssl->out_msg + header_len,
-                ssl->conf->psk_identity,
-                ssl->conf->psk_identity_len );
-        header_len += ssl->conf->psk_identity_len;
-
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK )
-        {
-            content_len = 0;
-        }
-        else
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
-        {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-            /* Opaque PSKs are currently only supported for PSK-only suites. */
-            if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with RSA-PSK" ) );
-                return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-            }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-            if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
-                                                 &content_len, 2 ) ) != 0 )
-                return( ret );
-        }
-        else
-#endif
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
-        {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-            /* Opaque PSKs are currently only supported for PSK-only suites. */
-            if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with DHE-PSK" ) );
-                return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-            }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-            /*
-             * ClientDiffieHellmanPublic public (DHM send G^X mod P)
-             */
-            content_len = ssl->handshake->dhm_ctx.len;
-
-            if( header_len + 2 + content_len >
-                MBEDTLS_SSL_OUT_CONTENT_LEN )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1,
-                    ( "psk identity or DHM size too long or SSL buffer too short" ) );
-                return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-            }
-
-            ssl->out_msg[header_len++] = MBEDTLS_BYTE_1( content_len );
-            ssl->out_msg[header_len++] = MBEDTLS_BYTE_0( content_len );
-
-            ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
-                    (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
-                    &ssl->out_msg[header_len], content_len,
-                    ssl->conf->f_rng, ssl->conf->p_rng );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
-                return( ret );
-            }
-        }
-        else
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
-        {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-            /* Opaque PSKs are currently only supported for PSK-only suites. */
-            if( ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "opaque PSK not supported with ECDHE-PSK" ) );
-                return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-            }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-            /*
-             * ClientECDiffieHellmanPublic public;
-             */
-            ret = mbedtls_ecdh_make_public( &ssl->handshake->ecdh_ctx,
-                    &content_len,
-                    &ssl->out_msg[header_len],
-                    MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
-                    ssl->conf->f_rng, ssl->conf->p_rng );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
-                return( ret );
-            }
-
-            MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx,
-                                    MBEDTLS_DEBUG_ECDH_Q );
-        }
-        else
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO) &&          \
-    defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-        if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK &&
-            ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
-            ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1,
-                ( "skip PMS generation for opaque PSK" ) );
-        }
-        else
-#endif /* MBEDTLS_USE_PSA_CRYPTO &&
-          MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
-        if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
-                        ciphersuite_info->key_exchange ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1,
-                "mbedtls_ssl_psk_derive_premaster", ret );
-            return( ret );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA )
-    {
-        header_len = 4;
-        if( ( ret = ssl_write_encrypted_pms( ssl, header_len,
-                                             &content_len, 0 ) ) != 0 )
-            return( ret );
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
-    {
-        header_len = 4;
-
-        ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
-                ssl->out_msg + header_len,
-                MBEDTLS_SSL_OUT_CONTENT_LEN - header_len,
-                &content_len,
-                ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
-            return( ret );
-        }
-
-        ret = mbedtls_ecjpake_derive_secret( &ssl->handshake->ecjpake_ctx,
-                ssl->handshake->premaster, 32, &ssl->handshake->pmslen,
-                ssl->conf->f_rng, ssl->conf->p_rng );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret );
-            return( ret );
-        }
-    }
-    else
-#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
-    {
-        ((void) ciphersuite_info);
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    ssl->out_msglen  = header_len + content_len;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
-
-    ssl->state++;
-
-    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write client key exchange" ) );
-
-    return( 0 );
-}
-
-#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
-{
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->handshake->ciphersuite_info;
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
-
-    if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
-        return( ret );
-    }
-
-    if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-    return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-}
-#else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-    const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
-        ssl->handshake->ciphersuite_info;
-    size_t n = 0, offset = 0;
-    unsigned char hash[48];
-    unsigned char *hash_start = hash;
-    mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
-    size_t hashlen;
-    void *rs_ctx = NULL;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( ssl->handshake->ecrs_enabled &&
-        ssl->handshake->ecrs_state == ssl_ecrs_crt_vrfy_sign )
-    {
-        goto sign;
-    }
-#endif
-
-    if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
-        return( ret );
-    }
-
-    if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    if( ssl->client_auth == 0 || mbedtls_ssl_own_cert( ssl ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
-        ssl->state++;
-        return( 0 );
-    }
-
-    if( mbedtls_ssl_own_key( ssl ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no private key for certificate" ) );
-        return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
-    }
-
-    /*
-     * Make a signature of the handshake digests
-     */
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( ssl->handshake->ecrs_enabled )
-        ssl->handshake->ecrs_state = ssl_ecrs_crt_vrfy_sign;
-
-sign:
-#endif
-
-    ssl->handshake->calc_verify( ssl, hash, &hashlen );
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
-    defined(MBEDTLS_SSL_PROTO_TLS1_1)
-    if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        /*
-         * digitally-signed struct {
-         *     opaque md5_hash[16];
-         *     opaque sha_hash[20];
-         * };
-         *
-         * md5_hash
-         *     MD5(handshake_messages);
-         *
-         * sha_hash
-         *     SHA(handshake_messages);
-         */
-        md_alg = MBEDTLS_MD_NONE;
-
-        /*
-         * For ECDSA, default hash is SHA-1 only
-         */
-        if( mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECDSA ) )
-        {
-            hash_start += 16;
-            hashlen -= 16;
-            md_alg = MBEDTLS_MD_SHA1;
-        }
-    }
-    else
-#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
-          MBEDTLS_SSL_PROTO_TLS1_1 */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
-    {
-        /*
-         * digitally-signed struct {
-         *     opaque handshake_messages[handshake_messages_length];
-         * };
-         *
-         * Taking shortcut here. We assume that the server always allows the
-         * PRF Hash function and has sent it in the allowed signature
-         * algorithms list received in the Certificate Request message.
-         *
-         * Until we encounter a server that does not, we will take this
-         * shortcut.
-         *
-         * Reason: Otherwise we should have running hashes for SHA512 and
-         *         SHA224 in order to satisfy 'weird' needs from the server
-         *         side.
-         */
-        if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
-        {
-            md_alg = MBEDTLS_MD_SHA384;
-            ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA384;
-        }
-        else
-        {
-            md_alg = MBEDTLS_MD_SHA256;
-            ssl->out_msg[4] = MBEDTLS_SSL_HASH_SHA256;
-        }
-        ssl->out_msg[5] = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
-
-        /* Info from md_alg will be used instead */
-        hashlen = 0;
-        offset = 2;
-    }
-    else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-    if( ssl->handshake->ecrs_enabled )
-        rs_ctx = &ssl->handshake->ecrs_ctx.pk;
-#endif
-
-    if( ( ret = mbedtls_pk_sign_restartable( mbedtls_ssl_own_key( ssl ),
-                         md_alg, hash_start, hashlen,
-                         ssl->out_msg + 6 + offset, &n,
-                         ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
-#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
-        if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-            ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
-#endif
-        return( ret );
-    }
-
-    MBEDTLS_PUT_UINT16_BE( n, ssl->out_msg, offset + 4 );
-
-    ssl->out_msglen  = 6 + n + offset;
-    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
-    ssl->out_msg[0]  = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY;
-
-    ssl->state++;
-
-    if( ( ret = mbedtls_ssl_write_handshake_msg( ssl ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_write_handshake_msg", ret );
-        return( ret );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= write certificate verify" ) );
-
-    return( ret );
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    uint32_t lifetime;
-    size_t ticket_len;
-    unsigned char *ticket;
-    const unsigned char *msg;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) );
-
-    if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_read_record", ret );
-        return( ret );
-    }
-
-    if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
-        mbedtls_ssl_send_alert_message(
-            ssl,
-            MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-            MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
-        return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
-    }
-
-    /*
-     * struct {
-     *     uint32 ticket_lifetime_hint;
-     *     opaque ticket<0..2^16-1>;
-     * } NewSessionTicket;
-     *
-     * 0  .  3   ticket_lifetime_hint
-     * 4  .  5   ticket_len (n)
-     * 6  .  5+n ticket content
-     */
-    if( ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET ||
-        ssl->in_hslen < 6 + mbedtls_ssl_hs_hdr_len( ssl ) )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
-    }
-
-    msg = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
-
-    lifetime = ( ((uint32_t) msg[0]) << 24 ) | ( msg[1] << 16 ) |
-               ( msg[2] << 8 ) | ( msg[3] );
-
-    ticket_len = ( msg[4] << 8 ) | ( msg[5] );
-
-    if( ticket_len + 6 + mbedtls_ssl_hs_hdr_len( ssl ) != ssl->in_hslen )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
-        return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len ) );
-
-    /* We're not waiting for a NewSessionTicket message any more */
-    ssl->handshake->new_session_ticket = 0;
-    ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
-
-    /*
-     * Zero-length ticket means the server changed his mind and doesn't want
-     * to send a ticket after all, so just forget it
-     */
-    if( ticket_len == 0 )
-        return( 0 );
-
-    if( ssl->session != NULL && ssl->session->ticket != NULL )
-    {
-        mbedtls_platform_zeroize( ssl->session->ticket,
-                                  ssl->session->ticket_len );
-        mbedtls_free( ssl->session->ticket );
-        ssl->session->ticket = NULL;
-        ssl->session->ticket_len = 0;
-    }
-
-    mbedtls_platform_zeroize( ssl->session_negotiate->ticket,
-                              ssl->session_negotiate->ticket_len );
-    mbedtls_free( ssl->session_negotiate->ticket );
-    ssl->session_negotiate->ticket = NULL;
-    ssl->session_negotiate->ticket_len = 0;
-
-    if( ( ticket = mbedtls_calloc( 1, ticket_len ) ) == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "ticket alloc failed" ) );
-        mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                                        MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
-        return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
-    }
-
-    memcpy( ticket, msg + 6, ticket_len );
-
-    ssl->session_negotiate->ticket = ticket;
-    ssl->session_negotiate->ticket_len = ticket_len;
-    ssl->session_negotiate->ticket_lifetime = lifetime;
-
-    /*
-     * RFC 5077 section 3.4:
-     * "If the client receives a session ticket from the server, then it
-     * discards any Session ID that was sent in the ServerHello."
-     */
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket in use, discarding session id" ) );
-    ssl->session_negotiate->id_len = 0;
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse new session ticket" ) );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-
-/*
- * SSL handshake -- client side -- single step
- */
-int mbedtls_ssl_handshake_client_step( mbedtls_ssl_context *ssl )
-{
-    int ret = 0;
-
-    if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "client state: %d", ssl->state ) );
-
-    if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
-        return( ret );
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
-        ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
-    {
-        if( ( ret = mbedtls_ssl_flight_transmit( ssl ) ) != 0 )
-            return( ret );
-    }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-    /* Change state now, so that it is right in mbedtls_ssl_read_record(), used
-     * by DTLS for dropping out-of-sequence ChangeCipherSpec records */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC &&
-        ssl->handshake->new_session_ticket != 0 )
-    {
-        ssl->state = MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET;
-    }
-#endif
-
-    switch( ssl->state )
-    {
-        case MBEDTLS_SSL_HELLO_REQUEST:
-            ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
-            break;
-
-       /*
-        *  ==>   ClientHello
-        */
-       case MBEDTLS_SSL_CLIENT_HELLO:
-           ret = ssl_write_client_hello( ssl );
-           break;
-
-       /*
-        *  <==   ServerHello
-        *        Certificate
-        *      ( ServerKeyExchange  )
-        *      ( CertificateRequest )
-        *        ServerHelloDone
-        */
-       case MBEDTLS_SSL_SERVER_HELLO:
-           ret = ssl_parse_server_hello( ssl );
-           break;
-
-       case MBEDTLS_SSL_SERVER_CERTIFICATE:
-           ret = mbedtls_ssl_parse_certificate( ssl );
-           break;
-
-       case MBEDTLS_SSL_SERVER_KEY_EXCHANGE:
-           ret = ssl_parse_server_key_exchange( ssl );
-           break;
-
-       case MBEDTLS_SSL_CERTIFICATE_REQUEST:
-           ret = ssl_parse_certificate_request( ssl );
-           break;
-
-       case MBEDTLS_SSL_SERVER_HELLO_DONE:
-           ret = ssl_parse_server_hello_done( ssl );
-           break;
-
-       /*
-        *  ==> ( Certificate/Alert  )
-        *        ClientKeyExchange
-        *      ( CertificateVerify  )
-        *        ChangeCipherSpec
-        *        Finished
-        */
-       case MBEDTLS_SSL_CLIENT_CERTIFICATE:
-           ret = mbedtls_ssl_write_certificate( ssl );
-           break;
-
-       case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
-           ret = ssl_write_client_key_exchange( ssl );
-           break;
-
-       case MBEDTLS_SSL_CERTIFICATE_VERIFY:
-           ret = ssl_write_certificate_verify( ssl );
-           break;
-
-       case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:
-           ret = mbedtls_ssl_write_change_cipher_spec( ssl );
-           break;
-
-       case MBEDTLS_SSL_CLIENT_FINISHED:
-           ret = mbedtls_ssl_write_finished( ssl );
-           break;
-
-       /*
-        *  <==   ( NewSessionTicket )
-        *        ChangeCipherSpec
-        *        Finished
-        */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-       case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:
-           ret = ssl_parse_new_session_ticket( ssl );
-           break;
-#endif
-
-       case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:
-           ret = mbedtls_ssl_parse_change_cipher_spec( ssl );
-           break;
-
-       case MBEDTLS_SSL_SERVER_FINISHED:
-           ret = mbedtls_ssl_parse_finished( ssl );
-           break;
-
-       case MBEDTLS_SSL_FLUSH_BUFFERS:
-           MBEDTLS_SSL_DEBUG_MSG( 2, ( "handshake: done" ) );
-           ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
-           break;
-
-       case MBEDTLS_SSL_HANDSHAKE_WRAPUP:
-           mbedtls_ssl_handshake_wrapup( ssl );
-           break;
-
-       default:
-           MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
-           return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-   }
-
-    return( ret );
-}
-#endif /* MBEDTLS_SSL_CLI_C */
diff --git a/Sources/mbedtls/library/ssl_cookie.c b/Sources/mbedtls/library/ssl_cookie.c
deleted file mode 100644
index f12f28e..0000000
--- a/Sources/mbedtls/library/ssl_cookie.c
+++ /dev/null
@@ -1,253 +0,0 @@
-/*
- *  DTLS cookie callbacks implementation
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- * These session callbacks use a simple chained list
- * to store and retrieve the session information.
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_SSL_COOKIE_C)
-
-#include "mbedtls/platform.h"
-
-#include "mbedtls/ssl_cookie.h"
-#include "mbedtls/ssl_internal.h"
-#include "mbedtls/error.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/constant_time.h"
-
-#include <string.h>
-
-/*
- * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
- * available. Try SHA-256 first, 512 wastes resources since we need to stay
- * with max 32 bytes of cookie for DTLS 1.0
- */
-#if defined(MBEDTLS_SHA256_C)
-#define COOKIE_MD           MBEDTLS_MD_SHA224
-#define COOKIE_MD_OUTLEN    32
-#define COOKIE_HMAC_LEN     28
-#elif defined(MBEDTLS_SHA512_C)
-#define COOKIE_MD           MBEDTLS_MD_SHA384
-#define COOKIE_MD_OUTLEN    48
-#define COOKIE_HMAC_LEN     28
-#elif defined(MBEDTLS_SHA1_C)
-#define COOKIE_MD           MBEDTLS_MD_SHA1
-#define COOKIE_MD_OUTLEN    20
-#define COOKIE_HMAC_LEN     20
-#else
-#error "DTLS hello verify needs SHA-1 or SHA-2"
-#endif
-
-/*
- * Cookies are formed of a 4-bytes timestamp (or serial number) and
- * an HMAC of timestamp and client ID.
- */
-#define COOKIE_LEN      ( 4 + COOKIE_HMAC_LEN )
-
-void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx )
-{
-    mbedtls_md_init( &ctx->hmac_ctx );
-#if !defined(MBEDTLS_HAVE_TIME)
-    ctx->serial = 0;
-#endif
-    ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT;
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init( &ctx->mutex );
-#endif
-}
-
-void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay )
-{
-    ctx->timeout = delay;
-}
-
-void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx )
-{
-    mbedtls_md_free( &ctx->hmac_ctx );
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free( &ctx->mutex );
-#endif
-
-    mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_cookie_ctx ) );
-}
-
-int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char key[COOKIE_MD_OUTLEN];
-
-    if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
-        return( ret );
-
-    ret = mbedtls_md_setup( &ctx->hmac_ctx, mbedtls_md_info_from_type( COOKIE_MD ), 1 );
-    if( ret != 0 )
-        return( ret );
-
-    ret = mbedtls_md_hmac_starts( &ctx->hmac_ctx, key, sizeof( key ) );
-    if( ret != 0 )
-        return( ret );
-
-    mbedtls_platform_zeroize( key, sizeof( key ) );
-
-    return( 0 );
-}
-
-/*
- * Generate the HMAC part of a cookie
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx,
-                            const unsigned char time[4],
-                            unsigned char **p, unsigned char *end,
-                            const unsigned char *cli_id, size_t cli_id_len )
-{
-    unsigned char hmac_out[COOKIE_MD_OUTLEN];
-
-    MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_HMAC_LEN );
-
-    if( mbedtls_md_hmac_reset(  hmac_ctx ) != 0 ||
-        mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 ||
-        mbedtls_md_hmac_update( hmac_ctx, cli_id, cli_id_len ) != 0 ||
-        mbedtls_md_hmac_finish( hmac_ctx, hmac_out ) != 0 )
-    {
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    memcpy( *p, hmac_out, COOKIE_HMAC_LEN );
-    *p += COOKIE_HMAC_LEN;
-
-    return( 0 );
-}
-
-/*
- * Generate cookie for DTLS ClientHello verification
- */
-int mbedtls_ssl_cookie_write( void *p_ctx,
-                      unsigned char **p, unsigned char *end,
-                      const unsigned char *cli_id, size_t cli_id_len )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
-    unsigned long t;
-
-    if( ctx == NULL || cli_id == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_LEN );
-
-#if defined(MBEDTLS_HAVE_TIME)
-    t = (unsigned long) mbedtls_time( NULL );
-#else
-    t = ctx->serial++;
-#endif
-
-    MBEDTLS_PUT_UINT32_BE(t, *p, 0);
-    *p += 4;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
-#endif
-
-    ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4,
-                           p, end, cli_id, cli_id_len );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR,
-                MBEDTLS_ERR_THREADING_MUTEX_ERROR ) );
-#endif
-
-    return( ret );
-}
-
-/*
- * Check a cookie
- */
-int mbedtls_ssl_cookie_check( void *p_ctx,
-                      const unsigned char *cookie, size_t cookie_len,
-                      const unsigned char *cli_id, size_t cli_id_len )
-{
-    unsigned char ref_hmac[COOKIE_HMAC_LEN];
-    int ret = 0;
-    unsigned char *p = ref_hmac;
-    mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
-    unsigned long cur_time, cookie_time;
-
-    if( ctx == NULL || cli_id == NULL )
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-
-    if( cookie_len != COOKIE_LEN )
-        return( -1 );
-
-#if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
-#endif
-
-    if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie,
-                         &p, p + sizeof( ref_hmac ),
-                         cli_id, cli_id_len ) != 0 )
-        ret = -1;
-
-#if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
-    {
-        ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR,
-                                 MBEDTLS_ERR_THREADING_MUTEX_ERROR );
-    }
-#endif
-
-    if( ret != 0 )
-        goto exit;
-
-    if( mbedtls_ct_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
-    {
-        ret = -1;
-        goto exit;
-    }
-
-#if defined(MBEDTLS_HAVE_TIME)
-    cur_time = (unsigned long) mbedtls_time( NULL );
-#else
-    cur_time = ctx->serial;
-#endif
-
-    cookie_time = ( (unsigned long) cookie[0] << 24 ) |
-                  ( (unsigned long) cookie[1] << 16 ) |
-                  ( (unsigned long) cookie[2] <<  8 ) |
-                  ( (unsigned long) cookie[3]       );
-
-    if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout )
-    {
-        ret = -1;
-        goto exit;
-    }
-
-exit:
-    mbedtls_platform_zeroize( ref_hmac, sizeof( ref_hmac ) );
-    return( ret );
-}
-#endif /* MBEDTLS_SSL_COOKIE_C */
diff --git a/Sources/mbedtls/library/ssl_msg.c b/Sources/mbedtls/library/ssl_msg.c
deleted file mode 100644
index d7bebe0..0000000
--- a/Sources/mbedtls/library/ssl_msg.c
+++ /dev/null
@@ -1,5986 +0,0 @@
-/*
- *  Generic SSL/TLS messaging layer functions
- *  (record layer + retransmission state machine)
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0
- *
- *  Licensed under the Apache License, Version 2.0 (the "License"); you may
- *  not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *  http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- *  The SSL 3.0 specification was drafted by Netscape in 1996,
- *  and became an IETF standard in 1999.
- *
- *  http://wp.netscape.com/eng/ssl3/
- *  http://www.ietf.org/rfc/rfc2246.txt
- *  http://www.ietf.org/rfc/rfc4346.txt
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_SSL_TLS_C)
-
-#include "mbedtls/platform.h"
-
-#include "mbedtls/ssl.h"
-#include "mbedtls/ssl_internal.h"
-#include "mbedtls/debug.h"
-#include "mbedtls/error.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/version.h"
-#include "constant_time_internal.h"
-#include "mbedtls/constant_time.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "mbedtls/psa_util.h"
-#include "psa/crypto.h"
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#include "mbedtls/oid.h"
-#endif
-
-static uint32_t ssl_get_hs_total_len( mbedtls_ssl_context const *ssl );
-
-/*
- * Start a timer.
- * Passing millisecs = 0 cancels a running timer.
- */
-void mbedtls_ssl_set_timer( mbedtls_ssl_context *ssl, uint32_t millisecs )
-{
-    if( ssl->f_set_timer == NULL )
-        return;
-
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "set_timer to %d ms", (int) millisecs ) );
-    ssl->f_set_timer( ssl->p_timer, millisecs / 4, millisecs );
-}
-
-/*
- * Return -1 is timer is expired, 0 if it isn't.
- */
-int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl )
-{
-    if( ssl->f_get_timer == NULL )
-        return( 0 );
-
-    if( ssl->f_get_timer( ssl->p_timer ) == 2 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "timer expired" ) );
-        return( -1 );
-    }
-
-    return( 0 );
-}
-
-#if defined(MBEDTLS_SSL_RECORD_CHECKING)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
-                                    unsigned char *buf,
-                                    size_t len,
-                                    mbedtls_record *rec );
-
-int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
-                              unsigned char *buf,
-                              size_t buflen )
-{
-    int ret = 0;
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "=> mbedtls_ssl_check_record" ) );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "record buffer", buf, buflen );
-
-    /* We don't support record checking in TLS because
-     * (a) there doesn't seem to be a usecase for it, and
-     * (b) In SSLv3 and TLS 1.0, CBC record decryption has state
-     *     and we'd need to backup the transform here.
-     */
-    if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
-    {
-        ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
-        goto exit;
-    }
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-    else
-    {
-        mbedtls_record rec;
-
-        ret = ssl_parse_record_header( ssl, buf, buflen, &rec );
-        if( ret != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 3, "ssl_parse_record_header", ret );
-            goto exit;
-        }
-
-        if( ssl->transform_in != NULL )
-        {
-            ret = mbedtls_ssl_decrypt_buf( ssl, ssl->transform_in, &rec );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 3, "mbedtls_ssl_decrypt_buf", ret );
-                goto exit;
-            }
-        }
-    }
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-exit:
-    /* On success, we have decrypted the buffer in-place, so make
-     * sure we don't leak any plaintext data. */
-    mbedtls_platform_zeroize( buf, buflen );
-
-    /* For the purpose of this API, treat messages with unexpected CID
-     * as well as such from future epochs as unexpected. */
-    if( ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID ||
-        ret == MBEDTLS_ERR_SSL_EARLY_MESSAGE )
-    {
-        ret = MBEDTLS_ERR_SSL_UNEXPECTED_RECORD;
-    }
-
-    MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) );
-    return( ret );
-}
-#endif /* MBEDTLS_SSL_RECORD_CHECKING */
-
-#define SSL_DONT_FORCE_FLUSH 0
-#define SSL_FORCE_FLUSH      1
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS)
-
-/* Forward declarations for functions related to message buffering. */
-static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl,
-                                     uint8_t slot );
-static void ssl_free_buffered_record( mbedtls_ssl_context *ssl );
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_load_buffered_message( mbedtls_ssl_context *ssl );
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_load_buffered_record( mbedtls_ssl_context *ssl );
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_buffer_message( mbedtls_ssl_context *ssl );
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
-                                     mbedtls_record const *rec );
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_next_record_is_in_datagram( mbedtls_ssl_context *ssl );
-
-static size_t ssl_get_maximum_datagram_size( mbedtls_ssl_context const *ssl )
-{
-    size_t mtu = mbedtls_ssl_get_current_mtu( ssl );
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-    size_t out_buf_len = ssl->out_buf_len;
-#else
-    size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN;
-#endif
-
-    if( mtu != 0 && mtu < out_buf_len )
-        return( mtu );
-
-    return( out_buf_len );
-}
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl )
-{
-    size_t const bytes_written = ssl->out_left;
-    size_t const mtu           = ssl_get_maximum_datagram_size( ssl );
-
-    /* Double-check that the write-index hasn't gone
-     * past what we can transmit in a single datagram. */
-    if( bytes_written > mtu )
-    {
-        /* Should never happen... */
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    return( (int) ( mtu - bytes_written ) );
-}
-
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl )
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t remaining, expansion;
-    size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN;
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    const size_t mfl = mbedtls_ssl_get_output_max_frag_len( ssl );
-
-    if( max_len > mfl )
-        max_len = mfl;
-
-    /* By the standard (RFC 6066 Sect. 4), the MFL extension
-     * only limits the maximum record payload size, so in theory
-     * we would be allowed to pack multiple records of payload size
-     * MFL into a single datagram. However, this would mean that there's
-     * no way to explicitly communicate MTU restrictions to the peer.
-     *
-     * The following reduction of max_len makes sure that we never
-     * write datagrams larger than MFL + Record Expansion Overhead.
-     */
-    if( max_len <= ssl->out_left )
-        return( 0 );
-
-    max_len -= ssl->out_left;
-#endif
-
-    ret = ssl_get_remaining_space_in_datagram( ssl );
-    if( ret < 0 )
-        return( ret );
-    remaining = (size_t) ret;
-
-    ret = mbedtls_ssl_get_record_expansion( ssl );
-    if( ret < 0 )
-        return( ret );
-    expansion = (size_t) ret;
-
-    if( remaining <= expansion )
-        return( 0 );
-
-    remaining -= expansion;
-    if( remaining >= max_len )
-        remaining = max_len;
-
-    return( (int) remaining );
-}
-
-/*
- * Double the retransmit timeout value, within the allowed range,
- * returning -1 if the maximum value has already been reached.
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
-{
-    uint32_t new_timeout;
-
-    if( ssl->handshake->retransmit_timeout >= ssl->conf->hs_timeout_max )
-        return( -1 );
-
-    /* Implement the final paragraph of RFC 6347 section 4.1.1.1
-     * in the following way: after the initial transmission and a first
-     * retransmission, back off to a temporary estimated MTU of 508 bytes.
-     * This value is guaranteed to be deliverable (if not guaranteed to be
-     * delivered) of any compliant IPv4 (and IPv6) network, and should work
-     * on most non-IP stacks too. */
-    if( ssl->handshake->retransmit_timeout != ssl->conf->hs_timeout_min )
-    {
-        ssl->handshake->mtu = 508;
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "mtu autoreduction to %d bytes", ssl->handshake->mtu ) );
-    }
-
-    new_timeout = 2 * ssl->handshake->retransmit_timeout;
-
-    /* Avoid arithmetic overflow and range overflow */
-    if( new_timeout < ssl->handshake->retransmit_timeout ||
-        new_timeout > ssl->conf->hs_timeout_max )
-    {
-        new_timeout = ssl->conf->hs_timeout_max;
-    }
-
-    ssl->handshake->retransmit_timeout = new_timeout;
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
-                        (unsigned long) ssl->handshake->retransmit_timeout ) );
-
-    return( 0 );
-}
-
-static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
-{
-    ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
-    MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
-                        (unsigned long) ssl->handshake->retransmit_timeout ) );
-}
-#endif /* MBEDTLS_SSL_PROTO_DTLS */
-
-#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
-int (*mbedtls_ssl_hw_record_init)( mbedtls_ssl_context *ssl,
-                     const unsigned char *key_enc, const unsigned char *key_dec,
-                     size_t keylen,
-                     const unsigned char *iv_enc,  const unsigned char *iv_dec,
-                     size_t ivlen,
-                     const unsigned char *mac_enc, const unsigned char *mac_dec,
-                     size_t maclen ) = NULL;
-int (*mbedtls_ssl_hw_record_activate)( mbedtls_ssl_context *ssl, int direction) = NULL;
-int (*mbedtls_ssl_hw_record_reset)( mbedtls_ssl_context *ssl ) = NULL;
-int (*mbedtls_ssl_hw_record_write)( mbedtls_ssl_context *ssl ) = NULL;
-int (*mbedtls_ssl_hw_record_read)( mbedtls_ssl_context *ssl ) = NULL;
-int (*mbedtls_ssl_hw_record_finish)( mbedtls_ssl_context *ssl ) = NULL;
-#endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
-
-/*
- * Encryption/decryption functions
- */
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) ||  \
-    defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-
-static size_t ssl_compute_padding_length( size_t len,
-                                          size_t granularity )
-{
-    return( ( granularity - ( len + 1 ) % granularity ) % granularity );
-}
-
-/* This functions transforms a (D)TLS plaintext fragment and a record content
- * type into an instance of the (D)TLSInnerPlaintext structure. This is used
- * in DTLS 1.2 + CID and within TLS 1.3 to allow flexible padding and to protect
- * a record's content type.
- *
- *        struct {
- *            opaque content[DTLSPlaintext.length];
- *            ContentType real_type;
- *            uint8 zeros[length_of_padding];
- *        } (D)TLSInnerPlaintext;
- *
- *  Input:
- *  - `content`: The beginning of the buffer holding the
- *               plaintext to be wrapped.
- *  - `*content_size`: The length of the plaintext in Bytes.
- *  - `max_len`: The number of Bytes available starting from
- *               `content`. This must be `>= *content_size`.
- *  - `rec_type`: The desired record content type.
- *
- *  Output:
- *  - `content`: The beginning of the resulting (D)TLSInnerPlaintext structure.
- *  - `*content_size`: The length of the resulting (D)TLSInnerPlaintext structure.
- *
- *  Returns:
- *  - `0` on success.
- *  - A negative error code if `max_len` didn't offer enough space
- *    for the expansion.
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_build_inner_plaintext( unsigned char *content,
-                                      size_t *content_size,
-                                      size_t remaining,
-                                      uint8_t rec_type,
-                                      size_t pad )
-{
-    size_t len = *content_size;
-
-    /* Write real content type */
-    if( remaining == 0 )
-        return( -1 );
-    content[ len ] = rec_type;
-    len++;
-    remaining--;
-
-    if( remaining < pad )
-        return( -1 );
-    memset( content + len, 0, pad );
-    len += pad;
-    remaining -= pad;
-
-    *content_size = len;
-    return( 0 );
-}
-
-/* This function parses a (D)TLSInnerPlaintext structure.
- * See ssl_build_inner_plaintext() for details. */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_parse_inner_plaintext( unsigned char const *content,
-                                          size_t *content_size,
-                                          uint8_t *rec_type )
-{
-    size_t remaining = *content_size;
-
-    /* Determine length of padding by skipping zeroes from the back. */
-    do
-    {
-        if( remaining == 0 )
-            return( -1 );
-        remaining--;
-    } while( content[ remaining ] == 0 );
-
-    *content_size = remaining;
-    *rec_type = content[ remaining ];
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID ||
-          MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-
-/* `add_data` must have size 13 Bytes if the CID extension is disabled,
- * and 13 + 1 + CID-length Bytes if the CID extension is enabled. */
-static void ssl_extract_add_data_from_record( unsigned char* add_data,
-                                              size_t *add_data_len,
-                                              mbedtls_record *rec,
-                                              unsigned minor_ver )
-{
-    /* Quoting RFC 5246 (TLS 1.2):
-     *
-     *    additional_data = seq_num + TLSCompressed.type +
-     *                      TLSCompressed.version + TLSCompressed.length;
-     *
-     * For the CID extension, this is extended as follows
-     * (quoting draft-ietf-tls-dtls-connection-id-05,
-     *  https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05):
-     *
-     *       additional_data = seq_num + DTLSPlaintext.type +
-     *                         DTLSPlaintext.version +
-     *                         cid +
-     *                         cid_length +
-     *                         length_of_DTLSInnerPlaintext;
-     *
-     * For TLS 1.3, the record sequence number is dropped from the AAD
-     * and encoded within the nonce of the AEAD operation instead.
-     */
-
-    unsigned char *cur = add_data;
-
-    int is_tls13 = 0;
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-    if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
-        is_tls13 = 1;
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-    if( !is_tls13 )
-    {
-        ((void) minor_ver);
-        memcpy( cur, rec->ctr, sizeof( rec->ctr ) );
-        cur += sizeof( rec->ctr );
-    }
-
-    *cur = rec->type;
-    cur++;
-
-    memcpy( cur, rec->ver, sizeof( rec->ver ) );
-    cur += sizeof( rec->ver );
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    if( rec->cid_len != 0 )
-    {
-        memcpy( cur, rec->cid, rec->cid_len );
-        cur += rec->cid_len;
-
-        *cur = rec->cid_len;
-        cur++;
-
-        MBEDTLS_PUT_UINT16_BE( rec->data_len, cur, 0 );
-        cur += 2;
-    }
-    else
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-    {
-        MBEDTLS_PUT_UINT16_BE( rec->data_len, cur, 0 );
-        cur += 2;
-    }
-
-    *add_data_len = cur - add_data;
-}
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-
-#define SSL3_MAC_MAX_BYTES   20  /* MD-5 or SHA-1 */
-
-/*
- * SSLv3.0 MAC functions
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_mac( mbedtls_md_context_t *md_ctx,
-                    const unsigned char *secret,
-                    const unsigned char *buf, size_t len,
-                    const unsigned char *ctr, int type,
-                    unsigned char out[SSL3_MAC_MAX_BYTES] )
-{
-    unsigned char header[11];
-    unsigned char padding[48];
-    int padlen;
-    int md_size = mbedtls_md_get_size( md_ctx->md_info );
-    int md_type = mbedtls_md_get_type( md_ctx->md_info );
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    /* Only MD5 and SHA-1 supported */
-    if( md_type == MBEDTLS_MD_MD5 )
-        padlen = 48;
-    else
-        padlen = 40;
-
-    memcpy( header, ctr, 8 );
-    header[8] = (unsigned char)  type;
-    MBEDTLS_PUT_UINT16_BE( len, header, 9);
-
-    memset( padding, 0x36, padlen );
-    ret = mbedtls_md_starts( md_ctx );
-    if( ret != 0 )
-        return( ret );
-    ret = mbedtls_md_update( md_ctx, secret,  md_size );
-    if( ret != 0 )
-        return( ret );
-    ret = mbedtls_md_update( md_ctx, padding, padlen  );
-    if( ret != 0 )
-        return( ret );
-    ret = mbedtls_md_update( md_ctx, header,  11      );
-    if( ret != 0 )
-        return( ret );
-    ret = mbedtls_md_update( md_ctx, buf,     len     );
-    if( ret != 0 )
-        return( ret );
-    ret = mbedtls_md_finish( md_ctx, out              );
-    if( ret != 0 )
-        return( ret );
-
-    memset( padding, 0x5C, padlen );
-    ret = mbedtls_md_starts( md_ctx );
-    if( ret != 0 )
-        return( ret );
-    ret = mbedtls_md_update( md_ctx, secret,    md_size );
-    if( ret != 0 )
-        return( ret );
-    ret = mbedtls_md_update( md_ctx, padding,   padlen  );
-    if( ret != 0 )
-        return( ret );
-    ret = mbedtls_md_update( md_ctx, out,       md_size );
-    if( ret != 0 )
-        return( ret );
-    ret = mbedtls_md_finish( md_ctx, out                );
-    if( ret != 0 )
-        return( ret );
-
-    return( 0 );
-}
-#endif /* MBEDTLS_SSL_PROTO_SSL3 */
-
-#if defined(MBEDTLS_GCM_C) || \
-    defined(MBEDTLS_CCM_C) || \
-    defined(MBEDTLS_CHACHAPOLY_C)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_transform_aead_dynamic_iv_is_explicit(
-                                mbedtls_ssl_transform const *transform )
-{
-    return( transform->ivlen != transform->fixed_ivlen );
-}
-
-/* Compute IV := ( fixed_iv || 0 ) XOR ( 0 || dynamic_IV )
- *
- * Concretely, this occurs in two variants:
- *
- * a) Fixed and dynamic IV lengths add up to total IV length, giving
- *       IV = fixed_iv || dynamic_iv
- *
- *    This variant is used in TLS 1.2 when used with GCM or CCM.
- *
- * b) Fixed IV lengths matches total IV length, giving
- *       IV = fixed_iv XOR ( 0 || dynamic_iv )
- *
- *    This variant occurs in TLS 1.3 and for TLS 1.2 when using ChaChaPoly.
- *
- * See also the documentation of mbedtls_ssl_transform.
- *
- * This function has the precondition that
- *
- *     dst_iv_len >= max( fixed_iv_len, dynamic_iv_len )
- *
- * which has to be ensured by the caller. If this precondition
- * violated, the behavior of this function is undefined.
- */
-static void ssl_build_record_nonce( unsigned char *dst_iv,
-                                    size_t dst_iv_len,
-                                    unsigned char const *fixed_iv,
-                                    size_t fixed_iv_len,
-                                    unsigned char const *dynamic_iv,
-                                    size_t dynamic_iv_len )
-{
-    size_t i;
-
-    /* Start with Fixed IV || 0 */
-    memset( dst_iv, 0, dst_iv_len );
-    memcpy( dst_iv, fixed_iv, fixed_iv_len );
-
-    dst_iv += dst_iv_len - dynamic_iv_len;
-    for( i = 0; i < dynamic_iv_len; i++ )
-        dst_iv[i] ^= dynamic_iv[i];
-}
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
-
-int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
-                             mbedtls_ssl_transform *transform,
-                             mbedtls_record *rec,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng )
-{
-    mbedtls_cipher_mode_t mode;
-    int auth_done = 0;
-    unsigned char * data;
-    unsigned char add_data[13 + 1 + MBEDTLS_SSL_CID_OUT_LEN_MAX ];
-    size_t add_data_len;
-    size_t post_avail;
-
-    /* The SSL context is only used for debugging purposes! */
-#if !defined(MBEDTLS_DEBUG_C)
-    ssl = NULL; /* make sure we don't use it except for debug */
-    ((void) ssl);
-#endif
-
-    /* The PRNG is used for dynamic IV generation that's used
-     * for CBC transformations in TLS 1.1 and TLS 1.2. */
-#if !( defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
-       ( defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2) ) )
-    ((void) f_rng);
-    ((void) p_rng);
-#endif
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
-
-    if( transform == NULL )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no transform provided to encrypt_buf" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-    if( rec == NULL
-        || rec->buf == NULL
-        || rec->buf_len < rec->data_offset
-        || rec->buf_len - rec->data_offset < rec->data_len
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-        || rec->cid_len != 0
-#endif
-        )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad record structure provided to encrypt_buf" ) );
-        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-    }
-
-    data = rec->buf + rec->data_offset;
-    post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
-    MBEDTLS_SSL_DEBUG_BUF( 4, "before encrypt: output payload",
-                           data, rec->data_len );
-
-    mode = mbedtls_cipher_get_cipher_mode( &transform->cipher_ctx_enc );
-
-    if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET
-                                    " too large, maximum %" MBEDTLS_PRINTF_SIZET,
-                                    rec->data_len,
-                                    (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
-        return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
-    }
-
-    /* The following two code paths implement the (D)TLSInnerPlaintext
-     * structure present in TLS 1.3 and DTLS 1.2 + CID.
-     *
-     * See ssl_build_inner_plaintext() for more information.
-     *
-     * Note that this changes `rec->data_len`, and hence
-     * `post_avail` needs to be recalculated afterwards.
-     *
-     * Note also that the two code paths cannot occur simultaneously
-     * since they apply to different versions of the protocol. There
-     * is hence no risk of double-addition of the inner plaintext.
-     */
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
-    if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 )
-    {
-        size_t padding =
-            ssl_compute_padding_length( rec->data_len,
-                                        MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY );
-        if( ssl_build_inner_plaintext( data,
-                                       &rec->data_len,
-                                       post_avail,
-                                       rec->type,
-                                       padding ) != 0 )
-        {
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-        }
-
-        rec->type = MBEDTLS_SSL_MSG_APPLICATION_DATA;
-    }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    /*
-     * Add CID information
-     */
-    rec->cid_len = transform->out_cid_len;
-    memcpy( rec->cid, transform->out_cid, transform->out_cid_len );
-    MBEDTLS_SSL_DEBUG_BUF( 3, "CID", rec->cid, rec->cid_len );
-
-    if( rec->cid_len != 0 )
-    {
-        size_t padding =
-            ssl_compute_padding_length( rec->data_len,
-                                        MBEDTLS_SSL_CID_PADDING_GRANULARITY );
-        /*
-         * Wrap plaintext into DTLSInnerPlaintext structure.
-         * See ssl_build_inner_plaintext() for more information.
-         *
-         * Note that this changes `rec->data_len`, and hence
-         * `post_avail` needs to be recalculated afterwards.
-         */
-        if( ssl_build_inner_plaintext( data,
-                        &rec->data_len,
-                        post_avail,
-                        rec->type,
-                        padding ) != 0 )
-        {
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-        }
-
-        rec->type = MBEDTLS_SSL_MSG_CID;
-    }
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-    post_avail = rec->buf_len - ( rec->data_len + rec->data_offset );
-
-    /*
-     * Add MAC before if needed
-     */
-#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
-    if( mode == MBEDTLS_MODE_STREAM ||
-        ( mode == MBEDTLS_MODE_CBC
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-          && transform->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED
-#endif
-        ) )
-    {
-        if( post_avail < transform->maclen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-        }
-
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
-        if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
-        {
-            unsigned char mac[SSL3_MAC_MAX_BYTES];
-            int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-            ret = ssl_mac( &transform->md_ctx_enc, transform->mac_enc,
-                           data, rec->data_len, rec->ctr, rec->type, mac );
-            if( ret == 0 )
-                memcpy( data + rec->data_len, mac, transform->maclen );
-            mbedtls_platform_zeroize( mac, transform->maclen );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "ssl_mac", ret );
-                return( ret );
-            }
-        }
-        else
-#endif
-#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
-        defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 )
-        {
-            unsigned char mac[MBEDTLS_SSL_MAC_ADD];
-            int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-            ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
-                                              transform->minor_ver );
-
-            ret = mbedtls_md_hmac_update( &transform->md_ctx_enc,
-                                          add_data, add_data_len );
-            if( ret != 0 )
-                goto hmac_failed_etm_disabled;
-            ret = mbedtls_md_hmac_update( &transform->md_ctx_enc,
-                                          data, rec->data_len );
-            if( ret != 0 )
-                goto hmac_failed_etm_disabled;
-            ret = mbedtls_md_hmac_finish( &transform->md_ctx_enc, mac );
-            if( ret != 0 )
-                goto hmac_failed_etm_disabled;
-            ret = mbedtls_md_hmac_reset( &transform->md_ctx_enc );
-            if( ret != 0 )
-                goto hmac_failed_etm_disabled;
-
-            memcpy( data + rec->data_len, mac, transform->maclen );
-
-        hmac_failed_etm_disabled:
-            mbedtls_platform_zeroize( mac, transform->maclen );
-            if( ret != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_hmac_xxx", ret );
-                return( ret );
-            }
-        }
-        else
-#endif
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-
-        MBEDTLS_SSL_DEBUG_BUF( 4, "computed mac", data + rec->data_len,
-                               transform->maclen );
-
-        rec->data_len += transform->maclen;
-        post_avail -= transform->maclen;
-        auth_done++;
-    }
-#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
-
-    /*
-     * Encrypt
-     */
-#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER)
-    if( mode == MBEDTLS_MODE_STREAM )
-    {
-        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-        size_t olen;
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
-                                    "including %d bytes of padding",
-                                    rec->data_len, 0 ) );
-
-        if( ( ret = mbedtls_cipher_crypt( &transform->cipher_ctx_enc,
-                                   transform->iv_enc, transform->ivlen,
-                                   data, rec->data_len,
-                                   data, &olen ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_crypt", ret );
-            return( ret );
-        }
-
-        if( rec->data_len != olen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
-            return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-        }
-    }
-    else
-#endif /* MBEDTLS_ARC4_C || MBEDTLS_CIPHER_NULL_CIPHER */
-
-#if defined(MBEDTLS_GCM_C) || \
-    defined(MBEDTLS_CCM_C) || \
-    defined(MBEDTLS_CHACHAPOLY_C)
-    if( mode == MBEDTLS_MODE_GCM ||
-        mode == MBEDTLS_MODE_CCM ||
-        mode == MBEDTLS_MODE_CHACHAPOLY )
-    {
-        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-        unsigned char iv[12];
-        unsigned char *dynamic_iv;
-        size_t dynamic_iv_len;
-        int dynamic_iv_is_explicit =
-            ssl_transform_aead_dynamic_iv_is_explicit( transform );
-
-        /* Check that there's space for the authentication tag. */
-        if( post_avail < transform->taglen )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-        }
-
-        /*
-         * Build nonce for AEAD encryption.
-         *
-         * Note: In the case of CCM and GCM in TLS 1.2, the dynamic
-         *       part of the IV is prepended to the ciphertext and
-         *       can be chosen freely - in particular, it need not
-         *       agree with the record sequence number.
-         *       However, since ChaChaPoly as well as all AEAD modes
-         *       in TLS 1.3 use the record sequence number as the
-         *       dynamic part of the nonce, we uniformly use the
-         *       record sequence number here in all cases.
-         */
-        dynamic_iv     = rec->ctr;
-        dynamic_iv_len = sizeof( rec->ctr );
-
-        ssl_build_record_nonce( iv, sizeof( iv ),
-                                transform->iv_enc,
-                                transform->fixed_ivlen,
-                                dynamic_iv,
-                                dynamic_iv_len );
-
-        /*
-         * Build additional data for AEAD encryption.
-         * This depends on the TLS version.
-         */
-        ssl_extract_add_data_from_record( add_data, &add_data_len, rec,
-                                          transform->minor_ver );
-
-        MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)",
-                               iv, transform->ivlen );
-        MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)",
-                               dynamic_iv,
-                               dynamic_iv_is_explicit ? dynamic_iv_len : 0 );
-        MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
-                               add_data, add_data_len );
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
-                                    "including 0 bytes of padding",
-                                    rec->data_len ) );
-
-        /*
-         * Encrypt and authenticate
-         */
-
-        if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc,
-                   iv, transform->ivlen,
-                   add_data, add_data_len,
-                   data, rec->data_len,                     /* src */
-                   data, rec->buf_len - (data - rec->buf),  /* dst */
-                   &rec->data_len,
-                   transform->taglen ) ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret );
-            return( ret );
-        }
-        MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
-                               data + rec->data_len - transform->taglen,
-                               transform->taglen );
-        /* Account for authentication tag. */
-        post_avail -= transform->taglen;
-
-        /*
-         * Prefix record content with dynamic IV in case it is explicit.
-         */
-        if( dynamic_iv_is_explicit != 0 )
-        {
-            if( rec->data_offset < dynamic_iv_len )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
-                return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-            }
-
-            memcpy( data - dynamic_iv_len, dynamic_iv, dynamic_iv_len );
-            rec->data_offset -= dynamic_iv_len;
-            rec->data_len    += dynamic_iv_len;
-        }
-
-        auth_done++;
-    }
-    else
-#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
-    if( mode == MBEDTLS_MODE_CBC )
-    {
-        int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-        size_t padlen, i;
-        size_t olen;
-
-        /* Currently we're always using minimal padding
-         * (up to 255 bytes would be allowed). */
-        padlen = transform->ivlen - ( rec->data_len + 1 ) % transform->ivlen;
-        if( padlen == transform->ivlen )
-            padlen = 0;
-
-        /* Check there's enough space in the buffer for the padding. */
-        if( post_avail < padlen + 1 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
-            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-        }
-
-        for( i = 0; i <= padlen; i++ )
-            data[rec->data_len + i] = (unsigned char) padlen;
-
-        rec->data_len += padlen + 1;
-        post_avail -= padlen + 1;
-
-#if defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)
-        /*
-         * Prepend per-record IV for block cipher in TLS v1.1 and up as per
-         * Method 1 (6.2.3.2. in RFC4346 and RFC5246)
-         */
-        if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 )
-        {
-            if( f_rng == NULL )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "No PRNG provided to encrypt_record routine" ) );
-                return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
-            }
-
-            if( rec->data_offset < transform->ivlen )
-            {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) );
-                return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-            }
-
-            /*
-             * Generate IV
-             */
-            ret = f_rng( p_rng, transform->iv_enc, transform->ivlen );
-            if( ret != 0 )
-                return( ret );
-
-            memcpy( data - transform->ivlen, transform->iv_enc,
-                    transform->ivlen );
-
-        }
-#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
-
-        MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
-                            "including %" MBEDTLS_PRINTF_SIZET
-                            " bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding",
-                            rec->data_len, transform->ivlen,
-                            padlen + 1 ) );
-
-        if( ( ret = mbedtls_cipher